use of org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTFarFutureCreatedLifetime.
/**
* Issue JWT token with a future Created Lifetime. This should fail as we only allow a future
* dated Lifetime up to 60 seconds to avoid clock skew problems.
*/
@org.junit.Test
public void testJWTFarFutureCreatedLifetime() throws Exception {
int requestedLifetime = 60;
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now().plusSeconds(120L);
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
try {
tokenProvider.createToken(providerParameters);
fail("Failure expected on a Created Element too far in the future");
} catch (STSException ex) {
// expected
}
// Now allow this sort of Created Element
claimsProvider.setFutureTimeToLive(60L * 60L);
TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
use of org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTNearFutureCreatedLifetime.
/**
* Issue JWT token with a near future Created Lifetime. This should pass as we allow a future
* dated Lifetime up to 60 seconds to avoid clock skew problems.
*/
@org.junit.Test
public void testJWTNearFutureCreatedLifetime() throws Exception {
int requestedLifetime = 60;
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
creationTime = creationTime.plusSeconds(10);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
assertEquals(50, duration);
String token = (String) providerResponse.getToken();
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
use of org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTExceededConfiguredMaxLifetime.
/**
* Issue JWT token with a with a lifetime
* which exceeds configured maximum lifetime
*/
@org.junit.Test
public void testJWTExceededConfiguredMaxLifetime() throws Exception {
// 30 minutes
long maxLifetime = 30 * 60L;
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setMaxLifetime(maxLifetime);
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to 35 minutes
Instant creationTime = Instant.now();
long requestedLifetime = 35 * 60L;
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
try {
tokenProvider.createToken(providerParameters);
fail("Failure expected due to exceeded lifetime");
} catch (STSException ex) {
// expected
}
}
use of org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTExceededDefaultMaxLifetime.
/**
* Issue JWT token with a with a lifetime
* which exceeds default maximum lifetime
*/
@org.junit.Test
public void testJWTExceededDefaultMaxLifetime() throws Exception {
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to Default max lifetime plus 1
Instant creationTime = Instant.now();
long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
try {
tokenProvider.createToken(providerParameters);
fail("Failure expected due to exceeded lifetime");
} catch (STSException ex) {
// expected
}
}
use of org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTValidLifetime.
/**
* Issue JWT token with a valid requested lifetime
*/
@org.junit.Test
public void testJWTValidLifetime() throws Exception {
int requestedLifetime = 60;
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
assertEquals(requestedLifetime, duration);
String token = (String) providerResponse.getToken();
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Aggregations