Repository: knox Updated Branches: refs/heads/master e88c7a998 -> 773ac9d8e
KNOX-1035 - Move JWTTokenTest to gateway-spi module + add more tests Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/773ac9d8 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/773ac9d8 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/773ac9d8 Branch: refs/heads/master Commit: 773ac9d8e2594241d5d95448b19a75982f467efd Parents: e88c7a9 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Sep 11 10:29:41 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Sep 11 10:29:41 2017 +0100 ---------------------------------------------------------------------- .../provider/federation/JWTTokenTest.java | 132 ------------ .../security/impl/CMFKeystoreServiceTest.java | 11 +- .../security/token/impl/JWTTokenTest.java | 213 +++++++++++++++++++ 3 files changed, 218 insertions(+), 138 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/773ac9d8/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/JWTTokenTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/JWTTokenTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/JWTTokenTest.java deleted file mode 100644 index 2830a9c..0000000 --- a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/JWTTokenTest.java +++ /dev/null @@ -1,132 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.provider.federation; - -import java.util.ArrayList; - -import org.apache.hadoop.gateway.services.security.token.impl.JWTToken; -import org.junit.Test; - -public class JWTTokenTest extends org.junit.Assert { - private static final String JWT_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MTY5MjkxMDksImp0aSI6ImFhN2Y4ZDBhOTVjIiwic2NvcGVzIjpbInJlcG8iLCJwdWJsaWNfcmVwbyJdfQ.XCEwpBGvOLma4TCoh36FU7XhUbcskygS81HE1uHLf0E"; - private static final String HEADER = "{\"alg\":\"RS256\", \"type\":\"JWT\"}"; - private static final String CLAIMS = "{\"iss\": \"gateway\", \"prn\": \"john....@example.com\", \"aud\": \"https://login.example.com\", \"exp\": \"1363360913\"}"; - -// public void testTokenParsing() throws Exception { -// try { -// JWTToken token = JWTToken.parseToken(JWT_TOKEN); -// assertEquals(token.getHeader(), HEADER); -// assertEquals(token.getClaims(), CLAIMS); -// -// assertEquals(token.getIssuer(), "gateway"); -// assertEquals(token.getPrincipal(), "john....@example.com"); -// assertEquals(token.getAudience(), "https://login.example.com"); -// assertEquals(token.getExpires(), "1363360913"); -// } -// catch (ParseException pe) { -// fail("ParseException encountered."); -// } -// } - - @Test - public void testTokenCreation() throws Exception { - String[] claims = new String[4]; - claims[0] = "KNOXSSO"; - claims[1] = "john....@example.com"; - claims[2] = "https://login.example.com"; - claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); - JWTToken token = new JWTToken("RS256", claims); - - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("john....@example.com", token.getSubject()); - assertEquals("https://login.example.com", token.getAudience()); - } - - @Test - public void testTokenCreationWithAudienceListSingle() throws Exception { - String[] claims = new String[4]; - claims[0] = "KNOXSSO"; - claims[1] = "john....@example.com"; - claims[2] = null; - claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); - ArrayList<String> audiences = new ArrayList<String>(); - audiences.add("https://login.example.com"); - - JWTToken token = new JWTToken("RS256", claims, audiences); - - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("john....@example.com", token.getSubject()); - assertEquals("https://login.example.com", token.getAudience()); - assertEquals(1, token.getAudienceClaims().length); - } - - @Test - public void testTokenCreationWithAudienceListMultiple() throws Exception { - String[] claims = new String[4]; - claims[0] = "KNOXSSO"; - claims[1] = "john....@example.com"; - claims[2] = null; - claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); - ArrayList<String> audiences = new ArrayList<String>(); - audiences.add("https://login.example.com"); - audiences.add("KNOXSSO"); - - JWTToken token = new JWTToken("RS256", claims, audiences); - - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("john....@example.com", token.getSubject()); - assertEquals("https://login.example.com", token.getAudience()); - assertEquals(2, token.getAudienceClaims().length); - } - - @Test - public void testTokenCreationWithAudienceListCombined() throws Exception { - String[] claims = new String[4]; - claims[0] = "KNOXSSO"; - claims[1] = "john....@example.com"; - claims[2] = "LJM"; - claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); - ArrayList<String> audiences = new ArrayList<String>(); - audiences.add("https://login.example.com"); - audiences.add("KNOXSSO"); - - JWTToken token = new JWTToken("RS256", claims, audiences); - - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("john....@example.com", token.getSubject()); - assertEquals("https://login.example.com", token.getAudience()); - assertEquals(3, token.getAudienceClaims().length); - } - - @Test - public void testTokenCreationWithNullAudienceList() throws Exception { - String[] claims = new String[4]; - claims[0] = "KNOXSSO"; - claims[1] = "john....@example.com"; - claims[2] = null; - claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); - ArrayList<String> audiences = null; - - JWTToken token = new JWTToken("RS256", claims, audiences); - - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("john....@example.com", token.getSubject()); - assertEquals(null, token.getAudience()); - assertEquals(null, token.getAudienceClaims()); - } -} http://git-wip-us.apache.org/repos/asf/knox/blob/773ac9d8/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreServiceTest.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreServiceTest.java b/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreServiceTest.java index 57064c6..2287b97 100644 --- a/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreServiceTest.java +++ b/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreServiceTest.java @@ -33,7 +33,6 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; /** * @@ -57,31 +56,31 @@ public class CMFKeystoreServiceTest { public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException { // TODO Auto-generated method stub - + } public void start() throws ServiceLifecycleException { // TODO Auto-generated method stub - + } public void stop() throws ServiceLifecycleException { // TODO Auto-generated method stub - + } public char[] getMasterSecret() { // TODO Auto-generated method stub return "testmaster".toCharArray(); } - + }); } catch (ServiceLifecycleException e) { // TODO Auto-generated catch block e.printStackTrace(); } } - + @Test public void testCreationOfStoreForCredential() throws KeystoreServiceException { try { http://git-wip-us.apache.org/repos/asf/knox/blob/773ac9d8/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/token/impl/JWTTokenTest.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/token/impl/JWTTokenTest.java b/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/token/impl/JWTTokenTest.java new file mode 100644 index 0000000..ef4023d --- /dev/null +++ b/gateway-spi/src/test/java/org/apache/hadoop/gateway/services/security/token/impl/JWTTokenTest.java @@ -0,0 +1,213 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.gateway.services.security.token.impl; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; + +import org.junit.Test; + +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.JWSVerifier; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jose.crypto.RSASSAVerifier; + +public class JWTTokenTest extends org.junit.Assert { + private static final String JWT_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MTY5MjkxMDksImp0aSI6ImFhN2Y4ZDBhOTVjIiwic2NvcGVzIjpbInJlcG8iLCJwdWJsaWNfcmVwbyJdfQ.XCEwpBGvOLma4TCoh36FU7XhUbcskygS81HE1uHLf0E"; + private static final String HEADER = "{\"alg\":\"RS256\", \"type\":\"JWT\"}"; + private static final String CLAIMS = "{\"iss\": \"gateway\", \"prn\": \"john....@example.com\", \"aud\": \"https://login.example.com\", \"exp\": \"1363360913\"}"; + + private RSAPublicKey publicKey; + private RSAPrivateKey privateKey; + + public JWTTokenTest() throws Exception, NoSuchAlgorithmException { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(2048); + + KeyPair kp = kpg.genKeyPair(); + publicKey = (RSAPublicKey) kp.getPublic(); + privateKey = (RSAPrivateKey) kp.getPrivate(); + } + + public void testTokenParsing() throws Exception { + JWTToken token = JWTToken.parseToken(JWT_TOKEN); + assertEquals(token.getHeader(), HEADER); + assertEquals(token.getClaims(), CLAIMS); + + assertEquals(token.getIssuer(), "gateway"); + assertEquals(token.getPrincipal(), "john....@example.com"); + assertEquals(token.getAudience(), "https://login.example.com"); + assertEquals(token.getExpires(), "1363360913"); + } + + @Test + public void testTokenCreation() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = "https://login.example.com"; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + JWTToken token = new JWTToken("RS256", claims); + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals("https://login.example.com", token.getAudience()); + } + + @Test + public void testTokenCreationWithAudienceListSingle() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = null; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + ArrayList<String> audiences = new ArrayList<String>(); + audiences.add("https://login.example.com"); + + JWTToken token = new JWTToken("RS256", claims, audiences); + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals("https://login.example.com", token.getAudience()); + assertEquals(1, token.getAudienceClaims().length); + } + + @Test + public void testTokenCreationWithAudienceListMultiple() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = null; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + ArrayList<String> audiences = new ArrayList<String>(); + audiences.add("https://login.example.com"); + audiences.add("KNOXSSO"); + + JWTToken token = new JWTToken("RS256", claims, audiences); + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals("https://login.example.com", token.getAudience()); + assertEquals(2, token.getAudienceClaims().length); + } + + @Test + public void testTokenCreationWithAudienceListCombined() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = "LJM"; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + ArrayList<String> audiences = new ArrayList<String>(); + audiences.add("https://login.example.com"); + audiences.add("KNOXSSO"); + + JWTToken token = new JWTToken("RS256", claims, audiences); + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals("https://login.example.com", token.getAudience()); + assertEquals(3, token.getAudienceClaims().length); + } + + @Test + public void testTokenCreationWithNullAudienceList() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = null; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + ArrayList<String> audiences = null; + + JWTToken token = new JWTToken("RS256", claims, audiences); + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals(null, token.getAudience()); + assertArrayEquals(null, token.getAudienceClaims()); + } + + @Test + public void testTokenCreationRS512() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = "https://login.example.com"; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + JWTToken token = new JWTToken(JWSAlgorithm.RS512.getName(), claims); + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals("https://login.example.com", token.getAudience()); + assertTrue(token.getHeader().contains(JWSAlgorithm.RS512.getName())); + } + + @Test + public void testTokenSignature() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = "https://login.example.com"; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + JWTToken token = new JWTToken("RS256", claims); + + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals("https://login.example.com", token.getAudience()); + + // Sign the token + JWSSigner signer = new RSASSASigner(privateKey); + token.sign(signer); + assertTrue(token.getSignaturePayload().length > 0); + + // Verify the signature + JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey); + assertTrue(token.verify(verifier)); + } + + @Test + public void testTokenSignatureRS512() throws Exception { + String[] claims = new String[4]; + claims[0] = "KNOXSSO"; + claims[1] = "john....@example.com"; + claims[2] = "https://login.example.com"; + claims[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300); + JWTToken token = new JWTToken(JWSAlgorithm.RS512.getName(), claims); + + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("john....@example.com", token.getSubject()); + assertEquals("https://login.example.com", token.getAudience()); + assertTrue(token.getHeader().contains(JWSAlgorithm.RS512.getName())); + + // Sign the token + JWSSigner signer = new RSASSASigner(privateKey); + token.sign(signer); + assertTrue(token.getSignaturePayload().length > 0); + + // Verify the signature + JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey); + assertTrue(token.verify(verifier)); + } + +}