@Test(expected = InvalidTokenException.class)
public void testRejectInvalidVerifier() throws Exception {
signerProvider.setSigningKey(alternateSignerKey);
signerProvider.setVerifierKey(alternateVerifierKey);
signerProvider.afterPropertiesSet();
endpoint.checkToken(accessToken.getValue());
}
@Before
public void setUp() {
mockUserDatabase(userId, user);
authorizationRequest = new AuthorizationRequest("client", Collections.singleton("read"));
authorizationRequest.setResourceIds(new HashSet<>(Arrays.asList("client", "scim")));
Map<String, String> requestParameters = new HashMap<>();
authorizationRequest.setRequestParameters(requestParameters);
authentication =
new OAuth2Authentication(
authorizationRequest.createOAuth2Request(),
UaaAuthenticationTestFactory.getAuthentication(userId, userName, "*****@*****.**"));
signerProvider = new SignerProvider();
signerProvider.setSigningKey(signerKey);
signerProvider.setVerifierKey(verifierKey);
tokenServices.setSignerProvider(signerProvider);
endpoint.setTokenServices(tokenServices);
Date oneSecondAgo = new Date(System.currentTimeMillis() - 1000);
Date thirtySecondsAhead = new Date(System.currentTimeMillis() + 30000);
approvalStore.addApproval(
new Approval(
userId, "client", "read", thirtySecondsAhead, ApprovalStatus.APPROVED, oneSecondAgo));
approvalStore.addApproval(
new Approval(
userId, "client", "write", thirtySecondsAhead, ApprovalStatus.APPROVED, oneSecondAgo));
tokenServices.setApprovalStore(approvalStore);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
tokenServices.setClientDetailsService(clientDetailsService);
accessToken = tokenServices.createAccessToken(authentication);
}
@Test
public void testSwitchVerifierKey() throws Exception {
signerProvider.setSigningKey(alternateSignerKey);
signerProvider.setVerifierKey(alternateVerifierKey);
signerProvider.afterPropertiesSet();
OAuth2AccessToken alternateToken = tokenServices.createAccessToken(authentication);
endpoint.checkToken(alternateToken.getValue());
try {
endpoint.checkToken(accessToken.getValue());
fail();
} catch (InvalidTokenException x) {
}
}