Example 1 with JsonWebToken
use of org.dcache.gplazma.util.JsonWebToken in project dcache by dCache.
the class QueryUserInfoEndpoint method identityProviders.
private Collection<IdentityProvider> identityProviders(String token) throws AuthenticationException {
if (JsonWebToken.isCompatibleFormat(token)) {
try {
JsonWebToken jwt = new JsonWebToken(token);
Optional<String> iss = jwt.getPayloadString("iss");
if (iss.isPresent()) {
try {
URI issuer = new URI(iss.get());
IdentityProvider ip = providersByIssuer.get(issuer);
checkAuthentication(ip != null, "JWT with unknown \"iss\" claim");
LOG.debug("Discovered token is JWT issued by {}", ip.getName());
return Collections.singleton(ip);
} catch (URISyntaxException e) {
LOG.debug("Bad \"iss\" claim \"{}\": {}", iss.get(), e.toString());
throw new AuthenticationException("Bad \"iss\" claim in JWT");
}
}
} catch (IOException e) {
LOG.debug("Failed to parse JWT: {}", e.toString());
throw new AuthenticationException("Bad JWT");
}
}
return providersByIssuer.values();
}
Also used :
AuthenticationException(org.dcache.gplazma.AuthenticationException)
IdentityProvider(org.dcache.gplazma.oidc.IdentityProvider)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
JsonWebToken(org.dcache.gplazma.util.JsonWebToken)
URI(java.net.URI)
Example 2 with JsonWebToken
use of org.dcache.gplazma.util.JsonWebToken in project dcache by dCache.
the class JwtFactoryTest method shouldGenerateValidTokenWithAPayloadInstantClaim.
@Test
public void shouldGenerateValidTokenWithAPayloadInstantClaim() throws Exception {
// We work with seconds granularity.
Instant expiry = Instant.now().plus(5, MINUTES).truncatedTo(SECONDS);
given(aJwtFactory());
String jwt = factory.aJwt().withPayloadClaim("sub", "my-identity").withPayloadClaim("exp", expiry).build();
assertTrue(JsonWebToken.isCompatibleFormat(jwt));
JsonWebToken token = new JsonWebToken(jwt);
assertThat(token.getKeyIdentifier(), is(nullValue()));
assertThat(token.getPayloadString("sub"), isPresentAnd(equalTo("my-identity")));
assertThat(token.getPayloadInstant("exp"), isPresentAnd(equalTo(expiry)));
assertThat(token.getPayloadMap(), aMapWithSize(2));
assertThat(token.getPayloadMap(), hasEntry("sub", jsonString("my-identity")));
assertTrue(token.isSignedBy(factory.publicKey()));
}
Also used :
Instant(java.time.Instant)
JsonWebToken(org.dcache.gplazma.util.JsonWebToken)
Test(org.junit.Test)
Example 3 with JsonWebToken
use of org.dcache.gplazma.util.JsonWebToken in project dcache by dCache.
the class JwtFactoryTest method shouldGenerateValidTokenWithAPayloadArrayClaim.
@Test
public void shouldGenerateValidTokenWithAPayloadArrayClaim() throws Exception {
given(aJwtFactory());
String jwt = factory.aJwt().withPayloadClaim("sub", "my-identity").withPayloadClaim("groups", "group-1", "group-2").build();
assertTrue(JsonWebToken.isCompatibleFormat(jwt));
JsonWebToken token = new JsonWebToken(jwt);
assertThat(token.getKeyIdentifier(), is(nullValue()));
assertThat(token.getPayloadString("sub"), isPresentAnd(equalTo("my-identity")));
assertThat(token.getPayloadStringOrArray("groups"), contains("group-1", "group-2"));
assertThat(token.getPayloadMap(), aMapWithSize(2));
assertThat(token.getPayloadMap(), hasEntry("sub", jsonString("my-identity")));
assertThat(token.getPayloadMap(), hasEntry("groups", jsonArray("group-1", "group-2")));
assertTrue(token.isSignedBy(factory.publicKey()));
}
Also used :
JsonWebToken(org.dcache.gplazma.util.JsonWebToken)
Test(org.junit.Test)
Example 4 with JsonWebToken
use of org.dcache.gplazma.util.JsonWebToken in project dcache by dCache.
the class JwtFactoryTest method shouldGenerateValidTokenWithAPayloadStringClaim.
@Test
public void shouldGenerateValidTokenWithAPayloadStringClaim() throws Exception {
given(aJwtFactory());
String jwt = factory.aJwt().withPayloadClaim("sub", "my-identity").build();
assertTrue(JsonWebToken.isCompatibleFormat(jwt));
JsonWebToken token = new JsonWebToken(jwt);
assertThat(token.getKeyIdentifier(), is(nullValue()));
assertThat(token.getPayloadString("sub"), isPresentAnd(equalTo("my-identity")));
assertThat(token.getPayloadMap(), aMapWithSize(1));
assertThat(token.getPayloadMap(), hasEntry("sub", jsonString("my-identity")));
assertTrue(token.isSignedBy(factory.publicKey()));
}
Also used :
JsonWebToken(org.dcache.gplazma.util.JsonWebToken)
Test(org.junit.Test)
Example 5 with JsonWebToken
use of org.dcache.gplazma.util.JsonWebToken in project dcache by dCache.
the class JwtFactoryTest method shouldGenerateValidTokenWithoutPayloadClaims.
@Test
public void shouldGenerateValidTokenWithoutPayloadClaims() throws Exception {
given(aJwtFactory());
String jwt = factory.aJwt().build();
assertTrue(JsonWebToken.isCompatibleFormat(jwt));
JsonWebToken token = new JsonWebToken(jwt);
assertThat(token.getKeyIdentifier(), is(nullValue()));
assertThat(token.getPayloadMap(), is(anEmptyMap()));
assertTrue(token.isSignedBy(factory.publicKey()));
}
Also used :
JsonWebToken(org.dcache.gplazma.util.JsonWebToken)
Test(org.junit.Test)
Aggregations
JsonWebToken (org.dcache.gplazma.util.JsonWebToken)9
Test (org.junit.Test)5
IOException (java.io.IOException)4
Instant (java.time.Instant)3
AuthenticationException (org.dcache.gplazma.AuthenticationException)2
Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1
Splitter (com.google.common.base.Splitter)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
FsPath (diskCacheV111.util.FsPath)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
Principal (java.security.Principal)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
Collections (java.util.Collections)1
EnumSet (java.util.EnumSet)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
Objects.requireNonNull (java.util.Objects.requireNonNull)1
