adding addition test cases to JWT Authenticator

4.x.x
megala21 7 years ago
parent 4d1624b60d
commit a20967e855

@ -167,21 +167,19 @@
<groupId>org.wso2.tomcat</groupId> <groupId>org.wso2.tomcat</groupId>
<artifactId>tomcat-servlet-api</artifactId> <artifactId>tomcat-servlet-api</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon</groupId> <groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.tomcat.ext</artifactId> <artifactId>org.wso2.carbon.tomcat.ext</artifactId>
</dependency> </dependency>
<!--dependency>
<groupId>org.apache.ws.commons.axiom.wso2</groupId>
<artifactId>axiom</artifactId>
</dependency-->
<dependency> <dependency>
<groupId>org.wso2.carbon.identity.framework</groupId> <groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.base</artifactId> <artifactId>org.wso2.carbon.identity.base</artifactId>
<exclusions>
<exclusion>
<groupId>org.opensaml</groupId>
<artifactId>xmltooling</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon.identity.framework</groupId> <groupId>org.wso2.carbon.identity.framework</groupId>
@ -190,6 +188,12 @@
<dependency> <dependency>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId> <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId> <artifactId>org.wso2.carbon.identity.oauth</artifactId>
<!--<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>-->
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon</groupId> <groupId>org.wso2.carbon</groupId>
@ -258,6 +262,16 @@
<artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId> <artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.testing.osgi-mock</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.certificate.mgt.core.bean.Certificate;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager; import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.exceptions.RegistryException;
@ -100,7 +101,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
requestUri = ""; requestUri = "";
} }
StringTokenizer tokenizer = new StringTokenizer(requestUri, "/"); StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
String context = tokenizer.nextToken(); String context = tokenizer.hasMoreTokens() ? tokenizer.nextToken() : null;
if (context == null || "".equals(context)) { if (context == null || "".equals(context)) {
authenticationInfo.setStatus(Status.CONTINUE); authenticationInfo.setStatus(Status.CONTINUE);
} }
@ -114,7 +115,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
issuer = jwsObject.getJWTClaimsSet().getIssuer(); issuer = jwsObject.getJWTClaimsSet().getIssuer();
} catch (ParseException e) { } catch (ParseException e) {
log.error("Error occurred while parsing JWT header.", e); log.error("Error occurred while parsing JWT header.", e);
return null; authenticationInfo.setMessage("Error occured while parsing JWT header");
return authenticationInfo;
} }
try { try {
@ -135,7 +137,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
String trustStorePassword = serverConfig.getFirstProperty( String trustStorePassword = serverConfig.getFirstProperty(
DEFAULT_TRUST_STORE_PASSWORD); DEFAULT_TRUST_STORE_PASSWORD);
keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
publicKey = keyStore.getCertificate(alias).getPublicKey(); java.security.cert.Certificate certificate = keyStore.getCertificate(alias);
publicKey = certificate == null ? null : certificate.getPublicKey();
} else { } else {
authenticationInfo.setStatus(Status.FAILURE); authenticationInfo.setStatus(Status.FAILURE);
return authenticationInfo; return authenticationInfo;
@ -157,10 +160,6 @@ public class JWTAuthenticator implements WebappAuthenticator {
} }
if (verifier != null && jwsObject.verify(verifier)) { if (verifier != null && jwsObject.verify(verifier)) {
username = MultitenantUtils.getTenantAwareUsername(username); username = MultitenantUtils.getTenantAwareUsername(username);
if (tenantId == -1) {
log.error("tenantDomain is not valid. username : " + username + ", tenantDomain " +
": " + tenantDomain);
} else {
UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService(). UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
getTenantUserRealm(tenantId).getUserStoreManager(); getTenantUserRealm(tenantId).getUserStoreManager();
if (userStore.isExistingUser(username)) { if (userStore.isExistingUser(username)) {
@ -168,15 +167,18 @@ public class JWTAuthenticator implements WebappAuthenticator {
authenticationInfo.setUsername(username); authenticationInfo.setUsername(username);
authenticationInfo.setTenantDomain(tenantDomain); authenticationInfo.setTenantDomain(tenantDomain);
authenticationInfo.setStatus(Status.CONTINUE); authenticationInfo.setStatus(Status.CONTINUE);
} } else {
authenticationInfo.setStatus(Status.FAILURE);
} }
} else { } else {
authenticationInfo.setStatus(Status.FAILURE); authenticationInfo.setStatus(Status.FAILURE);
} }
} catch (UserStoreException e) { } catch (UserStoreException e) {
log.error("Error occurred while obtaining the user.", e); log.error("Error occurred while obtaining the user.", e);
authenticationInfo.setStatus(Status.FAILURE);
} catch (Exception e) { } catch (Exception e) {
log.error("Error occurred while verifying the JWT header.", e); log.error("Error occurred while verifying the JWT header.", e);
authenticationInfo.setStatus(Status.FAILURE);
} finally { } finally {
PrivilegedCarbonContext.endTenantFlow(); PrivilegedCarbonContext.endTenantFlow();
} }

@ -1,3 +1,21 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.webapp.authenticator.framework.authenticator; package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Request;
@ -11,13 +29,9 @@ import org.wso2.carbon.identity.jwt.client.extension.dto.JWTConfig;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException; import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
import org.wso2.carbon.identity.jwt.client.extension.util.JWTClientUtil; import org.wso2.carbon.identity.jwt.client.extension.util.JWTClientUtil;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder;
import org.wso2.carbon.webapp.authenticator.framework.util.TestTenantIndexingLoader;
import org.wso2.carbon.webapp.authenticator.framework.util.TestTenantRegistryLoader;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.net.URL; import java.net.URL;
@ -30,6 +44,8 @@ public class JWTAuthenticatorTest {
private Field headersField; private Field headersField;
private final String JWT_HEADER = "X-JWT-Assertion"; private final String JWT_HEADER = "X-JWT-Assertion";
private String jwtToken; private String jwtToken;
private String wrongJwtToken;
private String jwtTokenWithWrongUser;
private static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser"; private static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
private static final String SIGNED_JWT_AUTH_TENANT_ID = "http://wso2.org/claims/enduserTenantId"; private static final String SIGNED_JWT_AUTH_TENANT_ID = "http://wso2.org/claims/enduserTenantId";
private Properties properties; private Properties properties;
@ -39,9 +55,6 @@ public class JWTAuthenticatorTest {
@BeforeClass @BeforeClass
public void setup() throws NoSuchFieldException, IOException, JWTClientException { public void setup() throws NoSuchFieldException, IOException, JWTClientException {
jwtAuthenticator = new JWTAuthenticator(); jwtAuthenticator = new JWTAuthenticator();
properties = new Properties();
properties.setProperty(ISSUER, ALIAS);
jwtAuthenticator.setProperties(properties);
headersField = org.apache.coyote.Request.class.getDeclaredField("headers"); headersField = org.apache.coyote.Request.class.getDeclaredField("headers");
headersField.setAccessible(true); headersField.setAccessible(true);
ClassLoader classLoader = getClass().getClassLoader(); ClassLoader classLoader = getClass().getClassLoader();
@ -60,9 +73,17 @@ public class JWTAuthenticatorTest {
customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin"); customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin");
customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID)); customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID));
jwtToken = JWTClientUtil.generateSignedJWTAssertion("admin", jwtConfig, false, customClaims); jwtToken = JWTClientUtil.generateSignedJWTAssertion("admin", jwtConfig, false, customClaims);
customClaims = new HashMap<>();
customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin");
customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, "-1");
wrongJwtToken = JWTClientUtil.generateSignedJWTAssertion("admin", jwtConfig, false, customClaims);
customClaims = new HashMap<>();
customClaims.put(SIGNED_JWT_AUTH_USERNAME, "notexisting");
customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID));
jwtTokenWithWrongUser = JWTClientUtil.generateSignedJWTAssertion("notexisting", jwtConfig, false, customClaims);
} }
@Test(description = "This method tests the get methods in the JWTAuthenticator") @Test(description = "This method tests the get methods in the JWTAuthenticator", dependsOnMethods = "testAuthenticate")
public void testGetMethods() { public void testGetMethods() {
Assert.assertEquals(jwtAuthenticator.getName(), "JWT", "GetName method returns wrong value"); Assert.assertEquals(jwtAuthenticator.getName(), "JWT", "GetName method returns wrong value");
Assert.assertNotNull(jwtAuthenticator.getProperties(), "Properties are not properly added to JWT " Assert.assertNotNull(jwtAuthenticator.getProperties(), "Properties are not properly added to JWT "
@ -87,8 +108,61 @@ public class JWTAuthenticatorTest {
Assert.assertTrue(jwtAuthenticator.canHandle(request)); Assert.assertTrue(jwtAuthenticator.canHandle(request));
} }
@Test(description = "This method tests authenticate method under the successful condition") @Test(description = "This method tests authenticate method under the successful condition", dependsOnMethods =
{"testAuthentiateFailureScenarios"})
public void testAuthenticate() throws IllegalAccessException, NoSuchFieldException { public void testAuthenticate() throws IllegalAccessException, NoSuchFieldException {
Request request = createJWTRequest(jwtToken, "test");
AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo.getUsername(), "Proper authentication request is not properly "
+ "authenticated by the JWTAuthenticator");
}
@Test(description = "This method tests the authenticate method under failure conditions")
public void testAuthentiateFailureScenarios() throws NoSuchFieldException, IllegalAccessException {
Request request = createJWTRequest("test", "");
AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
request = createJWTRequest(jwtToken, "");
authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
properties = new Properties();
properties.setProperty(ISSUER, "test");
jwtAuthenticator.setProperties(properties);
request = createJWTRequest(jwtToken, "");
authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
"Un authenticated request does not contain status as failure");
properties = new Properties();
properties.setProperty(ISSUER, ALIAS);
jwtAuthenticator.setProperties(properties);
request = createJWTRequest(wrongJwtToken, "");
authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
"Un authenticated request does not contain status as failure");
request = createJWTRequest(jwtTokenWithWrongUser, "");
authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
"Un authenticated request does not contain status as failure");
}
/**
* To create a JWT request with the given jwt header.
* @param jwtToken JWT token to be added to the header
* @param requestUri Request URI to be added to the request.
*/
private Request createJWTRequest(String jwtToken, String requestUri)
throws IllegalAccessException, NoSuchFieldException {
Request request = new Request(); Request request = new Request();
org.apache.coyote.Request coyoteRequest = new org.apache.coyote.Request(); org.apache.coyote.Request coyoteRequest = new org.apache.coyote.Request();
MimeHeaders mimeHeaders = new MimeHeaders(); MimeHeaders mimeHeaders = new MimeHeaders();
@ -98,12 +172,12 @@ public class JWTAuthenticatorTest {
Field uriMB = org.apache.coyote.Request.class.getDeclaredField("uriMB"); Field uriMB = org.apache.coyote.Request.class.getDeclaredField("uriMB");
uriMB.setAccessible(true); uriMB.setAccessible(true);
bytes = MessageBytes.newInstance(); bytes = MessageBytes.newInstance();
bytes.setString("test"); bytes.setString(requestUri);
uriMB.set(coyoteRequest, bytes); uriMB.set(coyoteRequest, bytes);
request.setCoyoteRequest(coyoteRequest); request.setCoyoteRequest(coyoteRequest);
AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null); return request;
Assert.assertNotNull(authenticationInfo.getUsername(), "Proper authentication request is not properly "
+ "authenticated by the JWTAuthenticator");
} }
} }

@ -0,0 +1,43 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.webapp.authenticator.framework.internal;
import org.apache.sling.testing.mock.osgi.MockOsgi;
import org.testng.annotations.Test;
/**
* This is a test class for {@link WebappAuthenticatorFrameworkServiceComponent}
*/
public class WebappAuthenticatorFrameworkServiceComponentTest {
@Test(description = "This method tests whether the bundle activator does not throw any exceptions, even under "
+ "possible exception scenarios")
public void testActivateWithException() {
WebappAuthenticatorFrameworkServiceComponent webappAuthenticatorFrameworkServiceComponent = new
WebappAuthenticatorFrameworkServiceComponent();
webappAuthenticatorFrameworkServiceComponent.activate(null);
}
@Test(description = "This method tests whether bundle activation succeed with the proper confitions.")
public void testActivateWithoutExceptions() {
WebappAuthenticatorFrameworkServiceComponent webappAuthenticatorFrameworkServiceComponent = new
WebappAuthenticatorFrameworkServiceComponent();
webappAuthenticatorFrameworkServiceComponent.activate(MockOsgi.newComponentContext());
}
}

@ -22,7 +22,7 @@
<suite name="WebappAuthenticatorFramework"> <suite name="WebappAuthenticatorFramework">
<parameter name="useDefaultListeners" value="false"/> <parameter name="useDefaultListeners" value="false"/>
<test name="WebappAuthenticatorTests" preserve-order="true"> <test name="WebappAuthenticatorTests" parallel="false">
<classes> <classes>
<class name="org.wso2.carbon.webapp.authenticator.framework.BaseWebAppAuthenticatorFrameworkTest"/> <class name="org.wso2.carbon.webapp.authenticator.framework.BaseWebAppAuthenticatorFrameworkTest"/>
<class name="org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorConfigTest"/> <class name="org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorConfigTest"/>
@ -32,6 +32,7 @@
<class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticatorTest" /> <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticatorTest" />
<class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.OauthAuthenticatorTest" /> <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.OauthAuthenticatorTest" />
<class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticatorTest" /> <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticatorTest" />
<class name="org.wso2.carbon.webapp.authenticator.framework.internal.WebappAuthenticatorFrameworkServiceComponentTest"/>
</classes> </classes>
</test> </test>

@ -1568,6 +1568,12 @@
</exclusion> </exclusion>
</exclusions> </exclusions>
</dependency> </dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<scope>test</scope>
<version>${slf4j.nop.version}</version>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
@ -2005,6 +2011,7 @@
<ant.contrib.version>1.0b3</ant.contrib.version> <ant.contrib.version>1.0b3</ant.contrib.version>
<power.mock.version>1.7.0</power.mock.version> <power.mock.version>1.7.0</power.mock.version>
<commons.dbcp.version>1.4.0.wso2v1</commons.dbcp.version> <commons.dbcp.version>1.4.0.wso2v1</commons.dbcp.version>
<slf4j.nop.version>1.7.25</slf4j.nop.version>
</properties> </properties>

Loading…
Cancel
Save