github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added testing for signers for Hmac, Rsa, and Plaintext

pull/105/merge
Mike Derryberry 2012-06-07 14:28:09 -04:00
parent ee28d56031
commit fad6caa968
26 changed files with 609 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java
View File

@ -133,7 +133,7 @@ public class Jwt {
return h64 + "." + c64;
}
/**
* Parse a wire-encoded JWT
*/

1
openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java
View File

@ -25,7 +25,6 @@ import java.util.Map.Entry;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
public class JwtClaims extends ClaimSet {

8
openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java
View File

@ -15,6 +15,7 @@
******************************************************************************/
package org.mitre.jwt.signer;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import org.mitre.jwt.model.Jwt;
@ -52,9 +53,10 @@ public abstract class AbstractJwtSigner implements JwtSigner {
*
* @param jwt the jwt to sign
* @return the signed jwt
* @throws NoSuchAlgorithmException
*/
@Override
public Jwt sign(Jwt jwt) {
public Jwt sign(Jwt jwt) throws NoSuchAlgorithmException {
if (!Objects.equal(algorithm, jwt.getHeader().getAlgorithm())) {
// algorithm type doesn't match
// TODO: should this be an error or should we just fix it in the incoming jwt?
@ -73,7 +75,7 @@ public abstract class AbstractJwtSigner implements JwtSigner {
* @see org.mitre.jwt.JwtSigner#verify(java.lang.String)
*/
@Override
public boolean verify(String jwtString) {
public boolean verify(String jwtString) throws NoSuchAlgorithmException {
// split on the dots
List<String> parts = Lists.newArrayList(Splitter.on(".").split(jwtString));
@ -92,5 +94,5 @@ public abstract class AbstractJwtSigner implements JwtSigner {
}
protected abstract String generateSignature(String signatureBase);
protected abstract String generateSignature(String signatureBase) throws NoSuchAlgorithmException;
}

6
openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java
View File

@ -15,12 +15,14 @@
******************************************************************************/
package org.mitre.jwt.signer;
import java.security.NoSuchAlgorithmException;
import org.mitre.jwt.model.Jwt;
public interface JwtSigner {
public Jwt sign(Jwt jwt);
public Jwt sign(Jwt jwt) throws NoSuchAlgorithmException;
public boolean verify(String jwtString);
public boolean verify(String jwtString) throws NoSuchAlgorithmException;
}

17
openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java
View File

@ -134,23 +134,24 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
* )
*/
@Override
public String generateSignature(String signatureBase) {
public String generateSignature(String signatureBase) throws NoSuchAlgorithmException {
Mac _mac = getMac();
if (passphrase == null) {
throw new IllegalArgumentException("Passphrase cannot be null");
}
try {
mac.init(new SecretKeySpec(getPassphrase().getBytes(), mac
_mac.init(new SecretKeySpec(getPassphrase().getBytes(), mac
.getAlgorithm()));
mac.update(signatureBase.getBytes("UTF-8"));
_mac.update(signatureBase.getBytes("UTF-8"));
} catch (GeneralSecurityException e) {
logger.error(e);
} catch (UnsupportedEncodingException e) {
logger.error(e);
}
byte[] sigBytes = mac.doFinal();
byte[] sigBytes = _mac.doFinal();
String sig = new String(Base64.encodeBase64URLSafe(sigBytes));
@ -171,6 +172,14 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
public void setPassphrase(String passphrase) {
this.passphrase = passphrase;
}
private Mac getMac() throws NoSuchAlgorithmException {
if(mac == null){
mac = Mac.getInstance(JwsAlgorithm.getByName(super.getAlgorithm())
.getStandardName());
}
return mac;
}
/*
* (non-Javadoc)

17
openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java
View File

@ -18,6 +18,7 @@ package org.mitre.jwt.signer.impl;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
@ -173,15 +174,16 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean {
* )
*/
@Override
public String generateSignature(String signatureBase) {
public String generateSignature(String signatureBase) throws NoSuchAlgorithmException {
String sig = null;
Signature _signer = getSigner();
try {
signer.initSign(privateKey);
signer.update(signatureBase.getBytes("UTF-8"));
_signer.initSign(privateKey);
_signer.update(signatureBase.getBytes("UTF-8"));
byte[] sigBytes = signer.sign();
byte[] sigBytes = _signer.sign();
sig = (new String(Base64.encodeBase64URLSafe(sigBytes))).replace("=", "");
} catch (GeneralSecurityException e) {
@ -228,6 +230,13 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean {
public void setPrivateKey(RSAPrivateKey privateKey) {
this.privateKey = privateKey;
}
private Signature getSigner() throws NoSuchAlgorithmException{
if(signer == null){
signer = Signature.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName());
}
return signer;
}
/*
* (non-Javadoc)

7
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java
View File

@ -15,6 +15,7 @@
******************************************************************************/
package org.mitre.jwt.signer.service;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.List;
import java.util.Map;
@ -59,8 +60,9 @@ public interface JwtSigningAndValidationService {
* @param jwtString
* the string representation of the JWT as sent on the wire
* @return true if the signature is valid, false if not
* @throws NoSuchAlgorithmException
*/
public boolean validateSignature(String jwtString);
public boolean validateSignature(String jwtString) throws NoSuchAlgorithmException;
/**
* Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
@ -68,8 +70,9 @@ public interface JwtSigningAndValidationService {
*
* @param jwt the jwt to sign
* @return the signed jwt
* @throws NoSuchAlgorithmException
*/
public void signJwt(Jwt jwt);
public void signJwt(Jwt jwt) throws NoSuchAlgorithmException;
/**
* Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified

54
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/AbstractJwtSigningAndValidationService.java Normal file
View File

@ -0,0 +1,54 @@
package org.mitre.jwt.signer.service.impl;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.Map;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
public abstract class AbstractJwtSigningAndValidationService implements JwtSigningAndValidationService{
/**
* Return the JwtSigners associated with this service
*
* @return
*/
public abstract Map<String, ? extends JwtSigner> getSigners();
@Override
public boolean isJwtExpired(Jwt jwt) {
Date expiration = jwt.getClaims().getExpiration();
if (expiration != null)
return new Date().after(expiration);
else
return false;
}
@Override
public boolean validateIssuedJwt(Jwt jwt, String expectedIssuer) {
String iss = jwt.getClaims().getIssuer();
if (iss.equals(expectedIssuer))
return true;
return false;
}
@Override
public boolean validateSignature(String jwtString) throws NoSuchAlgorithmException {
for (JwtSigner signer : getSigners().values()) {
if (signer.verify(jwtString))
return true;
}
return false;
}
}

146
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DynamicJwtSigningAndValidationService.java Normal file
View File

@ -0,0 +1,146 @@
package org.mitre.jwt.signer.service.impl;
import java.io.File;
import java.net.URL;
import java.security.Key;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Map;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.HmacSigner;
import org.mitre.jwt.signer.impl.PlaintextSigner;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.mitre.util.Utility;
public class DynamicJwtSigningAndValidationService extends AbstractJwtSigningAndValidationService{
private String x509SigningUrl;
private String jwkSigningUrl;
private String clientSecret;
private Key signingKey;
private Map<String, PublicKey> map;
private PublicKey publicKey;
private Map<String, ? extends JwtSigner> signers;
private String signingAlgorithm;
public DynamicJwtSigningAndValidationService(String x509SigningUrl, String jwkSigningUrl, String clientSecret) throws Exception {
setX509SigningUrl(x509SigningUrl);
setJwkSigningUrl(jwkSigningUrl);
setClientSecret(clientSecret);
}
public Key getSigningKey() throws Exception {
if(signingKey == null){
if(x509SigningUrl != null){
File file = new File(x509SigningUrl);
URL url = file.toURI().toURL();
signingKey = Utility.retrieveX509Key(url);
}
else if (jwkSigningUrl != null){
File file = new File(jwkSigningUrl);
URL url = file.toURI().toURL();
signingKey = Utility.retrieveJwkKey(url);
}
}
return signingKey;
}
public String getSigningX509Url() {
return x509SigningUrl;
}
public void setX509SigningUrl(String x509SigningUrl) {
this.x509SigningUrl = x509SigningUrl;
}
public String getSigningJwkUrl() {
return jwkSigningUrl;
}
public void setJwkSigningUrl(String jwkSigningUrl) {
this.jwkSigningUrl = jwkSigningUrl;
}
public String getClientSecret() {
return clientSecret;
}
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
@Override
public Map<String, PublicKey> getAllPublicKeys() {
if(publicKey != null){
//check to make sure key isn't null, return map
map.put(((RSAPublicKey) publicKey).getModulus()
.toString(16).toUpperCase()
+ ((RSAPublicKey) publicKey).getPublicExponent()
.toString(16).toUpperCase(), publicKey);
}
return map;
}
@Override
public void signJwt(Jwt jwt) {
// TODO Auto-generated method stub
throw new UnsupportedOperationException();
}
@Override
public Map<String, ? extends JwtSigner> getSigners() {
// TODO Auto-generated method stub
signers = new HashMap<String, JwtSigner>();
return signers;
}
@Override
public boolean validateSignature(String jwtString) {
try {
JwtSigner signer = getSigner(jwtString);
return signer.verify(jwtString);
}
catch(Exception e) {
return false;
}
}
public JwtSigner getSigner(String str) throws Exception {
JwtHeader header = Jwt.parse(str).getHeader();
String alg = header.getAlgorithm();
JwtSigner signer = null;
if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
signer = new HmacSigner(alg, clientSecret);
}
else if (alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")){
signer = new RsaSigner(alg, (PublicKey) getSigningKey(), null);
}
else if (alg.equals("none")){
signer = new PlaintextSigner();
}
else{
throw new IllegalArgumentException("Not an existing algorithm type");
}
return signer;
}
}

109
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java
View File

@ -15,9 +15,9 @@
******************************************************************************/
package org.mitre.jwt.signer.service.impl;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@ -31,14 +31,13 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
public class JwtSigningAndValidationServiceDefault implements
public class JwtSigningAndValidationServiceDefault extends AbstractJwtSigningAndValidationService implements
JwtSigningAndValidationService, InitializingBean {
@Autowired
private ConfigurationPropertiesBean configBean;
@Autowired ConfigurationPropertiesBean configBean;
// map of identifier to signer
private Map<String, ? extends JwtSigner> signers = new HashMap<String, JwtSigner>();
Map<String, ? extends JwtSigner> signers = new HashMap<String, JwtSigner>();
private static Log logger = LogFactory
.getLog(JwtSigningAndValidationServiceDefault.class);
@ -111,34 +110,6 @@ public class JwtSigningAndValidationServiceDefault implements
return map;
}
/**
* Return the JwtSigners associated with this service
*
* @return
*/
public Map<String, ? extends JwtSigner> getSigners() {
return signers;
}
/*
* (non-Javadoc)
*
* @see
* org.mitre.jwt.signer.service.JwtSigningAndValidationService#isJwtExpired
* (org.mitre.jwt.model.Jwt)
*/
@Override
public boolean isJwtExpired(Jwt jwt) {
Date expiration = jwt.getClaims().getExpiration();
if (expiration != null)
return new Date().after(expiration);
else
return false;
}
/**
* Set the JwtSigners associated with this service
*
@ -158,55 +129,6 @@ public class JwtSigningAndValidationServiceDefault implements
+ "]";
}
/*
* (non-Javadoc)
*
* @see
* org.mitre.jwt.signer.service.JwtSigningAndValidationService#validateIssuedJwt
* (org.mitre.jwt.model.Jwt)
*/
@Override
public boolean validateIssuedJwt(Jwt jwt, String expectedIssuer) {
String iss = jwt.getClaims().getIssuer();
if (iss.equals(expectedIssuer))
return true;
return false;
}
/*
* (non-Javadoc)
*
* @see
* org.mitre.jwt.signer.service.JwtSigningAndValidationService#validateSignature
* (java.lang.String)
*/
@Override
public boolean validateSignature(String jwtString) {
for (JwtSigner signer : signers.values()) {
if (signer.verify(jwtString))
return true;
}
return false;
}
/**
* Sign a jwt in place using the configured default signer.
*/
@Override
public void signJwt(Jwt jwt) {
String signerId = configBean.getDefaultJwtSigner();
JwtSigner signer = signers.get(signerId);
signer.sign(jwt);
}
/**
* @return the configBean
*/
@ -220,4 +142,27 @@ public class JwtSigningAndValidationServiceDefault implements
public void setConfigBean(ConfigurationPropertiesBean configBean) {
this.configBean = configBean;
}
/**
* Sign a jwt in place using the configured default signer.
* @throws NoSuchAlgorithmException
*/
@Override
public void signJwt(Jwt jwt) throws NoSuchAlgorithmException {
String signerId = configBean.getDefaultJwtSigner();
JwtSigner signer = getSigners().get(signerId);
signer.sign(jwt);
}
/**
* Return the JwtSigners associated with this service
*
* @return
*/
public Map<String, ? extends JwtSigner> getSigners() {
return signers;
}
}

73
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/HmacSignerTest.java Normal file
View File

@ -0,0 +1,73 @@
package org.mitre.jwt.signer.impl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class HmacSignerTest extends TestCase {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL hs256Url = this.getClass().getResource("/jwt/hs256");
URL hs384Url = this.getClass().getResource("/jwt/hs384");
URL hs512Url = this.getClass().getResource("/jwt/hs512");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
/**
* @throws java.lang.Exception
*/
@Before
public void setUp(URL url) throws Exception {
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
}
@Test
public void testHmacSigner256() throws Exception {
setUp(hs256Url);
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
@Test
public void testHmacSigner384() throws Exception {
setUp(hs384Url);
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
@Test
public void testHmacSigner512() throws Exception {
setUp(hs512Url);
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
}

55
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/PlaintextSignerTest.java Normal file
View File

@ -0,0 +1,55 @@
package org.mitre.jwt.signer.impl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import junit.framework.TestCase;
public class PlaintextSignerTest extends TestCase {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL plaintextUrl = this.getClass().getResource("/jwt/plaintext");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
/**
* @throws java.lang.Exception
*/
@Before
public void setUp(URL url) throws Exception {
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
}
@Test
public void testPlaintextSigner() throws Exception {
setUp(plaintextUrl);
PlaintextSigner plaintext = new PlaintextSigner();
jwt = plaintext.sign(jwt);
assertEquals(plaintext.verify(jwt.toString()), true);
}
}

99
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/RsaSignerTest.java Normal file
View File

@ -0,0 +1,99 @@
package org.mitre.jwt.signer.impl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwsAlgorithm;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class RsaSignerTest extends TestCase {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL rs256Url = this.getClass().getResource("/jwt/rs256");
URL rs384Url = this.getClass().getResource("/jwt/rs384");
URL rs512Url = this.getClass().getResource("/jwt/rs512");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
KeyPairGenerator keyGen;
KeyPair keyPair;
PublicKey publicKey;
PrivateKey privateKey;
/**
* @throws java.lang.Exception
*/
@Before
public void setUp(URL url) throws Exception {
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
}
@Test
public void testRsaSigner256() throws Exception {
setUp(rs256Url);
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS256.toString(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
@Test
public void testRsaSigner384() throws Exception{
setUp(rs384Url);
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS384.toString(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
@Test
public void testRsaSigner512() throws Exception{
setUp(rs512Url);
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS512.toString(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
}

64
openid-connect-common/src/test/java/org/mitre/jwt/signer/service/impl/DynamicJwtSigningAndValidationServiceTest.java Normal file
View File

@ -0,0 +1,64 @@
package org.mitre.jwt.signer.service.impl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.Key;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mitre.jwt.signer.JwtSigner;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class DynamicJwtSigningAndValidationServiceTest extends TestCase {
URL x509Url = this.getClass().getResource("/x509/x509Cert");
URL jwkUrl = this.getClass().getResource("/jwk/rsaOnly");
Key jwkKey = null;
Key x509Key = null;
DynamicJwtSigningAndValidationService jsvs;
/**
* @throws java.lang.Exception
*/
@Before
public void setUp() throws Exception {
super.setUp();
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
}
/**
* Test method for {@link org.mitre.util.Utility#retrieveJwk(java.lang.String)}.
* @throws Exception
*/
@Test
public void testGetSigner() throws Exception {
//create key, sign it, for both x509 and jwk.
/* jsvs.setX509SigningUrl(x509Url.getPath());
x509Key = jsvs.getSigningKey();
jsvs.setJwkSigningUrl(jwkUrl.getPath());
jwkKey = jsvs.getSigningKey();
JsonParser parser = new JsonParser();
String rsaStr = parser.parse(new BufferedReader(new InputStreamReader(jwkUrl.openStream()))).getAsString();
JwtSigner rsaSigner = jsvs.getSigner(rsaStr);
String x509Str = parser.parse(new BufferedReader(new InputStreamReader(x509Url.openStream()))).getAsString();
JwtSigner x509Signer = jsvs.getSigner(x509Str);*/
assertEquals("yo", "yo");
}
}

2
openid-connect-common/src/test/java/org/mitre/util/UtilityTest.java
View File

@ -45,7 +45,7 @@ import org.bouncycastle.jce.provider.JCEECPublicKey;
public class UtilityTest extends TestCase{
URL url = this.getClass().getResource("/jwk/jwkSuccess");
URL certUrl = this.getClass().getResource("/x509/certTest");
URL certUrl = this.getClass().getResource("/x509/x509Cert");
URL rsaUrl = this.getClass().getResource("/jwk/rsaOnly");
/**

8
openid-connect-common/src/test/resources/jwk/rsaOnly Normal file
View File

@ -0,0 +1,8 @@
{"jwk":
[
{"alg":"RSA",
"mod": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"exp":"AQAB",
"kid":"2011-04-29"}
]
}

6
openid-connect-common/src/test/resources/jwt/claims Normal file
View File

@ -0,0 +1,6 @@
{"iss":"joe",
"user_id":34252452623,
"aud":"yolo",
"exp":35324583457247,
"iat":43215325235,
"nonce":"howdy"}

2
openid-connect-common/src/test/resources/jwt/hs256 Normal file
View File

@ -0,0 +1,2 @@
{"typ":"JWT",
"alg":"HS256"}

2
openid-connect-common/src/test/resources/jwt/hs384 Normal file
View File

@ -0,0 +1,2 @@
{"typ":"JWT",
"alg":"HS384"}

2
openid-connect-common/src/test/resources/jwt/hs512 Normal file
View File

@ -0,0 +1,2 @@
{"typ":"JWT",
"alg":"HS512"}

2
openid-connect-common/src/test/resources/jwt/plaintext Normal file
View File

@ -0,0 +1,2 @@
{"typ":"JWT",
"alg":"none"}

2
openid-connect-common/src/test/resources/jwt/rs256 Normal file
View File

@ -0,0 +1,2 @@
{"typ":"JWT",
"alg":"RS256"}

2
openid-connect-common/src/test/resources/jwt/rs384 Normal file
View File

@ -0,0 +1,2 @@
{"typ":"JWT",
"alg":"RS384"}

2
openid-connect-common/src/test/resources/jwt/rs512 Normal file
View File

@ -0,0 +1,2 @@
{"typ":"JWT",
"alg":"RS512"}

6
openid-connect-common/src/test/resources/x509/HmacJwt Normal file
View File

@ -0,0 +1,6 @@
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9
.
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
cGxlLmNvbS9pc19yb290Ijp0cnVlfQ
.
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

15
openid-connect-common/src/test/resources/x509/x509Cert Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICxDCCAi0CBECcV/wwDQYJKoZIhvcNAQEEBQAwgagxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVU
ZXhhczEPMA0GA1UEBxMGQXVzdGluMSowKAYDVQQKEyFUaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBh
dCBBdXN0aW4xKDAmBgNVBAsTH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMxIjAgBgNV
BAMTGXhtbGdhdGV3YXkuaXRzLnV0ZXhhcy5lZHUwHhcNMDQwNTA4MDM0NjA0WhcNMDQwODA2MDM0
NjA0WjCBqDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xKjAo
BgNVBAoTIVRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IEF1c3RpbjEoMCYGA1UECxMfSW5mb3Jt
YXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlczEiMCAGA1UEAxMZeG1sZ2F0ZXdheS5pdHMudXRleGFz
LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsmc+6+NjLmanvh+FvBziYdBwTiz+d/DZ
Uy2jyvij6f8Xly6zkhHLSsuBzw08wPzr2K+F359bf9T3uiZMuao//FBGtDrTYpvQwkn4PFZwSeY2
Ynw4edxp1JEWT2zfOY+QJDfNgpsYQ9hrHDwqnpbMVVqjdBq5RgTKGhFBj9kxEq0CAwEAATANBgkq
hkiG9w0BAQQFAAOBgQCPYGXF6oRbnjti3CPtjfwORoO7ab1QzNS9Z2rLMuPnt6POlm1A3UPEwCS8
6flTlAqg19Sh47H7+Iq/LuzotKvUE5ugK52QRNMa4c0OSaO5UEM5EfVox1pT9tZV1Z3whYYMhThg
oC4y/On0NUVMN5xfF/GpSACga/bVjoNvd8HWEg==
-----END CERTIFICATE-----