Java Code Examples for org.eclipse.microprofile.jwt.tck.util.TokenUtils

The following examples show how to use org.eclipse.microprofile.jwt.tck.util.TokenUtils. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: microprofile-jwt-auth   Source File: InvalidTokenTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
    description = "Validate a request with an non-matching issuer fails with HTTP_UNAUTHORIZED")
public void callEchoBadIssuer() throws Exception {
    HashSet<TokenUtils.InvalidClaims> invalidFields = new HashSet<>();
    invalidFields.add(TokenUtils.InvalidClaims.ISSUER);
    String token = TokenUtils.generateTokenString("/Token1.json", invalidFields);
    System.out.printf("jwt: %s\n", token);

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("input", "hello")
        ;
    Response response = echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
    String reply = response.readEntity(String.class);
    System.out.printf("Reply: %s\n", reply);
}
 
Example 2
Source Project: tomee   Source File: PublicKeyAsPEMLocationTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@OperateOnDeployment("testApp")
@Test(groups = TEST_GROUP_CONFIG, dependsOnMethods = { "validateLocationUrlContents" },
        description = "Validate specifying the mp.jwt.verify.publickey.location as remote URL to a PEM key")
public void testKeyAsLocationUrl() throws Exception {
    Reporter.log("testKeyAsLocationUrl, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMUrl";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
            ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 3
Source Project: microprofile-jwt-auth   Source File: EmptyTokenTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate that a token sent to an unauthenticated / unauthorized endpoint is verified and " +
                    "injected as non-empty")
public void validToken() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");
    String uri = baseURL.toExternalForm() + "endp/verifyNonEmptyToken";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Assert.assertTrue(reply.getBoolean("pass"));
}
 
Example 4
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected jti claim is as expected from Token2")
public void verifyInjectedJTI2() throws Exception {
    Reporter.log("Begin verifyInjectedJTI2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedJTI";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam(Claims.jti.name(), "a-123.2")
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 5
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected aud claim is as expected from Token2")
public void verifyInjectedAudience2() throws Exception {
    Reporter.log("Begin verifyInjectedAudience2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedAudience";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam(Claims.aud.name(), "s6BhdRkqt3.2")
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 6
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected iat claim is as expected from Token2")
public void verifyInjectedIssuedAt2() throws Exception {
    Reporter.log("Begin verifyInjectedIssuedAt2\n");
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token2 = TokenUtils.generateTokenString("/Token2.json", null, timeClaims);
    Long iatClaim = timeClaims.get(Claims.auth_time.name());
    Long authTimeClaim = timeClaims.get(Claims.auth_time.name());
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedIssuedAt";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam(Claims.iat.name(), iatClaim)
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 7
Source Project: smallrye-jwt   Source File: TestTokenRequireSub.java    License: Apache License 2.0 6 votes vote down vote up
@Test(groups = TEST_GROUP_JWT, description = "no sub validation")
public void noSubValidation() throws Exception {
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString("/TokenSubPath.json", null, timeClaims);
    PublicKey publicKey = TokenUtils.readPublicKey("/publicKey.pem");
    if (publicKey == null) {
        throw new IllegalStateException("Failed to load /publicKey.pem resource");
    }

    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo((RSAPublicKey) publicKey, TEST_ISSUER);
    contextInfo.setRequireNamedPrincipal(false);
    JWTCallerPrincipalFactory factory = JWTCallerPrincipalFactory.instance();
    JsonWebToken jwt = factory.parse(token, contextInfo);
    String sub = jwt.getSubject();
    Assert.assertNull(sub);
}
 
Example 8
Source Project: microprofile-jwt-auth   Source File: PublicKeyAsPEMTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded PEM key is used to sign the JWT")
public void testKeyAsPEM() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyAsPEM";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 9
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG, dependsOnMethods = { "validateLocationUrlContents" },
    description = "Validate specifying the mp.jwt.verify.publickey.location as remote URL to a JWKS key")
public void testKeyAsLocationUrl() throws Exception {
    Reporter.log("testKeyAsLocationUrl, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKSUrl";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 10
Source Project: microprofile-jwt-auth   Source File: AbstractJWKSTest.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Loads the signer-keypair.jwk resource that was generated using https://mkjwk.org
 * and returns the private key
 *
 * @return the private key from the key pair
 */
static PrivateKey loadPrivateKey() throws Exception {
    String jwk = TokenUtils.readResource("/signer-keypair.jwk");
    RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) JsonWebKey.Factory.newJwk(jwk);
    RSAPublicKey pk = rsaJsonWebKey.getRsaPublicKey();
    String e = new String(Base64.getUrlEncoder().withoutPadding().encode(pk.getPublicExponent().toByteArray()));
    byte[] nbytes = pk.getModulus().toByteArray();
    if(nbytes[0] == 0 && nbytes.length > 1) {
        byte[] tmp = new byte[nbytes.length-1];
        System.arraycopy(nbytes, 1, tmp, 0, tmp.length);
        nbytes = tmp;
    }
    String n = new String(Base64.getUrlEncoder().withoutPadding().encode(nbytes));
    System.out.printf("e: %s\n", e);
    System.out.printf("n: %s\n", n);
    n = BigEndianBigInteger.toBase64Url(pk.getModulus());
    System.out.printf("n: %s\n", n);
    return rsaJsonWebKey.getRsaPrivateKey();
}
 
Example 11
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded PEM key is used to sign the JWT")
public void testKeyAsPEM() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readECPrivateKey("/ecPrivateKey.pem");
    String kid = "/ecPrivateKey.pem";
    String token = TokenUtils.signClaims(privateKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/verifyKeyAsPEM";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 12
Source Project: microprofile-jwt-auth   Source File: PublicKeyAsJWKTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded JWKS key is used to verify the JWT signature")
public void testKeyAsJWK() throws Exception {
    Reporter.log("testKeyAsJWK, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyAsJWK";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 13
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.decrypt.key.location as resource path to a JWKS key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PublicKey publicKey = TokenUtils.readJwkPublicKey("/encryptorPublicKey.jwk");
    String kid = "mp-jwt-set";
    String token = TokenUtils.encryptClaims(publicKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKSResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid);
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 14
Source Project: microprofile-jwt-auth   Source File: TokenAsCookieTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a valid JWT in a Cookie with default name")
public void validJwt() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("Bearer", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    Assert.assertEquals(reply, "hello, [email protected]");
}
 
Example 15
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location as resource path to a JWK key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readECPrivateKey("/ecPrivateKey.pem");
    String kid = "eckey";
    String token = TokenUtils.signClaims(privateKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 16
@RunAsClient()
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the http://localhost:8080/pem/endp/publicKey4k PEM endpoint")
public void validateLocationUrlContents() throws Exception {
    URL locationURL = new URL(baseURL, "pem/endp/publicKey4k");
    Reporter.log("Begin validateLocationUrlContents");

    StringWriter content = new StringWriter();
    try(BufferedReader reader = new BufferedReader(new InputStreamReader(locationURL.openStream()))) {
        String line = reader.readLine();
        while(line != null) {
            content.write(line);
            content.write('\n');
            line = reader.readLine();
        }
    }
    Reporter.log("Received: "+content);
    String expected = TokenUtils.readResource("/publicKey4k.pem");
    Assert.assertEquals(content.toString(), expected);
}
 
Example 17
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG, dependsOnMethods = { "validateLocationUrlContents" },
    description = "Validate specifying the mp.jwt.verify.publickey.location as remote URL to a PEM key")
public void testKeyAsLocationUrl() throws Exception {
    Reporter.log("testKeyAsLocationUrl, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMUrl";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 18
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location as resource path to a JWKS key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKSResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 19
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
      description = "Validate a request with a valid JWT in a Cookie but no Token Header set fails with " +
                    "HTTP_UNAUTHORIZED")
public void noTokenHeaderSetToCookie() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("jwt", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
}
 
Example 20
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a valid JWT")
public void validJwt() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    Assert.assertEquals(reply, "hello, [email protected]");
}
 
Example 21
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location as resource path to a JWK key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 22
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected customInteger claim is as expected from Token2")
public void verifyInjectedCustomInteger2() throws Exception {
    Reporter.log("Begin verifyInjectedCustomInteger2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedCustomInteger";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("value", 1234567892)
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 23
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location is a resource location of a PEM EC public key")
public void testKeyAsLocationResource() throws Exception {
    Reporter.log("testKeyAsLocationResource, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readECPrivateKey("/ecPrivateKey.pem");
    String kid = "/ecPrivateKey.pem";
    String token = TokenUtils.signClaims(privateKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 24
Source Project: microprofile-jwt-auth   Source File: CookieTokenTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a valid JWT in a Cookie")
public void validCookieJwt() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("jwt", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    Assert.assertEquals(reply, "hello, [email protected]");
}
 
Example 25
Source Project: microprofile-jwt-auth   Source File: CookieTokenTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a different Cookie name from the one configured fais with " +
                    "HTTP_UNAUTHORIZED")
public void wrongCookieName() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("Bearer", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
}
 
Example 26
@Ignore
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the the expiration timestamp is checked")
public void testNoExpClaimToken() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1NoExp.json", Collections.singleton(TokenUtils.InvalidClaims.EXP), timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;

    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example 27
Source Project: microprofile-jwt-auth   Source File: InvalidTokenTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
    description = "Validate a request with an incorrect signature algorithm fails with HTTP_UNAUTHORIZED")
public void callEchoBadSignerAlg() throws Exception {
    HashSet<TokenUtils.InvalidClaims> invalidFields = new HashSet<>();
    invalidFields.add(TokenUtils.InvalidClaims.ALG);
    String token = TokenUtils.generateTokenString("/Token1.json", invalidFields);
    System.out.printf("jwt: %s\n", token);

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("input", "hello")
        ;
    Response response = echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
    String reply = response.readEntity(String.class);
    System.out.printf("Reply: %s\n", reply);
}
 
Example 28
Source Project: microprofile-jwt-auth   Source File: RolesAllowedTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS, 
    description = "Validate a request with MP-JWT without a groups claim succeeds with HTTP_OK}")
public void callEchoNoGroups() throws Exception {
    Reporter.log("callEcho, expect HTTP_OK");

    String tokenNoGroups = TokenUtils.generateTokenString("/TokenNoGroups.json");

    String uri = baseURL.toExternalForm() + "endp/echo-permit-all";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("input", "hello")
        ;
    Response response = echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer "+tokenNoGroups).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    // Must return hello, permitAll, user={token upn claim}
    Assert.assertEquals(reply, "hello, permitAll, [email protected]");
}
 
Example 29
Source Project: microprofile-jwt-auth   Source File: RolesAllowedTest.java    License: Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
      description = "Validate a request with a valid JWT in a Cookie but no Token Header set fails with " +
                    "HTTP_UNAUTHORIZED")
public void noTokenHeaderSetToCookie() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("Bearer", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
}
 
Example 30
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected customString claim is as expected from Token2")
public void verifyInjectedCustomString2() throws Exception {
    Reporter.log("Begin verifyInjectedCustomString2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedCustomString";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("value", "customStringValue2")
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}