java source code of XsuaaTokenTest

cloud-security-xsuaa-integration-master
- NOTICE.txt
- .github
  - workflows
    - maven.yml
- java-security
  - src
    - main
      - java
        com
        sap
        cloud
        security
        config
        cf
        CFEnvironment.java
        CFEnvParser.java
        OAuth2ServiceConfigurationBuilder.java
        Environments.java
        adapter
        xs
        XSUserInfoAdapter.java
        spring
        SpringSecurityContext.java
        SAPOfflineTokenServicesCloud.java
        token
        XsuaaScopeConverter.java
        XsuaaToken.java
        AbstractToken.java
        ScopeConverter.java
        validation
        ValidationResults.java
        Validator.java
        CombiningValidator.java
        validators
        JsonWebKeyImpl.java
        JwtSignatureAlgorithm.java
        JsonWebKeyConstants.java
        OAuth2TokenKeyServiceWithCache.java
        JsonWebKey.java
        XsuaaJwtIssuerValidator.java
        TokenKeyCacheConfiguration.java
        JwtSignatureValidator.java
        JwtAudienceValidator.java
        JsonWebKeySet.java
        JwtIssuerValidator.java
        JsonWebKeySetFactory.java
        JwtValidatorBuilder.java
        OidcConfigurationServiceWithCache.java
        JwtTimestampValidator.java
        ValidationListener.java
        ValidationResult.java
        SapIdToken.java
        json
        DefaultJsonObject.java
        servlet
        XsuaaTokenAuthenticator.java
        IasTokenAuthenticator.java
        AbstractTokenAuthenticator.java
        TokenAuthenticatorResult.java
    - test
      - resources
        xsuaaEmptyToken.txt
        vcapXsuaaXsaSingleBinding.json
        vcapXsuaaServiceSingleBinding.json
        vcapIasServiceSingleBinding.json
        iasOidcTokenRSA256.txt
        jsonWebTokenKeys.json
        userInfoIntegration
        token_cc.txt
        correctEndUserTokenUaaUser.txt
        token_cc_noattr.txt
        correctEndUserToken.txt
        token_user.txt
        token_user_noattr.txt
        xsuaaInvalidSignatureTokenRSA256.txt
        vcapXsuaaServiceMultipleBindings.json
        xsuaaCCAccessTokenRSA256.txt
        xsuaaUserAccessTokenRSA256.txt
        xsuaaUserInfoAdapterToken.txt
        xsuaaAccessTokenRSA256_signedWithVerificationKey.txt
        xsuaaXsaAccessTokenRSA256_signedWithVerificationKey.txt
        iasJsonWebTokenKeys.json
      - java
        com
        sap
        cloud
        security
        TestConstants.java
        util
        HttpClientTestFactory.java
        config
        OAuth2ServiceConfigurationBuilderTest.java
        EnvironmentsTest.java
        cf
        CFEnvParserTest.java
        CFEnvironmentTest.java
        adapter
        xs
        XSUserInfoAdapterTest.java
        XSUserInfoAdapterIntegrationTest.java
        spring
        SAPOfflineTokenServicesCloudTest.java
        SpringSecurityContextTest.java
        token
        AbstractTokenTest.java
        SapIdTokenTest.java
        XsuaaScopeConverterTest.java
        XsuaaTokenTest.java
        MockTokenBuilder.java
        validation
        IntegrationTest.java
        CombiningValidatorTest.java
        validators
        XsuaaJwtSignatureValidatorTest.java
        XsuaaJwtIssuerValidatorTest.java
        XsaJwtSignatureValidatorTest.java
        JwtAudienceValidatorTest.java
        JwtIssuerValidatorTest.java
        JsonWebKeySetFactoryTest.java
        JsonWebKeyTestFactory.java
        JwtTimestampValidatorTest.java
        JsonWebKeySetTest.java
        JsonWebKeyTest.java
        OAuth2TokenKeyServiceWithCacheTest.java
        JwtValidatorBuilderTest.java
        IdTokenSignatureValidatorTest.java
        OidcConfigurationServiceWithCacheTest.java
        JwtSignatureValidatorTest.java
        ValidationResultsTest.java
        TokenTestValidator.java
        SecurityContextTest.java
        json
        DefaultJsonObjectTest.java
        core
        AssertionsTest.java
        servlet
        IasTokenAuthenticatorTest.java
        XsuaaTokenAuthenticatorTest.java
  - Migration_SAPJavaBuildpackProjects.md
  - images
    - iasApplication.puml
    - xsuaaApplication.puml
    - xsuaaFilter.puml
  - pom.xml
  - Migration_SAPJavaBuildpackProjects_V2.md
  - Migration_SpringSecurityProjects.md
  - README.md
- samples
  - java-tokenclient-usage
    - xs-security.json
    - src
      - main
        java
        com
        sap
        cloud
        security
        xssec
        samples
        tokenflow
        usage
        HelloTokenClientServlet.java
        webapp
        WEB-INF
        web.xml
    - pom.xml
    - manifest.yml
    - README.md
  - spring-security-basic-auth
    - xs-security.json
    - src
      - main
        resources
        application.yml
        java
        sample
        spring
        xsuaa
        SecurityConfiguration.java
        TestController.java
        Application.java
      - test
        java
        sample
        spring
        xsuaa
        ApplicationTest.java
    - pom.xml
    - manifest.yml
    - README.md
  - deploy_and_test.py
  - sap-java-buildpack-api-usage
    - xs-security.json
    - src
      - main
        java
        sample
        sapbuildpack
        xsuaa
        HelloTokenServlet.java
        webapp
        WEB-INF
        web.xml
    - approuter
      - sap-developer-license.txt
      - xs-app.json
      - package.json
    - pom.xml
    - manifest.yml
    - README.md
  - images
  - java-security-usage
    - xs-security.json
    - src
      - main
        java
        com
        sap
        cloud
        security
        samples
        tmp
        JettyTokenAuthenticator.java
        HelloJavaServlet.java
        Application.java
      - test
        java
        com
        sap
        cloud
        security
        samples
        HelloJavaServletIntegrationTest.java
    - pom.xml
    - manifest.yml
    - README.md
  - vars.yml
  - README.md
  - spring-security-xsuaa-usage
    - xs-security.json
    - src
      - main
        resources
        application.yml
        java
        sample
        spring
        xsuaa
        DataService.java
        SecurityConfiguration.java
        TestController.java
        Application.java
        RestClientConfiguration.java
      - test
        java
        sample
        spring
        xsuaa
        ApplicationTest.java
        TestControllerTest.java
        junitjupiter
        ApplicationTest.java
        TestControllerTest.java
    - approuter
      - resources
        index.html
      - sap-developer-license.txt
      - xs-app.json
      - package.json
    - pom.xml
    - manifest.yml
    - README.md
  - .gitignore
  - spring-webflux-security-xsuaa-usage
    - xs-security.json
    - src
      - main
        resources
        application.yml
        java
        sample
        spring
        webflux
        xsuaa
        SecurityConfiguration.java
        TestController.java
        Application.java
      - test
        resources
        META-INF
        spring.factories
        application.properties
        java
        sample
        spring
        webflux
        xsuaa
        ApplicationTest.java
        TestControllerTest.java
        mock
        XsuaaMockPostProcessor.java
    - approuter
      - resources
        index.html
      - sap-developer-license.txt
      - xs-app.json
      - package.json
    - pom.xml
    - manifest.yml
    - README.md
- java-security-test
  - src
    - main
      - resources
        publicKey.txt
        privateKey.txt
        oidcConfigurationTemplate.json
        token_keys_template.json
      - java
        com
        sap
        cloud
        security
        test
        JwtGenerator.java
        ApplicationServerOptions.java
        SecurityFilter.java
        SecurityTest.java
        SecurityTestRule.java
        RSAKeys.java
        jetty
        JettyTokenAuthenticator.java
    - test
      - resources
        jsonWebTokenKeys.json
        claims.json
        vcap.json
      - java
        com
        sap
        cloud
        security
        test
        SecurityTestTest.java
        RSAKeysTest.java
        SecurityTestRuleTest.java
        JwtGeneratorTest.java
  - pom.xml
  - README.md
- pom.xml
- spring-xsuaa
  - src
    - main
      - java
        com
        sap
        cloud
        security
        xsuaa
        XsuaaServicePropertySourceFactory.java
        autoconfiguration
        XsuaaTokenFlowAutoConfiguration.java
        XsuaaResourceServerJwkAutoConfiguration.java
        XsuaaAutoConfiguration.java
        extractor
        DefaultAuthoritiesExtractor.java
        UaaTokenBroker.java
        TokenBrokerResolver.java
        TokenUrlUtils.java
        AuthoritiesExtractor.java
        TokenBrokerException.java
        LocalAuthoritiesExtractor.java
        DefaultAuthenticationInformationExtractor.java
        AuthenticationMethod.java
        TokenBroker.java
        AuthenticationInformationExtractor.java
        XsuaaServicesParser.java
        XsuaaServiceConfigurationDefault.java
        XsuaaServiceConfigurationCustom.java
        XsuaaCredentials.java
        XsuaaServiceConfiguration.java
        token
        Token.java
        TokenAuthenticationConverter.java
        XsuaaToken.java
        authentication
        XsuaaAudienceValidator.java
        XsuaaJwtDecoderBuilder.java
        XsuaaJwtDecoder.java
        TokenInfoExtractor.java
        ReactiveXsuaaJwtDecoder.java
        PostValidationAction.java
        AuthenticationToken.java
        ReactiveTokenAuthenticationConverter.java
        OAuth2AuthenticationConverter.java
        TokenClaims.java
        ReactiveSecurityContext.java
        SpringSecurityContext.java
    - test
      - resources
        accessTokenRSA256WithVerificationKey.txt
        token_cc.txt
        correctEndUserTokenUaaUser.txt
        token_cc_noattr.txt
        correctEndUserToken.txt
        saml.txt
        audience_4.txt
        token_user.txt
        audience_3.txt
        claims_templateMultiTenancy.txt
        token_user_noattr.txt
        vcap_multipleBindings.json
        audience_1.txt
        claims_template.txt
        XsuaaJwtDecoderTest.properties
        vcap.json
        audience_2.txt
      - java
        com
        sap
        cloud
        security
        xsuaa
        XsuaaServicePropertySourceFactoryTest.java
        autoconfiguration
        XsuaaResourceServerJwkAutoConfigurationTest.java
        XsuaaAutoConfigurationTest.java
        XsuaaTokenFlowAutoConfigurationTest.java
        extractor
        LocalAuthoritiesExtractorTest.java
        XsuaaServiceConfigurationCustomTest.java
        DummyXsuaaServiceConfiguration.java
        XsuaaServicesParserTest.java
        token
        OAuth2TokenAuthenticationConverterTest.java
        TokenAuthenticationConverterTest.java
        authentication
        XsuaaAudienceValidatorForCloneTokenTest.java
        XsuaaJwtDecoderTest.java
        XsuaaAudienceValidatorTest.java
        ReactiveSecurityContextTest.java
        XsuaaTokenTest.java
        SpringSecurityContextTest.java
        CustomPropertySourceFactoryTest.java
  - pom.xml
  - Migration_JavaContainerSecurityProjects.md
  - README.md
- spring-xsuaa-starter
  - src
    - main
      - resources
        META-INF
        spring.factories
  - pom.xml
- LICENSE
- api
  - src
    - main
      - java
        com
        sap
        xsa
        security
        container
        XSTokenRequest.java
        XSUserInfoException.java
        XSUserInfo.java
        XSPrincipal.java
  - pom.xml
- java-api
  - src
    - main
      - java
        com
        sap
        cloud
        security
        config
        OAuth2ServiceConfiguration.java
        Service.java
        cf
        CFConstants.java
        CacheConfiguration.java
        Environment.java
        token
        Token.java
        SecurityContext.java
        GrantType.java
        AccessToken.java
        TokenHeader.java
        TokenClaims.java
        json
        JsonObject.java
        JsonParsingException.java
        servlet
        TokenAuthenticationResult.java
        TokenAuthenticator.java
    - test
      - java
        com
        sap
        cloud
        security
        config
        ServiceTest.java
  - pom.xml
- CHANGELOG.md
- token-client
  - src
    - main
      - java
        com
        sap
        cloud
        security
        xsuaa
        Assertions.java
        jwt
        Base64JwtDecoder.java
        DecodedJwt.java
        client
        AbstractOAuth2TokenService.java
        DefaultOidcConfigurationService.java
        SpringOAuth2TokenKeyService.java
        RequestParameterBuilder.java
        ClientCredentials.java
        DefaultOAuth2TokenKeyService.java
        XsuaaOAuth2TokenService.java
        OAuth2TokenResponse.java
        XsuaaDefaultEndpoints.java
        OAuth2TokenService.java
        OAuth2ServiceException.java
        OidcConfigurationService.java
        SpringOidcConfigurationService.java
        OAuth2TokenServiceConstants.java
        DefaultOAuth2TokenService.java
        OAuth2TokenKeyService.java
        OAuth2ServiceEndpointsProvider.java
        util
        UriUtil.java
        HttpClientUtil.java
        tokenflows
        RefreshTokenFlow.java
        TokenCacheConfiguration.java
        ClientCredentialsTokenFlow.java
        UserTokenFlow.java
        XsuaaTokenFlows.java
        PasswordTokenFlow.java
        TokenFlowException.java
        Cacheable.java
        XsuaaTokenFlowRequest.java
        XsuaaTokenFlowsUtils.java
        http
        HttpHeadersFactory.java
        MediaType.java
        HttpHeader.java
        HttpHeaders.java
        mtls
        MinimalDERParser.java
        SSLContextFactory.java
    - test
      - resources
        jsonWebTokenKeys.json
        privateRSAKey.txt
        certificates.txt
        oidcConfiguration.json
        iasJsonWebTokenKeys.json
      - java
        com
        sap
        cloud
        security
        xsuaa
        AssertionsTest.java
        jwt
        Base64JwtDecoderTest.java
        client
        XsuaaOAuth2TokenServiceTest.java
        DefaultOidcConfigurationServiceTest.java
        SpringOAuth2TokenKeyServiceTest.java
        AbstractOAuth2TokenServiceTest.java
        SpringOidcConfigurationServiceTest.java
        XsuaaOAuth2TokenServiceUserTokenTest.java
        DefaultOAuth2TokenKeyServiceTest.java
        XsuaaOAuth2TokenServiceJwtBearerTokenTest.java
        XsuaaOAuth2TokenServicePasswordTest.java
        DefaultOAuth2TokenServiceTest.java
        OAuth2TokenResponseTest.java
        XsuaaOAuth2TokenServiceClientCredentialsTest.java
        XsuaaOAuth2TokenServiceRefreshTokenTest.java
        XsuaaDefaultEndpointsTest.java
        ClientCredentialsTest.java
        TokenServiceHttpEntityMatcher.java
        util
        UriUtilTest.java
        HttpClientTestFactory.java
        tokenflows
        PasswordTokenFlowTest.java
        TestConstants.java
        RefreshTokenFlowTest.java
        XsuaaTokenFlowRequestTest.java
        TokenFlowExceptionTest.java
        UserTokenFlowTest.java
        ClientCredentialsTokenFlowTest.java
        XsuaaTokenFlowsTest.java
        http
        HttpHeadersFactoryTest.java
        HttpHeadersTest.java
        mtls
        SSLContextFactoryTest.java
  - pom.xml
  - README.md
- README.md
- spring-xsuaa-mock
  - src
    - main
      - resources
        META-INF
        spring.factories
        mock
        publicKey.txt
        cc_token.json
        token_keys_template.json
      - java
        com
        sap
        cloud
        security
        xsuaa
        mock
        XsuaaMockWebServer.java
        autoconfiguration
        XsuaaMockAutoConfiguration.java
        XsuaaRequestDispatcher.java
        MockXsuaaServiceConfiguration.java
    - test
      - resources
        META-INF
        spring.factories
        mock
        testdomain_token_keys.json
        application-test.properties
      - java
        com
        sap
        cloud
        security
        xsuaa
        mock
        ApplicationTest.java
        autoconfiguration
        XsuaaMockAutoConfigurationTest.java
        XsuaaMockWebServerTest.java
        XsuaaMockWebServerSpringBootTest.java
        XsuaaMockPostProcessor.java
  - pom.xml
  - README.md
- spring-xsuaa-test
  - src
    - main
      - resources
        spring-xsuaa-publicKey.txt
        spring-xsuaa-privateKey.txt
      - java
        com
        sap
        cloud
        security
        xsuaa
        test
        JwtGenerator.java
    - test
      - resources
        token_cc.txt
        claims_template.txt
      - java
        com
        sap
        cloud
        security
        xsuaa
        test
        TestConstants.java
        JwtGeneratorTest.java
  - pom.xml
  - README.md
- spring-xsuaa-it
  - src
    - main
      - resources
        application.yml
        cc.txt
        password.txt
        saml.txt
        expired.txt
        claims_templateMultiTenancy.txt
        claims_template.txt
        META-INF
        spring.factories
        mock
        otherdomain_token_keys.json
        insufficient_scoped.txt
      - java
        testservice
        api
        v1
        SecurityConfiguration.java
        TestController.java
        XsuaaITApplication.java
        basic
        SecurityConfiguration.java
        TestController.java
        nohttp
        SecurityConfiguration.java
        MyEventHandler.java
        com
        sap
        cloud
        security
        xsuaa
        mock
        MockPostProcessor.java
        JWTUtil.java
    - test
      - java
        testservice
        api
        XsuaaJwtDecoderTest.java
        nohttp
        InitializeSpringSecurityContextTest.java
        com
        sap
        cloud
        security
        xsuaa
        extractor
        BasicCredentialExtractorTest.java
        BasicAuthenticationValidationTest.java
        XsuaaServiceConfigurationDummy.java
        TokenBrokerTestConfiguration.java
        AuthenticationInformationExtractorTest.java
        token
        authentication
        XsuaaTokenValidationTest.java
  - pom.xml
  - .springBeans
- troubleshooting
  - README.md
  - logcollector
    - cf-logcollector.sh
    - README.md
    - cf-logcollector.ps1
- etc
  - suppression.xml
  - eclipse_settings.xml
- .gitignore
- docs
  - Troubleshooting_JsonClasspathIssues.md
  - images.rd

package com.sap.cloud.security.token;

import com.sap.cloud.security.config.Service;
import com.sap.cloud.security.json.DefaultJsonObject;
import org.apache.commons.io.IOUtils;
import org.junit.Test;
import org.mockito.Mockito;

import java.io.IOException;

import static java.nio.charset.StandardCharsets.*;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.when;

public class XsuaaTokenTest {

	private XsuaaToken clientCredentialsToken;
	private XsuaaToken userToken;

	public XsuaaTokenTest() throws IOException {
		clientCredentialsToken = new XsuaaToken(
				IOUtils.resourceToString("/xsuaaCCAccessTokenRSA256.txt", UTF_8));
		userToken = new XsuaaToken(IOUtils.resourceToString("/xsuaaUserAccessTokenRSA256.txt", UTF_8));
	}

	@Test
	public void constructor_raiseIllegalArgumentExceptions() {
		assertThatThrownBy(() -> {
			new XsuaaToken("");
		}).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("jwtToken must not be null / empty");

		assertThatThrownBy(() -> {
			new XsuaaToken("abc");
		}).isInstanceOf(IllegalArgumentException.class)
				.hasMessageContaining("JWT token does not consist of 'header'.'payload'.'signature'.");
	}

	@Test
	public void getScopes() {
		assertThat(clientCredentialsToken.getScopes()).containsExactly("ROLE_SERVICEBROKER", "uaa.resource");
	}

	@Test
	public void hasScope_scopeExists_isTrue() {
		assertThat(clientCredentialsToken.hasScope("ROLE_SERVICEBROKER")).isTrue();
		assertThat(clientCredentialsToken.hasScope("uaa.resource")).isTrue();
	}

	@Test
	public void hasScope_scopeDoesNotExist_isFalse() {
		assertThat(clientCredentialsToken.hasScope("scopeDoesNotExist")).isFalse();
	}

	@Test
	public void hasLocalScope() {
		clientCredentialsToken.withScopeConverter(new XsuaaScopeConverter("uaa"));
		assertThat(clientCredentialsToken.hasScope("uaa.resource")).isTrue();
		assertThat(clientCredentialsToken.hasLocalScope("resource")).isTrue();
	}

	@Test
	public void getUserPrincipal() {
		assertThat(userToken.getClaimAsString(TokenClaims.USER_NAME)).isEqualTo("testUser");
		assertThat(userToken.getClaimAsString(TokenClaims.XSUAA.ORIGIN)).isEqualTo("userIdp");
		assertThat(userToken.getPrincipal()).isNotNull();
		assertThat(userToken.getPrincipal().getName()).isEqualTo("user/userIdp/testUser");
	}

	@Test
	public void getClientPrincipal() {
		assertThat(clientCredentialsToken.getClaimAsString(TokenClaims.XSUAA.CLIENT_ID)).isEqualTo("sap_osb");
		assertThat(clientCredentialsToken.getPrincipal()).isNotNull();
		assertThat(clientCredentialsToken.getPrincipal().getName()).isEqualTo("client/sap_osb");
	}

	@Test
	public void getGrantType() {
		assertThat(clientCredentialsToken.getGrantType()).isEqualTo(GrantType.CLIENT_CREDENTIALS);
		assertThat(userToken.getGrantType()).isEqualTo(GrantType.USER_TOKEN);
	}

	@Test
	public void getService() {
		assertThat(userToken.getService()).isEqualTo(Service.XSUAA);
	}

	@Test
	public void getUniquePrincipalName() {
		assertThat(XsuaaToken.getUniquePrincipalName("origin", "user"))
				.isEqualTo("user/origin/user");
	}

	@Test
	public void getUniquePrincipalName_cannotBeCreated_returnsNull() {
		assertThat(XsuaaToken.getUniquePrincipalName("origin/", "user")).isNull();
		assertThat(XsuaaToken.getUniquePrincipalName("origin", "")).isNull();
		assertThat(XsuaaToken.getUniquePrincipalName("", "user")).isNull();
		assertThat(XsuaaToken.getUniquePrincipalName(null, "user")).isNull();
		assertThat(XsuaaToken.getUniquePrincipalName("origin", null)).isNull();
	}

	@Test
	public void getPrincipalShouldBeEqualForSameUser() throws IOException {
		Token userToken2 = new XsuaaToken(IOUtils.resourceToString("/xsuaaUserAccessTokenRSA256.txt", UTF_8));
		assertThat(userToken.getPrincipal()).isEqualTo(userToken2.getPrincipal());
	}

	@Test
	public void getAudiences() {
		assertThat(clientCredentialsToken.getAudiences()).containsExactlyInAnyOrder("uaa", "sap_osb");
	}

	@Test
	public void getSubdomain() {
		assertThat(clientCredentialsToken.getSubdomain()).isNull();
		assertThat(userToken.getSubdomain()).isEqualTo("theSubdomain");
	}

	@Test
	public void getSubaccountId() {
		XsuaaToken userTokenWithSubaccountId = Mockito.spy(userToken);
		when(userTokenWithSubaccountId.getClaimAsJsonObject(TokenClaims.XSUAA.EXTERNAL_ATTRIBUTE))
				.thenReturn(new DefaultJsonObject("{\"subaccountid\": \"abc123\"}"));

		assertThat(userTokenWithSubaccountId.getSubaccountId()).isEqualTo("abc123");
	}

	@Test
	public void getSubaccountId_noSubaccountId_fallsBackToZoneId() {
		assertThat(clientCredentialsToken.getSubaccountId()).isEqualTo("uaa");
	}

	@Test
	public void getSubaccountId_noSubaccountIdAndNoFallback_isNull() {
		assertThat(userToken.getSubaccountId()).isNull();
	}

}