Search in sources :

Example 1 with OAuthProviderTokenImpl

use of org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl in project spring-security-oauth by spring-projects.

the class OAuthUserAuthorizationProcessingFilterTests method testAttemptAuthentication.

/**
	 * tests the attempt to authenticate.
	 */
@Test
public void testAttemptAuthentication() throws Exception {
    UserAuthorizationProcessingFilter filter = new UserAuthorizationProcessingFilter("/");
    OAuthVerifierServices vs = mock(OAuthVerifierServices.class);
    filter.setVerifierServices(vs);
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    Authentication authentication = mock(Authentication.class);
    OAuthProviderTokenServices tokenServices = mock(OAuthProviderTokenServices.class);
    filter.setTokenServices(tokenServices);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    when(request.getParameter("requestToken")).thenReturn("tok");
    OAuthProviderTokenImpl token = new OAuthProviderTokenImpl();
    token.setCallbackUrl("callback");
    when(tokenServices.getToken("tok")).thenReturn(token);
    when(authentication.isAuthenticated()).thenReturn(false);
    try {
        filter.attemptAuthentication(request, response);
        fail();
    } catch (InsufficientAuthenticationException e) {
    }
    verify(request).setAttribute(UserAuthorizationProcessingFilter.CALLBACK_ATTRIBUTE, "callback");
    reset(request);
    when(authentication.isAuthenticated()).thenReturn(true);
    when(request.getParameter("requestToken")).thenReturn("tok");
    when(tokenServices.getToken("tok")).thenReturn(token);
    when(vs.createVerifier()).thenReturn("verifier");
    tokenServices.authorizeRequestToken("tok", "verifier", authentication);
    filter.setTokenServices(tokenServices);
    filter.attemptAuthentication(request, response);
    verify(request).setAttribute(UserAuthorizationProcessingFilter.CALLBACK_ATTRIBUTE, "callback");
    verify(request).setAttribute(UserAuthorizationProcessingFilter.VERIFIER_ATTRIBUTE, "verifier");
    SecurityContextHolder.getContext().setAuthentication(null);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) OAuthProviderTokenServices(org.springframework.security.oauth.provider.token.OAuthProviderTokenServices) Authentication(org.springframework.security.core.Authentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) OAuthVerifierServices(org.springframework.security.oauth.provider.verifier.OAuthVerifierServices) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) OAuthProviderTokenImpl(org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl) Test(org.junit.Test)

Example 2 with OAuthProviderTokenImpl

use of org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl in project spring-security-oauth by spring-projects.

the class CoreOAuthSignatureMethodFactoryTests method testGetSignatureMethod.

/**
	 * tests getting the signature method.
	 */
@Test
public void testGetSignatureMethod() throws Exception {
    CoreOAuthSignatureMethodFactory factory = new CoreOAuthSignatureMethodFactory();
    OAuthProviderTokenImpl token = new OAuthProviderTokenImpl();
    token.setSecret("token_SHHHHHHHHHHHHHH");
    SharedConsumerSecret sharedSecret = new SharedConsumerSecretImpl("consumer_shhhhhhhhhh");
    try {
        factory.getSignatureMethod("unknown", sharedSecret, token.getSecret());
        fail("should fail with unknown signature method.");
    } catch (UnsupportedSignatureMethodException e) {
    // fall thru...
    }
    try {
        factory.getSignatureMethod(PlainTextSignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
        fail("plain text shouldn't be supported by default.");
    } catch (UnsupportedSignatureMethodException e) {
    // fall thru...
    }
    factory.setSupportPlainText(true);
    OAuthSignatureMethod signatureMethod = factory.getSignatureMethod(PlainTextSignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
    assertTrue(signatureMethod instanceof PlainTextSignatureMethod);
    assertEquals("consumer_shhhhhhhhhh%26token_SHHHHHHHHHHHHHH", ((PlainTextSignatureMethod) signatureMethod).getSecret());
    signatureMethod = factory.getSignatureMethod(HMAC_SHA1SignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
    assertTrue(signatureMethod instanceof HMAC_SHA1SignatureMethod);
    SecretKeySpec spec = new SecretKeySpec("consumer_shhhhhhhhhh&token_SHHHHHHHHHHHHHH".getBytes("UTF-8"), HMAC_SHA1SignatureMethod.MAC_NAME);
    assertTrue(Arrays.equals(spec.getEncoded(), ((HMAC_SHA1SignatureMethod) signatureMethod).getSecretKey().getEncoded()));
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
    generator.initialize(1024);
    KeyPair keyPair = generator.generateKeyPair();
    signatureMethod = factory.getSignatureMethod(RSA_SHA1SignatureMethod.SIGNATURE_NAME, new RSAKeySecret(keyPair.getPrivate(), keyPair.getPublic()), token.getSecret());
    assertTrue(signatureMethod instanceof RSA_SHA1SignatureMethod);
    assertEquals(keyPair.getPrivate(), ((RSA_SHA1SignatureMethod) signatureMethod).getPrivateKey());
    assertEquals(keyPair.getPublic(), ((RSA_SHA1SignatureMethod) signatureMethod).getPublicKey());
}
Also used : KeyPair(java.security.KeyPair) KeyPairGenerator(java.security.KeyPairGenerator) OAuthProviderTokenImpl(org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)2 OAuthProviderTokenImpl (org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl)2 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 Authentication (org.springframework.security.core.Authentication)1 OAuthProviderTokenServices (org.springframework.security.oauth.provider.token.OAuthProviderTokenServices)1 OAuthVerifierServices (org.springframework.security.oauth.provider.verifier.OAuthVerifierServices)1