Example 6 with TokenMetadata
use of org.apache.knox.gateway.services.security.token.TokenMetadata in project knox by apache.
the class JDBCTokenStateServiceTest method testAddMetadata.
@Test(expected = UnknownTokenException.class)
public void testAddMetadata() throws Exception {
final String tokenId = UUID.randomUUID().toString();
final String passcode = UUID.randomUUID().toString();
final String passcodeMac = tokenMAC.hash(tokenId, 1, "sampleUser", passcode);
final TokenMetadata tokenMetadata = new TokenMetadata("sampleUser", "my test comment", false);
tokenMetadata.setPasscode(passcodeMac);
jdbcTokenStateService.addToken(tokenId, 1, 1, 1);
jdbcTokenStateService.addMetadata(tokenId, tokenMetadata);
assertEquals("sampleUser", jdbcTokenStateService.getTokenMetadata(tokenId).getUserName());
assertEquals("my test comment", jdbcTokenStateService.getTokenMetadata(tokenId).getComment());
assertFalse(jdbcTokenStateService.getTokenMetadata(tokenId).isEnabled());
final String storedPasscode = jdbcTokenStateService.getTokenMetadata(tokenId).getPasscode();
assertEquals(passcodeMac, storedPasscode);
assertEquals("sampleUser", getStringTokenAttributeFromDatabase(tokenId, getSelectMetadataSql(TokenMetadata.USER_NAME)));
assertEquals("my test comment", getStringTokenAttributeFromDatabase(tokenId, getSelectMetadataSql(TokenMetadata.COMMENT)));
assertEquals("false", getStringTokenAttributeFromDatabase(tokenId, getSelectMetadataSql(TokenMetadata.ENABLED)));
final String storedPasscodeInDb = new String(Base64.decodeBase64(getStringTokenAttributeFromDatabase(tokenId, getSelectMetadataSql(TokenMetadata.PASSCODE))), UTF_8);
assertEquals(passcodeMac, storedPasscodeInDb);
// enable the token (it was disabled)
tokenMetadata.setEnabled(true);
jdbcTokenStateService.addMetadata(tokenId, tokenMetadata);
// set token metadata back to original in the in-memory cache with disabled=false
// we still expect an enabled token because in-memory lookup should be skipped while fetching token metadata
final Map<String, TokenMetadata> metadataMap = new ConcurrentHashMap<>();
metadataMap.put(tokenId, tokenMetadata);
FieldUtils.writeField(jdbcTokenStateService, "metadataMap", metadataMap, true);
assertTrue(jdbcTokenStateService.getTokenMetadata(tokenId).isEnabled());
assertEquals("true", getStringTokenAttributeFromDatabase(tokenId, getSelectMetadataSql(TokenMetadata.ENABLED)));
// remove and get -> expect UnknownTokenException
jdbcTokenStateService.removeToken(tokenId);
jdbcTokenStateService.getTokenMetadata(tokenId);
}
Also used :
TokenMetadata(org.apache.knox.gateway.services.security.token.TokenMetadata)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Test(org.junit.Test)
Example 7 with TokenMetadata
use of org.apache.knox.gateway.services.security.token.TokenMetadata in project knox by apache.
the class JDBCTokenStateServiceTest method saveToken.
private void saveToken(String user, String tokenId, long issueTime, long expiration, String comment) {
jdbcTokenStateService.addToken(tokenId, issueTime, expiration);
jdbcTokenStateService.addMetadata(tokenId, new TokenMetadata(user, comment));
}
Also used :
TokenMetadata(org.apache.knox.gateway.services.security.token.TokenMetadata)
Example 8 with TokenMetadata
use of org.apache.knox.gateway.services.security.token.TokenMetadata in project knox by apache.
the class TokenResource method triesToRevokeOwnToken.
private boolean triesToRevokeOwnToken(String tokenId, String revoker) throws UnknownTokenException {
final TokenMetadata metadata = tokenStateService.getTokenMetadata(tokenId);
final String tokenUserName = metadata == null ? "" : metadata.getUserName();
return StringUtils.isNotBlank(revoker) && revoker.equals(tokenUserName);
}
Also used :
TokenMetadata(org.apache.knox.gateway.services.security.token.TokenMetadata)
Example 9 with TokenMetadata
use of org.apache.knox.gateway.services.security.token.TokenMetadata in project knox by apache.
the class TokenResource method setTokenEnabledFlag.
private Response setTokenEnabledFlag(String tokenId, boolean enabled) {
String error = "";
ErrorCode errorCode = ErrorCode.UNKNOWN;
if (tokenStateService == null) {
error = "Unable to " + (enabled ? "enable" : "disable") + " tokens because token management is not configured";
errorCode = ErrorCode.CONFIGURATION_ERROR;
} else {
try {
final TokenMetadata tokenMetadata = tokenStateService.getTokenMetadata(tokenId);
if (enabled && tokenMetadata.isEnabled()) {
error = "Token is already enabled";
errorCode = ErrorCode.ALREADY_ENABLED;
} else if (!enabled && !tokenMetadata.isEnabled()) {
error = "Token is already disabled";
errorCode = ErrorCode.ALREADY_DISABLED;
} else {
tokenMetadata.setEnabled(enabled);
tokenStateService.addMetadata(tokenId, tokenMetadata);
}
} catch (UnknownTokenException e) {
error = safeGetMessage(e);
errorCode = ErrorCode.UNKNOWN_TOKEN;
}
}
if (error.isEmpty()) {
return Response.status(Response.Status.OK).entity("{\n \"setEnabledFlag\": \"true\",\n \"isEnabled\": \"" + enabled + "\"\n}\n").build();
} else {
log.badSetEnabledFlagRequest(getTopologyName(), Tokens.getTokenIDDisplayText(tokenId), error);
return Response.status(Response.Status.BAD_REQUEST).entity("{\n \"setEnabledFlag\": \"false\",\n \"error\": \"" + error + "\",\n \"code\": " + errorCode.toInt() + "\n}\n").build();
}
}
Also used :
UnknownTokenException(org.apache.knox.gateway.services.security.token.UnknownTokenException)
TokenMetadata(org.apache.knox.gateway.services.security.token.TokenMetadata)
Example 10 with TokenMetadata
use of org.apache.knox.gateway.services.security.token.TokenMetadata in project knox by apache.
the class TokenIDAsHTTPBasicCredsFederationFilterTest method addTokenState.
private void addTokenState(final SignedJWT jwt, long issueTime, String subject, String passcode) {
try {
JWTToken token = new JWTToken(jwt.serialize());
tss.addToken(token, issueTime);
final TokenMetadata metadata = new TokenMetadata(subject);
metadata.setPasscode(tokenMAC.hash(TokenUtils.getTokenId(token), issueTime, subject, passcode));
tss.addMetadata(TokenUtils.getTokenId(token), metadata);
} catch (ParseException e) {
Assert.fail(e.getMessage());
}
}
Also used :
ParseException(java.text.ParseException)
TokenMetadata(org.apache.knox.gateway.services.security.token.TokenMetadata)
JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken)
Aggregations
TokenMetadata (org.apache.knox.gateway.services.security.token.TokenMetadata)14
Test (org.junit.Test)5
HashMap (java.util.HashMap)4
UnknownTokenException (org.apache.knox.gateway.services.security.token.UnknownTokenException)3
JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)3
EasyMock.anyString (org.easymock.EasyMock.anyString)3
HashSet (java.util.HashSet)2
Map (java.util.Map)2
AbstractAliasService (org.apache.knox.gateway.services.security.AbstractAliasService)2
AliasService (org.apache.knox.gateway.services.security.AliasService)2
TokenStateService (org.apache.knox.gateway.services.security.token.TokenStateService)2
JWT (org.apache.knox.gateway.services.security.token.impl.JWT)2
Field (java.lang.reflect.Field)1
KeyStoreException (java.security.KeyStoreException)1
Principal (java.security.Principal)1
Certificate (java.security.cert.Certificate)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
X509Certificate (java.security.cert.X509Certificate)1
Connection (java.sql.Connection)1
PreparedStatement (java.sql.PreparedStatement)1
