private OAuth2AccessTokenEntity fetchValidRegistrationToken(
OAuth2Authentication auth, ClientDetailsEntity client) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
if (config.getRegTokenLifeTime() != null) {
try {
// Re-issue the token if it has been issued before [currentTime - validity]
Date validToDate =
new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
if (token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
logger.info("Rotating the registration access token for " + client.getClientId());
tokenService.revokeAccessToken(token);
OAuth2AccessTokenEntity newToken = connectTokenService.createResourceAccessToken(client);
tokenService.saveAccessToken(newToken);
return newToken;
} else {
// it's not expired, keep going
return token;
}
} catch (ParseException e) {
logger.error("Couldn't parse a known-valid token?", e);
return token;
}
} else {
// tokens don't expire, just return it
return token;
}
}
@Test
public void getAccessTokenHash256() {
mockToken256.getJwt().serialize();
Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256);
assertEquals(expectedHash, resultHash);
}
@Before
public void prepare() throws ParseException {
/*
Claims for first token:
claims.setType("JWT");
claims.setIssuer("www.example.com");
claims.setSubject("example_user");
claims.setClaim("alg", "HS256");
*/
Mockito.when(mockToken256.getJwt())
.thenReturn(
JWTParser.parse(
"eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9."));
/*
* Claims for second token
claims = new JWTClaimsSet();
claims.setType("JWT");
claims.setIssuer("www.another-example.net");
claims.setSubject("another_user");
claims.setClaim("alg", "ES384");
*/
Mockito.when(mockToken384.getJwt())
.thenReturn(
JWTParser.parse(
"eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0."));
/*
* Claims for third token:
claims = new JWTClaimsSet();
claims.setType("JWT");
claims.setIssuer("www.different.com");
claims.setSubject("different_user");
claims.setClaim("alg", "RS512");
*/
Mockito.when(mockToken512.getJwt())
.thenReturn(
JWTParser.parse(
"eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ."));
}
@Test
public void getAccessTokenHash384() {
/*
* independently generate hash
ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0.
base64url of hash = BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK
*/
mockToken384.getJwt().serialize();
Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384);
assertEquals(expectedHash, resultHash);
}
@Test
public void getAccessTokenHash512() {
/*
* independently generate hash
ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ.
base64url of hash = vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k
*/
mockToken512.getJwt().serialize();
Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512);
assertEquals(expectedHash, resultHash);
}