subject:"\[1\/3\] syncope git commit\: Add a test to make sure we can't fake a JWT Id"

[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id

2017-06-22 Thread coheigea

Repository: syncope
Updated Branches:
  refs/heads/2_0_X eeb4febd9 -> 579d5b7c8


Add a test to make sure we can't fake a JWT Id


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a775712e
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a775712e
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a775712e

Branch: refs/heads/2_0_X
Commit: a775712eb59787d887ff5fe43ae350a95a99942c
Parents: eeb4feb
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 15:39:16 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 17:08:50 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 45 
 1 file changed, 45 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a775712e/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index 703a706..bc1767a 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -48,6 +48,8 @@ import 
org.apache.syncope.common.rest.api.service.UserSelfService;
 import org.apache.syncope.fit.AbstractITCase;
 import org.junit.Test;
 
+import com.fasterxml.uuid.Generators;
+
 /**
  * Some tests for JWT Tokens
  */
@@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase {
 }
 }
 
+@Test
+public void testUnknownId() throws ParseException {
+// Get an initial token
+SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, 
ADMIN_PWD);
+AccessTokenService accessTokenService = 
adminClient.getService(AccessTokenService.class);
+
+Response response = accessTokenService.login();
+String token = response.getHeaderString(RESTHeaders.TOKEN);
+assertNotNull(token);
+
+// Create a new token using an unknown Id
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+
jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString());
+jwtClaims.setSubject("admin");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(JWT_ISSUER);
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new HmacJwsSignatureProvider(JWS_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+UserSelfService jwtUserSelfService = 
jwtClient.getService(UserSelfService.class);
+try {
+jwtUserSelfService.read();
+fail("Failure expected on an unknown id");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
 }

[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id

2017-06-22 Thread coheigea

Repository: syncope
Updated Branches:
  refs/heads/master 0e21f7c1a -> a4f351196


Add a test to make sure we can't fake a JWT Id


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9ed7b7bb
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9ed7b7bb
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9ed7b7bb

Branch: refs/heads/master
Commit: 9ed7b7bb6831696d036a6afc95267ef8d5712f3d
Parents: 0e21f7c
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 15:39:16 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 15:39:16 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 45 
 1 file changed, 45 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/9ed7b7bb/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index 703a706..bc1767a 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -48,6 +48,8 @@ import 
org.apache.syncope.common.rest.api.service.UserSelfService;
 import org.apache.syncope.fit.AbstractITCase;
 import org.junit.Test;
 
+import com.fasterxml.uuid.Generators;
+
 /**
  * Some tests for JWT Tokens
  */
@@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase {
 }
 }
 
+@Test
+public void testUnknownId() throws ParseException {
+// Get an initial token
+SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, 
ADMIN_PWD);
+AccessTokenService accessTokenService = 
adminClient.getService(AccessTokenService.class);
+
+Response response = accessTokenService.login();
+String token = response.getHeaderString(RESTHeaders.TOKEN);
+assertNotNull(token);
+
+// Create a new token using an unknown Id
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+
jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString());
+jwtClaims.setSubject("admin");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(JWT_ISSUER);
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new HmacJwsSignatureProvider(JWS_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+UserSelfService jwtUserSelfService = 
jwtClient.getService(UserSelfService.class);
+try {
+jwtUserSelfService.read();
+fail("Failure expected on an unknown id");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
 }

[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id

[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id

2 matches

Site Navigation

Mail list logo

Footer information