use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class IdTokenTest method testIdTokenSignedToken.
@Test
public void testIdTokenSignedToken() {
long now = System.currentTimeMillis() / 1000;
IdToken token = createIdToken(now);
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String idJws = token.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(idJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
IdToken checkToken = new IdToken(idJws, resolver);
validateIdToken(checkToken, now);
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class AccessTokenTest method testAccessTokenWithoutSignedToken.
@Test
public void testAccessTokenWithoutSignedToken() {
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = createAccessToken(now);
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(accessJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
// remove the signature part from the token
int idx = accessJws.lastIndexOf('.');
final String unsignedJws = accessJws.substring(0, idx + 1);
try {
new AccessToken(unsignedJws, resolver);
fail();
} catch (Exception ex) {
assertTrue(ex instanceof UnsupportedJwtException);
}
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class OAuth2TokenTest method testOauth2TokenWithUnsupportedTypes.
@Test
public void testOauth2TokenWithUnsupportedTypes() {
long now = System.currentTimeMillis() / 1000;
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String token = Jwts.builder().setSubject("subject").setIssuedAt(Date.from(Instant.ofEpochSecond(now))).setExpiration(Date.from(Instant.ofEpochSecond(now))).setIssuer("issuer").setAudience("audience").claim(OAuth2Token.CLAIM_AUTH_TIME, "100000000").claim(OAuth2Token.CLAIM_VERSION, "1.0").setHeaderParam(OAuth2Token.HDR_KEY_ID, "eckey1").signWith(privateKey, SignatureAlgorithm.ES256).compact();
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
OAuth2Token oAuth2Token = new OAuth2Token(token, resolver);
assertEquals(oAuth2Token.getVersion(), 0);
assertEquals(oAuth2Token.getAudience(), "audience");
assertEquals(oAuth2Token.getSubject(), "subject");
assertEquals(oAuth2Token.getIssueTime(), now);
assertEquals(oAuth2Token.getExpiryTime(), now);
assertEquals(oAuth2Token.getNotBeforeTime(), 0);
assertEquals(oAuth2Token.getAuthTime(), 0);
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class OAuth2TokenTest method testOauth2TokenWithoutSignatureWithKeyResolver.
@Test
public void testOauth2TokenWithoutSignatureWithKeyResolver() {
long now = System.currentTimeMillis() / 1000;
String token = Jwts.builder().setSubject("subject").setId("id001").setIssuedAt(Date.from(Instant.ofEpochSecond(now))).setExpiration(Date.from(Instant.ofEpochSecond(now))).setNotBefore(Date.from(Instant.ofEpochSecond(now))).setIssuer("issuer").setAudience("audience").claim(OAuth2Token.CLAIM_AUTH_TIME, now).claim(OAuth2Token.CLAIM_VERSION, 1).compact();
// with resolver argument
PublicKey publicKey = Crypto.loadPublicKey(ecPublicKey);
try {
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", publicKey);
new OAuth2Token(token, resolver);
fail();
} catch (JwtException ignored) {
}
try {
new OAuth2Token(token, publicKey);
fail();
} catch (JwtException ignored) {
}
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class OAuth2TokenTest method testOauth2TokenWithValidValues.
@Test
public void testOauth2TokenWithValidValues() {
long now = System.currentTimeMillis() / 1000;
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String token = Jwts.builder().setSubject("subject").setId("id001").setIssuedAt(Date.from(Instant.ofEpochSecond(now))).setExpiration(Date.from(Instant.ofEpochSecond(now))).setNotBefore(Date.from(Instant.ofEpochSecond(now))).setIssuer("issuer").setAudience("audience").claim(OAuth2Token.CLAIM_AUTH_TIME, now).claim(OAuth2Token.CLAIM_VERSION, 1).setHeaderParam(OAuth2Token.HDR_KEY_ID, "eckey1").signWith(privateKey, SignatureAlgorithm.ES256).compact();
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
OAuth2Token oAuth2Token = new OAuth2Token(token, resolver);
assertEquals(oAuth2Token.getVersion(), 1);
assertEquals(oAuth2Token.getAudience(), "audience");
assertEquals(oAuth2Token.getSubject(), "subject");
assertEquals(oAuth2Token.getIssueTime(), now);
assertEquals(oAuth2Token.getExpiryTime(), now);
assertEquals(oAuth2Token.getNotBeforeTime(), now);
assertEquals(oAuth2Token.getAuthTime(), now);
assertEquals(oAuth2Token.getJwtId(), "id001");
}
Aggregations