Repository: jclouds-labs-google Updated Branches: refs/heads/master 37e0397d9 -> 6c839f135
http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/main/java/org/jclouds/oauth/v2/functions/SignOrProduceMacForToken.java ---------------------------------------------------------------------- diff --git a/oauth/src/main/java/org/jclouds/oauth/v2/functions/SignOrProduceMacForToken.java b/oauth/src/main/java/org/jclouds/oauth/v2/functions/SignOrProduceMacForToken.java index 647fcfa..fd827b1 100644 --- a/oauth/src/main/java/org/jclouds/oauth/v2/functions/SignOrProduceMacForToken.java +++ b/oauth/src/main/java/org/jclouds/oauth/v2/functions/SignOrProduceMacForToken.java @@ -16,12 +16,9 @@ */ package org.jclouds.oauth.v2.functions; -import static com.google.common.base.Preconditions.checkState; import static com.google.common.base.Throwables.propagate; -import static java.lang.String.format; -import static org.jclouds.oauth.v2.OAuthConstants.NO_ALGORITHM; -import static org.jclouds.oauth.v2.OAuthConstants.OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES; -import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM; +import static org.jclouds.oauth.v2.JWSAlgorithms.macOrSignature; +import static org.jclouds.oauth.v2.config.OAuthProperties.JWS_ALG; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -29,57 +26,43 @@ import java.security.PrivateKey; import java.security.Signature; import java.security.SignatureException; -import javax.annotation.PostConstruct; import javax.crypto.Mac; import javax.inject.Inject; import javax.inject.Named; -import org.jclouds.oauth.v2.domain.OAuthCredentials; +import org.jclouds.oauth.v2.config.OAuth; +import org.jclouds.rest.AuthorizationException; import com.google.common.base.Function; import com.google.common.base.Supplier; -import com.google.inject.Singleton; /** * Function that signs/produces mac's for OAuth tokens, provided a {@link Signature} or a {@link Mac} algorithm and * {@link PrivateKey} */ -@Singleton // due to signatureOrMacFunction -public final class SignOrProduceMacForToken implements Function<byte[], byte[]> { - - private final Supplier<OAuthCredentials> credentials; - private final String signatureOrMacAlgorithm; - private Function<byte[], byte[]> signatureOrMacFunction; - - @Inject SignOrProduceMacForToken(@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureOrMacAlgorithm, - Supplier<OAuthCredentials> credentials) { - checkState(OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES.containsKey(signatureOrMacAlgorithm), - format("the signature algorithm %s is not supported", signatureOrMacAlgorithm)); - this.signatureOrMacAlgorithm = OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES.get(signatureOrMacAlgorithm); +public final class SignOrProduceMacForToken implements Supplier<Function<byte[], byte[]>> { + + private final String macOrSignature; + private final Supplier<PrivateKey> credentials; + + @Inject SignOrProduceMacForToken(@Named(JWS_ALG) String jwsAlg, @OAuth Supplier<PrivateKey> credentials) { + this.macOrSignature = macOrSignature(jwsAlg); this.credentials = credentials; } - @PostConstruct - public void loadSignatureOrMacOrNone() throws InvalidKeyException, NoSuchAlgorithmException { - if (signatureOrMacAlgorithm.equals(NO_ALGORITHM)) { - this.signatureOrMacFunction = new Function<byte[], byte[]>() { - @Override - public byte[] apply(byte[] input) { - return null; - } - }; - } else if (signatureOrMacAlgorithm.startsWith("SHA")) { - this.signatureOrMacFunction = new SignatureGenerator(signatureOrMacAlgorithm, credentials.get().privateKey); - } else { - this.signatureOrMacFunction = new MessageAuthenticationCodeGenerator(signatureOrMacAlgorithm, - credentials.get().privateKey); + @Override public Function<byte[], byte[]> get() { + try { + if (macOrSignature.startsWith("SHA")) { + return new SignatureGenerator(macOrSignature, credentials.get()); + } + return new MessageAuthenticationCodeGenerator(macOrSignature, credentials.get()); + } catch (NoSuchAlgorithmException e) { + throw new AssertionError("Invalid contents in JWSAlgorithms! " + e.getMessage()); + } catch (InvalidKeyException e) { + throw new AuthorizationException("cannot parse pk. " + e.getMessage(), e); } } - @Override public byte[] apply(byte[] input) { - return signatureOrMacFunction.apply(input); - } - private static class MessageAuthenticationCodeGenerator implements Function<byte[], byte[]> { private final Mac mac; http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/OAuthApiMetadataTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/OAuthApiMetadataTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/OAuthApiMetadataTest.java index d6ea17f..3bd0456 100644 --- a/oauth/src/test/java/org/jclouds/oauth/v2/OAuthApiMetadataTest.java +++ b/oauth/src/test/java/org/jclouds/oauth/v2/OAuthApiMetadataTest.java @@ -16,12 +16,13 @@ */ package org.jclouds.oauth.v2; -import com.google.common.collect.ImmutableSet; -import com.google.common.reflect.TypeToken; import org.jclouds.View; import org.jclouds.apis.internal.BaseApiMetadataTest; import org.testng.annotations.Test; +import com.google.common.collect.ImmutableSet; +import com.google.common.reflect.TypeToken; + /** * Tests that OAuthApiMetadata is properly registered in ServiceLoader * <p/> http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/OAuthTestUtils.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/OAuthTestUtils.java b/oauth/src/test/java/org/jclouds/oauth/v2/OAuthTestUtils.java index 08d98c1..ed512d3 100644 --- a/oauth/src/test/java/org/jclouds/oauth/v2/OAuthTestUtils.java +++ b/oauth/src/test/java/org/jclouds/oauth/v2/OAuthTestUtils.java @@ -18,17 +18,15 @@ package org.jclouds.oauth.v2; import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Throwables.propagate; -import static org.jclouds.oauth.v2.OAuthConstants.NO_ALGORITHM; import static org.jclouds.oauth.v2.config.CredentialType.BEARER_TOKEN_CREDENTIALS; import static org.jclouds.oauth.v2.config.OAuthProperties.AUDIENCE; +import static org.jclouds.oauth.v2.config.OAuthProperties.CREDENTIAL_TYPE; import static org.jclouds.util.Strings2.toStringAndClose; import java.io.File; import java.io.IOException; import java.util.Properties; -import org.jclouds.oauth.v2.config.OAuthProperties; - import com.google.common.base.Charsets; import com.google.common.io.Files; @@ -53,8 +51,7 @@ public class OAuthTestUtils { properties.put("oauth.credential", "1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M"); properties.put("oauth.endpoint", "http://localhost:5000/o/oauth2/token";); properties.put(AUDIENCE, "https://accounts.google.com/o/oauth2/token";); - properties.put(OAuthProperties.CREDENTIAL_TYPE, BEARER_TOKEN_CREDENTIALS.toString()); - properties.put(OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM, NO_ALGORITHM.toString()); + properties.put(CREDENTIAL_TYPE, BEARER_TOKEN_CREDENTIALS.toString()); return properties; } http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/binders/OAuthTokenBinderTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/binders/OAuthTokenBinderTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/binders/OAuthTokenBinderTest.java deleted file mode 100644 index fedb691..0000000 --- a/oauth/src/test/java/org/jclouds/oauth/v2/binders/OAuthTokenBinderTest.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.jclouds.oauth.v2.binders; - -import static org.jclouds.oauth.v2.domain.Claims.EXPIRATION_TIME; -import static org.jclouds.oauth.v2.domain.Claims.ISSUED_AT; -import static org.testng.Assert.assertNotNull; -import static org.testng.Assert.assertSame; -import static org.testng.Assert.assertTrue; - -import java.io.IOException; -import java.util.Map; - -import org.jclouds.ContextBuilder; -import org.jclouds.http.HttpRequest; -import org.jclouds.oauth.v2.OAuthApiMetadata; -import org.jclouds.oauth.v2.OAuthTestUtils; -import org.jclouds.oauth.v2.domain.Header; -import org.jclouds.oauth.v2.domain.TokenRequest; -import org.jclouds.util.Strings2; -import org.testng.annotations.Test; - -import com.google.common.base.Splitter; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.Iterables; - -@Test(groups = "unit", testName = "OAuthTokenBinderTest") -public class OAuthTokenBinderTest { - public static final String STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING = "§1234567890'+±!\"#$%&/()" + - "=?*qwertyuiopº´WERTYUIOPªà sdfghjklç~ASDFGHJKLÃ^<zxcvbnm," + - ".->ZXCVBNM;:_@â¬"; - - public void testPayloadIsUrlSafe() throws IOException { - - OAuthTokenBinder tokenRequestFormat = ContextBuilder.newBuilder(new OAuthApiMetadata()).overrides - (OAuthTestUtils.defaultProperties(null)).build().utils() - .injector().getInstance(OAuthTokenBinder.class); - Header header = Header.create("a", "b"); - - Map<String, Object> claims = ImmutableMap.<String, Object>builder() - .put(ISSUED_AT, 0) - .put(EXPIRATION_TIME, 0) - .put("ist", STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING).build(); - - TokenRequest tokenRequest = TokenRequest.create(header, claims); - HttpRequest request = tokenRequestFormat.bindToRequest( - HttpRequest.builder().method("GET").endpoint("http://localhost";).build(), tokenRequest); - - assertNotNull(request.getPayload()); - - String payload = Strings2.toStringAndClose(request.getPayload().getInput()); - - // make sure the paylod is in the format {header}.{claims}.{signature} - Iterable<String> parts = Splitter.on(".").split(payload); - - assertSame(Iterables.size(parts), 3); - - assertTrue(!payload.contains("+")); - assertTrue(!payload.contains("/")); - } -} http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/binders/TokenBinderTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/binders/TokenBinderTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/binders/TokenBinderTest.java new file mode 100644 index 0000000..2f56aaf --- /dev/null +++ b/oauth/src/test/java/org/jclouds/oauth/v2/binders/TokenBinderTest.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.oauth.v2.binders; + +import static org.jclouds.oauth.v2.domain.Claims.EXPIRATION_TIME; +import static org.jclouds.oauth.v2.domain.Claims.ISSUED_AT; +import static org.testng.Assert.assertNotNull; +import static org.testng.Assert.assertSame; +import static org.testng.Assert.assertTrue; + +import java.io.IOException; +import java.util.Map; + +import org.jclouds.ContextBuilder; +import org.jclouds.http.HttpRequest; +import org.jclouds.oauth.v2.OAuthApiMetadata; +import org.jclouds.oauth.v2.OAuthTestUtils; +import org.jclouds.oauth.v2.domain.Header; +import org.jclouds.oauth.v2.domain.TokenRequest; +import org.jclouds.util.Strings2; +import org.testng.annotations.Test; + +import com.google.common.base.Splitter; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.Iterables; + +@Test(groups = "unit", testName = "OAuthTokenBinderTest") +public class TokenBinderTest { + public static final String STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING = "§1234567890'+±!\"#$%&/()" + + "=?*qwertyuiopº´WERTYUIOPªà sdfghjklç~ASDFGHJKLÃ^<zxcvbnm," + + ".->ZXCVBNM;:_@â¬"; + + public void testPayloadIsUrlSafe() throws IOException { + TokenBinder tokenRequestFormat = ContextBuilder.newBuilder(new OAuthApiMetadata()).overrides + (OAuthTestUtils.defaultProperties(null)).build().utils() + .injector().getInstance(TokenBinder.class); + Header header = Header.create("a", "b"); + + Map<String, Object> claims = ImmutableMap.<String, Object>builder() + .put(ISSUED_AT, 0) + .put(EXPIRATION_TIME, 0) + .put("ist", STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING).build(); + + TokenRequest tokenRequest = TokenRequest.create(header, claims); + HttpRequest request = tokenRequestFormat.bindToRequest( + HttpRequest.builder().method("GET").endpoint("http://localhost";).build(), tokenRequest); + + assertNotNull(request.getPayload()); + + String payload = Strings2.toStringAndClose(request.getPayload().getInput()); + + // make sure the paylod is in the format {header}.{claims}.{signature} + Iterable<String> parts = Splitter.on(".").split(payload); + + assertSame(Iterables.size(parts), 3); + + assertTrue(!payload.contains("+")); + assertTrue(!payload.contains("/")); + } +} http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/features/OAuthApiLiveTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/features/OAuthApiLiveTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/features/OAuthApiLiveTest.java index fa4bed5..a48b725 100644 --- a/oauth/src/test/java/org/jclouds/oauth/v2/features/OAuthApiLiveTest.java +++ b/oauth/src/test/java/org/jclouds/oauth/v2/features/OAuthApiLiveTest.java @@ -19,8 +19,7 @@ package org.jclouds.oauth.v2.features; import static com.google.common.base.Preconditions.checkState; import static org.jclouds.oauth.v2.OAuthTestUtils.getMandatoryProperty; import static org.jclouds.oauth.v2.config.OAuthProperties.AUDIENCE; -import static org.jclouds.oauth.v2.config.OAuthProperties.SCOPES; -import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM; +import static org.jclouds.oauth.v2.config.OAuthProperties.JWS_ALG; import static org.jclouds.oauth.v2.domain.Claims.EXPIRATION_TIME; import static org.jclouds.oauth.v2.domain.Claims.ISSUED_AT; import static org.testng.Assert.assertNotNull; @@ -29,7 +28,7 @@ import static org.testng.Assert.assertTrue; import java.util.Map; import java.util.Properties; -import org.jclouds.oauth.v2.OAuthConstants; +import org.jclouds.oauth.v2.JWSAlgorithms; import org.jclouds.oauth.v2.domain.Header; import org.jclouds.oauth.v2.domain.Token; import org.jclouds.oauth.v2.domain.TokenRequest; @@ -45,7 +44,7 @@ import com.google.common.collect.ImmutableMap; * - test.oauth.credential * - test.jclouds.oauth.audience * - test.jclouds.oauth.scopes - * - test.jclouds.oauth.signature-or-mac-algorithm + * - test.jclouds.oauth.jws-alg */ @Test(groups = "live", singleThreaded = true) public class OAuthApiLiveTest extends BaseOAuthApiLiveTest { @@ -56,19 +55,17 @@ public class OAuthApiLiveTest extends BaseOAuthApiLiveTest { protected Properties setupProperties() { properties = super.setupProperties(); return properties; - } @Test(groups = "live", singleThreaded = true) public void testAuthenticateJWTToken() throws Exception { assertTrue(properties != null, "properties were not set"); - String signatureAlgorithm = getMandatoryProperty(properties, SIGNATURE_OR_MAC_ALGORITHM); - checkState(OAuthConstants.OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES.containsKey(signatureAlgorithm) - , String.format("Algorithm not supported: " + signatureAlgorithm)); + String jwsAlg = getMandatoryProperty(properties, JWS_ALG); + checkState(JWSAlgorithms.supportedAlgs().contains(jwsAlg), "Algorithm not supported: %s", jwsAlg); - Header header = Header.create(signatureAlgorithm, "JWT"); + Header header = Header.create(jwsAlg, "JWT"); - String scopes = getMandatoryProperty(properties, SCOPES); + String scopes = getMandatoryProperty(properties, "jclouds.oauth.scopes"); String audience = getMandatoryProperty(properties, AUDIENCE); long now = nowInSeconds(); http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsFromPKTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsFromPKTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsFromPKTest.java deleted file mode 100644 index 6355a40..0000000 --- a/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsFromPKTest.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.jclouds.oauth.v2.functions; - -import static com.google.common.base.Suppliers.ofInstance; -import static org.jclouds.oauth.v2.config.CredentialType.SERVICE_ACCOUNT_CREDENTIALS; -import static org.testng.Assert.assertEquals; -import static org.testng.Assert.assertNotNull; - -import java.io.File; -import java.io.IOException; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import java.security.spec.InvalidKeySpecException; - -import com.google.common.base.Charsets; -import com.google.common.io.Files; - -import org.jclouds.domain.Credentials; -import org.jclouds.oauth.v2.domain.OAuthCredentials; -import org.jclouds.oauth.v2.functions.OAuthCredentialsSupplier.OAuthCredentialsForCredentials; -import org.testng.annotations.Test; - -/** - * Test loading the credentials by extracting a pk from a PKCS12 keystore. - */ -@Test(groups = "unit") -public class OAuthCredentialsFromPKTest { - - public static OAuthCredentials loadOAuthCredentials() throws IOException, NoSuchAlgorithmException, - CertificateException, InvalidKeySpecException { - OAuthCredentialsSupplier loader = new OAuthCredentialsSupplier(ofInstance(new Credentials("foo", - Files.asCharSource(new File("src/test/resources/testpk.pem"), Charsets.UTF_8).read())), - new OAuthCredentialsForCredentials("RS256", SERVICE_ACCOUNT_CREDENTIALS), "RS256"); - return loader.get(); - } - - - public void testLoadPKString() throws IOException, NoSuchAlgorithmException, KeyStoreException, - CertificateException, UnrecoverableKeyException, InvalidKeySpecException { - OAuthCredentials creds = loadOAuthCredentials(); - assertNotNull(creds); - assertEquals(creds.identity, "foo"); - assertNotNull(creds.privateKey); - } -} http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsSupplierTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsSupplierTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsSupplierTest.java deleted file mode 100644 index cadb85e..0000000 --- a/oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsSupplierTest.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.jclouds.oauth.v2.functions; - -import com.google.common.base.Suppliers; -import org.jclouds.domain.Credentials; -import org.jclouds.oauth.v2.OAuthTestUtils; -import org.jclouds.rest.AuthorizationException; -import org.testng.annotations.Test; - -import java.util.Properties; - -import static org.jclouds.oauth.v2.config.CredentialType.SERVICE_ACCOUNT_CREDENTIALS; -import static org.jclouds.oauth.v2.functions.OAuthCredentialsSupplier.OAuthCredentialsForCredentials; -import static org.testng.Assert.assertNotNull; - -@Test(groups = "unit") -public class OAuthCredentialsSupplierTest { - - @Test(expectedExceptions = AuthorizationException.class) - public void testAuthorizationExceptionIsThrownOnBadKeys() { - OAuthCredentialsSupplier supplier = new OAuthCredentialsSupplier(Suppliers.ofInstance(new Credentials("MOMMA", - "FileNotFoundCredential")), new OAuthCredentialsForCredentials("RS256", SERVICE_ACCOUNT_CREDENTIALS), "RS256"); - supplier.get(); - } - - @Test(expectedExceptions = IllegalArgumentException.class) - public void testGSEChildExceptionsPropagateAsAuthorizationException() { - OAuthCredentialsSupplier supplier = new OAuthCredentialsSupplier(Suppliers.ofInstance(new Credentials("MOMMA", - "MIA")), new OAuthCredentialsForCredentials("MOMMA", SERVICE_ACCOUNT_CREDENTIALS), "MOMMA"); - supplier.get(); - } - - public void testCredentialsAreLoadedOnRightAlgoAndCredentials() { - Properties propertied = OAuthTestUtils.defaultProperties(new Properties()); - Credentials validCredentials = new Credentials(propertied.getProperty("oauth.identity"), - propertied.getProperty("oauth.credential")); - OAuthCredentialsSupplier supplier = new OAuthCredentialsSupplier(Suppliers.ofInstance(validCredentials), - new OAuthCredentialsForCredentials("RS256", SERVICE_ACCOUNT_CREDENTIALS), "RS256"); - assertNotNull(supplier.get()); - } -} http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/functions/PrivateKeySupplierTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/functions/PrivateKeySupplierTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/functions/PrivateKeySupplierTest.java new file mode 100644 index 0000000..48d9209 --- /dev/null +++ b/oauth/src/test/java/org/jclouds/oauth/v2/functions/PrivateKeySupplierTest.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.oauth.v2.functions; + +import static com.google.common.base.Suppliers.ofInstance; +import static org.jclouds.oauth.v2.functions.PrivateKeySupplier.PrivateKeyForCredentials; +import static org.testng.Assert.assertNotNull; + +import java.io.File; +import java.io.IOException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.spec.InvalidKeySpecException; +import java.util.Properties; + +import org.jclouds.domain.Credentials; +import org.jclouds.oauth.v2.OAuthTestUtils; +import org.jclouds.rest.AuthorizationException; +import org.testng.annotations.Test; + +import com.google.common.base.Charsets; +import com.google.common.base.Suppliers; +import com.google.common.io.Files; + +@Test(groups = "unit") +public class PrivateKeySupplierTest { + + /** Test loading the credentials by extracting a pk from a PKCS12 keystore. */ + public void testLoadPKString() throws IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, + UnrecoverableKeyException, InvalidKeySpecException { + assertNotNull(loadPrivateKey()); + } + + @Test(expectedExceptions = AuthorizationException.class) + public void testAuthorizationExceptionIsThrownOnBadKeys() { + PrivateKeySupplier supplier = new PrivateKeySupplier( + Suppliers.ofInstance(new Credentials("MOMMA", "FileNotFoundCredential")), + new PrivateKeyForCredentials("RS256")); + supplier.get(); + } + + @Test(expectedExceptions = AuthorizationException.class) + public void testGSEChildExceptionsPropagateAsAuthorizationException() { + PrivateKeySupplier supplier = new PrivateKeySupplier(Suppliers.ofInstance(new Credentials("MOMMA", "MIA")), + new PrivateKeyForCredentials("MOMMA")); + supplier.get(); + } + + public void testCredentialsAreLoadedOnRightAlgoAndCredentials() { + Properties propertied = OAuthTestUtils.defaultProperties(new Properties()); + Credentials validCredentials = new Credentials(propertied.getProperty("oauth.identity"), + propertied.getProperty("oauth.credential")); + PrivateKeySupplier supplier = new PrivateKeySupplier(Suppliers.ofInstance(validCredentials), + new PrivateKeyForCredentials("RS256")); + assertNotNull(supplier.get()); + } + + public static PrivateKey loadPrivateKey() + throws IOException, NoSuchAlgorithmException, CertificateException, InvalidKeySpecException { + PrivateKeySupplier supplier = new PrivateKeySupplier(ofInstance(new Credentials("foo", + Files.asCharSource(new File("src/test/resources/testpk.pem"), Charsets.UTF_8).read())), + new PrivateKeyForCredentials("RS256")); + return supplier.get(); + } + +} http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/functions/SignerFunctionTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/functions/SignerFunctionTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/functions/SignerFunctionTest.java index 2a64822..a1c8a85 100644 --- a/oauth/src/test/java/org/jclouds/oauth/v2/functions/SignerFunctionTest.java +++ b/oauth/src/test/java/org/jclouds/oauth/v2/functions/SignerFunctionTest.java @@ -29,9 +29,6 @@ import java.security.spec.InvalidKeySpecException; import org.testng.annotations.Test; -/** - * Tests the SignOrProduceMacForToken - */ @Test(groups = "unit") public class SignerFunctionTest { @@ -50,10 +47,8 @@ public class SignerFunctionTest { public void testSignPayload() throws InvalidKeyException, IOException, NoSuchAlgorithmException, CertificateException, InvalidKeySpecException { SignOrProduceMacForToken signer = new SignOrProduceMacForToken("RS256", - ofInstance(OAuthCredentialsFromPKTest - .loadOAuthCredentials())); - signer.loadSignatureOrMacOrNone(); - byte[] payloadSignature = signer.apply(PAYLOAD.getBytes(UTF_8)); + ofInstance(PrivateKeySupplierTest.loadPrivateKey())); + byte[] payloadSignature = signer.get().apply(PAYLOAD.getBytes(UTF_8)); assertNotNull(payloadSignature); assertEquals(base64Url().omitPadding().encode(payloadSignature), SHA256withRSA_PAYLOAD_SIGNATURE_RESULT); http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/handlers/OAuthErrorHandlerTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/handlers/OAuthErrorHandlerTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/handlers/OAuthErrorHandlerTest.java index 255c5c7..c3a61fe 100644 --- a/oauth/src/test/java/org/jclouds/oauth/v2/handlers/OAuthErrorHandlerTest.java +++ b/oauth/src/test/java/org/jclouds/oauth/v2/handlers/OAuthErrorHandlerTest.java @@ -16,20 +16,20 @@ */ package org.jclouds.oauth.v2.handlers; -import org.easymock.IArgumentMatcher; -import org.jclouds.http.HttpCommand; -import org.jclouds.http.HttpRequest; -import org.jclouds.http.HttpResponse; -import org.testng.annotations.Test; - -import java.net.URI; - import static org.easymock.EasyMock.createMock; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.reportMatcher; import static org.easymock.EasyMock.verify; +import java.net.URI; + +import org.easymock.IArgumentMatcher; +import org.jclouds.http.HttpCommand; +import org.jclouds.http.HttpRequest; +import org.jclouds.http.HttpResponse; +import org.testng.annotations.Test; + @Test(groups = "unit") public class OAuthErrorHandlerTest { http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthApiLiveTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthApiLiveTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthApiLiveTest.java index ba1c616..0a50dfe 100644 --- a/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthApiLiveTest.java +++ b/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthApiLiveTest.java @@ -19,8 +19,7 @@ package org.jclouds.oauth.v2.internal; import static com.google.common.base.Preconditions.checkNotNull; import static org.jclouds.oauth.v2.OAuthTestUtils.setCredential; import static org.jclouds.oauth.v2.config.OAuthProperties.AUDIENCE; -import static org.jclouds.oauth.v2.config.OAuthProperties.SCOPES; -import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM; +import static org.jclouds.oauth.v2.config.OAuthProperties.JWS_ALG; import java.util.Properties; import java.util.concurrent.TimeUnit; @@ -43,8 +42,8 @@ public class BaseOAuthApiLiveTest extends BaseApiLiveTest<OAuthApi> { setCredential(props, "oauth.credential"); checkNotNull(setIfTestSystemPropertyPresent(props, "oauth.endpoint"), "test.oauth.endpoint must be set"); checkNotNull(setIfTestSystemPropertyPresent(props, AUDIENCE), "test.jclouds.oauth.audience must be set"); - setIfTestSystemPropertyPresent(props, SCOPES); - setIfTestSystemPropertyPresent(props, SIGNATURE_OR_MAC_ALGORITHM); + setIfTestSystemPropertyPresent(props, "jclouds.oauth.scopes"); + setIfTestSystemPropertyPresent(props, JWS_ALG); return props; } http://git-wip-us.apache.org/repos/asf/jclouds-labs-google/blob/6c839f13/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthAuthenticatedApiLiveTest.java ---------------------------------------------------------------------- diff --git a/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthAuthenticatedApiLiveTest.java b/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthAuthenticatedApiLiveTest.java index c88f65f..558d313 100644 --- a/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthAuthenticatedApiLiveTest.java +++ b/oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthAuthenticatedApiLiveTest.java @@ -21,7 +21,7 @@ import static com.google.common.base.Preconditions.checkState; import static java.util.concurrent.TimeUnit.MILLISECONDS; import static java.util.concurrent.TimeUnit.SECONDS; import static org.jclouds.oauth.v2.config.OAuthProperties.AUDIENCE; -import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM; +import static org.jclouds.oauth.v2.config.OAuthProperties.JWS_ALG; import static org.jclouds.oauth.v2.domain.Claims.EXPIRATION_TIME; import static org.jclouds.oauth.v2.domain.Claims.ISSUED_AT; import static org.testng.Assert.assertNotNull; @@ -32,8 +32,8 @@ import java.util.Properties; import org.jclouds.apis.BaseApiLiveTest; import org.jclouds.config.ValueOfConfigurationKeyOrNull; +import org.jclouds.oauth.v2.JWSAlgorithms; import org.jclouds.oauth.v2.OAuthApi; -import org.jclouds.oauth.v2.OAuthConstants; import org.jclouds.oauth.v2.domain.Header; import org.jclouds.oauth.v2.domain.Token; import org.jclouds.oauth.v2.domain.TokenRequest; @@ -51,7 +51,7 @@ import com.google.inject.Module; * <p/> * - oauth.endpoint * - oauth.audience - * - oauth.signature-or-mac-algorithm + * - oauth.jws-alg * <p/> * - oauth.scopes is provided by the subclass * <p/> @@ -68,18 +68,16 @@ public abstract class BaseOAuthAuthenticatedApiLiveTest<A extends Closeable> ext public void testAuthenticate() { // obtain the necessary properties from the context - String signatureAlgorithm = checkNotNull(propFunction.apply(SIGNATURE_OR_MAC_ALGORITHM), - SIGNATURE_OR_MAC_ALGORITHM); + String jwsAlg = checkNotNull(propFunction.apply(JWS_ALG), JWS_ALG); - checkState(OAuthConstants.OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES.containsKey(signatureAlgorithm) - , String.format("Algorithm not supported: " + signatureAlgorithm)); + checkState(JWSAlgorithms.supportedAlgs().contains(jwsAlg), "Algorithm not supported: %s", jwsAlg); String audience = checkNotNull(propFunction.apply(AUDIENCE), AUDIENCE); // obtain the scopes from the subclass String scopes = getScopes(); - Header header = Header.create(signatureAlgorithm, "JWT"); + Header header = Header.create(jwsAlg, "JWT"); long now = SECONDS.convert(System.currentTimeMillis(), MILLISECONDS);
