Checking the access token hash in the tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bf43b5f7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bf43b5f7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bf43b5f7 Branch: refs/heads/master-jaxrs-2.1 Commit: bf43b5f75aff033af98c3f87c65d7e68cba9f5cb Parents: 3cfc25d Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu May 19 17:15:51 2016 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu May 19 17:15:51 2016 +0100 ---------------------------------------------------------------------- .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java | 5 ++++- .../apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/bf43b5f7/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java index 26e8bcb..b29e16a 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java @@ -114,8 +114,11 @@ public final class OidcUtils { validateAccessTokenHash(at, jwt, true); } public static void validateAccessTokenHash(ClientAccessToken at, JwtToken jwt, boolean required) { + validateAccessTokenHash(at.getTokenKey(), jwt, required); + } + public static void validateAccessTokenHash(String accessToken, JwtToken jwt, boolean required) { if (required) { - validateHash(at.getTokenKey(), + validateHash(accessToken, (String)jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM), jwt.getJwsHeaders().getSignatureAlgorithm()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/bf43b5f7/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java index d4ebb9c..bcf0db6 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java @@ -44,6 +44,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData; import org.apache.cxf.rs.security.oidc.common.IdToken; +import org.apache.cxf.rs.security.oidc.utils.OidcUtils; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -368,6 +369,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { JwtToken jwt = jwtConsumer.getJwtToken(); Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM)); Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM)); + OidcUtils.validateAccessTokenHash(accessToken, jwt, true); } @org.junit.Test @@ -551,6 +553,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken); JwtToken jwt = jwtConsumer.getJwtToken(); Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM)); + OidcUtils.validateAccessTokenHash(accessToken, jwt, true); // TODO Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM)); }