private Jwt createJwt(JWT parsedJwt, JWTClaimsSet jwtClaimsSet) { Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims()); Instant expiresAt = (Instant) claims.get(JwtClaimNames.EXP); Instant issuedAt = (Instant) claims.get(JwtClaimNames.IAT); return new Jwt(parsedJwt.getParsedString(), issuedAt, expiresAt, headers, claims); }
private Jwt jwt(Map<String, Object> claims) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", JwsAlgorithms.RS256); return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims); } }
private Jwt jwt(Map<String, Object> claims) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", JwsAlgorithms.RS256); return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims); } }
private Jwt jwt(Map<String, Object> claims) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", JwsAlgorithms.RS256); return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims); }
private Jwt jwt(Map<String, Object> claims) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", JwsAlgorithms.RS256); return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims); } }
private Jwt jwt(Map<String, Object> claims) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", JwsAlgorithms.RS256); return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims); } }
@Test(expected = IllegalArgumentException.class) public void constructorWhenClaimsIsEmptyThenThrowIllegalArgumentException() { new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS, Collections.emptyMap()); }
private Jwt jwt(Map<String, Object> claims) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", JwsAlgorithms.RS256); return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims); } }
private Jwt jwt(Map<String, Object> claims) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", JwsAlgorithms.RS256); return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims); } }
private ReactiveJwtDecoder getJwtDecoder() { return token -> { Map<String, Object> claims = new HashMap<>(); claims.put(IdTokenClaimNames.SUB, "subject"); claims.put(IdTokenClaimNames.ISS, "http://localhost/issuer"); claims.put(IdTokenClaimNames.AUD, Collections.singletonList("client")); claims.put(IdTokenClaimNames.AZP, "client"); Jwt jwt = new Jwt("id-token", Instant.now(), Instant.now().plusSeconds(3600), Collections.singletonMap("header1", "value1"), claims); return Mono.just(jwt); }; } }
@Test(expected = IllegalArgumentException.class) public void constructorWhenHeadersIsEmptyThenThrowIllegalArgumentException() { new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), Collections.emptyMap(), CLAIMS); }
private void setUpIdToken(Map<String, Object> claims, Instant issuedAt, Instant expiresAt) { Map<String, Object> headers = new HashMap<>(); headers.put("alg", "RS256"); Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, headers, claims); JwtDecoder jwtDecoder = mock(JwtDecoder.class); when(jwtDecoder.decode(anyString())).thenReturn(idToken); this.authenticationProvider.setJwtDecoderFactory(registration -> jwtDecoder); }
@Test public void validateWhenIssuerMatchesThenReturnsSuccess() { Jwt jwt = new Jwt( MOCK_TOKEN, MOCK_ISSUED_AT, MOCK_EXPIRES_AT, MOCK_HEADERS, Collections.singletonMap("iss", ISSUER)); assertThat(this.validator.validate(jwt)) .isEqualTo(OAuth2TokenValidatorResult.success()); }
@Test public void validateWhenIssuerMatchesAndIsNotAUriThenReturnsSuccess() { Jwt jwt = new Jwt( MOCK_TOKEN, MOCK_ISSUED_AT, MOCK_EXPIRES_AT, MOCK_HEADERS, Collections.singletonMap(JwtClaimNames.ISS, "issuer")); JwtIssuerValidator validator = new JwtIssuerValidator("issuer"); assertThat(validator.validate(jwt)) .isEqualTo(OAuth2TokenValidatorResult.success()); }
@Test public void validateWhenNotBeforeIsValidAndExpiryIsNotSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = new Jwt( MOCK_TOKEN_VALUE, MOCK_ISSUED_AT, null, MOCK_HEADER, Collections.singletonMap(JwtClaimNames.NBF, Instant.MIN)); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); }
@Test public void validateWhenNeitherExpiryNorNotBeforeIsSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = new Jwt( MOCK_TOKEN_VALUE, MOCK_ISSUED_AT, null, MOCK_HEADER, MOCK_CLAIM_SET); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); }
@Test public void validateWhenIssuerMismatchesThenReturnsError() { Jwt jwt = new Jwt( MOCK_TOKEN, MOCK_ISSUED_AT, MOCK_EXPIRES_AT, MOCK_HEADERS, Collections.singletonMap(JwtClaimNames.ISS, "https://other")); OAuth2TokenValidatorResult result = this.validator.validate(jwt); assertThat(result.getErrors()).isNotEmpty(); }
@Test public void validateWhenExpiryIsValidAndNotBeforeIsNotSpecifiedThenReturnsSuccessfulResult() { Jwt jwt = new Jwt( MOCK_TOKEN_VALUE, MOCK_ISSUED_AT, Instant.MAX, MOCK_HEADER, MOCK_CLAIM_SET); JwtTimestampValidator jwtValidator = new JwtTimestampValidator(); assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse(); }
@Test public void validateWhenJwtHasNoIssuerThenReturnsError() { Jwt jwt = new Jwt( MOCK_TOKEN, MOCK_ISSUED_AT, MOCK_EXPIRES_AT, MOCK_HEADERS, Collections.singletonMap(JwtClaimNames.AUD, "https://aud")); OAuth2TokenValidatorResult result = this.validator.validate(jwt); assertThat(result.getErrors()).isNotEmpty(); }
private Collection<OAuth2Error> validateIdToken() { Jwt idToken = new Jwt("token123", this.issuedAt, this.expiresAt, this.headers, this.claims); OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build()); validator.setClockSkew(this.clockSkew); return validator.validate(idToken).getErrors(); } }