Search in sources :

Example 1 with TokenResource

use of org.apache.knox.gateway.service.knoxtoken.TokenResource in project knox by apache.

the class TokenServiceResourceTest method testDefaultTTL.

@Test
public void testDefaultTTL() throws Exception {
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(context.getInitParameter("knox.token.audiences")).andReturn("recipient1,recipient2");
    EasyMock.expect(context.getInitParameter("knox.token.ttl")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.target.url")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.client.data")).andReturn(null);
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
    EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
    GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
    JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
    EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
    StringWriter writer = new StringWriter();
    PrintWriter printWriter = new PrintWriter(writer);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.expect(response.getWriter()).andReturn(printWriter);
    EasyMock.replay(principal, services, context, request, response);
    TokenResource tr = new TokenResource();
    tr.request = request;
    tr.response = response;
    tr.context = context;
    tr.init();
    // Issue a token
    Response retResponse = tr.doGet();
    assertEquals(200, retResponse.getStatus());
    // Parse the response
    String retString = writer.toString();
    String accessToken = getTagValue(retString, "access_token");
    assertNotNull(accessToken);
    String expiry = getTagValue(retString, "expires_in");
    assertNotNull(expiry);
    // Verify the token
    JWT parsedToken = new JWTToken(accessToken);
    assertEquals("alice", parsedToken.getSubject());
    assertTrue(authority.verifyToken(parsedToken));
    Date expiresDate = parsedToken.getExpiresDate();
    Date now = new Date();
    assertTrue(expiresDate.after(now));
    assertTrue((expiresDate.getTime() - now.getTime()) < 30000L);
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) TokenResource(org.apache.knox.gateway.service.knoxtoken.TokenResource) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) HttpServletResponse(javax.servlet.http.HttpServletResponse) JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken) Date(java.util.Date) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) StringWriter(java.io.StringWriter) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) ServletContext(javax.servlet.ServletContext) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Principal(java.security.Principal) PrintWriter(java.io.PrintWriter) Test(org.junit.Test)

Example 2 with TokenResource

use of org.apache.knox.gateway.service.knoxtoken.TokenResource in project knox by apache.

the class TokenServiceResourceTest method testOverflowTTL.

@Test
public void testOverflowTTL() throws Exception {
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(context.getInitParameter("knox.token.audiences")).andReturn("recipient1,recipient2");
    EasyMock.expect(context.getInitParameter("knox.token.ttl")).andReturn(String.valueOf(Long.MAX_VALUE));
    EasyMock.expect(context.getInitParameter("knox.token.target.url")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.client.data")).andReturn(null);
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
    EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
    GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
    JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
    EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
    StringWriter writer = new StringWriter();
    PrintWriter printWriter = new PrintWriter(writer);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.expect(response.getWriter()).andReturn(printWriter);
    EasyMock.replay(principal, services, context, request, response);
    TokenResource tr = new TokenResource();
    tr.request = request;
    tr.response = response;
    tr.context = context;
    tr.init();
    // Issue a token
    Response retResponse = tr.doGet();
    assertEquals(200, retResponse.getStatus());
    // Parse the response
    String retString = writer.toString();
    String accessToken = getTagValue(retString, "access_token");
    assertNotNull(accessToken);
    String expiry = getTagValue(retString, "expires_in");
    assertNotNull(expiry);
    // Verify the token
    JWT parsedToken = new JWTToken(accessToken);
    assertEquals("alice", parsedToken.getSubject());
    assertTrue(authority.verifyToken(parsedToken));
    Date expiresDate = parsedToken.getExpiresDate();
    Date now = new Date();
    assertTrue(expiresDate.after(now));
    assertTrue((expiresDate.getTime() - now.getTime()) < 30000L);
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) TokenResource(org.apache.knox.gateway.service.knoxtoken.TokenResource) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) HttpServletResponse(javax.servlet.http.HttpServletResponse) JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken) Date(java.util.Date) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) StringWriter(java.io.StringWriter) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) ServletContext(javax.servlet.ServletContext) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Principal(java.security.Principal) PrintWriter(java.io.PrintWriter) Test(org.junit.Test)

Example 3 with TokenResource

use of org.apache.knox.gateway.service.knoxtoken.TokenResource in project knox by apache.

the class TokenServiceResourceTest method testAudiences.

@Test
public void testAudiences() throws Exception {
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(context.getInitParameter("knox.token.audiences")).andReturn("recipient1,recipient2");
    EasyMock.expect(context.getInitParameter("knox.token.ttl")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.target.url")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.client.data")).andReturn(null);
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
    EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
    GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
    JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
    EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
    StringWriter writer = new StringWriter();
    PrintWriter printWriter = new PrintWriter(writer);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.expect(response.getWriter()).andReturn(printWriter);
    EasyMock.replay(principal, services, context, request, response);
    TokenResource tr = new TokenResource();
    tr.request = request;
    tr.response = response;
    tr.context = context;
    tr.init();
    // Issue a token
    Response retResponse = tr.doGet();
    assertEquals(200, retResponse.getStatus());
    // Parse the response
    String retString = writer.toString();
    String accessToken = getTagValue(retString, "access_token");
    assertNotNull(accessToken);
    String expiry = getTagValue(retString, "expires_in");
    assertNotNull(expiry);
    // Verify the token
    JWT parsedToken = new JWTToken(accessToken);
    assertEquals("alice", parsedToken.getSubject());
    assertTrue(authority.verifyToken(parsedToken));
    // Verify the audiences
    List<String> audiences = Arrays.asList(parsedToken.getAudienceClaims());
    assertEquals(2, audiences.size());
    assertTrue(audiences.contains("recipient1"));
    assertTrue(audiences.contains("recipient2"));
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) TokenResource(org.apache.knox.gateway.service.knoxtoken.TokenResource) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) HttpServletResponse(javax.servlet.http.HttpServletResponse) JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) StringWriter(java.io.StringWriter) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) ServletContext(javax.servlet.ServletContext) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Principal(java.security.Principal) PrintWriter(java.io.PrintWriter) Test(org.junit.Test)

Example 4 with TokenResource

use of org.apache.knox.gateway.service.knoxtoken.TokenResource in project knox by apache.

the class TokenServiceResourceTest method testAudiencesWhitespace.

@Test
public void testAudiencesWhitespace() throws Exception {
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(context.getInitParameter("knox.token.audiences")).andReturn(" recipient1, recipient2 ");
    EasyMock.expect(context.getInitParameter("knox.token.ttl")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.target.url")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.client.data")).andReturn(null);
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
    EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
    GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
    JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
    EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
    StringWriter writer = new StringWriter();
    PrintWriter printWriter = new PrintWriter(writer);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.expect(response.getWriter()).andReturn(printWriter);
    EasyMock.replay(principal, services, context, request, response);
    TokenResource tr = new TokenResource();
    tr.request = request;
    tr.response = response;
    tr.context = context;
    tr.init();
    // Issue a token
    Response retResponse = tr.doGet();
    assertEquals(200, retResponse.getStatus());
    // Parse the response
    String retString = writer.toString();
    String accessToken = getTagValue(retString, "access_token");
    assertNotNull(accessToken);
    String expiry = getTagValue(retString, "expires_in");
    assertNotNull(expiry);
    // Verify the token
    JWT parsedToken = new JWTToken(accessToken);
    assertEquals("alice", parsedToken.getSubject());
    assertTrue(authority.verifyToken(parsedToken));
    // Verify the audiences
    List<String> audiences = Arrays.asList(parsedToken.getAudienceClaims());
    assertEquals(2, audiences.size());
    assertTrue(audiences.contains("recipient1"));
    assertTrue(audiences.contains("recipient2"));
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) TokenResource(org.apache.knox.gateway.service.knoxtoken.TokenResource) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) HttpServletResponse(javax.servlet.http.HttpServletResponse) JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) StringWriter(java.io.StringWriter) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) ServletContext(javax.servlet.ServletContext) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Principal(java.security.Principal) PrintWriter(java.io.PrintWriter) Test(org.junit.Test)

Example 5 with TokenResource

use of org.apache.knox.gateway.service.knoxtoken.TokenResource in project knox by apache.

the class TokenServiceResourceTest method testNegativeTTL.

@Test
public void testNegativeTTL() throws Exception {
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(context.getInitParameter("knox.token.audiences")).andReturn("recipient1,recipient2");
    EasyMock.expect(context.getInitParameter("knox.token.ttl")).andReturn("-60000");
    EasyMock.expect(context.getInitParameter("knox.token.target.url")).andReturn(null);
    EasyMock.expect(context.getInitParameter("knox.token.client.data")).andReturn(null);
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
    EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
    GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
    JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
    EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
    StringWriter writer = new StringWriter();
    PrintWriter printWriter = new PrintWriter(writer);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.expect(response.getWriter()).andReturn(printWriter);
    EasyMock.replay(principal, services, context, request, response);
    TokenResource tr = new TokenResource();
    tr.request = request;
    tr.response = response;
    tr.context = context;
    tr.init();
    // Issue a token
    Response retResponse = tr.doGet();
    assertEquals(200, retResponse.getStatus());
    // Parse the response
    String retString = writer.toString();
    String accessToken = getTagValue(retString, "access_token");
    assertNotNull(accessToken);
    String expiry = getTagValue(retString, "expires_in");
    assertNotNull(expiry);
    // Verify the token
    JWT parsedToken = new JWTToken(accessToken);
    assertEquals("alice", parsedToken.getSubject());
    assertTrue(authority.verifyToken(parsedToken));
    Date expiresDate = parsedToken.getExpiresDate();
    Date now = new Date();
    assertTrue(expiresDate.after(now));
    assertTrue((expiresDate.getTime() - now.getTime()) < 30000L);
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) TokenResource(org.apache.knox.gateway.service.knoxtoken.TokenResource) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) HttpServletResponse(javax.servlet.http.HttpServletResponse) JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken) Date(java.util.Date) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) StringWriter(java.io.StringWriter) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) ServletContext(javax.servlet.ServletContext) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Principal(java.security.Principal) PrintWriter(java.io.PrintWriter) Test(org.junit.Test)

Aggregations

TokenResource (org.apache.knox.gateway.service.knoxtoken.TokenResource)12 Test (org.junit.Test)12 PrintWriter (java.io.PrintWriter)11 StringWriter (java.io.StringWriter)11 Principal (java.security.Principal)11 ServletContext (javax.servlet.ServletContext)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 HttpServletResponse (javax.servlet.http.HttpServletResponse)11 Response (javax.ws.rs.core.Response)11 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)11 GatewayServices (org.apache.knox.gateway.services.GatewayServices)11 JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)11 JWT (org.apache.knox.gateway.services.security.token.impl.JWT)9 JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)9 Date (java.util.Date)4 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)1