Examples with SecurityEnvironment io.helidon.security.SecurityEnvironment used on opensource projects

Example 46 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignatureTest method testSignRsa.

@Test
public void testSignRsa() {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    headers.put("DATE", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("Authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    headers.put("host", List.of("example.org"));
    SecurityEnvironment env = buildSecurityEnv("/my/resource", headers);
    OutboundTargetDefinition outboundDef = OutboundTargetDefinition.builder("rsa-key-12345").privateKeyConfig(KeyConfig.keystoreBuilder().keystore(Resource.create(Paths.get("src/test/resources/keystore.p12"))).keystorePassphrase("password".toCharArray()).keyAlias("myPrivateKey").build()).signedHeaders(SignedHeadersConfig.builder().defaultConfig(SignedHeadersConfig.HeadersConfig.create(List.of("date", "host", "(request-target)", "authorization"))).build()).build();
    HttpSignature signature = HttpSignature.sign(env, outboundDef, new HashMap<>(), false);
    assertThat(signature.getBase64Signature(), is("ptxE46kM/gV8L6Q0jcrY5Sxet7vy/rqldwxJfWT5ncbALbwvr4puc3/M0q8pT/srI/bLvtPPZxQN9flaWyHo2ieypRSRZe5/2FrcME" + "+XuGNOu9BVJlCrALgLwi2VGJ3i2BIH2EvpLqF4TmM7AHIn/E6trWf30Kr90sTrk1ewx7kJ0bPVfY6Pv1mJpuA4MVr" + "++BvvXMuGooMI+nepToPlseGgtnYMJPuTRwZJbTLo02yN1rKnRZauCxCCd0bgi9zhJRlXFuoLzthCgqHElCXVXrW" + "+ZGACUaRDC+XawXg6eyMWp6GVegS/NVRnaqEkBsl0hn7X/dmEXDDERyK66qn0WA=="));
}

Example 47 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignatureTestOld method testSignHmacAddHeaders.

@Test
public void testSignHmacAddHeaders() {
    SecurityEnvironment env = SecurityEnvironment.builder().targetUri(URI.create("http://localhost/test/path")).build();
    OutboundTargetDefinition outboundDef = OutboundTargetDefinition.builder("myServiceKeyId").hmacSecret("MyPasswordForHmac").signedHeaders(SignedHeadersConfig.builder().defaultConfig(SignedHeadersConfig.HeadersConfig.create(List.of("date", "host"))).build()).build();
    // just make sure this does not throw an exception for missing headers
    HttpSignature.sign(env, outboundDef, new HashMap<>(), true);
}

Example 48 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignatureTestOld method testSignRsa.

@Test
public void testSignRsa() {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    headers.put("DATE", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("Authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    headers.put("host", List.of("example.org"));
    SecurityEnvironment env = buildSecurityEnv("/my/resource", headers);
    OutboundTargetDefinition outboundDef = OutboundTargetDefinition.builder("rsa-key-12345").privateKeyConfig(KeyConfig.keystoreBuilder().keystore(Resource.create(Paths.get("src/test/resources/keystore.p12"))).keystorePassphrase("password".toCharArray()).keyAlias("myPrivateKey").build()).signedHeaders(SignedHeadersConfig.builder().defaultConfig(SignedHeadersConfig.HeadersConfig.create(List.of("date", "host", "(request-target)", "authorization"))).build()).build();
    HttpSignature signature = HttpSignature.sign(env, outboundDef, new HashMap<>(), true);
    assertThat(signature.getBase64Signature(), is("Rm5PjuUdJ927esGQ2gm/6QBEM9IM7J5qSZuP8NV8+GXUfboUV6ST2EYLYniFGt5/3BO/2+vqQdqezdTVPr/JCwqBx" + "+9T9ZynG7YqRjKvXzcmvQOu5vQmCK5x/HR0fXU41Pjq+jywsD0k6KdxF6TWr6tvWRbwFet+YSb0088o" + "/65Xeqghw7s0vShf7jPZsaaIHnvM9SjWgix9VvpdEn4NDvqhebieVD3Swb1VG5+/7ECQ9VAlX30U5" + "/jQ5hPO3yuvRlg5kkMjJiN7tf/68If/5O2Z4H+7VmW0b1U69/JoOQJA0av1gCX7HVfa" + "/YTCxIK4UFiI6h963q2x7LSkqhdWGA=="));
}

Example 49 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignatureTestOld method testSignHmac.

@Test
public void testSignHmac() {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    headers.put("DATE", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("Authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    headers.put("host", List.of("example.org"));
    SecurityEnvironment env = buildSecurityEnv("/my/resource", headers);
    OutboundTargetDefinition outboundDef = OutboundTargetDefinition.builder("myServiceKeyId").hmacSecret("MyPasswordForHmac").signedHeaders(SignedHeadersConfig.builder().defaultConfig(SignedHeadersConfig.HeadersConfig.create(List.of("date", "host", "(request-target)", "authorization"))).build()).build();
    HttpSignature signature = HttpSignature.sign(env, outboundDef, new HashMap<>(), true);
    assertThat(signature.getBase64Signature(), is("0BcQq9TckrtGvlpHiMxNqMq0vW6dPVTGVDUVDrGwZyI="));
}

Example 50 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class JwtProviderTest method testRsaBothWays.

@Test
public void testRsaBothWays() {
    String username = "user1";
    String userId = "user1-id";
    String email = "user1@example.org";
    String familyName = "Novak";
    String givenName = "Standa";
    String fullName = "Standa Novak";
    Locale locale = Locale.CANADA_FRENCH;
    Principal principal = Principal.builder().name(username).id(userId).addAttribute("email", email).addAttribute("email_verified", true).addAttribute("family_name", familyName).addAttribute("given_name", givenName).addAttribute("full_name", fullName).addAttribute("locale", locale).build();
    Subject subject = Subject.create(principal);
    JwtProvider provider = JwtProvider.create(providersConfig.get("jwt"));
    SecurityContext context = Mockito.mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.of(subject));
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().path("/rsa").transport("http").targetUri(URI.create("http://localhost:8080/rsa")).build();
    EndpointConfig outboundEp = EndpointConfig.create();
    assertThat(provider.isOutboundSupported(request, outboundEnv, outboundEp), is(true));
    OutboundSecurityResponse response = provider.syncOutbound(request, outboundEnv, outboundEp);
    String signedToken = response.requestHeaders().get("Authorization").get(0);
    signedToken = signedToken.substring("bearer ".length());
    // now I want to validate it to prove it was correctly signed
    SignedJwt signedJwt = SignedJwt.parseToken(signedToken);
    signedJwt.verifySignature(verifyKeys).checkValid();
    Jwt jwt = signedJwt.getJwt();
    assertThat(jwt.subject(), is(Optional.of(userId)));
    assertThat(jwt.preferredUsername(), is(Optional.of(username)));
    assertThat(jwt.email(), is(Optional.of(email)));
    assertThat(jwt.emailVerified(), is(Optional.of(true)));
    assertThat(jwt.familyName(), is(Optional.of(familyName)));
    assertThat(jwt.givenName(), is(Optional.of(givenName)));
    assertThat(jwt.fullName(), is(Optional.of(fullName)));
    assertThat(jwt.locale(), is(Optional.of(locale)));
    assertThat(jwt.audience(), is(Optional.of(List.of("audience.application.id"))));
    assertThat(jwt.issuer(), is(Optional.of("jwt.example.com")));
    assertThat(jwt.algorithm(), is(Optional.of(JwkRSA.ALG_RS256)));
    assertThat(jwt.issueTime(), is(not(Optional.empty())));
    jwt.issueTime().ifPresent(instant -> {
        boolean compareResult = Instant.now().minusSeconds(10).compareTo(instant) < 0;
        assertThat("Issue time must not be older than 10 seconds", compareResult, is(true));
        Instant expectedNotBefore = instant.minus(60, ChronoUnit.SECONDS);
        assertThat(jwt.notBefore(), is(Optional.of(expectedNotBefore)));
        Instant expectedExpiry = instant.plus(3600, ChronoUnit.SECONDS);
        assertThat(jwt.expirationTime(), is(Optional.of(expectedExpiry)));
    });
    // now we need to use the same token to invoke authentication
    ProviderRequest atnRequest = mock(ProviderRequest.class);
    SecurityEnvironment se = SecurityEnvironment.builder().header("Authorization", "bearer " + signedToken).build();
    when(atnRequest.env()).thenReturn(se);
    AuthenticationResponse authenticationResponse = provider.syncAuthenticate(atnRequest);
    authenticationResponse.user().map(Subject::principal).ifPresentOrElse(atnPrincipal -> {
        assertThat(atnPrincipal.id(), is(userId));
        assertThat(atnPrincipal.getName(), is(username));
        assertThat(atnPrincipal.abacAttribute("email"), is(Optional.of(email)));
        assertThat(atnPrincipal.abacAttribute("email_verified"), is(Optional.of(true)));
        assertThat(atnPrincipal.abacAttribute("family_name"), is(Optional.of(familyName)));
        assertThat(atnPrincipal.abacAttribute("given_name"), is(Optional.of(givenName)));
        assertThat(atnPrincipal.abacAttribute("full_name"), is(Optional.of(fullName)));
        assertThat(atnPrincipal.abacAttribute("locale"), is(Optional.of(locale)));
    }, () -> fail("User must be present in response"));
}