You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by co...@apache.org on 2017/07/05 11:29:37 UTC
syncope git commit: Adding some negative tests for JWT third party
tokens
Repository: syncope
Updated Branches:
refs/heads/master ffb78c087 -> 2035f6b4d
Adding some negative tests for JWT third party tokens
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2035f6b4
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2035f6b4
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2035f6b4
Branch: refs/heads/master
Commit: 2035f6b4d7d9d3624e6c52a070f081dd54835606
Parents: ffb78c0
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 5 11:53:45 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 5 11:53:45 2017 +0100
----------------------------------------------------------------------
.../org/apache/syncope/fit/core/JWTITCase.java | 106 +++++++++++++++++++
1 file changed, 106 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/2035f6b4/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index ef122f6..4d9e050 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -420,4 +420,110 @@ public class JWTITCase extends AbstractITCase {
assertFalse(self.getLeft().isEmpty());
assertEquals("puccini", self.getRight().getUsername());
}
+
+ @Test
+ public void thirdPartyTokenUnknownUser() throws ParseException {
+ // Create a new token
+ Date now = new Date();
+
+ Calendar expiry = Calendar.getInstance();
+ expiry.setTime(now);
+ expiry.add(Calendar.MINUTE, 5);
+
+ JwtClaims jwtClaims = new JwtClaims();
+ jwtClaims.setTokenId(UUID.randomUUID().toString());
+ jwtClaims.setSubject("strauss@apache.org");
+ jwtClaims.setIssuedAt(now.getTime());
+ jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
+ jwtClaims.setExpiryTime(expiry.getTime().getTime());
+ jwtClaims.setNotBefore(now.getTime());
+
+ JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
+ JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+ JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+ JwsSignatureProvider jwsSignatureProvider =
+ new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512);
+ String signed = producer.signWith(jwsSignatureProvider);
+
+ SyncopeClient jwtClient = clientFactory.create(signed);
+
+ try {
+ jwtClient.self();
+ fail("Failure expected on an unknown subject");
+ } catch (AccessControlException ex) {
+ // expected
+ }
+ }
+
+ @Test
+ public void thirdPartyTokenUnknownIssuer() throws ParseException {
+ // Create a new token
+ Date now = new Date();
+
+ Calendar expiry = Calendar.getInstance();
+ expiry.setTime(now);
+ expiry.add(Calendar.MINUTE, 5);
+
+ JwtClaims jwtClaims = new JwtClaims();
+ jwtClaims.setTokenId(UUID.randomUUID().toString());
+ jwtClaims.setSubject("puccini@apache.org");
+ jwtClaims.setIssuedAt(now.getTime());
+ jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER + "_");
+ jwtClaims.setExpiryTime(expiry.getTime().getTime());
+ jwtClaims.setNotBefore(now.getTime());
+
+ JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
+ JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+ JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+ JwsSignatureProvider jwsSignatureProvider =
+ new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512);
+ String signed = producer.signWith(jwsSignatureProvider);
+
+ SyncopeClient jwtClient = clientFactory.create(signed);
+
+ try {
+ jwtClient.self();
+ fail("Failure expected on an unknown issuer");
+ } catch (AccessControlException ex) {
+ // expected
+ }
+ }
+
+ @Test
+ public void thirdPartyTokenBadSignature() throws ParseException {
+ // Create a new token
+ Date now = new Date();
+
+ Calendar expiry = Calendar.getInstance();
+ expiry.setTime(now);
+ expiry.add(Calendar.MINUTE, 5);
+
+ JwtClaims jwtClaims = new JwtClaims();
+ jwtClaims.setTokenId(UUID.randomUUID().toString());
+ jwtClaims.setSubject("puccini@apache.org");
+ jwtClaims.setIssuedAt(now.getTime());
+ jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
+ jwtClaims.setExpiryTime(expiry.getTime().getTime());
+ jwtClaims.setNotBefore(now.getTime());
+
+ JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
+ JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+ JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+ JwsSignatureProvider jwsSignatureProvider =
+ new HmacJwsSignatureProvider((CustomJWTSSOProvider.CUSTOM_KEY + "_").getBytes(), SignatureAlgorithm.HS512);
+ String signed = producer.signWith(jwsSignatureProvider);
+
+ SyncopeClient jwtClient = clientFactory.create(signed);
+
+ try {
+ jwtClient.self();
+ fail("Failure expected on a bad signature");
+ } catch (AccessControlException ex) {
+ // expected
+ }
+ }
+
}