package tests;
import com.github.tomakehurst.wiremock.client.MappingBuilder;
import com.github.tomakehurst.wiremock.junit.WireMockRule;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.crypto.RsaProvider;
import net.bingosoft.oss.ssoclient.SSOClient;
import net.bingosoft.oss.ssoclient.SSOConfig;
import net.bingosoft.oss.ssoclient.SSOUtils;
import net.bingosoft.oss.ssoclient.exception.InvalidCodeException;
import net.bingosoft.oss.ssoclient.exception.InvalidTokenException;
import net.bingosoft.oss.ssoclient.exception.TokenExpiredException;
import net.bingosoft.oss.ssoclient.internal.JSON;
import net.bingosoft.oss.ssoclient.internal.Urls;
import net.bingosoft.oss.ssoclient.model.AccessToken;
import net.bingosoft.oss.ssoclient.model.Authentication;
import net.bingosoft.oss.ssoclient.spi.CacheProvider;
import net.bingosoft.oss.ssoclient.spi.TokenProvider;
import org.junit.*;
import java.io.UnsupportedEncodingException;
import java.security.KeyPair;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;
import java.util.UUID;
import static com.github.tomakehurst.wiremock.client.WireMock.*;
/**
* Created by kael on 2017/4/17.
*/
public class SSOClientTest {
@Rule
public WireMockRule wireMockRule = new WireMockRule(9999);
private static final String baseUrl = "http://localhost:9999/";
private SSOClient client;
private KeyPair keyPair = RsaProvider.generateKeyPair();
String jwtToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9." +
"eyJjbGllbnRfaWQiOiJjb25zb2xlIiwidXNlcl9pZCI6IjQ" +
"zRkU2NDc2LUNEN0ItNDkzQi04MDQ0LUM3RTMxNDlEMDg3Ni" +
"IsInVzZXJuYW1lIjoiYWRtaW4iLCJzY29wZSI6InBlcm0iL" +
"CJleHBpcmVzX2luIjoyMzY5NCwiZXhwaXJlcyI6MTQ5MjAw" +
"Mzc1MjAwMCwiZW5hYmxlZCI6MSwiZXhwIjoxNDkyMDE2MDU" +
"3MjMyfQ.rig2Y67pkpxxfJxZD9gyKCCwQK5K9bS5w6FcDhn" +
"kJWc8FEXZEn3kICByb2W9PivouRc5l2_9N4dVXyEH1s2k17" +
"Jp9aAWU7AFEWwtjdRQe7UIjCxock--FOUzuUKZhrI1tgeVH" +
"P4p-NNnkh-at43NxEI63HLOKvCo67R3QgK3wrg";
String idToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9." +
"eyJhdWQiOiJ0ZXN0Iiwic3ViIjoiNWYxOWY3ZTgtODkwYS" +
"00NDcxLTliZDEtNzllMTc5MWVlOTU3IiwiZXhwIjoxNDky" +
"Njc3MTE1LCJuYW1lIjoiYWRtaW4iLCJsb2dpbl9uYW1lIj" +
"oiYWRtaW4ifQ.GzENvWVdmgknI5eerApk8DupOxCyz3hsL" +
"QCTVEFfvT8";
String authCode = UUID.randomUUID().toString().replace("-","");
String basicHeader;
@Before
public void before(){
String pk = org.apache.commons.codec.binary.Base64.encodeBase64String(keyPair.getPublic().getEncoded());
stubFor(get("/oauth2/publickey").willReturn(aResponse().withStatus(200).withBody(pk)));
JwtBuilder builder = jwtBuilder(System.currentTimeMillis()+3600*1000L)
.signWith(SignatureAlgorithm.RS256,keyPair.getPrivate());
jwtToken = builder.compact();
SSOConfig config = new SSOConfig().autoConfigureUrls(baseUrl);
config.setClientId("test");
config.setClientSecret("test_secret");
config.setResourceName("resourceName");
config.setRedirectUri("http://www.example.com");
client = new SSOClient(config);
basicHeader = SSOUtils.encodeBasicAuthorizationHeader(config.getClientId(),config.getClientSecret());
}
@After
public void after(){
wireMockRule.stop();
}
@Test
public void testVerifyJwtAccessToken() throws InterruptedException, UnsupportedEncodingException {
// 正确校验
Authentication authc = client.verifyAccessToken(jwtToken);
assertAuthc(authc);
// 缓存
Assert.assertTrue(authc == client.verifyAccessToken(jwtToken));
// 过期
authc.setExpires(10);
Thread.sleep(15);
Assert.assertTrue(authc != client.verifyAccessToken(jwtToken));
// jwt扩展属性
Map<String,Object> ext = new HashMap<String, Object>();
ext.put("ext1","ext1");
ext.put("ext2","ext2");
JwtBuilder builder = jwtBuilder(System.currentTimeMillis()+1000*3600,ext)
.signWith(SignatureAlgorithm.RS256,keyPair.getPrivate());
authc = client.verifyAccessToken(builder.compact());
Assert.assertEquals("ext1",authc.getAttributes().get("ext1"));
Assert.assertEquals("ext2",authc.getAttributes().get("ext2"));
// 错误的jwt格式
boolean invalidToken = false;
try {
client.verifyAccessToken("error.jwt");
} catch (InvalidTokenException e) {
invalidToken = true;
}
Assert.assertTrue(invalidToken);
// 错误的jwt校验
invalidToken = false;
try {
client.verifyAccessToken(jwtToken.substring(0,jwtToken.length()-2)+"ab");
} catch (InvalidTokenException e) {
invalidToken = true;
}
Assert.assertTrue(invalidToken);
// jwt签名错误
invalidToken = false;
try {
client.verifyAccessToken("ab"+jwtToken.substring(10));
} catch (InvalidTokenException e) {
invalidToken = true;
}
Assert.assertTrue(invalidToken);
// jwt校验过期
boolean expiredToken = false;
try {
JwtBuilder builder1 = jwtBuilder(System.currentTimeMillis()-10000)
.signWith(SignatureAlgorithm.RS256,keyPair.getPrivate());
client.verifyAccessToken(builder1.compact());
} catch (TokenExpiredException e) {
expiredToken = true;
}
Assert.assertTrue(expiredToken);
}
@Test
public void testVerifyBearerAccessToken(){
String accessToken = UUID.randomUUID().toString();
Map<String, String> resp = new HashMap<String, String>();
resp.put("user_id","43FE6476-CD7B-493B-8044-C7E3149D0876");
resp.put("username","admin");
resp.put("expires_in","3600");
resp.put("client_id","console");
resp.put("scope","perm name user");
MappingBuilder mb = post("/oauth2/tokeninfo")
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
// 正常返回
Authentication authc = client.verifyAccessToken(accessToken);
assertAuthc(authc);
//缓存
Authentication authc1 = client.verifyAccessToken(accessToken);
Assert.assertTrue(authc == authc1);
// 缓存失效
authc.setExpires(10);
authc1 = client.verifyAccessToken(accessToken);
Assert.assertTrue(authc != authc1);
// access token 无效
removeStub(mb);
Map<String, String> error = new HashMap<String, String>();
error.put("error","invalid_token");
error.put("error_description","无效的token");
mb = post("/oauth2/tokeninfo")
.willReturn(aResponse().withStatus(400).withBody(JSON.encode(error)));
stubFor(mb);
boolean invalid = false;
authc1.setExpires(10);
try {
client.verifyAccessToken(accessToken);
} catch (InvalidTokenException e) {
invalid = true;
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
// access token过期
resp.remove("expires_in");
removeStub(mb);
mb = post("/oauth2/tokeninfo")
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
boolean expires = false;
authc1.setExpires(10);
try {
client.verifyAccessToken(accessToken);
} catch (InvalidTokenException e) {
e.printStackTrace();
} catch (TokenExpiredException e) {
expires = true;
}
Assert.assertTrue(expires);
removeStub(mb);
}
@Test
public void testObtainAccessTokenByCode(){
Map<String, String> params = new HashMap<String, String>();
params.put("grant_type","authorization_code");
params.put("code",authCode);
params.put("redirectUri", Urls.encode(client.getConfig().getRedirectUri()));
Map<String, String> resp = new HashMap<String, String>();
resp.put("access_token","accesstoken");
resp.put("refresh_token","refreshtoken");
resp.put("expires_in","3600");
resp.put("token_type","Bearer");
// 正常返回
MappingBuilder mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
AccessToken accessToken = client.obtainAccessTokenByCode(authCode);
assertAccessToken(accessToken);
// 无效的code
removeStub(mb);
mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(400).withBody("{\"error\":\"invalid_grant\",\"error_description\":\"invalid code\"}"));
stubFor(mb);
boolean invalid = false;
String msg = null;
try {
client.obtainAccessTokenByCode(authCode);
} catch (InvalidCodeException e) {
invalid = true;
msg = e.getMessage();
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
Assert.assertTrue(msg.contains("invalid_grant"));
Assert.assertTrue(msg.contains("invalid code"));
// 返回结果中没有access token
removeStub(mb);
resp.remove("access_token");
mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
invalid = false;
msg = null;
try {
client.obtainAccessTokenByCode(authCode);
} catch (InvalidCodeException e) {
invalid = true;
msg = e.getMessage();
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
Assert.assertTrue(msg.contains("invalid authorization code"));
resp.put("access_token","accesstoken");
// 返回的结果已经过期
removeStub(mb);
resp.remove("expires_in");
mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
boolean expired = false;
msg = null;
try {
client.obtainAccessTokenByCode(authCode);
} catch (InvalidCodeException e) {
e.printStackTrace();
} catch (TokenExpiredException e) {
expired = true;
msg=e.getMessage();
}
Assert.assertTrue(expired);
Assert.assertTrue(msg.contains("is expired"));
resp.put("expires_in","3600");
// 返回结果的json解析错误
removeStub(mb);
resp.remove("expires_in");
mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody("{errorjson}"));
stubFor(mb);
boolean runtimeException = false;
try {
client.obtainAccessTokenByCode(authCode);
} catch (InvalidCodeException e) {
e.printStackTrace();
} catch (TokenExpiredException e) {
e.printStackTrace();
} catch (Exception e){
runtimeException = true;
}
Assert.assertTrue(runtimeException);
removeStub(mb);
}
@Test
public void testObtainAccessTokenByClientCredentials(){
Map<String, String> params = new HashMap<String, String>();
params.put("grant_type","client_credentials");
Map<String, String> resp = new HashMap<String, String>();
resp.put("access_token","accesstoken");
resp.put("refresh_token","refreshtoken");
resp.put("expires_in","3600");
resp.put("token_type","Bearer");
Map<String, String> error = new HashMap<String, String>();
error.put("error","invalid_grant");
error.put("error_description","client_secret invalid");
// 正常获取
MappingBuilder mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
AccessToken accessToken = client.obtainAccessTokenByClientCredentials();
assertAccessToken(accessToken);
// 缓存
AccessToken accessToken1 = client.obtainAccessTokenByClientCredentials();
Assert.assertTrue(accessToken==accessToken1);
// 缓存过期
accessToken.setExpires(10);
accessToken1 = client.obtainAccessTokenByClientCredentials();
Assert.assertTrue(accessToken!=accessToken1);
removeStub(mb);
// client credentials校验错误
client.getCacheProvider().remove("obtainAccessTokenByClientCredentials:"+client.getConfig().getClientId());
mb.willReturn(aResponse().withStatus(401).withBody(JSON.encode(error)));
stubFor(mb);
boolean invalidGrant = false;
String errorMsg = null;
try {
client.obtainAccessTokenByClientCredentials();
} catch (Exception e) {
invalidGrant = true;
errorMsg = e.getMessage();
}
Assert.assertTrue(invalidGrant);
Assert.assertTrue(errorMsg.contains("invalid_grant"));
removeStub(mb);
// 服务端异常
mb.willReturn(aResponse().withStatus(500).withBody(JSON.encode("{error:\"server_error\",error_description:\"server error\"}")));
stubFor(mb);
boolean serverError = false;
try {
client.obtainAccessTokenByClientCredentials();
} catch (Exception e) {
serverError = true;
}
Assert.assertTrue(serverError);
removeStub(mb);
// json解析异常
mb.willReturn(aResponse().withStatus(200).withBody(JSON.encode("{aaa}{bbb}")));
stubFor(mb);
boolean jsonError = false;
errorMsg = null;
try {
client.obtainAccessTokenByClientCredentials();
} catch (Exception e) {
jsonError = true;
errorMsg = e.getMessage();
}
Assert.assertTrue(jsonError);
Assert.assertTrue(errorMsg.contains("parse json error"));
removeStub(mb);
// access token的json异常
error.put("error","server_error");
error.put("error_description","server error");
mb.willReturn(aResponse().withStatus(200).withBody(JSON.encode(error)));
stubFor(mb);
boolean errorAccessTokenJson = false;
errorMsg = null;
try {
client.obtainAccessTokenByClientCredentials();
} catch (Exception e) {
errorAccessTokenJson = true;
errorMsg = e.getMessage();
}
Assert.assertTrue(errorAccessTokenJson);
Assert.assertTrue(errorMsg.contains("server_error"));
removeStub(mb);
// 取到at的时候就已经过期了
resp.put("expires_in","0");
mb.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
boolean expires = false;
try {
client.obtainAccessTokenByClientCredentials();
} catch (TokenExpiredException e) {
expires = true;
}
Assert.assertTrue(expires);
}
@Test
public void testObtainAccessTokenByClientCredentialsWithToken(){
Map<String, String> params = new HashMap<String, String>();
params.put("grant_type","token_client_credentials");
Map<String, String> resp = new HashMap<String, String>();
resp.put("access_token","accesstoken");
resp.put("refresh_token","refreshtoken");
resp.put("expires_in","3600");
resp.put("token_type","Bearer");
Map<String, String> error = new HashMap<String, String>();
error.put("error","invalid_grant");
error.put("error_description","client_secret invalid");
JwtBuilder jwtBuilder = jwtBuilder(System.currentTimeMillis()+1000*600)
.signWith(SignatureAlgorithm.RS256,keyPair.getPrivate());
String jwt = jwtBuilder.compact();
params.put("access_token",jwt);
// 正常获取
MappingBuilder mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
AccessToken accessToken = client.obtainAccessTokenByToken(jwt);
assertAccessToken(accessToken);
// 缓存
AccessToken accessToken1 = client.obtainAccessTokenByToken(jwt);
Assert.assertTrue(accessToken==accessToken1);
// 缓存过期
accessToken.setExpires(10);
accessToken1 = client.obtainAccessTokenByToken(jwt);
Assert.assertTrue(accessToken!=accessToken1);
// jwt过期
jwt = jwtBuilder.setExpiration(new Date(System.currentTimeMillis()-1000*60)).compact();
boolean expires = false;
try {
client.obtainAccessTokenByToken(jwt);
} catch (InvalidTokenException e) {
e.printStackTrace();
} catch (TokenExpiredException e) {
expires = true;
}
Assert.assertTrue(expires);
// jwt无效
jwt = jwtBuilder.signWith(SignatureAlgorithm.RS256, RsaProvider.generateKeyPair().getPrivate())
.setExpiration(new Date(System.currentTimeMillis()+1000*600)).compact();
boolean invalid = false;
try {
client.obtainAccessTokenByToken(jwt);
} catch (InvalidTokenException e) {
invalid = true;
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
// 取到的access token已经是过期的了
jwt = jwtBuilder.signWith(SignatureAlgorithm.RS256, keyPair.getPrivate())
.setExpiration(new Date(System.currentTimeMillis()+1000*60)).compact();
removeStub(mb);
resp.put("expires_in","0");
mb.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
expires = false;
try {
client.obtainAccessTokenByToken(jwt);
} catch (InvalidTokenException e) {
e.printStackTrace();
} catch (TokenExpiredException e) {
expires = true;
}
Assert.assertTrue(expires);
// json 解析失败
removeStub(mb);
mb.willReturn(aResponse().withStatus(200).withBody("error_json"));
stubFor(mb);
boolean errorJson = false;
String errorMsg = null;
try {
client.obtainAccessTokenByToken(jwt);
} catch (InvalidTokenException e) {
e.printStackTrace();
} catch (TokenExpiredException e) {
e.printStackTrace();
} catch (Exception e){
errorJson = true;
errorMsg = e.getMessage();
}
Assert.assertTrue(errorJson);
Assert.assertTrue(errorMsg.contains("parse json error"));
// 通过普通access token换取新token
resp.put("expires_in","3600");
removeStub(mb);
mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
accessToken = client.obtainAccessTokenByToken(UUID.randomUUID().toString());
assertAccessToken(accessToken);
}
@Test
public void testVerifyIdToken(){
JwtBuilder builder = Jwts.builder()
.claim("sub","43FE6476-CD7B-493B-8044-C7E3149D0876")
.claim("aud","console")
.claim("login_name","admin")
.claim("name","管理员")
.setExpiration(new Date(System.currentTimeMillis()+5*60*1000));
builder.signWith(SignatureAlgorithm.HS256, client.getConfig().getClientSecret().getBytes());
String idToken = builder.compact();
// Jwts自校验
String userId = Jwts.parser().setSigningKey(client.getConfig().getClientSecret().getBytes())
.parseClaimsJws(idToken).getBody().get("sub").toString();
Assert.assertEquals("43FE6476-CD7B-493B-8044-C7E3149D0876",userId);
// 正常校验通过
Authentication authc = client.verifyIdToken(idToken);
assertIdTokenAuthc(authc);
// 缓存
Authentication authc1 = client.verifyIdToken(idToken);
Assert.assertTrue(authc == authc1);
// 缓存失效
authc.setExpires(10);
authc1 = client.verifyIdToken(idToken);
Assert.assertTrue(authc != authc1);
// idToken验证失败
boolean invalid = false;
try {
client.verifyIdToken("aa"+idToken.substring(2));
} catch (InvalidTokenException e) {
invalid = true;
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
// idToken过期
builder.setExpiration(new Date(System.currentTimeMillis()-5*60*1000));
idToken = builder.compact();
boolean expired = false;
try {
client.verifyIdToken(idToken);
} catch (InvalidTokenException e) {
e.printStackTrace();
} catch (TokenExpiredException e) {
expired = true;
}
Assert.assertTrue(expired);
// idToken无效
invalid = false;
try {
client.verifyIdToken("error.idtoken");
} catch (InvalidTokenException e) {
invalid = true;
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
// idToken不是jwtToken
invalid = false;
try {
client.verifyIdToken(UUID.randomUUID().toString());
} catch (InvalidTokenException e) {
invalid = true;
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
}
@Test
public void testRefreshToken(){
Map<String, String> params = new HashMap<String, String>();
params.put("grant_type","token_client_credentials");
Map<String, String> resp = new HashMap<String, String>();
resp.put("access_token","accesstoken");
resp.put("refresh_token","refreshtoken");
resp.put("expires_in","3600");
resp.put("token_type","Bearer");
Map<String, String> error = new HashMap<String, String>();
error.put("error","invalid_grant");
error.put("error_description","client_secret invalid");
// 正常获取
MappingBuilder mb = post("/oauth2/token").withPostServeAction("postParams",params)
.withHeader("Authorization", equalTo(basicHeader))
.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
AccessToken at = client.obtainAccessTokenByClientCredentials();
assertAccessToken(at);
// 正常刷新
removeStub(mb);
resp.put("access_token","accesstoken1");
resp.put("refresh_token","refreshtoken1");
resp.put("expires_in","3600");
resp.put("token_type","Bearer");
mb.willReturn(aResponse().withStatus(200).withBody(JSON.encode(resp)));
stubFor(mb);
AccessToken at1 = client.refreshAccessToken(at);
Assert.assertEquals("accesstoken1",at1.getAccessToken());
Assert.assertEquals("refreshtoken1",at1.getRefreshToken());
Assert.assertEquals("Bearer",at1.getTokenType());
Assert.assertEquals(3600,at1.getExpires()-System.currentTimeMillis()/1000L);
// 刷新异常
removeStub(mb);
mb.willReturn(aResponse().withStatus(401).withBody(JSON.encode(error)));
stubFor(mb);
boolean invalid = false;
try {
client.refreshAccessToken(at);
} catch (InvalidTokenException e) {
invalid = true;
} catch (TokenExpiredException e) {
e.printStackTrace();
}
Assert.assertTrue(invalid);
}
protected void assertAuthc(Authentication authc){
Assert.assertEquals("43FE6476-CD7B-493B-8044-C7E3149D0876", authc.getUserId());
Assert.assertEquals("admin", authc.getUsername());
Assert.assertEquals("perm name user", authc.getScope());
Assert.assertEquals("console", authc.getClientId());
}
protected void assertIdTokenAuthc(Authentication authc){
Assert.assertEquals("43FE6476-CD7B-493B-8044-C7E3149D0876", authc.getUserId());
Assert.assertEquals("admin", authc.getUsername());
Assert.assertEquals("console", authc.getClientId());
}
protected void assertAccessToken(AccessToken at){
Assert.assertEquals("accesstoken",at.getAccessToken());
Assert.assertEquals("refreshtoken",at.getRefreshToken());
Assert.assertEquals("Bearer",at.getTokenType());
Assert.assertEquals(3600,at.getExpires()-System.currentTimeMillis()/1000L);
}
@Test
public void testCacheProvider(){
final Map<String, Boolean> used = new HashMap<String, Boolean>();
SSOClient client = new SSOClient();
client.setConfig(new SSOConfig(baseUrl));
CacheProvider provider = new CacheProvider() {
@Override
public <T> T get(String key) {
used.put("get",true);
Authentication authentication = new Authentication();
authentication.setExpires(1);
try {
Thread.sleep(2);
} catch (InterruptedException e) {
e.printStackTrace();
}
return (T)authentication;
}
@Override
public void put(String key, Object item, long expires) {
used.put("put",true);
}
@Override
public void remove(String key) {
used.put("remove",true);
}
};
client.setCacheProvider(provider);
Assert.assertTrue(provider == client.getCacheProvider());
client.verifyAccessToken(jwtToken);
Assert.assertTrue(used.get("get"));
Assert.assertTrue(used.get("put"));
Assert.assertTrue(used.get("remove"));
}
@Test
public void testTokenProvider(){
final Map<String, Boolean> used = new HashMap<String, Boolean>();
SSOClient client = new SSOClient();
client.setConfig(new SSOConfig(baseUrl));
TokenProvider provider = new TokenProvider() {
@Override
public Authentication verifyJwtAccessToken(
String accessToken) throws InvalidTokenException, TokenExpiredException {
used.put("verifyJwtAccessToken",true);
return new Authentication();
}
@Override
public Authentication verifyBearerAccessToken(String accessToken) {
used.put("verifyBearerAccessToken",true);
return new Authentication();
}
@Override
public Authentication verifyIdToken(String idToken) throws InvalidTokenException, TokenExpiredException {
used.put("verifyIdToken",true);
return new Authentication();
}
@Override
public AccessToken obtainAccessTokenByAuthzCode(
String authzCode) throws InvalidCodeException, TokenExpiredException {
used.put("obtainAccessTokenByAuthzCode",true);
return new AccessToken();
}
@Override
public AccessToken obtainAccessTokenByClientCredentials() {
used.put("obtainAccessTokenByClientCredentials",true);
return new AccessToken();
}
@Override
public AccessToken obtainAccessTokenByClientCredentialsWithJwtToken(
String accessToken) throws InvalidTokenException, TokenExpiredException {
used.put("obtainAccessTokenByClientCredentialsWithJwtToken",true);
return new AccessToken();
}
@Override
public AccessToken obtainAccessTokenByClientCredentialsWithBearerToken(
String accessToken) throws InvalidTokenException, TokenExpiredException {
used.put("obtainAccessTokenByClientCredentialsWithBearerToken",true);
return new AccessToken();
}
@Override
public AccessToken refreshAccessToken(
AccessToken accessToken) throws InvalidTokenException, TokenExpiredException {
used.put("refreshAccessToken",true);
return new AccessToken();
}
};
client.setTokenProvider(provider);
Assert.assertTrue(provider == client.getTokenProvider());
client.verifyAccessToken(jwtToken);
client.verifyAccessToken(UUID.randomUUID().toString());
client.verifyIdToken(jwtToken);
client.obtainAccessTokenByCode(authCode);
client.obtainAccessTokenByClientCredentials();
client.obtainAccessTokenByToken(jwtToken);
client.obtainAccessTokenByToken(UUID.randomUUID().toString());
client.refreshAccessToken(new AccessToken());
Assert.assertTrue(used.get("verifyJwtAccessToken"));
Assert.assertTrue(used.get("verifyBearerAccessToken"));
Assert.assertTrue(used.get("verifyIdToken"));
Assert.assertTrue(used.get("obtainAccessTokenByAuthzCode"));
Assert.assertTrue(used.get("obtainAccessTokenByClientCredentials"));
Assert.assertTrue(used.get("obtainAccessTokenByClientCredentialsWithJwtToken"));
Assert.assertTrue(used.get("obtainAccessTokenByClientCredentialsWithBearerToken"));
Assert.assertTrue(used.get("refreshAccessToken"));
}
protected JwtBuilder jwtBuilder(long exp, Map<String, Object> ext){
JwtBuilder jwt = Jwts.builder()
.claim("user_id","43FE6476-CD7B-493B-8044-C7E3149D0876")
.claim("scope","perm name user")
.claim("client_id","console")
.claim("username","admin");
if(ext != null){
for (Entry<String, Object> entry : ext.entrySet()){
jwt.claim(entry.getKey(),entry.getValue());
}
}
jwt.setExpiration(new Date(exp));
return jwt;
}
protected JwtBuilder jwtBuilder(long exp){
return jwtBuilder(exp,null);
}
}
