This is an automated email from the ASF dual-hosted git repository. dblevins pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 3f3524bee3b64a049bbc39b8b4ca2de547a25b57 Author: David Blevins <dblev...@tomitribe.com> AuthorDate: Tue Aug 30 07:05:22 2022 -0700 All tests now use standard MP-JWT config. Vendor-specific config no longer needed. --- .../tck/jwt/JWTAuthContextInfoProvider.java | 56 -------------- .../jwt/MicroProfileJWTTCKArchiveProcessor.java | 35 +++------ .../tck/jwt/jwk/PublicKeyAsJWKSTest.java | 85 ---------------------- 3 files changed, 10 insertions(+), 166 deletions(-) diff --git a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/JWTAuthContextInfoProvider.java b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/JWTAuthContextInfoProvider.java deleted file mode 100644 index 4e3ddba4bf..0000000000 --- a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/JWTAuthContextInfoProvider.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.tomee.microprofile.tck.jwt; - -import org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration; - -import jakarta.enterprise.context.Dependent; -import jakarta.enterprise.inject.Produces; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; -import java.util.Base64; -import java.util.Optional; - -@Dependent -public class JWTAuthContextInfoProvider { - - @Produces - Optional<JWTAuthConfiguration> getOptionalContextInfo() throws NoSuchAlgorithmException, InvalidKeySpecException { - final String pemEncoded = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlivFI8qB4D0y2jy0CfEq" + - "Fyy46R0o7S8TKpsx5xbHKoU1VWg6QkQm+ntyIv1p4kE1sPEQO73+HY8+Bzs75XwR" + - "TYL1BmR1w8J5hmjVWjc6R2BTBGAYRPFRhor3kpM6ni2SPmNNhurEAHw7TaqszP5e" + - "UF/F9+KEBWkwVta+PZ37bwqSE4sCb1soZFrVz/UT/LF4tYpuVYt3YbqToZ3pZOZ9" + - "AX2o1GCG3xwOjkc4x0W7ezbQZdC9iftPxVHR8irOijJRRjcPDtA6vPKpzLl6CyYn" + - "sIYPd99ltwxTHjr3npfv/3Lw50bAkbT4HeLFxTx4flEoZLKO/g0bAoV2uqBhkA9x" + - "nQIDAQAB"; - byte[] encodedBytes = Base64.getDecoder().decode(pemEncoded); - - final X509EncodedKeySpec spec = new X509EncodedKeySpec(encodedBytes); - final KeyFactory kf = KeyFactory.getInstance("RSA"); - final RSAPublicKey pk = (RSAPublicKey) kf.generatePublic(spec); - - return Optional.of(JWTAuthConfiguration.authConfiguration(pk, "https://server.example.com", false)); - } - - @Produces - JWTAuthConfiguration getContextInfo() throws InvalidKeySpecException, NoSuchAlgorithmException { - return getOptionalContextInfo().get(); - } -} diff --git a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java index d156a589c4..c451d66b90 100644 --- a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java +++ b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java @@ -23,7 +23,16 @@ import org.apache.tomee.arquillian.remote.RemoteTomEEContainer; import org.apache.tomee.microprofile.tck.jwt.validation.ExpClaimAllowMissingExpValidationTest; import org.apache.tomee.microprofile.tck.jwt.validation.ExpClaimValidationTest; import org.eclipse.microprofile.jwt.tck.arquillian.BaseWarArchiveProcessor; -import org.eclipse.microprofile.jwt.tck.config.*; +import org.eclipse.microprofile.jwt.tck.config.IssValidationTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsBase64JWKTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsFileLocationURLTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKLocationTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKLocationURLTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKSLocationTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKSTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsPEMLocationTest; +import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsPEMTest; import org.eclipse.microprofile.jwt.tck.util.TokenUtils; import org.jboss.arquillian.container.spi.Container; import org.jboss.arquillian.container.spi.ContainerRegistry; @@ -60,30 +69,6 @@ public class MicroProfileJWTTCKArchiveProcessor extends BaseWarArchiveProcessor .addAsLibrary(JarLocation.jarLocation(JWSSigner.class)) .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); - // Provide keys required for tests (vendor specific way) - war.addClass(JWTAuthContextInfoProvider.class); - - // Spec says that vendor specific ways to load the keys take precedence, so we need to remove it in test - // cases that use the Config approach. - Stream.of( - PublicKeyAsPEMTest.class, - PublicKeyAsPEMLocationTest.class, - PublicKeyAsFileLocationURLTest.class, - PublicKeyAsJWKTest.class, - PublicKeyAsBase64JWKTest.class, - PublicKeyAsJWKLocationTest.class, - PublicKeyAsJWKLocationURLTest.class, - PublicKeyAsJWKSTest.class, - PublicKeyAsJWKSLocationTest.class, - IssValidationTest.class, - ExpClaimValidationTest.class, - ExpClaimAllowMissingExpValidationTest.class, - org.apache.tomee.microprofile.tck.jwt.config.PublicKeyAsPEMLocationTest.class, - org.apache.tomee.microprofile.tck.jwt.config.PublicKeyAsJWKLocationURLTest.class) - .filter(c -> c.equals(testClass.getJavaClass())) - .findAny() - .ifPresent(c -> war.deleteClass(JWTAuthContextInfoProvider.class)); - // MP Config in wrong place - See https://github.com/eclipse/microprofile/issues/46. final Map<ArchivePath, Node> content = war.getContent(object -> object.get().matches(".*META-INF/.*")); content.forEach((archivePath, node) -> war.addAsResource(node.getAsset(), node.getPath())); diff --git a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java deleted file mode 100644 index b97ff43dda..0000000000 --- a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.tomee.microprofile.tck.jwt.jwk; - -import org.apache.tomee.microprofile.jwt.config.JWTAuthConfigurationProperties; -import org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration; -import org.eclipse.microprofile.jwt.config.Names; -import org.eclipse.microprofile.jwt.tck.TCKConstants; -import org.eclipse.microprofile.jwt.tck.util.TokenUtils; -import org.jose4j.jwa.AlgorithmConstraints; -import org.jose4j.jwt.NumericDate; -import org.jose4j.jwt.consumer.JwtConsumer; -import org.jose4j.jwt.consumer.JwtConsumerBuilder; -import org.jose4j.jwt.consumer.JwtContext; -import org.jose4j.keys.resolvers.JwksVerificationKeyResolver; -import org.testng.Assert; -import org.testng.annotations.Test; - -import java.nio.file.Paths; -import java.security.PrivateKey; -import java.util.HashMap; - -import static org.jose4j.jwa.AlgorithmConstraints.ConstraintType.WHITELIST; -import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA256; - -public class PublicKeyAsJWKSTest { - @Test - public void validateJWKS() throws Exception { - System.setProperty(Names.VERIFIER_PUBLIC_KEY, ""); - System.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "file://" + - Paths.get("").toAbsolutePath().toString() + - "/src/test/resources/signer-keyset4k.jwk"); - System.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER); - - final PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem"); - final String kid = "publicKey4k"; - final String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, new HashMap<>()); - System.out.println("token = " + token); - - final JWTAuthConfigurationProperties JWTAuthConfigurationProperties = new JWTAuthConfigurationProperties(); - JWTAuthConfigurationProperties.init(null); - - final JWTAuthConfiguration jwtAuthConfiguration = - JWTAuthConfigurationProperties.getJWTAuthConfiguration().orElseThrow(IllegalArgumentException::new); - - final JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder() - .setRequireExpirationTime() - .setRequireSubject() - .setSkipDefaultAudienceValidation() - .setExpectedIssuer(jwtAuthConfiguration.getIssuer()) - .setJwsAlgorithmConstraints(new AlgorithmConstraints(WHITELIST, RSA_USING_SHA256)) - .setSkipDefaultAudienceValidation() - .setVerificationKey(jwtAuthConfiguration.getPublicKey()); - - if (jwtAuthConfiguration.getExpGracePeriodSecs() > 0) { - jwtConsumerBuilder.setAllowedClockSkewInSeconds(jwtAuthConfiguration.getExpGracePeriodSecs()); - } else { - jwtConsumerBuilder.setEvaluationTime(NumericDate.fromSeconds(0)); - } - - if (jwtAuthConfiguration.isSingleKey()) { - jwtConsumerBuilder.setVerificationKey(jwtAuthConfiguration.getPublicKey()); - } else { - jwtConsumerBuilder.setVerificationKeyResolver(new JwksVerificationKeyResolver(jwtAuthConfiguration.getPublicKeys())); - } - - final JwtConsumer jwtConsumer = jwtConsumerBuilder.build(); - final JwtContext jwtContext = jwtConsumer.process(token); - Assert.assertEquals(jwtContext.getJwtClaims().getStringClaimValue("upn"), "j...@example.com"); - } -}