Added tests for DefaultJwtEncryptionAndDecryptionService

2014-07-02 12:06:44 -04:00 · 2014-07-02 12:06:44 -04:00 · e1b4df74f0
parent 5223d88e0a
commit e1b4df74f0
1 changed files with 222 additions and 10 deletions
--- a/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java
+++ b/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java
@ -19,14 +19,18 @@ package org.mitre.jwt.encryption.service.impl;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.text.ParseException;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import org.junit.Before;
 import org.junit.Test;
 import org.mitre.jose.keystore.JWKSetKeyStore;
 import com.google.common.collect.ImmutableMap;
 import com.nimbusds.jose.EncryptionMethod;
@ -35,17 +39,23 @@ import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWEHeader;
 import com.nimbusds.jose.JWEObject;
 import com.nimbusds.jose.jwk.JWK;
-import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.util.Base64URL;
 import com.nimbusds.jose.util.JSONObjectUtils;
 import com.nimbusds.jwt.EncryptedJWT;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
 /**
 * @author wkim
 * @author tsitkov
 *
 */
 public class TestDefaultJwtEncryptionAndDecryptionService {
 	private String plainText = "The true sign of intelligence is not knowledge but imagination.";
@ -83,30 +93,80 @@ public class TestDefaultJwtEncryptionAndDecryptionService {
 					"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
 					KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null);
-	// AES key wrap not yet tested
+	private String RSAkid_2 = "rsa3210";
-	//	private String AESkid = "aes123";
+	private JWK RSAjwk_2 = new RSAKey(
-	//	private JWK AESjwk = new OctetSequenceKey(new Base64URL("GawgguFyGrWKav7AX4VKUg"), Use.ENCRYPTION, JWEAlgorithm.A128KW, AESkid);
+			new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
-	//
+			"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
-	//	private Map<String, JWK> keys = new ImmutableMap.Builder<String, JWK>().
+			"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
-	//			put(RSAkid, RSAjwk).put(AESkid, AESjwk).build();
+			"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
 			"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
 			"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
 			new Base64URL("AQAB"), // e
 			new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
 					"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
 					"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
 					"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
 					"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
 					"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
 					KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_2, null, null, null);
-	private Map<String, JWK> keys = new ImmutableMap.Builder<String, JWK>().
+	private String AESkid = "aes123";
-			put(RSAkid, RSAjwk).build();
+	private JWK AESjwk = new OctetSequenceKey( new Base64URL("GawgguFyGrWKav7AX4VKUg"),
 			KeyUse.ENCRYPTION, null, JWEAlgorithm.A128KW,
 			AESkid, null, null, null);
 	private Map<String, JWK> keys = new ImmutableMap.Builder<String, JWK>()
 			.put(RSAkid, RSAjwk)
 			.build();
 	private Map<String, JWK> keys_2 = new ImmutableMap.Builder<String, JWK>()
 			.put(RSAkid, RSAjwk)
 			.put(RSAkid_2, RSAjwk_2)
 			.build();
 	private Map<String, JWK> keys_3 = new ImmutableMap.Builder<String, JWK>()
 			.put(AESkid, AESjwk)
 			.build();
 	private Map<String, JWK> keys_4= new ImmutableMap.Builder<String, JWK>()
 			.put(RSAkid, RSAjwk)
 			.put(RSAkid_2, RSAjwk_2)
 			.put(AESkid, AESjwk)
 			.build();
 	private List<JWK> keys_list = new LinkedList<JWK>();
 	private DefaultJwtEncryptionAndDecryptionService service;
 	private DefaultJwtEncryptionAndDecryptionService service_2;
 	private DefaultJwtEncryptionAndDecryptionService service_3;
 	private DefaultJwtEncryptionAndDecryptionService service_4;
 	private DefaultJwtEncryptionAndDecryptionService service_ks;			
 	@Before
 	public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
 		service = new DefaultJwtEncryptionAndDecryptionService(keys);
 		service_2 = new DefaultJwtEncryptionAndDecryptionService(keys_2);
 		service_3 = new DefaultJwtEncryptionAndDecryptionService(keys_3);
 		service_4 = new DefaultJwtEncryptionAndDecryptionService(keys_4);
 		claimsSet.setIssuer(issuer);
 		claimsSet.setSubject(subject);
 		// Key Store
 		keys_list.add(RSAjwk);
 		keys_list.add(AESjwk);
 		JWKSet jwkSet = new JWKSet(keys_list);
 		JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
 		service_ks = new DefaultJwtEncryptionAndDecryptionService(keyStore);
 	}
 	@Test
 	public void decrypt_RSA() throws ParseException {
-
+		
 		service.setDefaultDecryptionKeyId(RSAkid);
 		service.setDefaultEncryptionKeyId(RSAkid);
@ -120,12 +180,16 @@ public class TestDefaultJwtEncryptionAndDecryptionService {
 		assertEquals(plainText, result);
 	}
 	@Test
 	public void encryptThenDecrypt_RSA() throws ParseException {
 		service.setDefaultDecryptionKeyId(RSAkid);
 		service.setDefaultEncryptionKeyId(RSAkid);
 		assertEquals(RSAkid,service.getDefaultEncryptionKeyId());
 		assertEquals(RSAkid,service.getDefaultDecryptionKeyId());
 		JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A256GCM);
 		EncryptedJWT jwt = new EncryptedJWT(header, claimsSet);
@ -143,4 +207,152 @@ public class TestDefaultJwtEncryptionAndDecryptionService {
 		assertEquals(claimsSet.getSubject(), resultClaims.getSubject());
 	}
 	// The same as encryptThenDecrypt_RSA() but relies on the key from the map
 	@Test
 	public void encryptThenDecrypt_nullID() throws ParseException { 
 		service.setDefaultDecryptionKeyId(null);
 		service.setDefaultEncryptionKeyId(null);
 		assertEquals(RSAkid,service.getDefaultEncryptionKeyId());
 		assertEquals(RSAkid,service.getDefaultDecryptionKeyId());
 		JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A256GCM);
 		EncryptedJWT jwt = new EncryptedJWT(header, claimsSet);
 		service.encryptJwt(jwt);
 		String serialized = jwt.serialize();
 		EncryptedJWT encryptedJwt = EncryptedJWT.parse(serialized);
 		assertThat(encryptedJwt.getJWTClaimsSet(), nullValue());
 		service.decryptJwt(encryptedJwt);
 		ReadOnlyJWTClaimsSet resultClaims = encryptedJwt.getJWTClaimsSet();
 		assertEquals(claimsSet.getIssuer(), resultClaims.getIssuer());
 		assertEquals(claimsSet.getSubject(), resultClaims.getSubject());
 	}
 	@Test(expected=IllegalStateException.class)
 	public void encrypt_nullID_oneKey() {
 		service_2.setDefaultEncryptionKeyId(null);
 		assertEquals(null, service_2.getDefaultEncryptionKeyId());
 		JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A256GCM);
 		EncryptedJWT jwt = new EncryptedJWT(header, claimsSet);
 		service_2.encryptJwt(jwt);
 		assertEquals(null, service_2.getDefaultEncryptionKeyId());
 	}
 	@Test(expected=IllegalStateException.class)
 	public void decrypt_nullID() throws ParseException {
 		service_2.setDefaultEncryptionKeyId(RSAkid);
 		service_2.setDefaultDecryptionKeyId(null);
 		assertEquals(RSAkid, service_2.getDefaultEncryptionKeyId());
 		assertEquals(null, service_2.getDefaultDecryptionKeyId());
 		JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A256GCM);
 		EncryptedJWT jwt = new EncryptedJWT(header, claimsSet);
 		service_2.encryptJwt(jwt);
 		String serialized = jwt.serialize();
 		EncryptedJWT encryptedJwt = EncryptedJWT.parse(serialized);
 		assertThat(encryptedJwt.getJWTClaimsSet(), nullValue());
 		assertEquals(null, service_2.getDefaultDecryptionKeyId());
 		service_2.decryptJwt(encryptedJwt);
 	}
 	@Test
 	public void setThenGetDefAlg() throws ParseException {
 		service.setDefaultAlgorithm(JWEAlgorithm.A128KW);
 		assertEquals(JWEAlgorithm.A128KW, service.getDefaultAlgorithm());
 		service.setDefaultAlgorithm(JWEAlgorithm.RSA_OAEP);
 		assertEquals(JWEAlgorithm.RSA_OAEP, service.getDefaultAlgorithm());
 	}
 	@Test
 	public void runAfterPropertiesSet() throws NoSuchAlgorithmException,
 						InvalidKeySpecException, JOSEException {
 		// TODO : Need more meaningful test here
 		service.afterPropertiesSet();
 	}
 	@Test
 	public void getAllPubKeys() throws ParseException { 
 		Map<String,JWK> keys2check = service_2.getAllPublicKeys();
 		assertEquals(
 			JSONObjectUtils.getString(RSAjwk.toPublicJWK().toJSONObject(), "e"),
 			JSONObjectUtils.getString(keys2check.get(RSAkid).toJSONObject(), "e")
 			);
 		assertEquals(
 			JSONObjectUtils.getString(RSAjwk_2.toPublicJWK().toJSONObject(), "e"),
 			JSONObjectUtils.getString(keys2check.get(RSAkid_2).toJSONObject(), "e")
 			);	
 		assertTrue(service_3.getAllPublicKeys().isEmpty());
 	}
 	@Test
 	public void getAllCryptoAlgsSupported() throws ParseException { 
 		assertTrue(service_4.getAllEncryptionAlgsSupported().contains(JWEAlgorithm.RSA_OAEP));
 		assertTrue(service_4.getAllEncryptionAlgsSupported().contains(JWEAlgorithm.RSA1_5));
 		assertTrue(service_4.getAllEncryptionAlgsSupported().contains(JWEAlgorithm.DIR));
 		assertTrue(service_4.getAllEncryptionEncsSupported().contains(EncryptionMethod.A128CBC_HS256));
 		assertTrue(service_4.getAllEncryptionEncsSupported().contains(EncryptionMethod.A128GCM));
 		assertTrue(service_4.getAllEncryptionEncsSupported().contains(EncryptionMethod.A192CBC_HS384));
 		assertTrue(service_4.getAllEncryptionEncsSupported().contains(EncryptionMethod.A192GCM));
 		assertTrue(service_4.getAllEncryptionEncsSupported().contains(EncryptionMethod.A256GCM));
 		assertTrue(service_4.getAllEncryptionEncsSupported().contains(EncryptionMethod.A256CBC_HS512));
 		assertTrue(service_ks.getAllEncryptionAlgsSupported().contains(JWEAlgorithm.RSA_OAEP));
 		assertTrue(service_ks.getAllEncryptionAlgsSupported().contains(JWEAlgorithm.RSA1_5));
 		assertTrue(service_ks.getAllEncryptionAlgsSupported().contains(JWEAlgorithm.DIR));
 		assertTrue(service_ks.getAllEncryptionEncsSupported().contains(EncryptionMethod.A128CBC_HS256));
 		assertTrue(service_ks.getAllEncryptionEncsSupported().contains(EncryptionMethod.A128GCM));
 		assertTrue(service_ks.getAllEncryptionEncsSupported().contains(EncryptionMethod.A192CBC_HS384));
 		assertTrue(service_ks.getAllEncryptionEncsSupported().contains(EncryptionMethod.A192GCM));
 		assertTrue(service_ks.getAllEncryptionEncsSupported().contains(EncryptionMethod.A256GCM));
 		assertTrue(service_ks.getAllEncryptionEncsSupported().contains(EncryptionMethod.A256CBC_HS512));		
 	}
 	@Test
 	public void getDefaultCryptoKeyId() throws ParseException {
 		// Test set/getDefaultEn/DecryptionKeyId
 		assertEquals(null, service_4.getDefaultEncryptionKeyId());
 		assertEquals(null, service_4.getDefaultDecryptionKeyId());		
 		service_4.setDefaultEncryptionKeyId(RSAkid);
 		service_4.setDefaultDecryptionKeyId(AESkid);
 		assertEquals(RSAkid, service_4.getDefaultEncryptionKeyId());
 		assertEquals(AESkid, service_4.getDefaultDecryptionKeyId());
 		assertEquals(null, service_ks.getDefaultEncryptionKeyId());
 		assertEquals(null, service_ks.getDefaultDecryptionKeyId());		
 		service_ks.setDefaultEncryptionKeyId(RSAkid);
 		service_ks.setDefaultDecryptionKeyId(AESkid);
 		assertEquals( RSAkid, service_ks.getDefaultEncryptionKeyId()) ;
 		assertEquals(AESkid, service_ks.getDefaultDecryptionKeyId());
 	}
 }