This is an automated email from the ASF dual-hosted git repository.
dblevins pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 3f3524bee3b64a049bbc39b8b4ca2de547a25b57
Author: David Blevins <dblev...@tomitribe.com>
AuthorDate: Tue Aug 30 07:05:22 2022 -0700
All tests now use standard MP-JWT config. Vendor-specific config no longer
needed.
---
.../tck/jwt/JWTAuthContextInfoProvider.java | 56 --------------
.../jwt/MicroProfileJWTTCKArchiveProcessor.java | 35 +++------
.../tck/jwt/jwk/PublicKeyAsJWKSTest.java | 85 ----------------------
3 files changed, 10 insertions(+), 166 deletions(-)
diff --git
a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/JWTAuthContextInfoProvider.java
b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/JWTAuthContextInfoProvider.java
deleted file mode 100644
index 4e3ddba4bf..0000000000
---
a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/JWTAuthContextInfoProvider.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomee.microprofile.tck.jwt;
-
-import org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration;
-
-import jakarta.enterprise.context.Dependent;
-import jakarta.enterprise.inject.Produces;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.Base64;
-import java.util.Optional;
-
-@Dependent
-public class JWTAuthContextInfoProvider {
-
- @Produces
- Optional<JWTAuthConfiguration> getOptionalContextInfo() throws
NoSuchAlgorithmException, InvalidKeySpecException {
- final String pemEncoded =
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlivFI8qB4D0y2jy0CfEq" +
-
"Fyy46R0o7S8TKpsx5xbHKoU1VWg6QkQm+ntyIv1p4kE1sPEQO73+HY8+Bzs75XwR" +
-
"TYL1BmR1w8J5hmjVWjc6R2BTBGAYRPFRhor3kpM6ni2SPmNNhurEAHw7TaqszP5e" +
-
"UF/F9+KEBWkwVta+PZ37bwqSE4sCb1soZFrVz/UT/LF4tYpuVYt3YbqToZ3pZOZ9" +
-
"AX2o1GCG3xwOjkc4x0W7ezbQZdC9iftPxVHR8irOijJRRjcPDtA6vPKpzLl6CyYn" +
-
"sIYPd99ltwxTHjr3npfv/3Lw50bAkbT4HeLFxTx4flEoZLKO/g0bAoV2uqBhkA9x" +
- "nQIDAQAB";
- byte[] encodedBytes = Base64.getDecoder().decode(pemEncoded);
-
- final X509EncodedKeySpec spec = new X509EncodedKeySpec(encodedBytes);
- final KeyFactory kf = KeyFactory.getInstance("RSA");
- final RSAPublicKey pk = (RSAPublicKey) kf.generatePublic(spec);
-
- return Optional.of(JWTAuthConfiguration.authConfiguration(pk,
"https://server.example.com";, false));
- }
-
- @Produces
- JWTAuthConfiguration getContextInfo() throws InvalidKeySpecException,
NoSuchAlgorithmException {
- return getOptionalContextInfo().get();
- }
-}
diff --git
a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java
b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java
index d156a589c4..c451d66b90 100644
---
a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java
+++
b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/MicroProfileJWTTCKArchiveProcessor.java
@@ -23,7 +23,16 @@ import
org.apache.tomee.arquillian.remote.RemoteTomEEContainer;
import
org.apache.tomee.microprofile.tck.jwt.validation.ExpClaimAllowMissingExpValidationTest;
import org.apache.tomee.microprofile.tck.jwt.validation.ExpClaimValidationTest;
import org.eclipse.microprofile.jwt.tck.arquillian.BaseWarArchiveProcessor;
-import org.eclipse.microprofile.jwt.tck.config.*;
+import org.eclipse.microprofile.jwt.tck.config.IssValidationTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsBase64JWKTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsFileLocationURLTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKLocationTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKLocationURLTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKSLocationTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKSTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsJWKTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsPEMLocationTest;
+import org.eclipse.microprofile.jwt.tck.config.PublicKeyAsPEMTest;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.jboss.arquillian.container.spi.Container;
import org.jboss.arquillian.container.spi.ContainerRegistry;
@@ -60,30 +69,6 @@ public class MicroProfileJWTTCKArchiveProcessor extends
BaseWarArchiveProcessor
.addAsLibrary(JarLocation.jarLocation(JWSSigner.class))
.addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
- // Provide keys required for tests (vendor specific way)
- war.addClass(JWTAuthContextInfoProvider.class);
-
- // Spec says that vendor specific ways to load the keys take
precedence, so we need to remove it in test
- // cases that use the Config approach.
- Stream.of(
- PublicKeyAsPEMTest.class,
- PublicKeyAsPEMLocationTest.class,
- PublicKeyAsFileLocationURLTest.class,
- PublicKeyAsJWKTest.class,
- PublicKeyAsBase64JWKTest.class,
- PublicKeyAsJWKLocationTest.class,
- PublicKeyAsJWKLocationURLTest.class,
- PublicKeyAsJWKSTest.class,
- PublicKeyAsJWKSLocationTest.class,
- IssValidationTest.class,
- ExpClaimValidationTest.class,
- ExpClaimAllowMissingExpValidationTest.class,
-
org.apache.tomee.microprofile.tck.jwt.config.PublicKeyAsPEMLocationTest.class,
-
org.apache.tomee.microprofile.tck.jwt.config.PublicKeyAsJWKLocationURLTest.class)
- .filter(c -> c.equals(testClass.getJavaClass()))
- .findAny()
- .ifPresent(c ->
war.deleteClass(JWTAuthContextInfoProvider.class));
-
// MP Config in wrong place - See
https://github.com/eclipse/microprofile/issues/46.
final Map<ArchivePath, Node> content = war.getContent(object ->
object.get().matches(".*META-INF/.*"));
content.forEach((archivePath, node) ->
war.addAsResource(node.getAsset(), node.getPath()));
diff --git
a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java
b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java
deleted file mode 100644
index b97ff43dda..0000000000
---
a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/jwk/PublicKeyAsJWKSTest.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomee.microprofile.tck.jwt.jwk;
-
-import org.apache.tomee.microprofile.jwt.config.JWTAuthConfigurationProperties;
-import org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration;
-import org.eclipse.microprofile.jwt.config.Names;
-import org.eclipse.microprofile.jwt.tck.TCKConstants;
-import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
-import org.jose4j.jwa.AlgorithmConstraints;
-import org.jose4j.jwt.NumericDate;
-import org.jose4j.jwt.consumer.JwtConsumer;
-import org.jose4j.jwt.consumer.JwtConsumerBuilder;
-import org.jose4j.jwt.consumer.JwtContext;
-import org.jose4j.keys.resolvers.JwksVerificationKeyResolver;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import java.nio.file.Paths;
-import java.security.PrivateKey;
-import java.util.HashMap;
-
-import static org.jose4j.jwa.AlgorithmConstraints.ConstraintType.WHITELIST;
-import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA256;
-
-public class PublicKeyAsJWKSTest {
- @Test
- public void validateJWKS() throws Exception {
- System.setProperty(Names.VERIFIER_PUBLIC_KEY, "");
- System.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "file://" +
-
Paths.get("").toAbsolutePath().toString() +
-
"/src/test/resources/signer-keyset4k.jwk");
- System.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER);
-
- final PrivateKey privateKey =
TokenUtils.readPrivateKey("/privateKey4k.pem");
- final String kid = "publicKey4k";
- final String token = TokenUtils.generateTokenString(privateKey, kid,
"/Token1.json", null, new HashMap<>());
- System.out.println("token = " + token);
-
- final JWTAuthConfigurationProperties JWTAuthConfigurationProperties =
new JWTAuthConfigurationProperties();
- JWTAuthConfigurationProperties.init(null);
-
- final JWTAuthConfiguration jwtAuthConfiguration =
-
JWTAuthConfigurationProperties.getJWTAuthConfiguration().orElseThrow(IllegalArgumentException::new);
-
- final JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder()
- .setRequireExpirationTime()
- .setRequireSubject()
- .setSkipDefaultAudienceValidation()
- .setExpectedIssuer(jwtAuthConfiguration.getIssuer())
- .setJwsAlgorithmConstraints(new
AlgorithmConstraints(WHITELIST, RSA_USING_SHA256))
- .setSkipDefaultAudienceValidation()
- .setVerificationKey(jwtAuthConfiguration.getPublicKey());
-
- if (jwtAuthConfiguration.getExpGracePeriodSecs() > 0) {
-
jwtConsumerBuilder.setAllowedClockSkewInSeconds(jwtAuthConfiguration.getExpGracePeriodSecs());
- } else {
- jwtConsumerBuilder.setEvaluationTime(NumericDate.fromSeconds(0));
- }
-
- if (jwtAuthConfiguration.isSingleKey()) {
-
jwtConsumerBuilder.setVerificationKey(jwtAuthConfiguration.getPublicKey());
- } else {
- jwtConsumerBuilder.setVerificationKeyResolver(new
JwksVerificationKeyResolver(jwtAuthConfiguration.getPublicKeys()));
- }
-
- final JwtConsumer jwtConsumer = jwtConsumerBuilder.build();
- final JwtContext jwtContext = jwtConsumer.process(token);
-
Assert.assertEquals(jwtContext.getJwtClaims().getStringClaimValue("upn"),
"j...@example.com");
- }
-}
