@Test public void decodeWhenJwtInvalidThenThrowJwtException() { assertThatThrownBy(() -> this.jwtDecoder.decode("invalid")) .isInstanceOf(JwtException.class); }
@Test public void decodeWhenPlainJwtThenExceptionDoesNotMentionClass() { assertThatCode(() -> this.jwtDecoder.decode(UNSIGNED_JWT)) .isInstanceOf(JwtException.class) .hasMessageContaining("Unsupported algorithm of none"); }
@Test public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class); when(claimSetConverter.convert(any(Map.class))).thenReturn(Collections.singletonMap("custom", "value")); decoder.setClaimSetConverter(claimSetConverter); Jwt jwt = decoder.decode(SIGNED_JWT); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); } }
@Test public void decodeWhenCustomRestOperationsSetThenUsed() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); RestTemplate restTemplate = spy(new RestTemplate()); jwtDecoder.setRestOperations(restTemplate); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException(); verify(restTemplate).exchange(any(RequestEntity.class), eq(String.class)); server.shutdown(); } }
@Test public void decodeWhenExpClaimNullThenDoesNotThrowException() throws Exception { NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(JWK_SET_URL); jwtDecoder.setRestOperations(mockJwkSetResponse(JWK_SET)); jwtDecoder.setClaimSetConverter(map -> { Map<String, Object> claims = new HashMap<>(map); claims.remove(JwtClaimNames.EXP); return claims; }); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException(); }
@Test public void decodeWhenJwkResponseIsMalformedThenReturnsStockException() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)) .isInstanceOf(JwtException.class) .hasMessage("An error occurred while attempting to decode the Jwt: Malformed Jwk set"); server.shutdown(); } }
@Test public void decodeWhenJwtIsMalformedThenReturnsStockException() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); assertThatCode(() -> jwtDecoder.decode(MALFORMED_JWT)) .isInstanceOf(JwtException.class) .hasMessage("An error occurred while attempting to decode the Jwt: Malformed payload"); server.shutdown(); } }
@Test public void decodeWhenJwtFailsValidationThenReturnsCorrespondingErrorMessage() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); OAuth2Error failure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class); when(jwtValidator.validate(any(Jwt.class))).thenReturn(OAuth2TokenValidatorResult.failure(failure)); decoder.setJwtValidator(jwtValidator); assertThatCode(() -> decoder.decode(SIGNED_JWT)) .isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description"); } }
@Test public void decodeWhenJwtValidationHasTwoErrorsThenJwtExceptionMessageShowsFirstError() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); OAuth2Error firstFailure = new OAuth2Error("mock-error", "mock-description", "mock-uri"); OAuth2Error secondFailure = new OAuth2Error("another-error", "another-description", "another-uri"); OAuth2TokenValidatorResult result = OAuth2TokenValidatorResult.failure(firstFailure, secondFailure); OAuth2TokenValidator<Jwt> jwtValidator = mock(OAuth2TokenValidator.class); when(jwtValidator.validate(any(Jwt.class))).thenReturn(result); decoder.setJwtValidator(jwtValidator); assertThatCode(() -> decoder.decode(SIGNED_JWT)) .isInstanceOf(JwtValidationException.class) .hasMessageContaining("mock-description") .hasFieldOrPropertyWithValue("errors", Arrays.asList(firstFailure, secondFailure)); } }
@Test public void decodeWhenJwkEndpointIsUnresponsiveThenReturnsJwtException() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(MALFORMED_JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)) .isInstanceOf(JwtException.class) .hasMessageContaining("An error occurred while attempting to decode the Jwt"); server.shutdown(); } }