Example 61 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project cruise-control by linkedin.
the class JwtLoginServiceTest method testRevalidateTokenFails.
@Test
public void testRevalidateTokenFails() throws Exception {
UserStore testUserStore = new UserStore();
testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] { "USER" });
Instant now = Instant.now();
TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER, now.plusSeconds(10).toEpochMilli());
Clock fixedClock = Clock.fixed(now, ZoneOffset.UTC);
JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null, fixedClock);
SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
HttpServletRequest request = mock(HttpServletRequest.class);
expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());
replay(request);
UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
verify(request);
assertNotNull(identity);
assertEquals(TEST_USER, identity.getUserPrincipal().getName());
loginService.setClock(Clock.offset(fixedClock, Duration.ofSeconds(20)));
assertFalse(loginService.validate(identity));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserStore(org.eclipse.jetty.security.UserStore)
Instant(java.time.Instant)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Clock(java.time.Clock)
UserStoreAuthorizationService(com.linkedin.kafka.cruisecontrol.servlet.security.UserStoreAuthorizationService)
Test(org.junit.Test)
Example 62 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project cruise-control by linkedin.
the class JwtLoginServiceTest method testFailExpirationValidation.
@Test
public void testFailExpirationValidation() throws Exception {
UserStore testUserStore = new UserStore();
testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] { "USER" });
TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER, 1L);
JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);
SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
HttpServletRequest request = mock(HttpServletRequest.class);
UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
assertNull(identity);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserStore(org.eclipse.jetty.security.UserStore)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
SignedJWT(com.nimbusds.jwt.SignedJWT)
UserStoreAuthorizationService(com.linkedin.kafka.cruisecontrol.servlet.security.UserStoreAuthorizationService)
Test(org.junit.Test)
Example 63 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project cruise-control by linkedin.
the class JwtLoginServiceTest method testFailAudienceValidation.
@Test
public void testFailAudienceValidation() throws Exception {
UserStore testUserStore = new UserStore();
testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] { "USER" });
TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER, Arrays.asList("A", "B"));
JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), Arrays.asList("C", "D"));
SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
HttpServletRequest request = mock(HttpServletRequest.class);
UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
assertNull(identity);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserStore(org.eclipse.jetty.security.UserStore)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
SignedJWT(com.nimbusds.jwt.SignedJWT)
UserStoreAuthorizationService(com.linkedin.kafka.cruisecontrol.servlet.security.UserStoreAuthorizationService)
Test(org.junit.Test)
Example 64 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project cruise-control by linkedin.
the class JwtLoginServiceTest method testRevalidateTokenPasses.
@Test
public void testRevalidateTokenPasses() throws Exception {
UserStore testUserStore = new UserStore();
testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] { "USER" });
TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);
SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
HttpServletRequest request = mock(HttpServletRequest.class);
expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());
replay(request);
UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
verify(request);
assertNotNull(identity);
assertEquals(TEST_USER, identity.getUserPrincipal().getName());
assertTrue(loginService.validate(identity));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserStore(org.eclipse.jetty.security.UserStore)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
SignedJWT(com.nimbusds.jwt.SignedJWT)
UserStoreAuthorizationService(com.linkedin.kafka.cruisecontrol.servlet.security.UserStoreAuthorizationService)
Test(org.junit.Test)
Example 65 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project cruise-control by linkedin.
the class TokenGenerator method generateToken.
static TokenAndKeys generateToken(String subject, List<String> audience, long expirationTime) throws JOSEException {
RSAKey rsaJwk = new RSAKeyGenerator(2048).keyID("123").generate();
RSAKey rsaPublicJWK = rsaJwk.toPublicJWK();
RSASSASigner signer = new RSASSASigner(rsaJwk);
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build();
JWTClaimsSet.Builder claimsSet = new JWTClaimsSet.Builder().subject(subject).issuer("https://linkedin.com");
if (audience != null) {
claimsSet.audience(audience);
}
if (expirationTime > 0) {
claimsSet.expirationTime(new Date(expirationTime));
} else {
claimsSet.expirationTime(Date.from(Instant.now().plusSeconds(120)));
}
SignedJWT signedJWT = new SignedJWT(header, claimsSet.build());
signedJWT.sign(signer);
return new TokenAndKeys(signedJWT.serialize(), (RSAPrivateKey) signer.getPrivateKey(), rsaPublicJWK.toRSAPublicKey());
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
RSAKeyGenerator(com.nimbusds.jose.jwk.gen.RSAKeyGenerator)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
Date(java.util.Date)
Aggregations
SignedJWT (com.nimbusds.jwt.SignedJWT)204
Test (org.junit.Test)84
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)75
Date (java.util.Date)66
HttpServletRequest (javax.servlet.http.HttpServletRequest)64
HttpServletResponse (javax.servlet.http.HttpServletResponse)54
JWSHeader (com.nimbusds.jose.JWSHeader)53
Properties (java.util.Properties)49
ServletException (javax.servlet.ServletException)46
ParseException (java.text.ParseException)31
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)28
JOSEException (com.nimbusds.jose.JOSEException)25
JWSSigner (com.nimbusds.jose.JWSSigner)21
Cookie (javax.servlet.http.Cookie)21
ArrayList (java.util.ArrayList)15
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)14
SignedJWTInfo (org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)13
Test (org.junit.jupiter.api.Test)12
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)12
Cache (javax.cache.Cache)11
