Java Code Examples for org.eclipse.microprofile.jwt.tck.util.TokenUtils#readPrivateKey()

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the the expiration timestamp is checked")
public void testNoExpClaimToken() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1NoExp.json", Collections.singleton(TokenUtils.InvalidClaims.EXP), timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded PEM key is used to sign the JWT")
public void testKeyAsPEM() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyAsPEM";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@Ignore
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the the expiration timestamp is checked")
public void testNoExpClaimToken() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1NoExp.json", Collections.singleton(TokenUtils.InvalidClaims.EXP), timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;

    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the the expiration timestamp is checked")
public void testTokenWithExpNotExpired() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded JWKS key is used to verify the JWT signature")
public void testKeyAsJWKS() throws Exception {
    Reporter.log("testKeyAsJWKS, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyAsJWKS";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the the expiration timestamp is checked")
public void testTokenWithExpNotExpired() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location is a resource location of a PEM key")
public void testKeyAsLocationResource() throws Exception {
    Reporter.log("testKeyAsLocationResource, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded base64 JWK key is used to verify the JWT signature")
public void testKeyAsBase64JWK() throws Exception {
    Reporter.log("testKeyAsBase64JWK, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyAsBase64JWK";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG, dependsOnMethods = { "validateLocationUrlContents" },
    description = "Validate specifying the mp.jwt.verify.publickey.location as remote URL to a PEM key")
public void testKeyAsLocationUrl() throws Exception {
    Reporter.log("testKeyAsLocationUrl, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMUrl";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location as resource path to a JWKS key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKSResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 

@Test
public void testValidToken4k() throws Exception {
    PrivateKey signer = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String token = TokenUtils.generateTokenString(signer, "4k-test", "/Token1.json", null, null);
    RSAPublicKey publicKey = (RSAPublicKey) TokenUtils.readPublicKey("/publicKey4k.pem");
    int expGracePeriodSecs = 60;
    validateToken(token, publicKey, TEST_ISSUER, expGracePeriodSecs);
}
 

private void verifyToken(String kid, String publicKey) throws Exception {
    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey.pem");
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, null);
    JWTAuthContextInfoProvider provider = JWTAuthContextInfoProvider.createWithKey(publicKey,
            "https://server.example.com");
    JWTAuthContextInfo contextInfo = provider.getContextInfo();
    Assert.assertNotNull(new DefaultJWTTokenParser().parse(token, contextInfo));
}
 

/**
 * Create a CDI aware base web application archive that includes an embedded PEM public key
 * that is included as the mp.jwt.verify.publickey property.
 * The root url is /
 * @return the base base web application archive
 * @throws Exception - on resource failure
 */
@Deployment()
public static WebArchive createDeployment() throws Exception {
    URL publicKey = AudValidationBadAudTest.class.getResource("/publicKey4k.pem");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    Map<String, Long> timeClaims = new HashMap<>();
    token = TokenUtils.generateTokenString(privateKey, kid, "/TokenAudiences.json", null, timeClaims);

    // Setup the microprofile-config.properties content
    Properties configProps = new Properties();
    // Location points to the PEM bundled in the deployment
    configProps.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "/publicKey4k.pem");
    configProps.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER);
    configProps.setProperty(Names.AUDIENCES, "notAValidAudience");  // does not match json, should fail
    StringWriter configSW = new StringWriter();
    configProps.store(configSW, "AudValidationBadAudTest microprofile-config.properties");
    StringAsset configAsset = new StringAsset(configSW.toString());

    WebArchive webArchive = ShrinkWrap
            .create(WebArchive.class, "AudValidationBadAudTest.war")
            .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_2.name()), MpJwtTestVersion.MANIFEST_NAME)
            .addAsResource(publicKey, "/publicKey.pem")
            .addAsResource(publicKey, "/publicKey4k.pem")
            // Include the token for inspection by ApplicationArchiveProcessor
            .add(new StringAsset(token), "MP-JWT")
            .addClass(AudienceValidationEndpoint.class)
            .addClass(TCKApplication.class)
            .addClass(SimpleTokenUtils.class)
            .addAsWebInfResource("beans.xml", "beans.xml")
            .addAsManifestResource(configAsset, "microprofile-config.properties");
    System.out.printf("WebArchive: %s\n", webArchive.toString(true));
    return webArchive;
}
 

/**
 * Create a CDI aware base web application archive that includes an embedded PEM public key
 * that is included as the mp.jwt.verify.publickey property.
 * The root url is /
 * @return the base base web application archive
 * @throws Exception - on resource failure
 */
@Deployment()
public static WebArchive createDeployment() throws Exception {
    URL publicKey = IssNoValidationBadIssTest.class.getResource("/publicKey4k.pem");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    token = TokenUtils.generateTokenString(privateKey, kid, "/TokenBadIss.json", null, timeClaims);

    // Setup the microprofile-config.properties content
    Properties configProps = new Properties();
    // Location points to the PEM bundled in the deployment
    configProps.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "/publicKey4k.pem");
    // Don't require validation of iss claim
    //configProps.setProperty(Names.REQUIRE_ISS, "false");
    // The issuer config value should be ignored
    configProps.setProperty(Names.ISSUER, "https://ignore-me");
    StringWriter configSW = new StringWriter();
    configProps.store(configSW, "IssNoValidationBadIssTest microprofile-config.properties");
    StringAsset configAsset = new StringAsset(configSW.toString());

    WebArchive webArchive = ShrinkWrap
        .create(WebArchive.class, "IssNoValidationBadIssTest.war")
        .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_1.name()), MpJwtTestVersion.MANIFEST_NAME)
        .addAsResource(publicKey, "/publicKey.pem")
        .addAsResource(publicKey, "/publicKey4k.pem")
        // Include the token for inspection by ApplicationArchiveProcessor
        .add(new StringAsset(token), "MP-JWT")
        .addClass(PublicKeyEndpoint.class)
        .addClass(TCKApplication.class)
        .addClass(SimpleTokenUtils.class)
        .addAsWebInfResource("beans.xml", "beans.xml")
        .addAsManifestResource(configAsset, "microprofile-config.properties")
        ;
    System.out.printf("WebArchive: %s\n", webArchive.toString(true));
    return webArchive;
}
 

/**
 * Create a CDI aware base web application archive that includes an embedded PEM public key
 * that is included as the mp.jwt.verify.publickey property.
 * The root url is /
 * @return the base base web application archive
 * @throws Exception - on resource failure
 */
@Deployment()
public static WebArchive createDeployment() throws Exception {
    URL publicKey = AudValidationMissingAudTest.class.getResource("/publicKey4k.pem");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    Map<String, Long> timeClaims = new HashMap<>();
    token = TokenUtils.generateTokenString(privateKey, kid, "/Token2.json", null, timeClaims);

    // Setup the microprofile-config.properties content
    Properties configProps = new Properties();
    // Location points to the PEM bundled in the deployment
    configProps.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "/publicKey4k.pem");
    configProps.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER);
    configProps.setProperty(Names.AUDIENCES, "aud2");  // no audience claim in json, should fail
    StringWriter configSW = new StringWriter();
    configProps.store(configSW, "AudValidationMissingAudTest microprofile-config.properties");
    StringAsset configAsset = new StringAsset(configSW.toString());

    WebArchive webArchive = ShrinkWrap
            .create(WebArchive.class, "AudValidationMissingAudTest.war")
            .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_2.name()), MpJwtTestVersion.MANIFEST_NAME)
            .addAsResource(publicKey, "/publicKey.pem")
            .addAsResource(publicKey, "/publicKey4k.pem")
            // Include the token for inspection by ApplicationArchiveProcessor
            .add(new StringAsset(token), "MP-JWT")
            .addClass(AudienceValidationEndpoint.class)
            .addClass(TCKApplication.class)
            .addClass(SimpleTokenUtils.class)
            .addAsWebInfResource("beans.xml", "beans.xml")
            .addAsManifestResource(configAsset, "microprofile-config.properties");
    System.out.printf("WebArchive: %s\n", webArchive.toString(true));
    return webArchive;
}
 

/**
 * Create a CDI aware base web application archive that includes an embedded PEM public key
 * that is included as the mp.jwt.verify.publickey property.
 * The root url is /
 * @return the base base web application archive
 * @throws Exception - on resource failure
 */
@Deployment()
public static WebArchive createDeployment() throws Exception {
    URL publicKey = IssValidationTest.class.getResource("/publicKey4k.pem");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    token = TokenUtils.generateTokenString(privateKey, kid, "/RequiredClaims.json", null, timeClaims);

    // Setup the microprofile-config.properties content
    Properties configProps = new Properties();
    // Location points to the PEM bundled in the deployment
    configProps.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "/publicKey4k.pem");
    //configProps.setProperty(Names.REQUIRE_ISS, "true");
    configProps.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER);
    StringWriter configSW = new StringWriter();
    configProps.store(configSW, "IssValidationTest microprofile-config.properties");
    StringAsset configAsset = new StringAsset(configSW.toString());

    WebArchive webArchive = ShrinkWrap
        .create(WebArchive.class, "IssValidationTest.war")
        .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_1.name()), MpJwtTestVersion.MANIFEST_NAME)
        .addAsResource(publicKey, "/publicKey.pem")
        .addAsResource(publicKey, "/publicKey4k.pem")
        // Include the token for inspection by ApplicationArchiveProcessor
        .add(new StringAsset(token), "MP-JWT")
        .addClass(PublicKeyEndpoint.class)
        .addClass(TCKApplication.class)
        .addClass(SimpleTokenUtils.class)
        .addAsWebInfResource("beans.xml", "beans.xml")
        .addAsManifestResource(configAsset, "microprofile-config.properties")
        ;
    System.out.printf("WebArchive: %s\n", webArchive.toString(true));
    return webArchive;
}
 

/**
 * Create a CDI aware base web application archive that includes an embedded PEM public key
 * that is included as the mp.jwt.verify.publickey property.
 * The root url is /
 * @return the base base web application archive
 * @throws Exception - on resource failure
 */
@Deployment()
public static WebArchive createDeployment() throws Exception {
    URL publicKey = IssValidationFailTest.class.getResource("/publicKey4k.pem");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    token = TokenUtils.generateTokenString(privateKey, kid, "/RequiredClaims.json", null, timeClaims);

    // Setup the microprofile-config.properties content
    Properties configProps = new Properties();
    // Location points to the PEM bundled in the deployment
    configProps.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "/publicKey4k.pem");
    // Set an invalid mp.jwt.verify.issuer value
    configProps.setProperty(Names.ISSUER, "https://IssValidationFailTest");
    StringWriter configSW = new StringWriter();
    configProps.store(configSW, "IssValidationFailTest microprofile-config.properties");
    StringAsset configAsset = new StringAsset(configSW.toString());

    WebArchive webArchive = ShrinkWrap
            .create(WebArchive.class, "IssValidationFailTest.war")
            .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_1.name()), MpJwtTestVersion.MANIFEST_NAME)
            .addAsResource(publicKey, "/publicKey.pem")
            .addAsResource(publicKey, "/publicKey4k.pem")
            // Include the token for inspection by ApplicationArchiveProcessor
            .add(new StringAsset(token), "MP-JWT")
            .addClass(PublicKeyEndpoint.class)
            .addClass(TCKApplication.class)
            .addClass(SimpleTokenUtils.class)
            .addAsWebInfResource("beans.xml", "beans.xml")
            .addAsManifestResource(configAsset, "microprofile-config.properties");
    System.out.printf("WebArchive: %s\n", webArchive.toString(true));
    return webArchive;
}
 

/**
 * Create a CDI aware base web application archive that includes an embedded PEM public key
 * that is included as the mp.jwt.verify.publickey property.
 * The root url is /
 * @return the base base web application archive
 * @throws Exception - on resource failure
 */
@Deployment()
public static WebArchive createDeployment() throws Exception {
    URL publicKey = AudValidationTest.class.getResource("/publicKey4k.pem");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    Map<String, Long> timeClaims = new HashMap<>();
    token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    // Setup the microprofile-config.properties content
    Properties configProps = new Properties();
    // Location points to the PEM bundled in the deployment
    configProps.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "/publicKey4k.pem");
    configProps.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER);
    configProps.setProperty(Names.AUDIENCES, "aud3,badAud,s6BhdRkqt3,aud1");  // s6BhdRkqt3 matches json, should pass
    StringWriter configSW = new StringWriter();
    configProps.store(configSW, "AudValidationTest microprofile-config.properties");
    StringAsset configAsset = new StringAsset(configSW.toString());

    WebArchive webArchive = ShrinkWrap
            .create(WebArchive.class, "AudValidationTest.war")
            .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_2.name()), MpJwtTestVersion.MANIFEST_NAME)
            .addAsResource(publicKey, "/publicKey.pem")
            .addAsResource(publicKey, "/publicKey4k.pem")
            // Include the token for inspection by ApplicationArchiveProcessor
            .add(new StringAsset(token), "MP-JWT")
            .addClass(AudienceValidationEndpoint.class)
            .addClass(TCKApplication.class)
            .addClass(SimpleTokenUtils.class)
            .addAsWebInfResource("beans.xml", "beans.xml")
            .addAsManifestResource(configAsset, "microprofile-config.properties");
    System.out.printf("WebArchive: %s\n", webArchive.toString(true));
    return webArchive;
}
 

@Test
public void testVerifyWithoutPrivateKey() throws Exception {
    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey.pem");
    String token = TokenUtils.generateTokenString(privateKey, "1", "/Token1.json", null, null);
    JWTAuthContextInfoProvider provider = JWTAuthContextInfoProvider.createWithKeyLocation("NONE",
            "https://server.example.com");
    try {
        Assert.assertNotNull(new DefaultJWTTokenParser().parse(token, provider.getContextInfo()));
        Assert.fail("UnresolvableKeyException is expected");
    } catch (ParseException ex) {
        Assert.assertTrue(ex.getCause() instanceof UnresolvableKeyException);
    }
}
 

private static String signEncryptClaimsWithOptionalCty(String jsonResName, boolean cty) throws Exception {
    PrivateKey signingKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    PublicKey encryptionKey = TokenUtils.readPublicKey("/publicKey.pem");
    return TokenUtils.signEncryptClaims(signingKey, null, encryptionKey, null, jsonResName, cty);
}