Search in sources :

Example 36 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.

the class TestJWTAuthenticationHandler method testValidAudienceJWT.

@Test
public void testValidAudienceJWT() throws Exception {
    try {
        handler.setPublicKey(publicKey);
        Properties props = getProperties();
        props.put(JWTAuthenticationHandler.EXPECTED_JWT_AUDIENCES, "bar");
        handler.init(props);
        SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() + 5000), privateKey);
        Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
        AuthenticationToken token = handler.alternateAuthenticate(request, response);
        Assert.assertEquals("bob", token.getUserName());
    } catch (ServletException se) {
        fail("alternateAuthentication should NOT have thrown a ServletException");
    } catch (AuthenticationException ae) {
        fail("alternateAuthentication should NOT have thrown an AuthenticationException");
    }
}
Also used : Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) AuthenticationException(com.hortonworks.registries.auth.client.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 37 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.

the class TestJWTAuthenticationHandler method testNoPublicKeyJWT.

@Test
public void testNoPublicKeyJWT() throws Exception {
    try {
        Properties props = getProperties();
        handler.init(props);
        SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() + 5000), privateKey);
        Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
        AuthenticationToken token = handler.alternateAuthenticate(request, response);
        fail("alternateAuthentication should have thrown a ServletException");
    } catch (ServletException se) {
        assertTrue(se.getMessage().contains("Public key for signature validation must be provisioned"));
    } catch (AuthenticationException ae) {
        fail("alternateAuthentication should NOT have thrown a AuthenticationException");
    }
}
Also used : Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) AuthenticationException(com.hortonworks.registries.auth.client.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 38 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.

the class TestJWTAuthenticationHandler method testNoExpirationJWT.

@Test
public void testNoExpirationJWT() throws Exception {
    try {
        handler.setPublicKey(publicKey);
        Properties props = getProperties();
        handler.init(props);
        SignedJWT jwt = getJWT("bob", null, privateKey);
        Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
        AuthenticationToken token = handler.alternateAuthenticate(request, response);
        Assert.assertNotNull("Token should not be null.", token);
        Assert.assertEquals("bob", token.getUserName());
    } catch (ServletException se) {
        fail("alternateAuthentication should NOT have thrown a ServletException");
    } catch (AuthenticationException ae) {
        fail("alternateAuthentication should NOT have thrown a AuthenticationException");
    }
}
Also used : Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) AuthenticationException(com.hortonworks.registries.auth.client.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Test(org.junit.Test)

Example 39 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.

the class TestJWTAuthenticationHandler method testInvalidAudienceJWT.

@Test
public void testInvalidAudienceJWT() throws Exception {
    try {
        handler.setPublicKey(publicKey);
        Properties props = getProperties();
        props.put(JWTAuthenticationHandler.EXPECTED_JWT_AUDIENCES, "foo");
        handler.init(props);
        SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() + 5000), privateKey);
        Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
        AuthenticationToken token = handler.alternateAuthenticate(request, response);
        Mockito.verify(response).sendRedirect(REDIRECT_LOCATION);
    } catch (ServletException se) {
        fail("alternateAuthentication should NOT have thrown a ServletException");
    } catch (AuthenticationException ae) {
        fail("alternateAuthentication should NOT have thrown a AuthenticationException");
    }
}
Also used : Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) AuthenticationException(com.hortonworks.registries.auth.client.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 40 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenUsingSecertKeyWithKidThenStillUsesKey.

// gh-7056
@Test
public void decodeWhenUsingSecertKeyWithKidThenStillUsesKey() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    // @formatter:off
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
    assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}
Also used : SecretKey(javax.crypto.SecretKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.jupiter.api.Test)

Aggregations

SignedJWT (com.nimbusds.jwt.SignedJWT)137 Date (java.util.Date)51 Test (org.junit.Test)50 HttpServletRequest (javax.servlet.http.HttpServletRequest)47 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)45 HttpServletResponse (javax.servlet.http.HttpServletResponse)44 Properties (java.util.Properties)39 ServletException (javax.servlet.ServletException)39 JWSHeader (com.nimbusds.jose.JWSHeader)30 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)24 Cookie (javax.servlet.http.Cookie)21 ParseException (java.text.ParseException)20 JOSEException (com.nimbusds.jose.JOSEException)19 JWSSigner (com.nimbusds.jose.JWSSigner)14 Test (org.junit.jupiter.api.Test)12 AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)10 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)10 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)10 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10 JWSVerifier (com.nimbusds.jose.JWSVerifier)9