Search in sources :

Example 1 with UnauthorizedSignatureException

use of org.jboss.resteasy.security.doseta.UnauthorizedSignatureException in project resteasy by resteasy.

the class SigningTest method testBadSignatureProxy.

@Test
public void testBadSignatureProxy() throws Exception {
    // ResteasyClientImpl client = new ResteasyClientImpl();
    ResteasyWebTarget target = client.target(generateBaseUrl());
    target.property(KeyRepository.class.getName(), repository);
    SigningProxy proxy = target.proxy(SigningProxy.class);
    try {
        String output = proxy.bad();
        throw new Exception("UNREACHABLE");
    } catch (ResponseProcessingException e) {
        LOG.error(e.getMessage(), e);
    // Assert.assertTrue(e.getCause() instanceof UnauthorizedSignatureException);
    }
}
Also used : KeyRepository(org.jboss.resteasy.security.doseta.KeyRepository) DosetaKeyRepository(org.jboss.resteasy.security.doseta.DosetaKeyRepository) ResteasyWebTarget(org.jboss.resteasy.client.jaxrs.ResteasyWebTarget) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) ProcessingException(jakarta.ws.rs.ProcessingException) SignatureException(java.security.SignatureException) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) Test(org.junit.Test)

Example 2 with UnauthorizedSignatureException

use of org.jboss.resteasy.security.doseta.UnauthorizedSignatureException in project resteasy by resteasy.

the class SigningTest method testStaleTimestamp.

@Test
public void testStaleTimestamp() throws Exception {
    Verifier verifier = new Verifier();
    Verification verification = verifier.addNew();
    verification.setRepository(repository);
    verification.setStaleCheck(true);
    verification.setStaleSeconds(1);
    // ResteasyClientImpl client = new ResteasyClientImpl();
    WebTarget target = client.target(TestPortProvider.generateURL("/signed/stamped"));
    Invocation.Builder request = target.request();
    request.property(Verifier.class.getName(), verifier);
    Response response = request.get();
    // System.out.println(response.getHeaderString(DKIMSignature.DKIM_SIGNATURE));
    Assert.assertEquals(200, response.getStatus());
    Thread.sleep(1500);
    try {
        String output = response.readEntity(String.class);
        Assert.fail();
    } catch (ProcessingException pe) {
        UnauthorizedSignatureException e = (UnauthorizedSignatureException) pe.getCause();
        // System.out.println("here");
        // Assert.assertEquals("Failed to verify signatures:\r\n Signature is stale", e.getMessage());
        Assert.assertTrue(e.getMessage().indexOf("Failed to verify signatures:\r\n") >= 0);
        Assert.assertTrue(e.getMessage().indexOf("Signature is stale") >= 0);
    }
    response.close();
}
Also used : Response(jakarta.ws.rs.core.Response) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) Invocation(jakarta.ws.rs.client.Invocation) Verification(org.jboss.resteasy.security.doseta.Verification) WebTarget(jakarta.ws.rs.client.WebTarget) ResteasyWebTarget(org.jboss.resteasy.client.jaxrs.ResteasyWebTarget) Verifier(org.jboss.resteasy.security.doseta.Verifier) ProcessingException(jakarta.ws.rs.ProcessingException) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) Test(org.junit.Test)

Example 3 with UnauthorizedSignatureException

use of org.jboss.resteasy.security.doseta.UnauthorizedSignatureException in project resteasy by resteasy.

the class SigningTest method testManualFail.

@Test
public void testManualFail() throws Exception {
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
    kpg.initialize(1024);
    KeyPair keyPair = kpg.genKeyPair();
    Verifier verifier = new Verifier();
    Verification verification = verifier.addNew();
    verification.setKey(keyPair.getPublic());
    // ResteasyClientImpl client = new ResteasyClientImpl();
    WebTarget target = client.target(TestPortProvider.generateURL("/signed/manual"));
    Invocation.Builder request = target.request();
    request.property(Verifier.class.getName(), verifier);
    Response response = request.get();
    // System.out.println(response.getHeaderString(DKIMSignature.DKIM_SIGNATURE));
    Assert.assertNotNull(response.getHeaderString(DKIMSignature.DKIM_SIGNATURE));
    Assert.assertEquals(200, response.getStatus());
    try {
        String output = response.readEntity(String.class);
        throw new Exception("unreachable!");
    } catch (ProcessingException pe) {
        UnauthorizedSignatureException e = (UnauthorizedSignatureException) pe.getCause();
        // System.out.println("*************" + e.getMessage());
        // Assert.assertEquals("Failed to verify signatures:\r\n Failed to verify signature.", e.getMessage());
        Assert.assertTrue(e.getMessage().indexOf("Failed to verify signatures:\r\n") >= 0);
        Assert.assertTrue(e.getMessage().indexOf("Failed to verify signature.") >= 0);
    }
    response.close();
}
Also used : Response(jakarta.ws.rs.core.Response) KeyPair(java.security.KeyPair) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) Invocation(jakarta.ws.rs.client.Invocation) Verification(org.jboss.resteasy.security.doseta.Verification) KeyPairGenerator(java.security.KeyPairGenerator) WebTarget(jakarta.ws.rs.client.WebTarget) ResteasyWebTarget(org.jboss.resteasy.client.jaxrs.ResteasyWebTarget) Verifier(org.jboss.resteasy.security.doseta.Verifier) ProcessingException(jakarta.ws.rs.ProcessingException) SignatureException(java.security.SignatureException) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) ProcessingException(jakarta.ws.rs.ProcessingException) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) Test(org.junit.Test)

Example 4 with UnauthorizedSignatureException

use of org.jboss.resteasy.security.doseta.UnauthorizedSignatureException in project resteasy by resteasy.

the class SigningTest method testExpiresFail.

@Test
public void testExpiresFail() throws Exception {
    Verifier verifier = new Verifier();
    Verification verification = verifier.addNew();
    verification.setRepository(repository);
    // ResteasyClientImpl client = new ResteasyClientImpl();
    WebTarget target = client.target(TestPortProvider.generateURL("/signed/expires-short"));
    Invocation.Builder request = target.request();
    request.property(Verifier.class.getName(), verifier);
    Response response = request.get();
    // System.out.println(response.getHeaderString(DKIMSignature.DKIM_SIGNATURE));
    Assert.assertEquals(200, response.getStatus());
    Thread.sleep(1500);
    try {
        String output = response.readEntity(String.class);
        throw new Exception("unreachable!");
    } catch (ProcessingException pe) {
        UnauthorizedSignatureException e = (UnauthorizedSignatureException) pe.getCause();
        // Assert.assertEquals("Failed to verify signatures:\r\n Signature expired", e.getMessage());
        Assert.assertTrue(e.getMessage().indexOf("Failed to verify signatures:\r\n") >= 0);
        Assert.assertTrue(e.getMessage().indexOf("Signature expired") >= 0);
    }
    response.close();
}
Also used : Response(jakarta.ws.rs.core.Response) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) Invocation(jakarta.ws.rs.client.Invocation) Verification(org.jboss.resteasy.security.doseta.Verification) WebTarget(jakarta.ws.rs.client.WebTarget) ResteasyWebTarget(org.jboss.resteasy.client.jaxrs.ResteasyWebTarget) Verifier(org.jboss.resteasy.security.doseta.Verifier) ProcessingException(jakarta.ws.rs.ProcessingException) SignatureException(java.security.SignatureException) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) ProcessingException(jakarta.ws.rs.ProcessingException) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) Test(org.junit.Test)

Example 5 with UnauthorizedSignatureException

use of org.jboss.resteasy.security.doseta.UnauthorizedSignatureException in project resteasy by resteasy.

the class SigningTest method testExpiresFail.

/**
 * @tpTestDetails Fail expiration test (expires attribute in Signed annotation in REST end-point is used).
 * @tpSince RESTEasy 3.0.16
 */
@Test
public void testExpiresFail() throws Exception {
    Verifier verifier = new Verifier();
    Verification verification = verifier.addNew();
    verification.setRepository(repository);
    WebTarget target = client.target(generateURL("/signed/expires-short"));
    Invocation.Builder request = target.request();
    request.property(Verifier.class.getName(), verifier);
    Response response = request.get();
    logger.info(response.getHeaderString(DKIMSignature.DKIM_SIGNATURE));
    Assert.assertEquals(HttpResponseCodes.SC_OK, response.getStatus());
    Thread.sleep(1500);
    try {
        response.readEntity(String.class);
        throw new Exception("Signing error excepted");
    } catch (ProcessingException pe) {
        UnauthorizedSignatureException e = (UnauthorizedSignatureException) pe.getCause();
        MatcherAssert.assertThat("Unexcepted error", e.getMessage(), containsString("Failed to verify signatures:\r\n"));
        MatcherAssert.assertThat("Unexcepted error", e.getMessage(), containsString("Signature expired"));
    }
    response.close();
}
Also used : Response(jakarta.ws.rs.core.Response) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) Invocation(jakarta.ws.rs.client.Invocation) Verification(org.jboss.resteasy.security.doseta.Verification) ResteasyWebTarget(org.jboss.resteasy.client.jaxrs.ResteasyWebTarget) WebTarget(jakarta.ws.rs.client.WebTarget) Verifier(org.jboss.resteasy.security.doseta.Verifier) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) ProcessingException(jakarta.ws.rs.ProcessingException) SignatureException(java.security.SignatureException) UnauthorizedSignatureException(org.jboss.resteasy.security.doseta.UnauthorizedSignatureException) ResponseProcessingException(jakarta.ws.rs.client.ResponseProcessingException) ProcessingException(jakarta.ws.rs.ProcessingException) Test(org.junit.Test)

Aggregations

ProcessingException (jakarta.ws.rs.ProcessingException)7 ResponseProcessingException (jakarta.ws.rs.client.ResponseProcessingException)7 ResteasyWebTarget (org.jboss.resteasy.client.jaxrs.ResteasyWebTarget)7 UnauthorizedSignatureException (org.jboss.resteasy.security.doseta.UnauthorizedSignatureException)7 Test (org.junit.Test)7 Invocation (jakarta.ws.rs.client.Invocation)6 WebTarget (jakarta.ws.rs.client.WebTarget)6 Response (jakarta.ws.rs.core.Response)6 Verification (org.jboss.resteasy.security.doseta.Verification)6 Verifier (org.jboss.resteasy.security.doseta.Verifier)6 SignatureException (java.security.SignatureException)5 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 DosetaKeyRepository (org.jboss.resteasy.security.doseta.DosetaKeyRepository)1 KeyRepository (org.jboss.resteasy.security.doseta.KeyRepository)1