Search in sources :

Example 16 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class LogHeadersPolicyTest method testLogHeadersHappyFlow.

/**
 * A simple happy flow test to verify the policy does not blow up in our face.
 */
@Test
@Configuration("{ \"direction\" : \"both\", \"logStatusCode\" : true }")
public void testLogHeadersHappyFlow() throws PolicyFailureError, Throwable {
    PrintStream out = System.out;
    ByteArrayOutputStream testOutput = new ByteArrayOutputStream();
    System.setOut(new PrintStream(testOutput));
    try {
        PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource").header("X-Test-Name", "testGet"));
        Assert.assertEquals(200, response.code());
        EchoResponse entity = response.entity(EchoResponse.class);
        Assert.assertEquals("testGet", entity.getHeaders().get("X-Test-Name"));
        String output = testOutput.toString("UTF-8");
        output = redactDates(output);
        output = normalize(output);
        String expected = "INFO: Logging 1 HTTP Request headers for io.apiman.test.policies.EchoBackEndApi\n" + "Key : X-Test-Name, Value : testGet\n" + "INFO: Status code 200 for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Logging 4 HTTP Response headers for io.apiman.test.policies.EchoBackEndApi\n" + "Key : Content-Length, Value : 199\n" + "Key : Content-Type, Value : application/json\n" + "Key : Date, Value : XXX\n" + "Key : Server, Value : apiman.policy-test\n" + "";
        Assert.assertEquals(expected, output);
    } finally {
        System.setOut(out);
    }
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PrintStream(java.io.PrintStream) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 17 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method unsignedValidTokenQueryParam.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void unsignedValidTokenQueryParam() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").query("access_token", unsignedToken());
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 18 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method signedValidToken.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": true,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": false,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidToken() throws Throwable {
    String authVal = "Bearer " + signedToken(PRIVATE_KEY_PEM);
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, authVal);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    // Ensure we didn't remove the header and it has remained unchanged
    Assert.assertEquals(authVal, echo.getHeaders().get(AUTHORIZATION));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 19 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method signedValidTokenWithJwksAndExpireCache.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": true,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": false,\n" + "  \"signingKeyString\": \"http://127.0.0.1:1080/jwks.json\", \n" + "  \"kid\": \"null\", \n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidTokenWithJwksAndExpireCache() throws Throwable {
    // First request with first jwk(s)
    String authVal = "Bearer " + signedToken(PRIVATE_KEY_PEM);
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, authVal);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    // Ensure we didn't remove the header and it has remained unchanged
    Assert.assertEquals(authVal, echo.getHeaders().get(AUTHORIZATION));
    // Second request will fail because jwk(s) has changed and we have to invalidate the cache
    authVal = "Bearer " + signedToken(PRIVATE_KEY_PEM_2);
    request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, authVal);
    try {
        send(request);
        // we should never get a valid response
        Assert.fail("Valid response instead of exception");
    } catch (Exception e) {
        assert true;
    }
    // Update jwk(s) on mockserver
    mockServerClient.reset();
    RSAPublicKey rsa = getPublicRsaKey(PUBLIC_KEY_PEM_2);
    mockServerClient.when(request().withMethod("GET").withPath("/jwks.json")).respond(response().withStatusCode(200).withBody("{\"keys\": [\n" + "    {\n" + "      \"kid\": null,\n" + "      \"e\": \"" + Base64.getUrlEncoder().encodeToString(rsa.getPublicExponent().toByteArray()) + "\",\n" + "      \"n\": \"" + Base64.getUrlEncoder().encodeToString(rsa.getModulus().toByteArray()) + "\",\n" + "      \"kty\":\"RSA\",\n" + "      \"alg\": \"RS256\"\n" + "    }\n" + "  ]\n" + "}"));
    // Send request again and it will pass
    authVal = "Bearer " + signedToken(PRIVATE_KEY_PEM_2);
    request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, authVal);
    response = send(request);
    echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    // Ensure we didn't remove the header and it has remained unchanged
    Assert.assertEquals(authVal, echo.getHeaders().get(AUTHORIZATION));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) RSAPublicKey(java.security.interfaces.RSAPublicKey) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 20 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldForwardClaimsAsHeaders.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"aride\" }],\n" + "  \"forwardAuthInfo\": [{ \"header\": \"X-Foo\", \"field\": \"sub\" }]\n" + "}")
public void shouldForwardClaimsAsHeaders() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + Jwts.builder().setSubject("aride").compact());
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    Assert.assertEquals("aride", echo.getHeaders().get("X-Foo"));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Aggregations

EchoResponse (io.apiman.test.common.mock.EchoResponse)25 ApimanPolicyTest (io.apiman.test.policies.ApimanPolicyTest)23 Configuration (io.apiman.test.policies.Configuration)23 PolicyTestResponse (io.apiman.test.policies.PolicyTestResponse)23 Test (org.junit.Test)23 PolicyTestRequest (io.apiman.test.policies.PolicyTestRequest)18 PolicyFailure (io.apiman.gateway.engine.beans.PolicyFailure)7 PolicyFailureError (io.apiman.test.policies.PolicyFailureError)7 HashSet (java.util.HashSet)6 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 PrintStream (java.io.PrintStream)3 ApiResponse (io.apiman.gateway.engine.beans.ApiResponse)1 IOException (java.io.IOException)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 Date (java.util.Date)1