Search in sources :

Example 1 with OpenIDConnectAuthenticator

use of io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator in project java by kubernetes-client.

the class OpenIDConnectAuthenticationTest method testTokenExpiredHasExpired.

@Test
public void testTokenExpiredHasExpired() throws InvalidKeySpecException, NoSuchAlgorithmException, Exception {
    OpenIDConnectAuthenticator oidcAuth = new OpenIDConnectAuthenticator();
    Map<String, Object> config = new HashMap<String, Object>();
    KeyStore ks = KeyStore.getInstance("PKCS12");
    ks.load(new FileInputStream(OIDC_KS_PATH), OIDC_KS_PASSWORD);
    String jwt = TestUtils.generateJWT("someuser", "https://some.domain.nowhere", (PrivateKey) ks.getKey("oidc-sig", OIDC_KS_PASSWORD), TestUtils.DateOptions.Past);
    config.put(OpenIDConnectAuthenticator.OIDC_ID_TOKEN, jwt);
    assertTrue(oidcAuth.isExpired(config));
}
Also used : OpenIDConnectAuthenticator(io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator) HashMap(java.util.HashMap) JSONObject(org.jose4j.json.internal.json_simple.JSONObject) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) Test(org.junit.Test)

Example 2 with OpenIDConnectAuthenticator

use of io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator in project java by kubernetes-client.

the class OpenIDConnectAuthenticationTest method testRefreshUnauthorized.

@Test(expected = RuntimeException.class)
public void testRefreshUnauthorized() throws Exception {
    KeyStore ks = KeyStore.getInstance("PKCS12");
    ks.load(new FileInputStream(OIDC_KS_PATH), OIDC_KS_PASSWORD);
    String refreshedJWT = TestUtils.generateJWT("someuser", "https://localhost:" + PORT, (PrivateKey) ks.getKey("oidc-sig", OIDC_KS_PASSWORD), TestUtils.DateOptions.Now);
    stubFor(get("/.well-known/openid-configuration").willReturn(aResponse().withStatus(200).withBody("{\"issuer\":\"https://localhost:8043\",\"authorization_endpoint\":\"https://localhost:8043/auth\",\"token_endpoint\":\"https://localhost:8043/token\",\"userinfo_endpoint\":\"https://localhost:8043/userinfo\",\"revocation_endpoint\":\"https://localhost:8043/revoke\",\"jwks_uri\":\"https://localhost:8043/certs\",\"response_types_supported\":[\"code\",\"token\",\"id_token\",\"code token\",\"code id_token\",\"token id_token\",\"code token id_token\",\"none\"],\"subject_types_supported\":[\"public\"],\"id_token_signing_alg_values_supported\":[\"RS256\"],\"scopes_supported\":[\"openid\",\"email\",\"profile\"],\"token_endpoint_auth_methods_supported\":[\"client_secret_post\"],\"claims_supported\":[\"sub\",\"aud\",\"iss\",\"exp\",\"sub\",\"name\",\"groups\",\"preferred_username\",\"email\"],\"code_challenge_methods_supported\":[\"plain\",\"S256\"]}")));
    JSONObject respToken = new JSONObject();
    respToken.put("id_token", refreshedJWT);
    respToken.put("refresh_token", "new_refresh_token");
    stubFor(post("/token").willReturn(aResponse().withStatus(401)));
    OpenIDConnectAuthenticator oidcAuth = new OpenIDConnectAuthenticator();
    Map<String, Object> config = new HashMap<String, Object>();
    KeyStore serverKs = KeyStore.getInstance("JKS");
    serverKs.load(new FileInputStream(OIDC_SERVER_KS_PATH), OIDC_KS_PASSWORD);
    String jwt = TestUtils.generateJWT("someuser", "https://localhost:" + PORT, (PrivateKey) ks.getKey("oidc-sig", OIDC_KS_PASSWORD), TestUtils.DateOptions.Past);
    config.put(OpenIDConnectAuthenticator.OIDC_ID_TOKEN, jwt);
    config.put(OpenIDConnectAuthenticator.OIDC_ISSUER, "https://localhost:" + PORT);
    config.put(OpenIDConnectAuthenticator.OIDC_CLIENT_ID, "kubernetes");
    config.put(OpenIDConnectAuthenticator.OIDC_REFRESH_TOKEN, "refresh-me-please");
    config.put(OpenIDConnectAuthenticator.OIDC_IDP_CERT_DATA, Base64.encodeBase64String(exportCert((X509Certificate) serverKs.getCertificate("mykey")).getBytes(StandardCharsets.UTF_8)));
    Map<String, Object> respMap = oidcAuth.refresh(config);
}
Also used : OpenIDConnectAuthenticator(io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator) JSONObject(org.jose4j.json.internal.json_simple.JSONObject) HashMap(java.util.HashMap) JSONObject(org.jose4j.json.internal.json_simple.JSONObject) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 3 with OpenIDConnectAuthenticator

use of io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator in project java by kubernetes-client.

the class OpenIDConnectAuthenticationTest method testLoadToken.

@Test
public void testLoadToken() throws InvalidKeySpecException, NoSuchAlgorithmException, Exception {
    OpenIDConnectAuthenticator oidcAuth = new OpenIDConnectAuthenticator();
    Map<String, Object> config = new HashMap<String, Object>();
    KeyStore ks = KeyStore.getInstance("PKCS12");
    ks.load(new FileInputStream(OIDC_KS_PATH), OIDC_KS_PASSWORD);
    String jwt = TestUtils.generateJWT("someuser", "https://some.domain.nowhere", (PrivateKey) ks.getKey("oidc-sig", OIDC_KS_PASSWORD), TestUtils.DateOptions.Now);
    config.put(OpenIDConnectAuthenticator.OIDC_ID_TOKEN, jwt);
    assertEquals(oidcAuth.getToken(config), jwt);
}
Also used : OpenIDConnectAuthenticator(io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator) HashMap(java.util.HashMap) JSONObject(org.jose4j.json.internal.json_simple.JSONObject) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) Test(org.junit.Test)

Example 4 with OpenIDConnectAuthenticator

use of io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator in project java by kubernetes-client.

the class OpenIDConnectAuthenticationTest method testTokenExpiredNull.

public void testTokenExpiredNull() throws InvalidKeySpecException, NoSuchAlgorithmException, Exception {
    OpenIDConnectAuthenticator oidcAuth = new OpenIDConnectAuthenticator();
    Map<String, Object> config = new HashMap<String, Object>();
    // no id_token
    assertTrue(oidcAuth.isExpired(config));
}
Also used : OpenIDConnectAuthenticator(io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator) HashMap(java.util.HashMap) JSONObject(org.jose4j.json.internal.json_simple.JSONObject)

Example 5 with OpenIDConnectAuthenticator

use of io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator in project java by kubernetes-client.

the class OpenIDConnectAuthenticationTest method testLoadNullToken.

@Test
public void testLoadNullToken() throws InvalidKeySpecException, NoSuchAlgorithmException, Exception {
    OpenIDConnectAuthenticator oidcAuth = new OpenIDConnectAuthenticator();
    Map<String, Object> config = new HashMap<String, Object>();
    assertNull(oidcAuth.getToken(config));
}
Also used : OpenIDConnectAuthenticator(io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator) HashMap(java.util.HashMap) JSONObject(org.jose4j.json.internal.json_simple.JSONObject) Test(org.junit.Test)

Aggregations

OpenIDConnectAuthenticator (io.kubernetes.client.util.authenticators.OpenIDConnectAuthenticator)7 HashMap (java.util.HashMap)7 JSONObject (org.jose4j.json.internal.json_simple.JSONObject)7 Test (org.junit.Test)6 FileInputStream (java.io.FileInputStream)5 KeyStore (java.security.KeyStore)5 X509Certificate (java.security.cert.X509Certificate)2