Example 1 with HttpsJwks
use of org.jose4j.jwk.HttpsJwks in project kafka by apache.
the class RefreshingHttpsJwksTest method spyHttpsJwks.
/**
* We *spy* (not *mock*) the {@link HttpsJwks} instance because we want to have it
* _partially mocked_ to determine if it's calling its internal refresh method. We want to
* make sure it *doesn't* do that when we call our getJsonWebKeys() method on
* {@link RefreshingHttpsJwks}.
*/
private HttpsJwks spyHttpsJwks() {
HttpsJwks httpsJwks = new HttpsJwks("https://www.example.com");
SimpleResponse simpleResponse = new SimpleResponse() {
@Override
public int getStatusCode() {
return 200;
}
@Override
public String getStatusMessage() {
return "OK";
}
@Override
public Collection<String> getHeaderNames() {
return Collections.emptyList();
}
@Override
public List<String> getHeaderValues(String name) {
return Collections.emptyList();
}
@Override
public String getBody() {
return "{\"keys\": []}";
}
};
httpsJwks.setSimpleHttpGet(l -> simpleResponse);
return Mockito.spy(httpsJwks);
}
Also used :
HttpsJwks(org.jose4j.jwk.HttpsJwks)
SimpleResponse(org.jose4j.http.SimpleResponse)
Example 2 with HttpsJwks
use of org.jose4j.jwk.HttpsJwks in project kafka by apache.
the class RefreshingHttpsJwksTest method testMaybeExpediteRefreshNoDelay.
/**
* Test that a key previously scheduled for refresh will <b>not</b> be scheduled a second time
* if it's requested right away.
*/
@Test
public void testMaybeExpediteRefreshNoDelay() throws Exception {
String keyId = "abc123";
Time time = new MockTime();
HttpsJwks httpsJwks = spyHttpsJwks();
try (RefreshingHttpsJwks refreshingHttpsJwks = getRefreshingHttpsJwks(time, httpsJwks)) {
refreshingHttpsJwks.init();
assertTrue(refreshingHttpsJwks.maybeExpediteRefresh(keyId));
assertFalse(refreshingHttpsJwks.maybeExpediteRefresh(keyId));
}
}Example 3 with HttpsJwks
use of org.jose4j.jwk.HttpsJwks in project kafka by apache.
the class VerificationKeyResolverFactory method create.
public static CloseableVerificationKeyResolver create(Map<String, ?> configs, String saslMechanism, Map<String, Object> jaasConfig) {
ConfigurationUtils cu = new ConfigurationUtils(configs, saslMechanism);
URL jwksEndpointUrl = cu.validateUrl(SASL_OAUTHBEARER_JWKS_ENDPOINT_URL);
if (jwksEndpointUrl.getProtocol().toLowerCase(Locale.ROOT).equals("file")) {
Path p = cu.validateFile(SASL_OAUTHBEARER_JWKS_ENDPOINT_URL);
return new JwksFileVerificationKeyResolver(p);
} else {
long refreshIntervalMs = cu.validateLong(SASL_OAUTHBEARER_JWKS_ENDPOINT_REFRESH_MS, true, 0L);
JaasOptionsUtils jou = new JaasOptionsUtils(jaasConfig);
SSLSocketFactory sslSocketFactory = null;
if (jou.shouldCreateSSLSocketFactory(jwksEndpointUrl))
sslSocketFactory = jou.createSSLSocketFactory();
HttpsJwks httpsJwks = new HttpsJwks(jwksEndpointUrl.toString());
httpsJwks.setDefaultCacheDuration(refreshIntervalMs);
if (sslSocketFactory != null) {
Get get = new Get();
get.setSslSocketFactory(sslSocketFactory);
httpsJwks.setSimpleHttpGet(get);
}
RefreshingHttpsJwks refreshingHttpsJwks = new RefreshingHttpsJwks(Time.SYSTEM, httpsJwks, refreshIntervalMs, cu.validateLong(SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MS), cu.validateLong(SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MAX_MS));
return new RefreshingHttpsJwksVerificationKeyResolver(refreshingHttpsJwks);
}
}
Also used :
Path(java.nio.file.Path)
HttpsJwks(org.jose4j.jwk.HttpsJwks)
Get(org.jose4j.http.Get)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
URL(java.net.URL)
SASL_OAUTHBEARER_JWKS_ENDPOINT_URL(org.apache.kafka.common.config.SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_URL)
Example 4 with HttpsJwks
use of org.jose4j.jwk.HttpsJwks in project kafka by apache.
the class RefreshingHttpsJwksTest method assertMaybeExpediteRefreshWithDelay.
private void assertMaybeExpediteRefreshWithDelay(long sleepDelay, boolean shouldBeScheduled) throws Exception {
String keyId = "abc123";
Time time = new MockTime();
HttpsJwks httpsJwks = spyHttpsJwks();
try (RefreshingHttpsJwks refreshingHttpsJwks = getRefreshingHttpsJwks(time, httpsJwks)) {
refreshingHttpsJwks.init();
assertTrue(refreshingHttpsJwks.maybeExpediteRefresh(keyId));
time.sleep(sleepDelay);
assertEquals(shouldBeScheduled, refreshingHttpsJwks.maybeExpediteRefresh(keyId));
}
}Example 5 with HttpsJwks
use of org.jose4j.jwk.HttpsJwks in project kafka by apache.
the class RefreshingHttpsJwksTest method testLongKey.
/**
* Test that a "long key" will not be looked up because the key ID is too long.
*/
@Test
public void testLongKey() throws Exception {
char[] keyIdChars = new char[MISSING_KEY_ID_MAX_KEY_LENGTH + 1];
Arrays.fill(keyIdChars, '0');
String keyId = new String(keyIdChars);
Time time = new MockTime();
HttpsJwks httpsJwks = spyHttpsJwks();
try (RefreshingHttpsJwks refreshingHttpsJwks = getRefreshingHttpsJwks(time, httpsJwks)) {
refreshingHttpsJwks.init();
verify(httpsJwks, times(1)).refresh();
assertFalse(refreshingHttpsJwks.maybeExpediteRefresh(keyId));
verify(httpsJwks, times(1)).refresh();
}
}Aggregations
HttpsJwks (org.jose4j.jwk.HttpsJwks)7
MockTime (org.apache.kafka.common.utils.MockTime)5
Time (org.apache.kafka.common.utils.Time)5
Test (org.junit.jupiter.api.Test)4
URL (java.net.URL)1
Path (java.nio.file.Path)1
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)1
SASL_OAUTHBEARER_JWKS_ENDPOINT_URL (org.apache.kafka.common.config.SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_URL)1
Get (org.jose4j.http.Get)1
SimpleResponse (org.jose4j.http.SimpleResponse)1
