use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.
the class TestJWTAuthenticationHandler method testValidAudienceJWT.
@Test
public void testValidAudienceJWT() throws Exception {
try {
handler.setPublicKey(publicKey);
Properties props = getProperties();
props.put(JWTAuthenticationHandler.EXPECTED_JWT_AUDIENCES, "bar");
handler.init(props);
SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() + 5000), privateKey);
Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
AuthenticationToken token = handler.alternateAuthenticate(request, response);
Assert.assertEquals("bob", token.getUserName());
} catch (ServletException se) {
fail("alternateAuthentication should NOT have thrown a ServletException");
} catch (AuthenticationException ae) {
fail("alternateAuthentication should NOT have thrown an AuthenticationException");
}
}
use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.
the class TestJWTAuthenticationHandler method testNoPublicKeyJWT.
@Test
public void testNoPublicKeyJWT() throws Exception {
try {
Properties props = getProperties();
handler.init(props);
SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() + 5000), privateKey);
Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
AuthenticationToken token = handler.alternateAuthenticate(request, response);
fail("alternateAuthentication should have thrown a ServletException");
} catch (ServletException se) {
assertTrue(se.getMessage().contains("Public key for signature validation must be provisioned"));
} catch (AuthenticationException ae) {
fail("alternateAuthentication should NOT have thrown a AuthenticationException");
}
}
use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.
the class TestJWTAuthenticationHandler method testNoExpirationJWT.
@Test
public void testNoExpirationJWT() throws Exception {
try {
handler.setPublicKey(publicKey);
Properties props = getProperties();
handler.init(props);
SignedJWT jwt = getJWT("bob", null, privateKey);
Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
AuthenticationToken token = handler.alternateAuthenticate(request, response);
Assert.assertNotNull("Token should not be null.", token);
Assert.assertEquals("bob", token.getUserName());
} catch (ServletException se) {
fail("alternateAuthentication should NOT have thrown a ServletException");
} catch (AuthenticationException ae) {
fail("alternateAuthentication should NOT have thrown a AuthenticationException");
}
}
use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.
the class TestJWTAuthenticationHandler method testInvalidAudienceJWT.
@Test
public void testInvalidAudienceJWT() throws Exception {
try {
handler.setPublicKey(publicKey);
Properties props = getProperties();
props.put(JWTAuthenticationHandler.EXPECTED_JWT_AUDIENCES, "foo");
handler.init(props);
SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() + 5000), privateKey);
Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
AuthenticationToken token = handler.alternateAuthenticate(request, response);
Mockito.verify(response).sendRedirect(REDIRECT_LOCATION);
} catch (ServletException se) {
fail("alternateAuthentication should NOT have thrown a ServletException");
} catch (AuthenticationException ae) {
fail("alternateAuthentication should NOT have thrown a AuthenticationException");
}
}
use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.
the class NimbusJwtDecoderTests method decodeWhenUsingSecertKeyWithKidThenStillUsesKey.
// gh-7056
@Test
public void decodeWhenUsingSecertKeyWithKidThenStillUsesKey() throws Exception {
SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
// @formatter:off
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
// @formatter:on
SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
// @formatter:off
NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}
Aggregations