You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2018/01/04 02:24:52 UTC
[5/5] james-project git commit: JAMES-2273 James should warn when the
jwt token is invalid or empty
JAMES-2273 James should warn when the jwt token is invalid or empty
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/7875cc08
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/7875cc08
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/7875cc08
Branch: refs/heads/master
Commit: 7875cc08f2e3d9c7120f85d80a89b5dffa479f61
Parents: f2be591
Author: quynhn <qn...@linagora.com>
Authored: Wed Dec 27 17:26:35 2017 +0700
Committer: benwa <bt...@linagora.com>
Committed: Thu Jan 4 09:23:59 2018 +0700
----------------------------------------------------------------------
.../apache/james/jmap/JMAPConfiguration.java | 2 +
.../james/jmap/JMAPConfigurationTest.java | 11 +++
.../crypto/JamesSignatureHandlerProvider.java | 11 +++
.../org/apache/james/jwt/JwtConfiguration.java | 10 +++
.../apache/james/jwt/JwtConfigurationTest.java | 72 ++++++++++++++++++++
.../apache/james/jwt/PublicKeyProviderTest.java | 2 +-
6 files changed, 107 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java b/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
index e194e0f..3117929 100644
--- a/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
+++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
@@ -82,8 +82,10 @@ public class JMAPConfiguration {
Preconditions.checkState(enabled.isPresent(), "You should specify if JMAP server should be started");
Preconditions.checkState(!enabled.get() || !Strings.isNullOrEmpty(keystore), "'keystore' is mandatory");
Preconditions.checkState(!enabled.get() || !Strings.isNullOrEmpty(secret), "'secret' is mandatory");
+ Preconditions.checkState(!enabled.get() || jwtPublicKeyPem.isPresent(), "'publicKey' is mandatory");
return new JMAPConfiguration(enabled.get(), keystore, secret, jwtPublicKeyPem, port);
}
+
}
private final boolean enabled;
http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
index 4ffce68..8dbbda9 100644
--- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
+++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
@@ -85,6 +85,17 @@ public class JMAPConfigurationTest {
}
@Test
+ public void buildShouldThrowWhenJwtPublicKeyPemIsEmpty() {
+ assertThatThrownBy(() -> JMAPConfiguration.builder()
+ .enable()
+ .keystore("keystore")
+ .secret("secret")
+ .jwtPublicKeyPem(Optional.empty())
+ .build())
+ .isInstanceOf(IllegalStateException.class);
+ }
+
+ @Test
public void buildShouldWorkWhenRandomPort() {
JMAPConfiguration expectedJMAPConfiguration = new JMAPConfiguration(ENABLED, "keystore", "secret", Optional.of("file://conf/jwt_publickey"), Optional.empty());
http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
index f3d0656..b2b84bf 100644
--- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
+++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
@@ -23,11 +23,21 @@ import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Optional;
import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.jmap.JMAPConfiguration;
public class JamesSignatureHandlerProvider {
+ private static final String JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" +
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" +
+ "16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" +
+ "lhDs5DyJtx2qp35AT0zCqfwlaDnlDc/QDlZv1CoRZGpQk1Inyh6SbZwYpxxwh0fi\n" +
+ "+d/4RpE3LBVo8wgOaXPylOlHxsDizfkL8QwXItyakBfMO6jWQRrj7/9WDhGf4Hi+\n" +
+ "GQur1tPGZDl9mvCoRHjFrD5M/yypIPlfMGWFVEvV5jClNMLAQ9bYFuOc7H1fEWw6\n" +
+ "U1LZUUbJW9/CH45YXz82CYqkrfbnQxqRb2iVbVjs/sHopHd1NTiCfUtwvcYJiBVj\n" +
+ "kwIDAQAB\n" +
+ "-----END PUBLIC KEY-----";
public JamesSignatureHandler provide() throws Exception {
FileSystem fileSystem = new FileSystem() {
@@ -51,6 +61,7 @@ public class JamesSignatureHandlerProvider {
.enable()
.keystore("keystore")
.secret("james72laBalle")
+ .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY))
.build());
signatureHandler.init();
return signatureHandler;
http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
----------------------------------------------------------------------
diff --git a/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java b/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
index 3cfcfef..922ea00 100644
--- a/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
+++ b/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
@@ -21,13 +21,23 @@ package org.apache.james.jwt;
import java.util.Optional;
+import com.google.common.base.Preconditions;
+
public class JwtConfiguration {
+ private static final boolean DEFAULT_VALUE = true;
private final Optional<String> jwtPublicKeyPem;
public JwtConfiguration(Optional<String> jwtPublicKeyPem) {
+ Preconditions.checkState(validPublicKey(jwtPublicKeyPem), "The provided public key is not valid");
this.jwtPublicKeyPem = jwtPublicKeyPem;
}
+ private boolean validPublicKey(Optional<String> jwtPublicKeyPem) {
+ PublicKeyReader reader = new PublicKeyReader();
+ return jwtPublicKeyPem.map(value -> reader.fromPEM(Optional.of(value)).isPresent())
+ .orElse(DEFAULT_VALUE);
+ }
+
public Optional<String> getJwtPublicKeyPem() {
return jwtPublicKeyPem;
}
http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java b/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java
new file mode 100644
index 0000000..34436a9
--- /dev/null
+++ b/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java
@@ -0,0 +1,72 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.jwt;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import java.util.Optional;
+
+import org.junit.Test;
+
+public class JwtConfigurationTest {
+ private static final String INVALID_PUBLIC_KEY = "invalidPublicKey";
+ private static final String VALID_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" +
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" +
+ "16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" +
+ "lhDs5DyJtx2qp35AT0zCqfwlaDnlDc/QDlZv1CoRZGpQk1Inyh6SbZwYpxxwh0fi\n" +
+ "+d/4RpE3LBVo8wgOaXPylOlHxsDizfkL8QwXItyakBfMO6jWQRrj7/9WDhGf4Hi+\n" +
+ "GQur1tPGZDl9mvCoRHjFrD5M/yypIPlfMGWFVEvV5jClNMLAQ9bYFuOc7H1fEWw6\n" +
+ "U1LZUUbJW9/CH45YXz82CYqkrfbnQxqRb2iVbVjs/sHopHd1NTiCfUtwvcYJiBVj\n" +
+ "kwIDAQAB\n" +
+ "-----END PUBLIC KEY-----";
+
+ @Test
+ public void getJwtPublicKeyPemShouldReturnEmptyWhenEmptyPublicKey() throws Exception {
+ JwtConfiguration jwtConfiguration = new JwtConfiguration(Optional.empty());
+
+ assertThat(jwtConfiguration.getJwtPublicKeyPem()).isNotPresent();
+ }
+
+ @Test
+ public void constructorShouldThrowWhenNullPublicKey() throws Exception {
+ assertThatThrownBy(() -> new JwtConfiguration(null))
+ .isInstanceOf(NullPointerException.class);
+ }
+
+ @Test
+ public void constructorShouldThrowWhenNonePublicKey() throws Exception {
+ assertThatThrownBy(() -> new JwtConfiguration(Optional.of("")))
+ .isInstanceOf(IllegalStateException.class);
+ }
+
+ @Test
+ public void constructorShouldThrowWhenInvalidPublicKey() throws Exception {
+ assertThatThrownBy(() -> new JwtConfiguration(Optional.of(INVALID_PUBLIC_KEY)))
+ .isInstanceOf(IllegalStateException.class);
+ }
+
+ @Test
+ public void getJwtPublicKeyPemShouldReturnWhenValidPublicKey() throws Exception {
+ JwtConfiguration jwtConfiguration = new JwtConfiguration(Optional.of(VALID_PUBLIC_KEY));
+
+ assertThat(jwtConfiguration.getJwtPublicKeyPem()).isPresent();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java b/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
index a48dc79..92dcf77 100644
--- a/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
+++ b/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
@@ -58,7 +58,7 @@ public class PublicKeyProviderTest {
@Test
public void getShouldThrowWhenPEMKeyNotProvided() {
- JwtConfiguration configWithPEMKey = new JwtConfiguration(Optional.of(""));
+ JwtConfiguration configWithPEMKey = new JwtConfiguration(Optional.empty());
PublicKeyProvider sut = new PublicKeyProvider(configWithPEMKey, new PublicKeyReader());
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org