use of org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl in project spring-security-oauth by spring-projects.
the class OAuthUserAuthorizationProcessingFilterTests method testAttemptAuthentication.
/**
* tests the attempt to authenticate.
*/
@Test
public void testAttemptAuthentication() throws Exception {
UserAuthorizationProcessingFilter filter = new UserAuthorizationProcessingFilter("/");
OAuthVerifierServices vs = mock(OAuthVerifierServices.class);
filter.setVerifierServices(vs);
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
Authentication authentication = mock(Authentication.class);
OAuthProviderTokenServices tokenServices = mock(OAuthProviderTokenServices.class);
filter.setTokenServices(tokenServices);
SecurityContextHolder.getContext().setAuthentication(authentication);
when(request.getParameter("requestToken")).thenReturn("tok");
OAuthProviderTokenImpl token = new OAuthProviderTokenImpl();
token.setCallbackUrl("callback");
when(tokenServices.getToken("tok")).thenReturn(token);
when(authentication.isAuthenticated()).thenReturn(false);
try {
filter.attemptAuthentication(request, response);
fail();
} catch (InsufficientAuthenticationException e) {
}
verify(request).setAttribute(UserAuthorizationProcessingFilter.CALLBACK_ATTRIBUTE, "callback");
reset(request);
when(authentication.isAuthenticated()).thenReturn(true);
when(request.getParameter("requestToken")).thenReturn("tok");
when(tokenServices.getToken("tok")).thenReturn(token);
when(vs.createVerifier()).thenReturn("verifier");
tokenServices.authorizeRequestToken("tok", "verifier", authentication);
filter.setTokenServices(tokenServices);
filter.attemptAuthentication(request, response);
verify(request).setAttribute(UserAuthorizationProcessingFilter.CALLBACK_ATTRIBUTE, "callback");
verify(request).setAttribute(UserAuthorizationProcessingFilter.VERIFIER_ATTRIBUTE, "verifier");
SecurityContextHolder.getContext().setAuthentication(null);
}
use of org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl in project spring-security-oauth by spring-projects.
the class CoreOAuthSignatureMethodFactoryTests method testGetSignatureMethod.
/**
* tests getting the signature method.
*/
@Test
public void testGetSignatureMethod() throws Exception {
CoreOAuthSignatureMethodFactory factory = new CoreOAuthSignatureMethodFactory();
OAuthProviderTokenImpl token = new OAuthProviderTokenImpl();
token.setSecret("token_SHHHHHHHHHHHHHH");
SharedConsumerSecret sharedSecret = new SharedConsumerSecretImpl("consumer_shhhhhhhhhh");
try {
factory.getSignatureMethod("unknown", sharedSecret, token.getSecret());
fail("should fail with unknown signature method.");
} catch (UnsupportedSignatureMethodException e) {
// fall thru...
}
try {
factory.getSignatureMethod(PlainTextSignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
fail("plain text shouldn't be supported by default.");
} catch (UnsupportedSignatureMethodException e) {
// fall thru...
}
factory.setSupportPlainText(true);
OAuthSignatureMethod signatureMethod = factory.getSignatureMethod(PlainTextSignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
assertTrue(signatureMethod instanceof PlainTextSignatureMethod);
assertEquals("consumer_shhhhhhhhhh%26token_SHHHHHHHHHHHHHH", ((PlainTextSignatureMethod) signatureMethod).getSecret());
signatureMethod = factory.getSignatureMethod(HMAC_SHA1SignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
assertTrue(signatureMethod instanceof HMAC_SHA1SignatureMethod);
SecretKeySpec spec = new SecretKeySpec("consumer_shhhhhhhhhh&token_SHHHHHHHHHHHHHH".getBytes("UTF-8"), HMAC_SHA1SignatureMethod.MAC_NAME);
assertTrue(Arrays.equals(spec.getEncoded(), ((HMAC_SHA1SignatureMethod) signatureMethod).getSecretKey().getEncoded()));
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
KeyPair keyPair = generator.generateKeyPair();
signatureMethod = factory.getSignatureMethod(RSA_SHA1SignatureMethod.SIGNATURE_NAME, new RSAKeySecret(keyPair.getPrivate(), keyPair.getPublic()), token.getSecret());
assertTrue(signatureMethod instanceof RSA_SHA1SignatureMethod);
assertEquals(keyPair.getPrivate(), ((RSA_SHA1SignatureMethod) signatureMethod).getPrivateKey());
assertEquals(keyPair.getPublic(), ((RSA_SHA1SignatureMethod) signatureMethod).getPublicKey());
}
Aggregations