diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java deleted file mode 100644 index 6419615ed..000000000 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java +++ /dev/null @@ -1,133 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.openid.connect.model; - -import java.util.List; - -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; -import javax.persistence.Transient; - -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; - -import com.google.common.base.Splitter; -import com.google.common.collect.Lists; - -@Entity -@Table(name="idtoken") -@NamedQueries({ - @NamedQuery(name = "IdToken.getAll", query = "select i from IdToken i") -}) -public class IdToken extends Jwt { - - /** - * Create a blank IdToken - */ - public IdToken() { - super(); - } - - /** - * Create an IdToken from the requisite pieces. - * @param header - * @param claims - * @param signature - */ - public IdToken(JwtHeader header, IdTokenClaims claims, String signature) { - super(header, claims, signature); - } - - - private Long id; - - /** - * @return the id - */ - @Id - @GeneratedValue(strategy=GenerationType.IDENTITY) - public Long getId() { - return id; - } - - /** - * @param id the id to set - */ - public void setId(Long id) { - this.id = id; - } - - /** - * @return the tokenClaims - */ - @Transient - public IdTokenClaims getClaims() { - return (IdTokenClaims) super.getClaims(); - } - - /** - * @param tokenClaims the tokenClaims to set - */ - public void setClaims(JwtClaims tokenClaims) { - if (tokenClaims instanceof IdTokenClaims) { - super.setClaims(tokenClaims); - } else { - super.setClaims(new IdTokenClaims(tokenClaims)); - } - } - - - /** - * Parse a wire-encoded IdToken. - * - */ - public static IdToken parse(String s) { - - // TODO: this code was copied nearly verbatim from Jwt.parse, and - // we should figure out how to re-use and abstract bits, likely - - // null string is a null token - if (s == null) { - return null; - } - - // split on the dots - List parts = Lists.newArrayList(Splitter.on(".").split(s)); - - if (parts.size() != 3) { - throw new IllegalArgumentException("Invalid JWT format."); - } - - String h64 = parts.get(0); - String c64 = parts.get(1); - String s64 = parts.get(2); - - // shuttle for return value - IdToken idToken = new IdToken(new JwtHeader(h64), new IdTokenClaims(c64), s64); - - // TODO: save the wire-encoded string in the Jwt object itself? - - return idToken; - - } - -} diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java deleted file mode 100644 index 51448e802..000000000 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java +++ /dev/null @@ -1,130 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.openid.connect.model; - -import java.util.Date; -import java.util.Map.Entry; - -import javax.persistence.Basic; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; -import javax.persistence.Transient; - -import org.mitre.jwt.model.JwtClaims; - -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; - - -@Entity -@Table(name="idtokenclaims") -public class IdTokenClaims extends JwtClaims { - - public static final String AUTHENTICATION_CONTEXT_CLASS_REFERENCE = "acr"; - public static final String AUTH_TIME = "auth_time"; - public static final String AUTHORIZED_PARTY = "azp"; - - private Long id; - - - - public IdTokenClaims() { - super(); - } - - public IdTokenClaims(JsonObject json) { - super(json); - } - - public IdTokenClaims(String b64) { - super(b64); - } - - public IdTokenClaims(JwtClaims jwtClaims) { - super(jwtClaims); - } - - /** - * @return the id - */ - @Id - @GeneratedValue(strategy=GenerationType.IDENTITY) - public Long getId() { - return id; - } - /** - * @param id the id to set - */ - public void setId(Long id) { - this.id = id; - } - - @Transient - public String getAuthContext() { - return getClaimAsString(AUTHENTICATION_CONTEXT_CLASS_REFERENCE); - } - - public void setAuthContext(String acr) { - setClaim(AUTHENTICATION_CONTEXT_CLASS_REFERENCE, acr); - } - - @Transient - public Date getAuthTime() { - return getClaimAsDate(AUTH_TIME); - } - - public void setAuthTime(Date authTime) { - setClaim(AUTH_TIME, authTime); - } - - @Transient - public String getAuthorizedParty() { - return getClaimAsString(AUTHORIZED_PARTY); - } - - public void setAuthorizedParty(String azp) { - setClaim(AUTHORIZED_PARTY, azp); - } - - - /** - * Load this IdToken from a JSON Object - */ - @Override - public void loadFromJsonObject(JsonObject json) { - JsonObject pass = new JsonObject(); - - for (Entry element : json.entrySet()) { - if (element.getValue().isJsonNull()) { - pass.add(element.getKey(), element.getValue()); - } else if (element.getKey().equals(AUTHENTICATION_CONTEXT_CLASS_REFERENCE)) { - setAuthContext(element.getValue().getAsString()); - } else if (element.getKey().equals(AUTH_TIME)) { - setAuthTime(new Date(element.getValue().getAsLong() * 1000L)); - } else if (element.getKey().equals(AUTHORIZED_PARTY)) { - setAuthorizedParty(element.getValue().getAsString()); - } else { - pass.add(element.getKey(), element.getValue()); - } - } - - super.loadFromJsonObject(pass); - } -} diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenClaimsRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenClaimsRepository.java deleted file mode 100644 index ebfe7e6cf..000000000 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenClaimsRepository.java +++ /dev/null @@ -1,55 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.openid.connect.repository; - -import org.mitre.openid.connect.model.IdTokenClaims; - -public interface IdTokenClaimsRepository { - - /** - * Returns the IdTokenClaims for the given id - * - * @param id - * id the id of the Address - * @return a valid IdTokenClaims if it exists, null otherwise - */ - public IdTokenClaims getById(Long id); - - /** - * Removes the given IdTokenClaims from the repository - * - * @param address - * the IdTokenClaims object to remove - */ - public void remove(IdTokenClaims idTokenClaims); - - /** - * Removes an IdTokenClaims from the repository - * - * @param id - * the id of the IdTokenClaims to remove - */ - public void removeById(Long id); - - /** - * Persists a IdTokenClaims - * - * @param idTokenClaims - * the IdTokenClaims to be saved - * @return - */ - public IdTokenClaims save(IdTokenClaims idTokenClaims); -} diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenRepository.java deleted file mode 100644 index 9f86d3c4f..000000000 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenRepository.java +++ /dev/null @@ -1,60 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.openid.connect.repository; - -import org.mitre.openid.connect.model.IdToken; - -/** - * IdToken repository interface - * - * @author Michael Joseph Walsh - * - */ -public interface IdTokenRepository { - - /** - * Returns the IdToken for the given id - * - * @param id - * id the id of the IdToken - * @return a valid IdToken if it exists, null otherwise - */ - public IdToken getById(Long id); - - /** - * Removes the given IdToken from the repository - * - * @param idToken - * the IdToken object to remove - */ - public void remove(IdToken idToken); - - /** - * Removes an IdToken from the repository - * - * @param id - * the id of the IdToken to remove - */ - public void removeById(Long id); - - /** - * Persists a IdToken - * - * @param idToken - * @return - */ - public IdToken save(IdToken idToken); -} diff --git a/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java b/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java deleted file mode 100644 index f94b6e455..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.mitre.jwe.encryption.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; - -import org.junit.After; -import org.junit.Assume; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwe.model.Jwe; -import org.mitre.jwe.model.JweHeader; -import org.mitre.jwt.encryption.impl.RsaDecrypter; -import org.mitre.jwt.encryption.impl.RsaEncrypter; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class RsaEncrypterDecrypterTest { - - URL jweHeaderUrl = this.getClass().getResource("/jwe/jweHeader"); - String jwePlaintextString = new String("Why couldn't the bike move? It was two tired."); - - @Before - public void setUp() throws NoSuchAlgorithmException{ - - Assume.assumeTrue(Cipher.getMaxAllowedKeyLength("AES") > 128); // if we're capped at 128 bits then we can't run these tests - - } - - @After - public void tearDown(){ - } - - @Test - public void encryptDecryptTest() throws JsonIOException, JsonSyntaxException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException { - - // - - //read in header and plaintext from files - JsonParser parser = new JsonParser(); - JsonObject jweHeaderObject = parser.parse(new BufferedReader(new InputStreamReader(jweHeaderUrl.openStream()))).getAsJsonObject(); - //generate key pair. this will be passed in from the user - KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); - keyGen.initialize(4096); - KeyPair pair = keyGen.generateKeyPair(); - PublicKey publicKey = pair.getPublic(); - PrivateKey privateKey = pair.getPrivate(); - //create jwe based on header and plaintext - Jwe jwe = new Jwe(new JweHeader(jweHeaderObject), null, jwePlaintextString.getBytes(), null); - //encrypt - RsaEncrypter rsaEncrypter = new RsaEncrypter(); - rsaEncrypter.setPublicKey(publicKey); - rsaEncrypter.setPrivateKey(privateKey); - jwe = rsaEncrypter.encryptAndSign(jwe); - - //decrypt - RsaDecrypter rsaDecrypter = new RsaDecrypter(); - rsaDecrypter.setPublicKey(publicKey); - rsaDecrypter.setPrivateKey(privateKey); - String encryptedJweString = jwe.toString(); - jwe = rsaDecrypter.decrypt(encryptedJweString); - - String jweDecryptedCleartext = new String(jwe.getCiphertext()); - //test ALL THE THINGS - assertEquals(jweDecryptedCleartext, jwePlaintextString); - assertEquals(jwe.getHeader().getAlgorithm(), jweHeaderObject.get("alg").getAsString()); - assertEquals(jwe.getHeader().getEncryptionMethod(), jweHeaderObject.get("enc").getAsString()); - assertEquals(jwe.getHeader().getIntegrity(), jweHeaderObject.get("int").getAsString()); - assertEquals(jwe.getHeader().getInitializationVector(), jweHeaderObject.get("iv").getAsString()); - - } - - // TODO: add independent unit test for encryption and decryption - -} diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac256Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac256Test.java deleted file mode 100644 index 6ace0a0be..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac256Test.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.mitre.jwt.signer.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class Hmac256Test{ - - URL claimsUrl = this.getClass().getResource("/jwt/claims"); - URL hs256Url = this.getClass().getResource("/jwt/hs256"); - - Jwt jwt = null; - JwtClaims claims = null; - JwtHeader header = null; - - /** - * @throws IOException - * @throws JsonSyntaxException - * @throws JsonIOException - * @throws java.lang.Exception - */ - @Before - public void setUp() throws JsonIOException, JsonSyntaxException, IOException{ - JsonParser parser = new JsonParser(); - JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject(); - JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(hs256Url.openStream()))).getAsJsonObject(); - claims = new JwtClaims(claimsObject); - header = new JwtHeader(headerObject); - jwt = new Jwt(header, claims, null); - - } - - /** - * @throws java.lang.Exception - */ - @After - public void tearDown(){ - } - - @Test - public void testHmacSigner256() throws Exception { - setUp(); - HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret"); - jwt = hmac.sign(jwt); - assertEquals(hmac.verify(jwt.toString()), true); - } -} - \ No newline at end of file diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac384Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac384Test.java deleted file mode 100644 index efac2ef49..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac384Test.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.mitre.jwt.signer.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class Hmac384Test { - - URL claimsUrl = this.getClass().getResource("/jwt/claims"); - URL hs384Url = this.getClass().getResource("/jwt/hs384"); - - Jwt jwt = null; - JwtClaims claims = null; - JwtHeader header = null; - - /** - * @throws IOException - * @throws JsonSyntaxException - * @throws JsonIOException - * @throws java.lang.Exception - */ - @Before - public void setUp() throws JsonIOException, JsonSyntaxException, IOException{ - JsonParser parser = new JsonParser(); - JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject(); - JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(hs384Url.openStream()))).getAsJsonObject(); - claims = new JwtClaims(claimsObject); - header = new JwtHeader(headerObject); - jwt = new Jwt(header, claims, null); - - } - - /** - * @throws java.lang.Exception - */ - @After - public void tearDown(){ - } - - @Test - public void testHmacSigner384() throws Exception { - setUp(); - HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret"); - jwt = hmac.sign(jwt); - assertEquals(hmac.verify(jwt.toString()), true); - } - -} diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac512Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac512Test.java deleted file mode 100644 index d4b06049e..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac512Test.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.mitre.jwt.signer.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class Hmac512Test { - - URL claimsUrl = this.getClass().getResource("/jwt/claims"); - URL hs512Url = this.getClass().getResource("/jwt/hs512"); - - Jwt jwt = null; - JwtClaims claims = null; - JwtHeader header = null; - - /** - * @throws IOException - * @throws JsonSyntaxException - * @throws JsonIOException - * @throws java.lang.Exception - */ - @Before - public void setUp() throws JsonIOException, JsonSyntaxException, IOException{ - JsonParser parser = new JsonParser(); - JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject(); - JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(hs512Url.openStream()))).getAsJsonObject(); - claims = new JwtClaims(claimsObject); - header = new JwtHeader(headerObject); - jwt = new Jwt(header, claims, null); - - } - - /** - * @throws java.lang.Exception - */ - @After - public void tearDown(){ - } - - @Test - public void testHmacSigner512() throws Exception { - setUp(); - HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret"); - jwt = hmac.sign(jwt); - assertEquals(hmac.verify(jwt.toString()), true); - } - -} diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/PlaintextSignerTest.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/PlaintextSignerTest.java deleted file mode 100644 index f67a9e476..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/PlaintextSignerTest.java +++ /dev/null @@ -1,67 +0,0 @@ -package org.mitre.jwt.signer.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; -import java.security.NoSuchAlgorithmException; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class PlaintextSignerTest{ - - URL claimsUrl = this.getClass().getResource("/jwt/claims"); - URL plaintextUrl = this.getClass().getResource("/jwt/plaintext"); - Jwt jwt = null; - JwtClaims claims = null; - JwtHeader header = null; - - /** - * @throws IOException - * @throws JsonSyntaxException - * @throws JsonIOException - * @throws java.lang.Exception - */ - @Before - public void setUp() throws JsonIOException, JsonSyntaxException, IOException { - JsonParser parser = new JsonParser(); - JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject(); - JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(plaintextUrl.openStream()))).getAsJsonObject(); - claims = new JwtClaims(claimsObject); - header = new JwtHeader(headerObject); - jwt = new Jwt(header, claims, null); - } - - /** - * @throws java.lang.Exception - */ - @After - public void tearDown() { - } - - @Test - public void testPlaintextSigner() throws JsonIOException, JsonSyntaxException, IOException, NoSuchAlgorithmException { - setUp(); - PlaintextSigner plaintext = new PlaintextSigner(); - jwt = plaintext.sign(jwt); - assertEquals(plaintext.verify(jwt.toString()), true); - } - -} diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java deleted file mode 100644 index 9451a1afd..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.mitre.jwt.signer.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; -import org.mitre.jwt.signer.JwsAlgorithm; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class Rsa256Test{ - - - URL claimsUrl = this.getClass().getResource("/jwt/claims"); - URL rs256Url = this.getClass().getResource("/jwt/rs256"); - - Jwt jwt = null; - JwtClaims claims = null; - JwtHeader header = null; - KeyPairGenerator keyGen; - KeyPair keyPair; - PublicKey publicKey; - PrivateKey privateKey; - - /** - * @throws IOException - * @throws JsonSyntaxException - * @throws JsonIOException - * @throws java.lang.Exception - */ - @Before - public void setUp() throws JsonIOException, JsonSyntaxException, IOException{ - JsonParser parser = new JsonParser(); - JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject(); - JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(rs256Url.openStream()))).getAsJsonObject(); - claims = new JwtClaims(claimsObject); - header = new JwtHeader(headerObject); - jwt = new Jwt(header, claims, null); - } - - /** - * @throws java.lang.Exception - */ - @After - public void tearDown(){ - } - - @Test - public void testRsaSigner256() throws Exception { - - keyGen = KeyPairGenerator.getInstance("RSA"); - keyPair = keyGen.generateKeyPair(); - publicKey = keyPair.getPublic(); - privateKey = keyPair.getPrivate(); - RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS256.getJwaName(), publicKey, privateKey); - jwt = rsa.sign(jwt); - assertEquals(rsa.verify(jwt.toString()), true); - - } - -} \ No newline at end of file diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java deleted file mode 100644 index cd93f669c..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.mitre.jwt.signer.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; -import org.mitre.jwt.signer.JwsAlgorithm; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class Rsa384Test { - - URL claimsUrl = this.getClass().getResource("/jwt/claims"); - URL rs384Url = this.getClass().getResource("/jwt/rs384"); - - Jwt jwt = null; - JwtClaims claims = null; - JwtHeader header = null; - KeyPairGenerator keyGen; - KeyPair keyPair; - PublicKey publicKey; - PrivateKey privateKey; - - /** - * @throws IOException - * @throws JsonSyntaxException - * @throws JsonIOException - * @throws java.lang.Exception - */ - @Before - public void setUp() throws JsonIOException, JsonSyntaxException, IOException{ - JsonParser parser = new JsonParser(); - JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject(); - JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(rs384Url.openStream()))).getAsJsonObject(); - claims = new JwtClaims(claimsObject); - header = new JwtHeader(headerObject); - jwt = new Jwt(header, claims, null); - } - - /** - * @throws java.lang.Exception - */ - @After - public void tearDown(){ - } - - @Test - public void testRsaSigner384() throws Exception{ - setUp(); - keyGen = KeyPairGenerator.getInstance("RSA"); - keyPair = keyGen.generateKeyPair(); - publicKey = keyPair.getPublic(); - privateKey = keyPair.getPrivate(); - RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS384.getJwaName(), publicKey, privateKey); - jwt = rsa.sign(jwt); - assertEquals(rsa.verify(jwt.toString()), true); - - } - -} diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java deleted file mode 100644 index 2b7219521..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.mitre.jwt.signer.impl; - -import static org.junit.Assert.assertEquals; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URL; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.model.JwtClaims; -import org.mitre.jwt.model.JwtHeader; -import org.mitre.jwt.signer.JwsAlgorithm; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class Rsa512Test { - - URL claimsUrl = this.getClass().getResource("/jwt/claims"); - URL rs512Url = this.getClass().getResource("/jwt/rs512"); - - Jwt jwt = null; - JwtClaims claims = null; - JwtHeader header = null; - KeyPairGenerator keyGen; - KeyPair keyPair; - PublicKey publicKey; - PrivateKey privateKey; - - /** - * @throws IOException - * @throws JsonSyntaxException - * @throws JsonIOException - * @throws java.lang.Exception - */ - @Before - public void setUp() throws JsonIOException, JsonSyntaxException, IOException{ - JsonParser parser = new JsonParser(); - JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject(); - JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(rs512Url.openStream()))).getAsJsonObject(); - claims = new JwtClaims(claimsObject); - header = new JwtHeader(headerObject); - jwt = new Jwt(header, claims, null); - } - - /** - * @throws java.lang.Exception - */ - @After - public void tearDown(){ - } - - @Test - public void testRsaSigner512() throws Exception{ - setUp(); - keyGen = KeyPairGenerator.getInstance("RSA"); - keyPair = keyGen.generateKeyPair(); - publicKey = keyPair.getPublic(); - privateKey = keyPair.getPrivate(); - RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS512.getJwaName(), publicKey, privateKey); - jwt = rsa.sign(jwt); - assertEquals(rsa.verify(jwt.toString()), true); - - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java deleted file mode 100644 index c42fbc605..000000000 --- a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java +++ /dev/null @@ -1,287 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.jwt; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.junit.Assert.assertThat; - -import java.io.UnsupportedEncodingException; -import java.math.BigInteger; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.cert.X509Certificate; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; -import java.util.Date; - -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.x509.X509V3CertificateGenerator; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.encryption.impl.KeyStore; -import org.mitre.jwt.model.Jwt; -import org.mitre.jwt.signer.JwsAlgorithm; -import org.mitre.jwt.signer.JwtSigner; -import org.mitre.jwt.signer.impl.HmacSigner; -import org.mitre.jwt.signer.impl.PlaintextSigner; -import org.mitre.jwt.signer.impl.RsaSigner; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -@SuppressWarnings("deprecation") -// BC sez X509V3CertificateGenerator is deprecated and the docs say to use -// another, but it seemingly isn't included jar... -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class JwtTest { - - @Autowired - KeyStore keystore; - - @Test - public void testGenerateHmacSignature() { - Jwt jwt = new Jwt(); - jwt.getHeader().setType("JWT"); - jwt.getHeader().setAlgorithm("HS256"); - jwt.getClaims().setExpiration(new Date(1300819380L * 1000L)); - jwt.getClaims().setIssuer("joe"); - jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE); - - byte[] key = null; - JwtSigner signer; - - // sign it - try { - key = "secret".getBytes("UTF-8"); - - signer = new HmacSigner(); - ((HmacSigner) signer).setPassphrase(key); - ((HmacSigner) signer).afterPropertiesSet(); - - signer.sign(jwt); - - /* - * Expected string based on the following structures, serialized exactly - * as follows and base64 encoded: - * - * header: {"typ":"JWT","alg":"HS256"} claims: - * {"exp":1300819380,"iss":"joe","http://example.com/is_root":true} - * - * Expected signature: iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E - */ - String signature = "p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y"; - String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + signature; - - String actual = jwt.toString(); - - assertThat(actual, equalTo(expected)); - assertThat(jwt.getSignature(), equalTo(signature)); - assertThat(signer.verify(actual), equalTo(true)); - - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - /** - * @throws Exception - */ - @Test - public void testGenerateRsaSignature() throws Exception { - - // Hard code the private/public key so as not to depend on it being in - // the keystore... - - RSAPrivateKeySpec privateSpec = new RSAPrivateKeySpec( - new BigInteger( - "AD6E684550542947AD95EF9BACDC0AC2C9168C6EB3212D378C23E5539266111DB2E5B4D42B1E47EB4F7A65DB63D9782C72BC365492FD1E5C7B4CD2174C611668C29013FEDE22619B3F58DA3531BB6C02B3266768B7895CBDAFB3F9AC7A7B2F3DB17EF4DCF03BD2575604BDE0A01BB1FB7B0E733AD63E464DB4D7D89626297A214D7CECCD0C50421A322A01E9DCEA23443F6A9339576B31DFA504A133076394562CB57F3FDEDB26F9A82BED2F6D52D6F6BF8286E2497EF0B5C8456F32B4668F5A9F5FCD3781345DDDB749792C37238A53D18FD976C0C9D1F1E211F1A4A9AAE679C45B92D1741EF0D3C3F373232CE7FB93E9BC461E1C508A20B74E7E3361B3C527", - 16), - new BigInteger( - "627CDD67E75B33EA0990A8F64DEED389942A62EB867C23B274B9F9C440D2078C47089D6D136369D21E5B52B688F8797F3C54D7C1A58B6A8F7851C2C90A4DE42CEFB864328B31191ED19582AD4CA5B38BC0F2E12C9D75BB1DD946AA55A1648D0A4ADEDEED0CDBDBF24EDDF87A345225FBBB0114BCE7E78B831B5CAC197068837AB0B3F07157952A05F67A72B9852972C704B6B32A70C3BB3DEB186936B0F7D6ABE012DEB89BC2DBE1F88AE7A28C06C53D1FB2459E58D8ED266E3BFC28266981D2A5F624D36555DD64F410461ADA5D53F448BA5EEBBD4BCEC3AF53285FB394650D7B3BFB06712E081AAD160EED6E83A3EA2D092712C07A6331209F62D27184BFC9", - 16)); - - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); - - PrivateKey privateKey = keyFactory.generatePrivate(privateSpec); - - RSAPublicKeySpec publicSpec = new RSAPublicKeySpec( - new BigInteger( - "AD6E684550542947AD95EF9BACDC0AC2C9168C6EB3212D378C23E5539266111DB2E5B4D42B1E47EB4F7A65DB63D9782C72BC365492FD1E5C7B4CD2174C611668C29013FEDE22619B3F58DA3531BB6C02B3266768B7895CBDAFB3F9AC7A7B2F3DB17EF4DCF03BD2575604BDE0A01BB1FB7B0E733AD63E464DB4D7D89626297A214D7CECCD0C50421A322A01E9DCEA23443F6A9339576B31DFA504A133076394562CB57F3FDEDB26F9A82BED2F6D52D6F6BF8286E2497EF0B5C8456F32B4668F5A9F5FCD3781345DDDB749792C37238A53D18FD976C0C9D1F1E211F1A4A9AAE679C45B92D1741EF0D3C3F373232CE7FB93E9BC461E1C508A20B74E7E3361B3C527", - 16), new BigInteger("10001", 16)); - - PublicKey publicKey = keyFactory.generatePublic(publicSpec); - - Jwt jwt = new Jwt(); - jwt.getHeader().setType("JWT"); - jwt.getHeader().setAlgorithm("RS256"); - jwt.getClaims().setExpiration(new Date(1300819380L * 1000L)); - jwt.getClaims().setIssuer("joe"); - jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE); - - JwtSigner signer = new RsaSigner(JwsAlgorithm.RS256.getJwaName(), publicKey, privateKey); - ((RsaSigner) signer).afterPropertiesSet(); - - /* - * Expected string based on the following structures, serialized exactly - * as follows and base64 encoded: - * - * header: {"typ":"JWT","alg":"HS256"} claims: - * {"exp":1300819380,"iss":"joe","http://example.com/is_root":true} - * - * Expected signature: dSRvtD-ExzGN- - * fRXd1wRZOPo1JFPuqgwvaIKp8jgcyMXJegy6IUjssfUfUcICN5yvh0ggOMWMeWkwQ7 - * -PlXMJWymdhXVI3BOpNt7ZOB2vMFYSOOHNBJUunQoe1lmNxuHQdhxqoHahn3u1cLDXz - * -xx- - * JELduuMmaDWqnTFPodVPl45WBKHaQhlOiFWj3ZClUV2k5p2yBT8TmxekL8gWwgVbQk5yPnYOs - * -PcMjzODc9MZX4yI10ZSCSDciwf- - * rgkQLT7wW4uZCoqTZ7187sCodHd6nw3nghqbtqN05fQ3Yq7ykwaR8pdQBFb2L9l7DhLLuXIREDKIFUHBSUs8OnvXFMg - */ - - String signature = "dSRvtD-ExzGN-fRXd1wRZOPo1JFPuqgwvaIKp8jgcyMXJegy6IUjssfUfUcICN5yvh0ggOMWMeWkwQ7-PlXMJWymdhXVI3BOpNt7ZOB2vMFYSOOHNBJUunQoe1lmNxuHQdhxqoHahn3u1cLDXz-xx-JELduuMmaDWqnTFPodVPl45WBKHaQhlOiFWj3ZClUV2k5p2yBT8TmxekL8gWwgVbQk5yPnYOs-PcMjzODc9MZX4yI10ZSCSDciwf-rgkQLT7wW4uZCoqTZ7187sCodHd6nw3nghqbtqN05fQ3Yq7ykwaR8pdQBFb2L9l7DhLLuXIREDKIFUHBSUs8OnvXFMg"; - String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + "." + signature; - - signer.sign(jwt); - - String actual = jwt.toString(); - - assertThat(signer.verify(actual), equalTo(true)); - assertThat(actual, equalTo(expected)); - assertThat(jwt.getSignature(), equalTo(signature)); - } - - @Test - public void testParse() { - String source = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ."; - - Jwt jwt = Jwt.parse(source); - - assertThat(jwt.getHeader().getAlgorithm(), equalTo(JwsAlgorithm.NONE.getJwaName())); - assertThat(jwt.getClaims().getIssuer(), equalTo("joe")); - assertThat(jwt.getClaims().getExpiration(), equalTo(new Date(1300819380L * 1000L))); - assertThat((Boolean) jwt.getClaims().getClaim("http://example.com/is_root"), equalTo(Boolean.TRUE)); - - } - - @Test - public void testToStringPlaintext() throws NoSuchAlgorithmException { - Jwt jwt = new Jwt(); - jwt.getHeader().setAlgorithm("none"); - jwt.getClaims().setExpiration(new Date(1300819380L * 1000L)); - jwt.getClaims().setIssuer("joe"); - jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE); - - // sign it with a blank signature - JwtSigner signer = new PlaintextSigner(); - signer.sign(jwt); - - /* - * Expected string based on the following structures, serialized exactly - * as follows and base64 encoded: - * - * header: {"alg":"none"} claims: - * {"exp":1300819380,"iss":"joe","http://example.com/is_root":true} - */ - String expected = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ."; - - String actual = jwt.toString(); - - assertThat(actual, equalTo(expected)); - - } - - @Test - public void testValidateHmacSignature() { - - byte[] key = null; - JwtSigner signer; - - // sign it - try { - key = "secret".getBytes("UTF-8"); - - signer = new HmacSigner(); - ((HmacSigner) signer).setPassphrase(key); - ((HmacSigner) signer).afterPropertiesSet(); - - /* - * Token string based on the following structures, serialized exactly as - * follows and base64 encoded: - * - * header: {"typ":"JWT","alg":"HS256"} claims: - * {"exp":1300819380,"iss":"joe","http://example.com/is_root":true} - * - * Python script to generate signature: - * - * import hashlib - * import hmac - * import base64 - * - * m = hmac.new('secret', 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ', hashlib.sha256) - * base64.urlsafe_b64encode(m.digest()) - * - * Expected signature: p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y - */ - String jwtString = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y"; - - boolean valid = signer.verify(jwtString); - - assertThat(valid, equalTo(Boolean.TRUE)); - - } catch (UnsupportedEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - - /** - * Creates a certificate. - * - * @param commonName - * @param daysNotValidBefore - * @param daysNotValidAfter - * @return - */ - public static X509V3CertificateGenerator createCertificate( - String commonName, int daysNotValidBefore, int daysNotValidAfter) { - // BC sez X509V3CertificateGenerator is deprecated and the docs say to - // use another, but it seemingly isn't included jar... - X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); - - v3CertGen - .setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); - v3CertGen.setIssuerDN(new X509Principal("CN=" + commonName - + ", OU=None, O=None L=None, C=None")); - v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - - (1000L * 60 * 60 * 24 * daysNotValidBefore))); - v3CertGen.setNotAfter(new Date(System.currentTimeMillis() - + (1000L * 60 * 60 * 24 * daysNotValidAfter))); - v3CertGen.setSubjectDN(new X509Principal("CN=" + commonName - + ", OU=None, O=None L=None, C=None")); - return v3CertGen; - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java b/openid-connect-server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java deleted file mode 100644 index 00e0ce8fd..000000000 --- a/openid-connect-server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java +++ /dev/null @@ -1,203 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.jwt.signer.service.impl; - -import static org.hamcrest.CoreMatchers.not; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.Date; - -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.x509.X509V3CertificateGenerator; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.encryption.impl.KeyStore; -import org.mitre.jwt.signer.impl.RsaSigner; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -@SuppressWarnings("deprecation") -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { "classpath:test-context.xml" }) -public class KeyStoreTest { - - @Autowired - @Qualifier("testKeystore") - KeyStore keystore; - - static final String PROVIDER = "BC"; - - static { - Security.addProvider(new BouncyCastleProvider()); - } - - /** - * Creates a certificate. - * - * @param commonName - * @param daysNotValidBefore - * @param daysNotValidAfter - * @return - */ - public static X509V3CertificateGenerator createCertificate( - String commonName, int daysNotValidBefore, int daysNotValidAfter) { - // BC sez X509V3CertificateGenerator is deprecated and the docs say to - // use another, but it seemingly isn't included jar... - X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); - - v3CertGen - .setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); - v3CertGen.setIssuerDN(new X509Principal("CN=" + commonName - + ", OU=None, O=None L=None, C=None")); - v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - - (1000L * 60 * 60 * 24 * daysNotValidBefore))); - v3CertGen.setNotAfter(new Date(System.currentTimeMillis() - + (1000L * 60 * 60 * 24 * daysNotValidAfter))); - v3CertGen.setSubjectDN(new X509Principal("CN=" + commonName - + ", OU=None, O=None L=None, C=None")); - return v3CertGen; - } - - /** - * Create an RSA KeyPair and insert into specified KeyStore - * - * @param location - * @param domainName - * @param alias - * @param keystorePassword - * @param aliasPassword - * @param daysNotValidBefore - * @param daysNotValidAfter - * @return - * @throws GeneralSecurityException - * @throws IOException - */ - public static java.security.KeyStore generateKeyPair(KeyStore keystore, - String keyPairAlgorithm, int keySize, String signatureAlgorithm, - String domainName, String alias, String aliasPassword, - int daysNotValidBefore, int daysNotValidAfter) - throws GeneralSecurityException, IOException { - - java.security.KeyStore ks; - - if (keystore != null ) { - ks = keystore.getKeystore(); - } else { - ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); - ks.load(null, null); - } - - KeyPairGenerator rsaKeyPairGenerator = null; - - rsaKeyPairGenerator = KeyPairGenerator.getInstance(keyPairAlgorithm); - - rsaKeyPairGenerator.initialize(keySize); - KeyPair rsaKeyPair = rsaKeyPairGenerator.generateKeyPair(); - - // BC sez X509V3CertificateGenerator is deprecated and the docs say to - // use another, but it seemingly isn't included jar... - X509V3CertificateGenerator v3CertGen = createCertificate(domainName, - daysNotValidBefore, daysNotValidAfter); - - PrivateKey privateKey = rsaKeyPair.getPrivate(); - - v3CertGen.setPublicKey(rsaKeyPair.getPublic()); - v3CertGen.setSignatureAlgorithm(signatureAlgorithm); - - // BC docs say to use another, but it seemingly isn't included... - X509Certificate certificate = v3CertGen - .generateX509Certificate(privateKey); - - // if exist, overwrite - ks.setKeyEntry(alias, privateKey, aliasPassword.toCharArray(), - new java.security.cert.Certificate[] { certificate }); - - if (keystore != null) { - keystore.setKeystore(ks); - } - - return ks; - } - - @Test - public void storeRsaKeyPair() throws GeneralSecurityException, IOException { - - java.security.KeyStore ks = null; - - try { - ks = KeyStoreTest.generateKeyPair(keystore, - RsaSigner.KEYPAIR_ALGORITHM, 2048, - "SHA256WithRSAEncryption", "OpenID Connect Server", - "rsa", RsaSigner.DEFAULT_PASSWORD, 30, 365); - - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - assertThat(ks, not(nullValue())); - } - - @Test - public void readKey() throws GeneralSecurityException { - - Key key = keystore.getKeystore().getKey("rsa", - KeyStore.PASSWORD.toCharArray()); - - assertThat(key, not(nullValue())); - } - - /** - * Saves the keystore for future use. - * - * @param keystore - * @param path - * @param password - * @throws GeneralSecurityException - * @throws IOException - */ - public static void persistKeystoreToFile(final java.security.KeyStore keystore, - final String path, final String password) throws GeneralSecurityException, - IOException { - - FileOutputStream fos = new FileOutputStream(new File(path)); - try { - keystore.store(fos, password.toCharArray()); - System.out.println("Wrote keystore to " + path); - } finally { - fos.close(); - } - } - -}