Examples with JwtsSigningKeyResolver com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver used on opensource projects

Search in sources :

Example 21 with JwtsSigningKeyResolver

use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.

the class AccessTokenTest method testAccessTokenWithMismatchX509Cert.

@Test
public void testAccessTokenWithMismatchX509Cert() throws IOException {
    long now = System.currentTimeMillis() / 1000;
    AccessToken accessToken = createAccessToken(now);
    // now get the signed token
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    // now verify our signed token
    JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
    resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
    // use a different cert than one used for signing
    Path path = Paths.get("src/test/resources/rsa_public_x509.cert");
    String certStr = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(certStr);
    try {
        new AccessToken(accessJws, resolver, cert);
        fail();
    } catch (CryptoException ex) {
        assertTrue(ex.getMessage().contains("X.509 Certificate Confirmation failure"));
    }
}
Also used : Path(java.nio.file.Path) PrivateKey(java.security.PrivateKey) MockJwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver) JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver) CryptoException(com.yahoo.athenz.auth.util.CryptoException) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 22 with JwtsSigningKeyResolver

use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.

the class AccessTokenTest method testAccessTokenSignedTokenConfigFileNoKeys.

void testAccessTokenSignedTokenConfigFileNoKeys(final String confPath) {
    long now = System.currentTimeMillis() / 1000;
    AccessToken accessToken = createAccessToken(now);
    // now get the signed token
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey99", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    // now verify our signed token
    final String oldConf = System.setProperty(JwtsSigningKeyResolver.ZTS_PROP_ATHENZ_CONF, confPath);
    JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
    try {
        new AccessToken(accessJws, resolver);
        fail();
    } catch (Exception ignored) {
    }
    resetConfProperty(oldConf);
}
Also used : PrivateKey(java.security.PrivateKey) MockJwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver) JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver) IOException(java.io.IOException) CryptoException(com.yahoo.athenz.auth.util.CryptoException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 23 with JwtsSigningKeyResolver

use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.

the class AccessTokenTest method testConfirmX509CertMismatchProxyPrincipal.

@Test
public void testConfirmX509CertMismatchProxyPrincipal() throws IOException {
    long now = System.currentTimeMillis() / 1000;
    AccessToken accessToken = createAccessToken(now);
    accessToken.setConfirmProxyPrincipalSpiffeUris(Collections.singletonList("spiffe://athenz/sports/service1"));
    // now get the signed token
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    // now verify our signed token
    JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
    resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
    Path path = Paths.get("src/test/resources/x509_altnames_singleuri.cert");
    String certStr = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(certStr);
    try {
        new AccessToken(accessJws, resolver, cert);
        fail();
    } catch (CryptoException ex) {
        assertTrue(ex.getMessage().contains("Confirmation failure"));
    }
}
Also used : Path(java.nio.file.Path) PrivateKey(java.security.PrivateKey) MockJwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver) JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver) CryptoException(com.yahoo.athenz.auth.util.CryptoException) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 24 with JwtsSigningKeyResolver

use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.

the class AccessTokenTest method testConfirmX509CertInvalidEmptyProxyPrincipal.

@Test
public void testConfirmX509CertInvalidEmptyProxyPrincipal() throws IOException {
    long now = System.currentTimeMillis() / 1000;
    AccessToken accessToken = createAccessToken(now);
    accessToken.setConfirmProxyPrincipalSpiffeUris(Collections.emptyList());
    // now get the signed token
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    // now verify our signed token
    JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
    resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
    Path path = Paths.get("src/test/resources/x509_altnames_singleuri.cert");
    String certStr = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(certStr);
    try {
        new AccessToken(accessJws, resolver, cert);
        fail();
    } catch (CryptoException ex) {
        assertTrue(ex.getMessage().contains("Confirmation failure"));
    }
}
Also used : Path(java.nio.file.Path) PrivateKey(java.security.PrivateKey) MockJwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver) JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver) CryptoException(com.yahoo.athenz.auth.util.CryptoException) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 25 with JwtsSigningKeyResolver

use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.

the class AccessTokenTest method testConfirmX509CertInvalidProxyPrincipalDetails.

@Test
public void testConfirmX509CertInvalidProxyPrincipalDetails() throws IOException {
    long now = System.currentTimeMillis() / 1000;
    AccessToken accessToken = createAccessToken(now);
    accessToken.setConfirmEntry("proxy-principals#spiffe", "spiffe://athenz/sports/service1");
    // now get the signed token
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    // now verify our signed token
    JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
    resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
    Path path = Paths.get("src/test/resources/x509_altnames_singleuri.cert");
    String certStr = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(certStr);
    try {
        new AccessToken(accessJws, resolver, cert);
        fail();
    } catch (CryptoException ex) {
        assertTrue(ex.getMessage().contains("Confirmation failure"));
    }
}
Also used : Path(java.nio.file.Path) PrivateKey(java.security.PrivateKey) MockJwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver) JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver) CryptoException(com.yahoo.athenz.auth.util.CryptoException) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Aggregations

JwtsSigningKeyResolver (com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)25 Test (org.testng.annotations.Test)18 PrivateKey (java.security.PrivateKey)17 MockJwtsSigningKeyResolver (com.yahoo.athenz.auth.token.jwts.MockJwtsSigningKeyResolver)14 Path (java.nio.file.Path)10 CryptoException (com.yahoo.athenz.auth.util.CryptoException)9 X509Certificate (java.security.cert.X509Certificate)9 IOException (java.io.IOException)4 PublicKey (java.security.PublicKey)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 Principal (com.yahoo.athenz.auth.Principal)1 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)1 AccessToken (com.yahoo.athenz.auth.token.AccessToken)1 IdToken (com.yahoo.athenz.auth.token.IdToken)1 JwtsHelper (com.yahoo.athenz.auth.token.jwts.JwtsHelper)1 ResourceException (com.yahoo.athenz.instance.provider.ResourceException)1 AccessTokenTestFileHelper.setupInvalidTokenFile (com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupInvalidTokenFile)1 AccessTokenTestFileHelper.setupTokenFile (com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupTokenFile)1 BeforeMethod (org.testng.annotations.BeforeMethod)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial