use of org.apache.syncope.common.rest.api.service.AccessTokenService in project syncope by apache.
the class JWTITCase method expiredToken.
@Test
public void expiredToken() throws ParseException {
// Get an initial token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
String tokenId = consumer.getJwtClaims().getTokenId();
// Create a new token using the Id of the first token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(tokenId);
jwtClaims.setSubject(ADMIN_UNAME);
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(JWT_ISSUER);
jwtClaims.setExpiryTime((now.getTime() - 5000L) / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on an expired token");
} catch (AccessControlException ex) {
// expected
}
}
use of org.apache.syncope.common.rest.api.service.AccessTokenService in project syncope by apache.
the class JWTITCase method invalidIssuer.
@Test
public void invalidIssuer() throws ParseException {
// Get an initial token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
String tokenId = consumer.getJwtClaims().getTokenId();
// Create a new token using the Id of the first token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(tokenId);
jwtClaims.setSubject(ADMIN_UNAME);
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer("UnknownIssuer");
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on an invalid issuer");
} catch (AccessControlException ex) {
// expected
}
}
use of org.apache.syncope.common.rest.api.service.AccessTokenService in project syncope by apache.
the class JWTITCase method unknownId.
@Test
public void unknownId() throws ParseException {
// Get an initial token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
// Create a new token using an unknown Id
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(UUID.randomUUID().toString());
jwtClaims.setSubject(ADMIN_UNAME);
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(JWT_ISSUER);
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on an unknown id");
} catch (AccessControlException ex) {
// expected
}
}
use of org.apache.syncope.common.rest.api.service.AccessTokenService in project syncope by apache.
the class JWTITCase method notBefore.
@Test
public void notBefore() throws ParseException {
// Get an initial token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
String tokenId = consumer.getJwtClaims().getTokenId();
// Create a new token using the Id of the first token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(tokenId);
jwtClaims.setSubject(ADMIN_UNAME);
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(JWT_ISSUER);
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime + 60L);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on a token that is not valid yet");
} catch (AccessControlException ex) {
// expected
}
}
use of org.apache.syncope.common.rest.api.service.AccessTokenService in project syncope by apache.
the class JWTITCase method queryUsingToken.
@Test
public void queryUsingToken() throws ParseException {
// Get the token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
// Query the UserSelfService using the token
SyncopeClient jwtClient = clientFactory.create(token);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
jwtUserSelfService.read();
// Test a "bad" token
jwtClient = clientFactory.create(token + "xyz");
jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on a modified token");
} catch (WebServiceException ex) {
// expected
}
}
Aggregations