use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.
the class ZTSImplTest method testPostAccessTokenRequestECPrivateKey.
@Test
public void testPostAccessTokenRequestECPrivateKey() {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private_ec.pem");
CloudStore cloudStore = new CloudStore();
cloudStore.setHttpClient(null);
ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
// set back to our zts rsa private key
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processSignedDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:domain");
assertNotNull(resp);
assertEquals("coretech:role.writers", resp.getScope());
String accessTokenStr = resp.getAccess_token();
assertNotNull(accessTokenStr);
Jws<Claims> claims;
try {
claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
} catch (SignatureException e) {
throw new ResourceException(ResourceException.UNAUTHORIZED);
}
assertNotNull(claims);
assertNotNull(claims.getBody().getId());
assertEquals("user_domain.user", claims.getBody().getSubject());
assertEquals("coretech", claims.getBody().getAudience());
assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
List<String> scopes = (List<String>) claims.getBody().get("scp");
assertNotNull(scopes);
assertEquals(1, scopes.size());
assertEquals("writers", scopes.get(0));
assertEquals("writers", claims.getBody().get("scope"));
}
use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.
the class ZTSImplTest method testPostAccessTokenRequestWithAuthorizationDetails.
@Test
public void testPostAccessTokenRequestWithAuthorizationDetails() {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
CloudStore cloudStore = new CloudStore();
cloudStore.setHttpClient(null);
ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
// set back to our zts rsa private key
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processSignedDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
final String authzDetails = "[{\"type\":\"message_access\",\"location\":[\"https://location1\"," + "\"https://location2\"],\"identifier\":\"id1\"}]";
AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
assertNotNull(resp);
assertNull(resp.getScope());
final String accessTokenStr = resp.getAccess_token();
Jws<Claims> claims;
try {
claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
} catch (SignatureException e) {
throw new ResourceException(ResourceException.UNAUTHORIZED);
}
assertNotNull(claims);
assertEquals("coretech", claims.getBody().getAudience());
assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
List<String> scopes = (List<String>) claims.getBody().get("scp");
assertNotNull(scopes);
assertEquals(1, scopes.size());
assertEquals("writers", scopes.get(0));
assertEquals(authzDetails, claims.getBody().get("authorization_details"));
}
use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.
the class ZTSImplTest method testPostAccessTokenRequestWithSystemAuthorizationDetails.
@Test
public void testPostAccessTokenRequestWithSystemAuthorizationDetails() {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
System.setProperty(ZTSConsts.ZTS_PROP_SYSTEM_AUTHZ_DETAILS_PATH, "src/test/resources/system_single_authz_details.json");
CloudStore cloudStore = new CloudStore();
cloudStore.setHttpClient(null);
ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
// set back to our zts rsa private key and clear authz details path
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
System.clearProperty(ZTSConsts.ZTS_PROP_SYSTEM_AUTHZ_DETAILS_PATH);
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processSignedDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
// first role based match
String authzDetails = "[{\"type\":\"message_access\",\"location\":[\"https://location1\"," + "\"https://location2\"],\"identifier\":\"id1\"}]";
AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
assertNotNull(resp);
assertNull(resp.getScope());
String accessTokenStr = resp.getAccess_token();
Jws<Claims> claims;
try {
claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
} catch (SignatureException e) {
throw new ResourceException(ResourceException.UNAUTHORIZED);
}
assertNotNull(claims);
assertEquals("coretech", claims.getBody().getAudience());
assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
List<String> scopes = (List<String>) claims.getBody().get("scp");
assertNotNull(scopes);
assertEquals(1, scopes.size());
assertEquals("writers", scopes.get(0));
assertEquals(authzDetails, claims.getBody().get("authorization_details"));
// next system based match
authzDetails = "[{\"type\":\"proxy_access\",\"principal\":[\"spiffe://athenz/sa/api\"]}]";
resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
assertNotNull(resp);
assertNull(resp.getScope());
accessTokenStr = resp.getAccess_token();
try {
claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
} catch (SignatureException e) {
throw new ResourceException(ResourceException.UNAUTHORIZED);
}
assertNotNull(claims);
assertEquals("coretech", claims.getBody().getAudience());
assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
assertEquals(authzDetails, claims.getBody().get("authorization_details"));
// now match both - role and system based authz details
authzDetails = "[{\"type\":\"message_access\",\"location\":[\"https://location1\"," + "\"https://location2\"],\"identifier\":\"id1\"}," + "{\"type\":\"proxy_access\",\"principal\":[\"spiffe://athenz.proxy/sa/api\"]}]";
resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
assertNotNull(resp);
assertNull(resp.getScope());
accessTokenStr = resp.getAccess_token();
try {
claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
} catch (SignatureException e) {
throw new ResourceException(ResourceException.UNAUTHORIZED);
}
assertNotNull(claims);
assertEquals("coretech", claims.getBody().getAudience());
assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
assertEquals(authzDetails, claims.getBody().get("authorization_details"));
}
use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.
the class ZTSImplTest method testGetOIDCResponseNoRulesGroups.
@Test
public void testGetOIDCResponseNoRulesGroups() {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
CloudStore cloudStore = new CloudStore();
cloudStore.setHttpClient(null);
ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
// set back to our zts rsa private key
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
SignedDomain signedDomain = createSignedDomain("coretech", "sports", "api", true);
store.processSignedDomain(signedDomain, false);
Response response = ztsImpl.getOIDCResponse(context, "id_token", "coretech.api", "https://localhost:4443/zts", "openid", null, "nonce", "RSA");
assertEquals(response.getStatus(), ResourceException.FOUND);
String location = response.getHeaderString("Location");
int idx = location.indexOf("#id_token=");
String idToken = location.substring(idx + 10);
Jws<Claims> claims;
try {
claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(idToken);
} catch (SignatureException e) {
throw new ResourceException(ResourceException.UNAUTHORIZED);
}
assertNotNull(claims);
assertEquals("user_domain.user", claims.getBody().getSubject());
assertEquals("coretech.api", claims.getBody().getAudience());
assertEquals(ztsImpl.ztsOpenIDIssuer, claims.getBody().getIssuer());
List<String> groups = (List<String>) claims.getBody().get("groups");
assertNull(groups);
}
use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.
the class ZTSImplTest method testPostAccessTokenRequestProxyUser.
@Test
public void testPostAccessTokenRequestProxyUser() {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
CloudStore cloudStore = new CloudStore();
cloudStore.setHttpClient(null);
ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
// set back to our zts rsa private key
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
List<RoleMember> writers = new ArrayList<>();
writers.add(new RoleMember().setMemberName("user_domain.proxy-user1"));
writers.add(new RoleMember().setMemberName("user_domain.joe"));
List<RoleMember> readers = new ArrayList<>();
readers.add(new RoleMember().setMemberName("user_domain.proxy-user2"));
readers.add(new RoleMember().setMemberName("user_domain.jane"));
SignedDomain signedDomain = createSignedDomain("coretech-proxy2", "weather-proxy2", "storage", writers, readers, true);
store.processSignedDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "proxy-user1", "v=U1;d=user_domain;n=proxy-user1;s=sig", 0, null);
ResourceContext context = createResourceContext(principal);
AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech-proxy2:domain&proxy_for_principal=user_domain.joe");
assertNotNull(resp);
assertEquals("coretech-proxy2:role.writers", resp.getScope());
String accessTokenStr = resp.getAccess_token();
assertNotNull(accessTokenStr);
Jws<Claims> claims;
try {
claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
} catch (SignatureException e) {
throw new ResourceException(ResourceException.UNAUTHORIZED);
}
assertNotNull(claims);
assertEquals("user_domain.joe", claims.getBody().getSubject());
assertEquals("user_domain.proxy-user1", claims.getBody().get("proxy"));
assertEquals("coretech-proxy2", claims.getBody().getAudience());
assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
List<String> scopes = (List<String>) claims.getBody().get("scp");
assertNotNull(scopes);
assertEquals(1, scopes.size());
assertEquals("writers", scopes.get(0));
}
Aggregations