use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTNearFutureCreatedLifetime.
/**
* Issue JWT token with a near future Created Lifetime. This should pass as we allow a future
* dated Lifetime up to 60 seconds to avoid clock skew problems.
*/
@org.junit.Test
public void testJWTNearFutureCreatedLifetime() throws Exception {
int requestedLifetime = 60;
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
creationTime = creationTime.plusSeconds(10);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
assertEquals(50, duration);
String token = (String) providerResponse.getToken();
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTValidLifetime.
/**
* Issue JWT token with a valid requested lifetime
*/
@org.junit.Test
public void testJWTValidLifetime() throws Exception {
int requestedLifetime = 60;
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
assertEquals(requestedLifetime, duration);
String token = (String) providerResponse.getToken();
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.
the class JWTProviderOnBehalfOfTest method testJWTOnBehalfOfUsernameToken.
/**
* Create a JWT Token with OnBehalfOf from a UsernameToken
*/
@org.junit.Test
public void testJWTOnBehalfOfUsernameToken() throws Exception {
TokenProvider tokenProvider = new JWTTokenProvider();
UsernameTokenType usernameToken = new UsernameTokenType();
AttributedString username = new AttributedString();
username.setValue("bob");
usernameToken.setUsername(username);
JAXBElement<UsernameTokenType> usernameTokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE, usernameTokenType);
// Principal must be set in ReceivedToken/OnBehalfOf
providerParameters.getTokenRequirements().getOnBehalfOf().setPrincipal(new CustomTokenPrincipal(username.getValue()));
assertTrue(tokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
// Validate the token
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
Assert.assertEquals("bob", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
}
use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.
the class JWTTokenProviderRealmTest method testRealms.
@org.junit.Test
public void testRealms() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
providerParameters.setRealm("A");
// Create Realms
Map<String, RealmProperties> jwtRealms = new HashMap<>();
RealmProperties jwtRealm = new RealmProperties();
jwtRealm.setIssuer("A-Issuer");
jwtRealms.put("A", jwtRealm);
jwtRealm = new RealmProperties();
jwtRealm.setIssuer("B-Issuer");
jwtRealms.put("B", jwtRealm);
((JWTTokenProvider) jwtTokenProvider).setRealmMap(jwtRealms);
// Realm "A"
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, "A"));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "A-Issuer");
// Realm "B"
providerParameters.setRealm("B");
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, "B"));
providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
token = (String) providerResponse.getToken();
assertNotNull(token);
jwtConsumer = new JwsJwtCompactConsumer(token);
jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "B-Issuer");
// Default Realm
providerParameters.setRealm(null);
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, null));
providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
token = (String) providerResponse.getToken();
assertNotNull(token);
jwtConsumer = new JwsJwtCompactConsumer(token);
jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "STS");
}
use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.
the class JWTTokenProviderTest method testCachedSignedJWT.
@org.junit.Test
public void testCachedSignedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
TokenProviderParameters providerParameters = createProviderParameters();
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
// Validate the token
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
// Check that the token is stored correctly in the cache
String signature = token.substring(token.lastIndexOf(".") + 1);
SecurityToken secToken = tokenStore.getToken(Integer.toString(Arrays.hashCode(signature.getBytes())));
Assert.assertNotNull(secToken);
}
Aggregations