TOMEE-2247 - Added JWKS file load and validate Test.
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/9aa994ec Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/9aa994ec Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/9aa994ec Branch: refs/heads/master Commit: 9aa994ec49b45895f84142d918652d71b97b3dab Parents: 4b6162e Author: Roberto Cortez <[email protected]> Authored: Tue Dec 4 17:31:12 2018 +0000 Committer: Roberto Cortez <[email protected]> Committed: Fri Dec 7 18:13:06 2018 +0000 ---------------------------------------------------------------------- tck/microprofile-tck/jwt/pom.xml | 7 ++ .../tck/jwt/jwk/PublicKeyAsJWKSTest.java | 85 ++++++++++++++++++++ .../jwt/src/test/resources/signer-keyset4k.jwk | 12 +++ 3 files changed, 104 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/9aa994ec/tck/microprofile-tck/jwt/pom.xml ---------------------------------------------------------------------- diff --git a/tck/microprofile-tck/jwt/pom.xml b/tck/microprofile-tck/jwt/pom.xml index a57756e..d25b4b5 100644 --- a/tck/microprofile-tck/jwt/pom.xml +++ b/tck/microprofile-tck/jwt/pom.xml @@ -107,6 +107,13 @@ <version>${version.arquillian}</version> <scope>test</scope> </dependency> + + <dependency> + <groupId>org.apache.geronimo.config</groupId> + <artifactId>geronimo-config-impl</artifactId> + <version>1.2</version> + <scope>test</scope> + </dependency> </dependencies> <build> http://git-wip-us.apache.org/repos/asf/tomee/blob/9aa994ec/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java ---------------------------------------------------------------------- diff --git a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java new file mode 100644 index 0000000..7bb83d5 --- /dev/null +++ b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.microprofile.tck.jwt.jwk; + +import org.apache.tomee.microprofile.jwt.config.ConfigurableJWTAuthContextInfo; +import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo; +import org.eclipse.microprofile.jwt.config.Names; +import org.eclipse.microprofile.jwt.tck.TCKConstants; +import org.eclipse.microprofile.jwt.tck.util.TokenUtils; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwt.NumericDate; +import org.jose4j.jwt.consumer.JwtConsumer; +import org.jose4j.jwt.consumer.JwtConsumerBuilder; +import org.jose4j.jwt.consumer.JwtContext; +import org.jose4j.keys.resolvers.JwksVerificationKeyResolver; +import org.testng.Assert; +import org.testng.annotations.Test; + +import java.nio.file.Paths; +import java.security.PrivateKey; +import java.util.HashMap; + +import static org.jose4j.jwa.AlgorithmConstraints.ConstraintType.WHITELIST; +import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA256; + +public class PublicKeyAsJWKSTest { + @Test + public void validateJWKS() throws Exception { + System.setProperty(Names.VERIFIER_PUBLIC_KEY, ""); + System.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "file://" + + Paths.get("").toAbsolutePath().toString() + + "/src/test/resources/signer-keyset4k.jwk"); + System.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER); + + final PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem"); + final String kid = "publicKey4k"; + final String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, new HashMap<>()); + System.out.println("token = " + token); + + final ConfigurableJWTAuthContextInfo configurableJWTAuthContextInfo = new ConfigurableJWTAuthContextInfo(); + configurableJWTAuthContextInfo.init(null); + + final JWTAuthContextInfo jwtAuthContextInfo = + configurableJWTAuthContextInfo.getJWTAuthContextInfo().orElseThrow(IllegalArgumentException::new); + + final JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder() + .setRequireExpirationTime() + .setRequireSubject() + .setSkipDefaultAudienceValidation() + .setExpectedIssuer(jwtAuthContextInfo.getIssuedBy()) + .setJwsAlgorithmConstraints(new AlgorithmConstraints(WHITELIST, RSA_USING_SHA256)) + .setSkipDefaultAudienceValidation() + .setVerificationKey(jwtAuthContextInfo.getSignerKey()); + + if (jwtAuthContextInfo.getExpGracePeriodSecs() > 0) { + jwtConsumerBuilder.setAllowedClockSkewInSeconds(jwtAuthContextInfo.getExpGracePeriodSecs()); + } else { + jwtConsumerBuilder.setEvaluationTime(NumericDate.fromSeconds(0)); + } + + if (jwtAuthContextInfo.isSingleKey()) { + jwtConsumerBuilder.setVerificationKey(jwtAuthContextInfo.getSignerKey()); + } else { + jwtConsumerBuilder.setVerificationKeyResolver(new JwksVerificationKeyResolver(jwtAuthContextInfo.getSignerKeys())); + } + + final JwtConsumer jwtConsumer = jwtConsumerBuilder.build(); + final JwtContext jwtContext = jwtConsumer.process(token); + Assert.assertEquals(jwtContext.getJwtClaims().getStringClaimValue("upn"), "[email protected]"); + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/9aa994ec/tck/microprofile-tck/jwt/src/test/resources/signer-keyset4k.jwk ---------------------------------------------------------------------- diff --git a/tck/microprofile-tck/jwt/src/test/resources/signer-keyset4k.jwk b/tck/microprofile-tck/jwt/src/test/resources/signer-keyset4k.jwk new file mode 100644 index 0000000..c1f43db --- /dev/null +++ b/tck/microprofile-tck/jwt/src/test/resources/signer-keyset4k.jwk @@ -0,0 +1,12 @@ +{ + "keys": [ + { + "kty": "RSA", + "use": "sig", + "alg": "RS256", + "kid": "publicKey4k", + "e": "AQAB", + "n": "tL6HShqY5H4y56rsCo7VdhT9_eLQwsJpKWg66j98XsB_qc5ZxkJ25GXCzpjR0ZvzAxMNlj1hrMORaKVzz2_5axZgF1eZfzgrNyQ9rtGaBtMNAB20jLsoYp5psRTaYxKeOiLHPr3956ukSRUF9YfJGSamrvGOwC8h6zbq6uaydv-FVJXijlMD_iCggUfoirtVOWK_X1IzV7covxcGzT0X019_4RbtjLdnvqZnGqmpHQpBEItI-4gNvaKR8NDWUxAjO_v-oOKR5nEUnDWcQSCxKmyQrVJtHr9PBwWrHzTSx4k1L1hLf-AWXAdy_r6c0Lzgt5knmZTyWDG2-n8SlrXxHHxFO1Wz8H_OKBzTAf8zIuj2lkXYo-M6aoJM7qQmTys80dtYvnaHGSl-jpe2plMbS9RS4XcHH7vCqJc9acBnp9CvLgjOmA0b5Rc0WyN4sn1SDFYe6HZcVo4YGTbtTTlwgu_ozQ1x-xpTAaU0mWkHMwT0CO79rPORjhDXokEuduvtp6VUiAaoFF6Y3QQLf6O3P9p8yghpBBLb460lEQqOHQQGP0EK46cU81dlcD5lYE0TayDzb9pZZWUyjIE4ElzyW7wgI4xw7czdBalN-IhXKfGUCqIDVh7X7JpmskZMaRixf424yBcZLntEejZy59yLDSssHMc_bqnBraXuo8JBEPk" + } + ] +}
