Example 11 with ExtendedJWTConfigurationDto
use of org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto in project carbon-apimgt by wso2.
the class JWTValidatorTest method testJWTValidatorExpiredInCacheTenant.
@Test
public void testJWTValidatorExpiredInCacheTenant() throws ParseException, APISecurityException, APIManagementException, IOException {
Mockito.when(privilegedCarbonContext.getTenantDomain()).thenReturn("abc.com");
SignedJWT signedJWT = SignedJWT.parse("eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UZG1aak00WkRrM05qWTBZemM1T" + "W1abU9EZ3dNVEUzTVdZd05ERTVNV1JsWkRnNE56YzRaQT09In0" + ".eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV" + "3YXkiLCJzdWIiOiJhZG1pbkBjYXJib24uc3VwZXIiLCJhcHBsaWNhdGlvbiI6eyJvd25lciI6ImFkbWluIiwidGllclF1b3RhVHlwZ" + "SI6InJlcXVlc3RDb3VudCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJuYW1lIjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaWQiOjEsInV1aWQ" + "iOm51bGx9LCJzY29wZSI6ImFtX2FwcGxpY2F0aW9uX3Njb3BlIGRlZmF1bHQiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0" + "NDNcL29hdXRoMlwvdG9rZW4iLCJ0aWVySW5mbyI6e30sImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdL" + "CJjb25zdW1lcktleSI6IlhnTzM5NklIRks3ZUZZeWRycVFlNEhLR3oxa2EiLCJleHAiOjE1OTAzNDIzMTMsImlhdCI6MTU5MDMzO" + "DcxMywianRpIjoiYjg5Mzg3NjgtMjNmZC00ZGVjLThiNzAtYmVkNDVlYjdjMzNkIn0" + ".sBgeoqJn0log5EZflj_G7ADvm6B3KQ9bdfF" + "CEFVQS1U3oY9" + "-cqPwAPyOLLh95pdfjYjakkf1UtjPZjeIupwXnzg0SffIc704RoVlZocAx9Ns2XihjU6Imx2MbXq9ARmQxQkyGVkJ" + "UMTwZ8" + "-SfOnprfrhX2cMQQS8m2Lp7hcsvWFRGKxAKIeyUrbY4ihRIA5vOUrMBWYUx9Di1N7qdKA4S3e8O4KQX2VaZPBzN594c9TG" + "riiH8AuuqnrftfvidSnlRLaFJmko8-QZo8jDepwacaFhtcaPVVJFG4uYP-_" + "-N6sqfxLw3haazPN0_xU0T1zJLPRLC5HPfZMJDMGp" + "EuSe9w");
ExtendedJWTConfigurationDto jwtConfigurationDto = new ExtendedJWTConfigurationDto();
JWTValidationService jwtValidationService = Mockito.mock(JWTValidationService.class);
APIKeyValidator apiKeyValidator = Mockito.mock(APIKeyValidator.class);
Cache gatewayTokenCache = Mockito.mock(Cache.class);
Cache invalidTokenCache = Mockito.mock(Cache.class);
Cache gatewayKeyCache = Mockito.mock(Cache.class);
Cache gatewayJWTTokenCache = Mockito.mock(Cache.class);
JWTValidationInfo jwtValidationInfo = new JWTValidationInfo();
jwtValidationInfo.setValid(true);
jwtValidationInfo.setIssuer("https://localhost");
jwtValidationInfo.setRawPayload(signedJWT.getParsedString());
jwtValidationInfo.setJti(UUID.randomUUID().toString());
jwtValidationInfo.setIssuedTime(System.currentTimeMillis());
jwtValidationInfo.setExpiryTime(System.currentTimeMillis() + 5L);
jwtValidationInfo.setConsumerKey(UUID.randomUUID().toString());
jwtValidationInfo.setUser("user1");
jwtValidationInfo.setKeyManager("Default");
SignedJWTInfo signedJWTInfo = new SignedJWTInfo(signedJWT.getParsedString(), signedJWT, signedJWT.getJWTClaimsSet());
Mockito.when(jwtValidationService.validateJWTToken(signedJWTInfo)).thenReturn(jwtValidationInfo);
JWTValidatorWrapper jwtValidator = new JWTValidatorWrapper("Unlimited", true, apiKeyValidator, false, null, jwtConfigurationDto, jwtValidationService, invalidTokenCache, gatewayTokenCache, gatewayKeyCache, gatewayJWTTokenCache);
MessageContext messageContext = Mockito.mock(Axis2MessageContext.class);
org.apache.axis2.context.MessageContext axis2MsgCntxt = Mockito.mock(org.apache.axis2.context.MessageContext.class);
Mockito.when(axis2MsgCntxt.getProperty(Constants.Configuration.HTTP_METHOD)).thenReturn("GET");
Map<String, String> headers = new HashMap<>();
Mockito.when(axis2MsgCntxt.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS)).thenReturn(headers);
Mockito.when(((Axis2MessageContext) messageContext).getAxis2MessageContext()).thenReturn(axis2MsgCntxt);
Mockito.when(messageContext.getProperty(RESTConstants.REST_API_CONTEXT)).thenReturn("/api1");
Mockito.when(messageContext.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION)).thenReturn("1.0");
Mockito.when(messageContext.getProperty(APIConstants.API_ELECTED_RESOURCE)).thenReturn("/pet/findByStatus");
APIManagerConfiguration apiManagerConfiguration = Mockito.mock(APIManagerConfiguration.class);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.JWT_AUTHENTICATION_SUBSCRIPTION_VALIDATION)).thenReturn("true");
jwtValidator.setApiManagerConfiguration(apiManagerConfiguration);
APIKeyValidationInfoDTO apiKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
apiKeyValidationInfoDTO.setApiName("api1");
apiKeyValidationInfoDTO.setApiPublisher("admin");
apiKeyValidationInfoDTO.setApiTier("Unlimited");
apiKeyValidationInfoDTO.setAuthorized(true);
Mockito.when(apiKeyValidator.validateScopes(Mockito.any(TokenValidationContext.class), Mockito.anyString())).thenReturn(true);
Mockito.when(apiKeyValidator.validateSubscription(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(apiKeyValidationInfoDTO);
AuthenticationContext authenticate = jwtValidator.authenticate(signedJWTInfo, messageContext);
Mockito.verify(apiKeyValidator).validateSubscription(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
Assert.assertNotNull(authenticate);
Assert.assertEquals(authenticate.getApiName(), "api1");
Assert.assertEquals(authenticate.getApiPublisher(), "admin");
Assert.assertEquals(authenticate.getConsumerKey(), jwtValidationInfo.getConsumerKey());
Mockito.when(gatewayTokenCache.get(signedJWT.getJWTClaimsSet().getJWTID())).thenReturn("abc.com");
jwtValidationInfo.setIssuedTime(System.currentTimeMillis() - 100);
jwtValidationInfo.setExpiryTime(System.currentTimeMillis());
Mockito.when(gatewayKeyCache.get(signedJWT.getJWTClaimsSet().getJWTID())).thenReturn(jwtValidationInfo);
try {
authenticate = jwtValidator.authenticate(signedJWTInfo, messageContext);
} catch (APISecurityException e) {
Assert.assertEquals(e.getErrorCode(), APISecurityConstants.API_AUTH_INVALID_CREDENTIALS);
}
Mockito.verify(jwtValidationService, Mockito.only()).validateJWTToken(signedJWTInfo);
Mockito.verify(gatewayTokenCache, Mockito.atLeast(1)).get(signedJWT.getJWTClaimsSet().getJWTID());
Mockito.verify(invalidTokenCache, Mockito.times(1)).put(signedJWT.getJWTClaimsSet().getJWTID(), "abc.com");
}
Also used :
APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)
APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration)
AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)
TokenValidationContext(org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext)
HashMap(java.util.HashMap)
JWTValidationService(org.wso2.carbon.apimgt.impl.jwt.JWTValidationService)
APIKeyValidator(org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWTValidationInfo(org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)
ExtendedJWTConfigurationDto(org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto)
MessageContext(org.apache.synapse.MessageContext)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
SignedJWTInfo(org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
Cache(javax.cache.Cache)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 12 with ExtendedJWTConfigurationDto
use of org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto in project carbon-apimgt by wso2.
the class APIMgtGatewayJWTGeneratorImplTest method testJWTGeneratorClaimConfig.
@Test
public void testJWTGeneratorClaimConfig() {
APIManagerConfiguration apiManagerConfiguration = Mockito.mock(APIManagerConfiguration.class);
APIManagerConfigurationService apiManagerConfigurationService = Mockito.mock(APIManagerConfigurationService.class);
ServiceReferenceHolder serviceReferenceHolder = Mockito.mock(ServiceReferenceHolder.class);
PowerMockito.mockStatic(ServiceReferenceHolder.class);
PowerMockito.when(ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
Mockito.when(serviceReferenceHolder.getAPIManagerConfigurationService()).thenReturn(apiManagerConfigurationService);
Mockito.when(apiManagerConfigurationService.getAPIManagerConfiguration()).thenReturn(apiManagerConfiguration);
ExtendedJWTConfigurationDto jwtConfigurationDto = Mockito.mock(ExtendedJWTConfigurationDto.class);
Mockito.when(apiManagerConfiguration.getJwtConfigurationDto()).thenReturn(jwtConfigurationDto);
String defaultDialectUri = "http://wso2.org/claims";
// default dialect if not changed
AbstractAPIMgtGatewayJWTGenerator generator = new APIMgtGatewayJWTGeneratorImpl();
// Set jwtConfigurationDto
generator.setJWTConfigurationDto(jwtConfigurationDto);
Assert.assertEquals(generator.getDialectURI(), ClaimsRetriever.DEFAULT_DIALECT_URI);
// Test dialect after changing it through config
String claimDialect = "http://test.com";
Mockito.when(jwtConfigurationDto.getConsumerDialectUri()).thenReturn(claimDialect);
generator = new APIMgtGatewayJWTGeneratorImpl();
generator.setJWTConfigurationDto(jwtConfigurationDto);
Assert.assertEquals(generator.getDialectURI(), claimDialect);
}
Also used :
ServiceReferenceHolder(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)
APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration)
ExtendedJWTConfigurationDto(org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto)
APIMgtGatewayJWTGeneratorImpl(org.wso2.carbon.apimgt.common.gateway.jwtgenerator.APIMgtGatewayJWTGeneratorImpl)
APIManagerConfigurationService(org.wso2.carbon.apimgt.impl.APIManagerConfigurationService)
AbstractAPIMgtGatewayJWTGenerator(org.wso2.carbon.apimgt.common.gateway.jwtgenerator.AbstractAPIMgtGatewayJWTGenerator)
Test(org.junit.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 13 with ExtendedJWTConfigurationDto
use of org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto in project carbon-apimgt by wso2.
the class APIKeyMgtDataHolder method initData.
public static void initData() {
try {
APIKeyMgtDataHolder.isKeyCacheEnabledKeyMgt = getInitValues(APIConstants.KEY_MANAGER_TOKEN_CACHE);
APIManagerConfiguration configuration = org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
if (configuration == null) {
log.error("API Manager configuration is not initialized");
} else {
ExtendedJWTConfigurationDto jwtConfigurationDto = configuration.getJwtConfigurationDto();
if (log.isDebugEnabled()) {
log.debug("JWTGeneration enabled : " + jwtConfigurationDto.isEnabled());
}
if (jwtConfigurationDto.isEnabled()) {
if (jwtConfigurationDto.getJwtGeneratorImplClass() == null) {
tokenGenerator = new JWTGenerator();
} else {
try {
tokenGenerator = (TokenGenerator) APIUtil.getClassInstance(jwtConfigurationDto.getJwtGeneratorImplClass());
} catch (InstantiationException e) {
log.error("Error while instantiating class " + jwtConfigurationDto.getJwtGeneratorImplClass(), e);
} catch (IllegalAccessException e) {
log.error(e);
} catch (ClassNotFoundException e) {
log.error("Cannot find the class " + jwtConfigurationDto.getJwtGeneratorImplClass() + e);
}
}
}
}
} catch (Exception e) {
log.error("Error occur while initializing API KeyMgt Data Holder.Default configuration will be used." + e.toString());
}
}
Also used :
APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration)
ExtendedJWTConfigurationDto(org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto)
JWTGenerator(org.wso2.carbon.apimgt.keymgt.token.JWTGenerator)
Aggregations
ExtendedJWTConfigurationDto (org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto)13
Test (org.junit.Test)11
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)11
APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)11
Cache (javax.cache.Cache)10
APIKeyValidator (org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator)10
JWTValidationService (org.wso2.carbon.apimgt.impl.jwt.JWTValidationService)10
SignedJWTInfo (org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)10
SignedJWT (com.nimbusds.jwt.SignedJWT)9
JWTValidationInfo (org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)9
AuthenticationContext (org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)9
APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)9
HashMap (java.util.HashMap)8
MessageContext (org.apache.synapse.MessageContext)8
Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)8
TokenValidationContext (org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext)8
APISecurityException (org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)7
OpenAPIParser (io.swagger.parser.OpenAPIParser)3
OpenAPI (io.swagger.v3.oas.models.OpenAPI)3
APIMgtGatewayJWTGeneratorImpl (org.wso2.carbon.apimgt.common.gateway.jwtgenerator.APIMgtGatewayJWTGeneratorImpl)1
