[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id
Repository: syncope Updated Branches: refs/heads/2_0_X eeb4febd9 -> 579d5b7c8 Add a test to make sure we can't fake a JWT Id Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a775712e Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a775712e Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a775712e Branch: refs/heads/2_0_X Commit: a775712eb59787d887ff5fe43ae350a95a99942c Parents: eeb4feb Author: Colm O hEigeartaighAuthored: Thu Jun 22 15:39:16 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 17:08:50 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 45 1 file changed, 45 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a775712e/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index 703a706..bc1767a 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -48,6 +48,8 @@ import org.apache.syncope.common.rest.api.service.UserSelfService; import org.apache.syncope.fit.AbstractITCase; import org.junit.Test; +import com.fasterxml.uuid.Generators; + /** * Some tests for JWT Tokens */ @@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase { } } +@Test +public void testUnknownId() throws ParseException { +// Get an initial token +SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); +AccessTokenService accessTokenService = adminClient.getService(AccessTokenService.class); + +Response response = accessTokenService.login(); +String token = response.getHeaderString(RESTHeaders.TOKEN); +assertNotNull(token); + +// Create a new token using an unknown Id +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); + jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString()); +jwtClaims.setSubject("admin"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(JWT_ISSUER); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); +UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class); +try { +jwtUserSelfService.read(); +fail("Failure expected on an unknown id"); +} catch (AccessControlException ex) { +// expected +} +} + }
[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id
Repository: syncope Updated Branches: refs/heads/master 0e21f7c1a -> a4f351196 Add a test to make sure we can't fake a JWT Id Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9ed7b7bb Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9ed7b7bb Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9ed7b7bb Branch: refs/heads/master Commit: 9ed7b7bb6831696d036a6afc95267ef8d5712f3d Parents: 0e21f7c Author: Colm O hEigeartaighAuthored: Thu Jun 22 15:39:16 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 15:39:16 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 45 1 file changed, 45 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/9ed7b7bb/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index 703a706..bc1767a 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -48,6 +48,8 @@ import org.apache.syncope.common.rest.api.service.UserSelfService; import org.apache.syncope.fit.AbstractITCase; import org.junit.Test; +import com.fasterxml.uuid.Generators; + /** * Some tests for JWT Tokens */ @@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase { } } +@Test +public void testUnknownId() throws ParseException { +// Get an initial token +SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); +AccessTokenService accessTokenService = adminClient.getService(AccessTokenService.class); + +Response response = accessTokenService.login(); +String token = response.getHeaderString(RESTHeaders.TOKEN); +assertNotNull(token); + +// Create a new token using an unknown Id +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); + jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString()); +jwtClaims.setSubject("admin"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(JWT_ISSUER); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); +UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class); +try { +jwtUserSelfService.read(); +fail("Failure expected on an unknown id"); +} catch (AccessControlException ex) { +// expected +} +} + }