Example 16 with JwtsSigningKeyResolver
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class IdTokenTest method testIdTokenSignedToken.
@Test
public void testIdTokenSignedToken() {
long now = System.currentTimeMillis() / 1000;
IdToken token = createIdToken(now);
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String idJws = token.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(idJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
IdToken checkToken = new IdToken(idJws, resolver);
validateIdToken(checkToken, now);
}
Also used :
PrivateKey(java.security.PrivateKey)
JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)
Test(org.testng.annotations.Test)
Example 17 with JwtsSigningKeyResolver
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class AccessTokenTest method testAccessTokenWithoutSignedToken.
@Test
public void testAccessTokenWithoutSignedToken() {
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = createAccessToken(now);
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(accessJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
// remove the signature part from the token
int idx = accessJws.lastIndexOf('.');
final String unsignedJws = accessJws.substring(0, idx + 1);
try {
new AccessToken(unsignedJws, resolver);
fail();
} catch (Exception ex) {
assertTrue(ex instanceof UnsupportedJwtException);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
MockJwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver)
JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)
IOException(java.io.IOException)
CryptoException(com.yahoo.athenz.auth.util.CryptoException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Test(org.testng.annotations.Test)
Example 18 with JwtsSigningKeyResolver
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class OAuth2TokenTest method testOauth2TokenWithUnsupportedTypes.
@Test
public void testOauth2TokenWithUnsupportedTypes() {
long now = System.currentTimeMillis() / 1000;
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String token = Jwts.builder().setSubject("subject").setIssuedAt(Date.from(Instant.ofEpochSecond(now))).setExpiration(Date.from(Instant.ofEpochSecond(now))).setIssuer("issuer").setAudience("audience").claim(OAuth2Token.CLAIM_AUTH_TIME, "100000000").claim(OAuth2Token.CLAIM_VERSION, "1.0").setHeaderParam(OAuth2Token.HDR_KEY_ID, "eckey1").signWith(privateKey, SignatureAlgorithm.ES256).compact();
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
OAuth2Token oAuth2Token = new OAuth2Token(token, resolver);
assertEquals(oAuth2Token.getVersion(), 0);
assertEquals(oAuth2Token.getAudience(), "audience");
assertEquals(oAuth2Token.getSubject(), "subject");
assertEquals(oAuth2Token.getIssueTime(), now);
assertEquals(oAuth2Token.getExpiryTime(), now);
assertEquals(oAuth2Token.getNotBeforeTime(), 0);
assertEquals(oAuth2Token.getAuthTime(), 0);
}
Also used :
PrivateKey(java.security.PrivateKey)
JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)
Test(org.testng.annotations.Test)
Example 19 with JwtsSigningKeyResolver
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class OAuth2TokenTest method testOauth2TokenWithoutSignatureWithKeyResolver.
@Test
public void testOauth2TokenWithoutSignatureWithKeyResolver() {
long now = System.currentTimeMillis() / 1000;
String token = Jwts.builder().setSubject("subject").setId("id001").setIssuedAt(Date.from(Instant.ofEpochSecond(now))).setExpiration(Date.from(Instant.ofEpochSecond(now))).setNotBefore(Date.from(Instant.ofEpochSecond(now))).setIssuer("issuer").setAudience("audience").claim(OAuth2Token.CLAIM_AUTH_TIME, now).claim(OAuth2Token.CLAIM_VERSION, 1).compact();
// with resolver argument
PublicKey publicKey = Crypto.loadPublicKey(ecPublicKey);
try {
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", publicKey);
new OAuth2Token(token, resolver);
fail();
} catch (JwtException ignored) {
}
try {
new OAuth2Token(token, publicKey);
fail();
} catch (JwtException ignored) {
}
}
Also used :
PublicKey(java.security.PublicKey)
JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)
Test(org.testng.annotations.Test)
Example 20 with JwtsSigningKeyResolver
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class OAuth2TokenTest method testOauth2TokenWithValidValues.
@Test
public void testOauth2TokenWithValidValues() {
long now = System.currentTimeMillis() / 1000;
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String token = Jwts.builder().setSubject("subject").setId("id001").setIssuedAt(Date.from(Instant.ofEpochSecond(now))).setExpiration(Date.from(Instant.ofEpochSecond(now))).setNotBefore(Date.from(Instant.ofEpochSecond(now))).setIssuer("issuer").setAudience("audience").claim(OAuth2Token.CLAIM_AUTH_TIME, now).claim(OAuth2Token.CLAIM_VERSION, 1).setHeaderParam(OAuth2Token.HDR_KEY_ID, "eckey1").signWith(privateKey, SignatureAlgorithm.ES256).compact();
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
OAuth2Token oAuth2Token = new OAuth2Token(token, resolver);
assertEquals(oAuth2Token.getVersion(), 1);
assertEquals(oAuth2Token.getAudience(), "audience");
assertEquals(oAuth2Token.getSubject(), "subject");
assertEquals(oAuth2Token.getIssueTime(), now);
assertEquals(oAuth2Token.getExpiryTime(), now);
assertEquals(oAuth2Token.getNotBeforeTime(), now);
assertEquals(oAuth2Token.getAuthTime(), now);
assertEquals(oAuth2Token.getJwtId(), "id001");
}
Also used :
PrivateKey(java.security.PrivateKey)
JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)
Test(org.testng.annotations.Test)
Aggregations
JwtsSigningKeyResolver (com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)25
Test (org.testng.annotations.Test)18
PrivateKey (java.security.PrivateKey)17
MockJwtsSigningKeyResolver (com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver)14
Path (java.nio.file.Path)10
CryptoException (com.yahoo.athenz.auth.util.CryptoException)9
X509Certificate (java.security.cert.X509Certificate)9
IOException (java.io.IOException)4
PublicKey (java.security.PublicKey)3
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
Principal (com.yahoo.athenz.auth.Principal)1
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)1
AccessToken (com.yahoo.athenz.auth.token.AccessToken)1
IdToken (com.yahoo.athenz.auth.token.IdToken)1
JwtsHelper (com.yahoo.athenz.auth.token.jwts.JwtsHelper)1
ResourceException (com.yahoo.athenz.instance.provider.ResourceException)1
AccessTokenTestFileHelper.setupInvalidTokenFile (com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupInvalidTokenFile)1
AccessTokenTestFileHelper.setupTokenFile (com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupTokenFile)1
BeforeMethod (org.testng.annotations.BeforeMethod)1
