@org.junit.Test public void testCreateUnsignedJWT() throws Exception { TokenProvider jwtTokenProvider = new JWTTokenProvider(); ((JWTTokenProvider) jwtTokenProvider).setSignToken(false); TokenProviderParameters providerParameters = createProviderParameters(); assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); assertTrue(providerResponse != null); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); String token = (String) providerResponse.getToken(); assertNotNull(token); assertTrue(token.split("\\.").length == 2); // Validate the token JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token); JwtToken jwt = jwtConsumer.getJwtToken(); Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); Assert.assertEquals( providerResponse.getCreated().getTime() / 1000L, jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); Assert.assertEquals( providerResponse.getExpires().getTime() / 1000L, jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); }
/** Issue SAML 2 token with a valid requested lifetime */ @org.junit.Test public void testSaml2ValidLifetime() throws Exception { int requestedLifetime = 60; SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider(); conditionsProvider.setAcceptClientLifetime(true); samlTokenProvider.setConditionsProvider(conditionsProvider); TokenProviderParameters providerParameters = createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE); // Set expected lifetime to 1 minute Date creationTime = new Date(); Date expirationTime = new Date(); expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L)); Lifetime lifetime = new Lifetime(); XmlSchemaDateFormat fmt = new XmlSchemaDateFormat(); lifetime.setCreated(fmt.format(creationTime)); lifetime.setExpires(fmt.format(expirationTime)); providerParameters.getTokenRequirements().setLifetime(lifetime); assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); assertTrue(providerResponse != null); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); assertEquals( requestedLifetime * 1000L, providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime()); Element token = (Element) providerResponse.getToken(); String tokenString = DOM2Writer.nodeToString(token); assertTrue(tokenString.contains(providerResponse.getTokenId())); }
/** * Issue SAML 2 token with a future Created Lifetime. This should fail as we only allow a future * dated Lifetime up to 60 seconds to avoid clock skew problems. */ @org.junit.Test public void testSaml2FarFutureCreatedLifetime() throws Exception { int requestedLifetime = 60; SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider(); conditionsProvider.setAcceptClientLifetime(true); samlTokenProvider.setConditionsProvider(conditionsProvider); TokenProviderParameters providerParameters = createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE); // Set expected lifetime to 1 minute Date creationTime = new Date(); creationTime.setTime(creationTime.getTime() + (60L * 2L * 1000L)); Date expirationTime = new Date(); expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L)); Lifetime lifetime = new Lifetime(); XmlSchemaDateFormat fmt = new XmlSchemaDateFormat(); lifetime.setCreated(fmt.format(creationTime)); lifetime.setExpires(fmt.format(expirationTime)); providerParameters.getTokenRequirements().setLifetime(lifetime); assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); try { samlTokenProvider.createToken(providerParameters); fail("Failure expected on a Created Element too far in the future"); } catch (STSException ex) { // expected } // Now allow this sort of Created Element conditionsProvider.setFutureTimeToLive(60L * 60L); TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); assertTrue(providerResponse != null); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); Element token = (Element) providerResponse.getToken(); String tokenString = DOM2Writer.nodeToString(token); assertTrue(tokenString.contains(providerResponse.getTokenId())); }
/** * Issue SAML 2 token with a lifetime configured in SAMLTokenProvider No specific lifetime * requested */ @org.junit.Test public void testSaml2ProviderLifetime() throws Exception { long providerLifetime = 10 * 600L; SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider(); conditionsProvider.setLifetime(providerLifetime); samlTokenProvider.setConditionsProvider(conditionsProvider); TokenProviderParameters providerParameters = createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE); assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); assertTrue(providerResponse != null); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); assertEquals( providerLifetime * 1000L, providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime()); Element token = (Element) providerResponse.getToken(); String tokenString = DOM2Writer.nodeToString(token); assertTrue(tokenString.contains(providerResponse.getTokenId())); }
@org.junit.Test public void testCreateSignedJWT() throws Exception { TokenProvider jwtTokenProvider = new JWTTokenProvider(); ((JWTTokenProvider) jwtTokenProvider).setSignToken(true); TokenProviderParameters providerParameters = createProviderParameters(); assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); assertTrue(providerResponse != null); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); String token = (String) providerResponse.getToken(); assertNotNull(token); assertTrue(token.split("\\.").length == 3); // Validate the token JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token); JwtToken jwt = jwtConsumer.getJwtToken(); Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); Assert.assertEquals( providerResponse.getCreated().getTime() / 1000L, jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); Assert.assertEquals( providerResponse.getExpires().getTime() / 1000L, jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); // Verify Signature Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto(); CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername()); X509Certificate[] certs = crypto.getX509Certificates(cryptoType); assertNotNull(certs); assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256)); }