This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit f8bcf234f12a924b443a4a0861bd57b14cb4b55e
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Jul 26 10:20:19 2018 +0100
Adding unit tests for JCache + JWT OAuth 2.0 data provider
(cherry picked from commit c1fb9e95a92df3c828be8c467558503bfc40da80)
---
.../provider/AbstractOAuthDataProviderTest.java | 62 +++++++++++++++++++++-
.../provider/JCacheJWTOAuthDataProviderTest.java | 33 ++++++++++++
2 files changed, 94 insertions(+), 1 deletion(-)
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
index ee002c1..b7d4bdc 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
@@ -18,10 +18,20 @@
*/
package org.apache.cxf.rs.security.oauth2.provider;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.PrivateKeyJwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -35,11 +45,34 @@ import org.junit.Assert;
import org.junit.Test;
abstract class AbstractOAuthDataProviderTest extends Assert {
+ private static KeyPair keyPair;
private AbstractOAuthDataProvider provider;
- protected void initializeProvider(AbstractOAuthDataProvider dataProvider) {
+ static {
+ try {
+ keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ }
+
+ protected static void initializeProvider(AbstractOAuthDataProvider
dataProvider) {
dataProvider.setSupportedScopes(Collections.singletonMap("a", "A
Scope"));
dataProvider.setSupportedScopes(Collections.singletonMap("refreshToken",
"RefreshToken"));
+
+ // Configure the means of signing the issued JWT tokens
+ if (dataProvider.isUseJwtFormatForAccessTokens()) {
+ final JwsSignatureProvider signatureProvider =
+ new PrivateKeyJwsSignatureProvider(keyPair.getPrivate(),
SignatureAlgorithm.RS256);
+
+ OAuthJoseJwtProducer jwtAccessTokenProducer = new
OAuthJoseJwtProducer() {
+ @Override
+ protected JwsSignatureProvider
getInitializedSignatureProvider(JwsHeaders jwsHeaders) {
+ return signatureProvider;
+ }
+ };
+ dataProvider.setJwtAccessTokenProducer(jwtAccessTokenProducer);
+ }
}
protected AbstractOAuthDataProvider getProvider() {
@@ -107,7 +140,9 @@ abstract class AbstractOAuthDataProviderTest extends Assert
{
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
+ validateAccessToken(at);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
+ validateAccessToken(at2);
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
@@ -119,21 +154,25 @@ abstract class AbstractOAuthDataProviderTest extends
Assert {
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(null,
c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(null, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
getProvider().revokeToken(c, at.getTokenKey(),
OAuthConstants.ACCESS_TOKEN);
assertNull(getProvider().getAccessToken(at.getTokenKey()));
@@ -152,6 +191,7 @@ abstract class AbstractOAuthDataProviderTest extends Assert
{
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c,
null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
+ validateAccessToken(tokens.get(0));
getProvider().removeClient(c.getClientId());
@@ -173,6 +213,7 @@ abstract class AbstractOAuthDataProviderTest extends Assert
{
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c,
null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
+ validateAccessToken(tokens.get(0));
getProvider().removeClient(c.getClientId());
@@ -194,14 +235,18 @@ abstract class AbstractOAuthDataProviderTest extends
Assert {
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
+ validateAccessToken(at);
at = getProvider().getAccessToken(at.getTokenKey());
+ validateAccessToken(at);
AccessTokenRegistration atr2 = new AccessTokenRegistration();
atr2.setClient(c);
atr2.setApprovedScope(Collections.singletonList("a"));
atr2.setSubject(new
TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
ServerAccessToken at2 = getProvider().createAccessToken(atr2);
+ validateAccessToken(at2);
at2 = getProvider().getAccessToken(at2.getTokenKey());
+ validateAccessToken(at2);
assertNotNull(at.getSubject().getId());
assertTrue(at.getSubject() instanceof UserSubject);
@@ -221,7 +266,9 @@ abstract class AbstractOAuthDataProviderTest extends Assert
{
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
+ validateAccessToken(at);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
+ validateAccessToken(at2);
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
@@ -306,4 +353,17 @@ abstract class AbstractOAuthDataProviderTest extends
Assert {
}
}
+ private void validateAccessToken(ServerAccessToken accessToken) {
+ if (getProvider().isUseJwtFormatForAccessTokens()) {
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(accessToken.getTokenKey());
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
+ // Validate claims
+ Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+ Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+
+
Assert.assertTrue(jwtConsumer.verifySignatureWith(keyPair.getPublic(),
SignatureAlgorithm.RS256));
+ }
+ }
+
}
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheJWTOAuthDataProviderTest.java
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheJWTOAuthDataProviderTest.java
new file mode 100644
index 0000000..53b7741
--- /dev/null
+++
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheJWTOAuthDataProviderTest.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+import org.junit.Before;
+
+public class JCacheJWTOAuthDataProviderTest extends
AbstractOAuthDataProviderTest {
+
+ @Before
+ public void setUp() throws Exception {
+ JCacheOAuthDataProvider provider = new JCacheOAuthDataProvider();
+ provider.setUseJwtFormatForAccessTokens(true);
+ initializeProvider(provider);
+ setProvider(provider);
+ }
+
+}
