Search in sources :

Example 41 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class DynamicProxyTests method testProxyWithBothTokenWithoutExpiration.

@Test
void testProxyWithBothTokenWithoutExpiration() {
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_access_token");
    createSecret("fence_gen3_refresh", userIdAndToken.getUserId(), "this_is_refresh_token");
    JSONObject content = new JSONObject();
    content.put("user_id", "119");
    content.put("username", "DoeJ");
    gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isUnauthorized();
}
Also used : lombok.val(lombok.val) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 42 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class DynamicProxyTests method testProxyWithBothTokenExpired.

@Test
void testProxyWithBothTokenExpired() {
    val expiration = now().minus(10, ChronoUnit.SECONDS).getEpochSecond();
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_access_token", expiration);
    createSecret("fence_gen3_refresh", userIdAndToken.getUserId(), "this_is_refresh_token", expiration);
    JSONObject content = new JSONObject();
    content.put("user_id", "119");
    content.put("username", "DoeJ");
    gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isUnauthorized();
}
Also used : lombok.val(lombok.val) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 43 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class FenceDeprecatedTests method testFenceRefreshPOST.

@Test
void testFenceRefreshPOST() throws Exception {
    val expirationRefresh = now().plus(10, ChronoUnit.SECONDS).getEpochSecond();
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_refresh", "secret", expirationRefresh);
    JSONObject content = new JSONObject();
    content.put("access_token", "this_is_access_token");
    content.put("refresh_token", "this_is_a_fresh_refresh_token");
    content.put("token_type", "BEARER");
    gen3VM.stubFor(post("/").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.post().uri(uriBuilder -> uriBuilder.path(fenceRefreshUri).queryParam("fence", "gen3").build()).accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isOk().expectBody().jsonPath("$.access_token").value(o -> assertThat(o).isEqualTo("this_is_access_token")).jsonPath("$.refresh_token").value(o -> assertThat(o).isEqualTo("this_is_a_fresh_refresh_token"));
    val accessSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_access", null, null)).get();
    assertThat(accessSecret).isNotNull();
    assertThat(accessSecret.getSecret()).isEqualTo("encrypted_this_is_access_token");
    val refreshSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_refresh", null, null)).get();
    assertThat(refreshSecret).isNotNull();
    assertThat(refreshSecret.getSecret()).isEqualTo("encrypted_this_is_a_fresh_refresh_token");
    assertThat(refreshSecret.getExpiration()).isEqualTo(expirationRefresh);
}
Also used : lombok.val(lombok.val) Instant.now(java.time.Instant.now) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) DynamicPropertySource(org.springframework.test.context.DynamicPropertySource) MediaType(org.springframework.http.MediaType) lombok.val(lombok.val) DynamicPropertyRegistry(org.springframework.test.context.DynamicPropertyRegistry) WireMock.ok(com.github.tomakehurst.wiremock.client.WireMock.ok) WireMockExtension(com.github.tomakehurst.wiremock.junit5.WireMockExtension) Test(org.junit.jupiter.api.Test) ExecutionException(java.util.concurrent.ExecutionException) Secret(io.kidsfirst.core.model.Secret) Slf4j(lombok.extern.slf4j.Slf4j) ChronoUnit(java.time.temporal.ChronoUnit) WireMockConfiguration.wireMockConfig(com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig) BeforeAll(org.junit.jupiter.api.BeforeAll) RegisterExtension(org.junit.jupiter.api.extension.RegisterExtension) WireMock.post(com.github.tomakehurst.wiremock.client.WireMock.post) AssertionsForClassTypes.assertThat(org.assertj.core.api.AssertionsForClassTypes.assertThat) Secret(io.kidsfirst.core.model.Secret) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 44 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class KeyStoreTests method testKeyStoreDELETE.

@Test
void testKeyStoreDELETE() throws ExecutionException, InterruptedException {
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("cavatica", "my_secret");
    JSONObject body = new JSONObject();
    body.put("service", "cavatica");
    webClient.method(HttpMethod.DELETE).uri(keyStoreUri).accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).bodyValue(body.toJSONString()).exchange().expectStatus().isOk();
    val secret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "cavatica", null, null)).get();
    assertThat(secret).isNull();
}
Also used : lombok.val(lombok.val) Secret(io.kidsfirst.core.model.Secret) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 45 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project ProxyPass by CloudburstMC.

the class UpstreamPacketHandler method handle.

@Override
public boolean handle(LoginPacket packet) {
    int protocolVersion = packet.getProtocolVersion();
    if (protocolVersion != ProxyPass.PROTOCOL_VERSION) {
        PlayStatusPacket status = new PlayStatusPacket();
        if (protocolVersion > ProxyPass.PROTOCOL_VERSION) {
            status.setStatus(PlayStatusPacket.Status.LOGIN_FAILED_SERVER_OLD);
        } else {
            status.setStatus(PlayStatusPacket.Status.LOGIN_FAILED_CLIENT_OLD);
        }
    }
    session.setPacketCodec(ProxyPass.CODEC);
    JsonNode certData;
    try {
        certData = ProxyPass.JSON_MAPPER.readTree(packet.getChainData().toByteArray());
    } catch (IOException e) {
        throw new RuntimeException("Certificate JSON can not be read.");
    }
    JsonNode certChainData = certData.get("chain");
    if (certChainData.getNodeType() != JsonNodeType.ARRAY) {
        throw new RuntimeException("Certificate data is not valid");
    }
    chainData = (ArrayNode) certChainData;
    boolean validChain;
    try {
        validChain = validateChainData(certChainData);
        log.debug("Is player data valid? {}", validChain);
        JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
        JsonNode payload = ProxyPass.JSON_MAPPER.readTree(jwt.getPayload().toBytes());
        if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
            throw new RuntimeException("AuthData was not found!");
        }
        extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData");
        this.authData = new AuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID"));
        if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
            throw new RuntimeException("Identity Public Key was not found!");
        }
        ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
        JWSObject clientJwt = JWSObject.parse(packet.getSkinData().toString());
        verifyJwt(clientJwt, identityPublicKey);
        skinData = new JSONObject(clientJwt.getPayload().toJSONObject());
        initializeProxySession();
    } catch (Exception e) {
        session.disconnect("disconnectionScreen.internalError.cantConnect");
        throw new RuntimeException("Unable to complete login", e);
    }
    return true;
}
Also used : PlayStatusPacket(com.nukkitx.protocol.bedrock.packet.PlayStatusPacket) ECPublicKey(java.security.interfaces.ECPublicKey) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) JsonNode(com.fasterxml.jackson.databind.JsonNode) IOException(java.io.IOException) JWSObject(com.nimbusds.jose.JWSObject) JOSEException(com.nimbusds.jose.JOSEException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) IOException(java.io.IOException)

Aggregations

JSONObject (com.nimbusds.jose.shaded.json.JSONObject)52 lombok.val (lombok.val)22 Test (org.junit.jupiter.api.Test)21 Secret (io.kidsfirst.core.model.Secret)10 JSONArray (com.nimbusds.jose.shaded.json.JSONArray)9 Map (java.util.Map)5 Slf4j (lombok.extern.slf4j.Slf4j)5 JWSObject (com.nimbusds.jose.JWSObject)4 FenceService (io.kidsfirst.core.service.FenceService)4 SecretService (io.kidsfirst.core.service.SecretService)4 ResponseEntity (org.springframework.http.ResponseEntity)4 JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)4 org.springframework.web.bind.annotation (org.springframework.web.bind.annotation)4 IOException (java.io.IOException)3 ECPublicKey (java.security.interfaces.ECPublicKey)3 Flux (reactor.core.publisher.Flux)3 Mono (reactor.core.publisher.Mono)3 JsonNode (com.fasterxml.jackson.databind.JsonNode)2 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2 URI (java.net.URI)2