Refactoring

4.x.x
megala21 7 years ago
parent 14ebe3e9e7
commit bbdd4a88bd

@ -188,12 +188,6 @@
<dependency> <dependency>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId> <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId> <artifactId>org.wso2.carbon.identity.oauth</artifactId>
<!--<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>-->
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon</groupId> <groupId>org.wso2.carbon</groupId>

@ -43,7 +43,11 @@ import java.security.KeyStore;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.text.ParseException; import java.text.ParseException;
import java.util.*; import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.StringTokenizer;
/** /**
* This authenticator authenticates HTTP requests using JWT header. * This authenticator authenticates HTTP requests using JWT header.

@ -229,6 +229,12 @@ public class CertificateAuthenticatorTest {
return request; return request;
} }
/**
* To create certificate management database.
*
* @return Datasource.
* @throws SQLException SQL Exception.
*/
private DataSource createDatabase() throws SQLException { private DataSource createDatabase() throws SQLException {
URL resourceURL = ClassLoader.getSystemResource("sql-scripts" + File.separator + "h2.sql"); URL resourceURL = ClassLoader.getSystemResource("sql-scripts" + File.separator + "h2.sql");
JdbcDataSource dataSource = new JdbcDataSource(); JdbcDataSource dataSource = new JdbcDataSource();
@ -246,9 +252,7 @@ public class CertificateAuthenticatorTest {
if (conn != null) { if (conn != null) {
try { try {
conn.close(); conn.close();
} catch (SQLException e) { } catch (SQLException e) {}
}
} }
if (statement != null) { if (statement != null) {
statement.close(); statement.close();
@ -257,8 +261,17 @@ public class CertificateAuthenticatorTest {
return dataSource; return dataSource;
} }
private String createEncodedSignature(X509Certificate x509Certificate) /**
throws CertificateEncodingException, CMSException, IOException { * To create a encoded signature from certificate.
*
* @param x509Certificate Certificate that need to be encoded.
* @return Encoded signature.
* @throws CertificateEncodingException Certificate Encoding Exception.
* @throws CMSException CMS Exception.
* @throws IOException IO Exception.
*/
private String createEncodedSignature(X509Certificate x509Certificate) throws CertificateEncodingException,
CMSException, IOException {
CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
List<X509Certificate> list = new ArrayList<>(); List<X509Certificate> list = new ArrayList<>();
list.add(x509Certificate); list.add(x509Certificate);

@ -39,6 +39,9 @@ import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Properties; import java.util.Properties;
/**
* This is a test class for {@link JWTAuthenticator}.
*/
public class JWTAuthenticatorTest { public class JWTAuthenticatorTest {
private JWTAuthenticator jwtAuthenticator; private JWTAuthenticator jwtAuthenticator;
private Field headersField; private Field headersField;
@ -61,14 +64,12 @@ public class JWTAuthenticatorTest {
URL resourceUrl = classLoader.getResource("jwt.properties"); URL resourceUrl = classLoader.getResource("jwt.properties");
File jwtPropertyFile; File jwtPropertyFile;
JWTConfig jwtConfig = null; JWTConfig jwtConfig = null;
if (resourceUrl != null) { if (resourceUrl != null) {
jwtPropertyFile = new File(resourceUrl.getFile()); jwtPropertyFile = new File(resourceUrl.getFile());
Properties jwtConfigProperties = new Properties(); Properties jwtConfigProperties = new Properties();
jwtConfigProperties.load(new FileInputStream(jwtPropertyFile)); jwtConfigProperties.load(new FileInputStream(jwtPropertyFile));
jwtConfig = new JWTConfig(jwtConfigProperties); jwtConfig = new JWTConfig(jwtConfigProperties);
} }
Map<String, String> customClaims = new HashMap<>(); Map<String, String> customClaims = new HashMap<>();
customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin"); customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin");
customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID)); customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID));
@ -83,7 +84,8 @@ public class JWTAuthenticatorTest {
jwtTokenWithWrongUser = JWTClientUtil.generateSignedJWTAssertion("notexisting", jwtConfig, false, customClaims); jwtTokenWithWrongUser = JWTClientUtil.generateSignedJWTAssertion("notexisting", jwtConfig, false, customClaims);
} }
@Test(description = "This method tests the get methods in the JWTAuthenticator", dependsOnMethods = "testAuthenticate") @Test(description = "This method tests the get methods in the JWTAuthenticator",
dependsOnMethods = "testAuthenticate")
public void testGetMethods() { public void testGetMethods() {
Assert.assertEquals(jwtAuthenticator.getName(), "JWT", "GetName method returns wrong value"); Assert.assertEquals(jwtAuthenticator.getName(), "JWT", "GetName method returns wrong value");
Assert.assertNotNull(jwtAuthenticator.getProperties(), "Properties are not properly added to JWT " Assert.assertNotNull(jwtAuthenticator.getProperties(), "Properties are not properly added to JWT "
@ -123,12 +125,10 @@ public class JWTAuthenticatorTest {
AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null); AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null"); Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username"); Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
request = createJWTRequest(jwtToken, ""); request = createJWTRequest(jwtToken, "");
authenticationInfo = jwtAuthenticator.authenticate(request, null); authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null"); Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username"); Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
properties = new Properties(); properties = new Properties();
properties.setProperty(ISSUER, "test"); properties.setProperty(ISSUER, "test");
jwtAuthenticator.setProperties(properties); jwtAuthenticator.setProperties(properties);
@ -137,17 +137,14 @@ public class JWTAuthenticatorTest {
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null"); Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE, Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
"Un authenticated request does not contain status as failure"); "Un authenticated request does not contain status as failure");
properties = new Properties(); properties = new Properties();
properties.setProperty(ISSUER, ALIAS); properties.setProperty(ISSUER, ALIAS);
jwtAuthenticator.setProperties(properties); jwtAuthenticator.setProperties(properties);
request = createJWTRequest(wrongJwtToken, ""); request = createJWTRequest(wrongJwtToken, "");
authenticationInfo = jwtAuthenticator.authenticate(request, null); authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null"); Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE, Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
"Un authenticated request does not contain status as failure"); "Un authenticated request does not contain status as failure");
request = createJWTRequest(jwtTokenWithWrongUser, ""); request = createJWTRequest(jwtTokenWithWrongUser, "");
authenticationInfo = jwtAuthenticator.authenticate(request, null); authenticationInfo = jwtAuthenticator.authenticate(request, null);
Assert.assertNotNull(authenticationInfo, "Returned authentication info was null"); Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
@ -175,7 +172,6 @@ public class JWTAuthenticatorTest {
bytes.setString(requestUri); bytes.setString(requestUri);
uriMB.set(coyoteRequest, bytes); uriMB.set(coyoteRequest, bytes);
request.setCoyoteRequest(coyoteRequest); request.setCoyoteRequest(coyoteRequest);
return request; return request;
} }
} }

@ -35,7 +35,14 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.*; import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException; import java.security.cert.CertificateNotYetValidException;
@ -44,34 +51,33 @@ import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
/**
* This is a mock implementation of {@link CertificateGenerator}.
*/
public class TestCertificateGenerator extends CertificateGenerator { public class TestCertificateGenerator extends CertificateGenerator {
private int count = 0; private int count = 0;
public X509Certificate generateX509Certificate() throws KeystoreException { public X509Certificate generateX509Certificate() throws KeystoreException {
BigInteger serialNumber = CommonUtil.generateSerialNumber(); BigInteger serialNumber = CommonUtil.generateSerialNumber();
String defaultPrinciple = "CN=" + serialNumber + ",O=WSO2,OU=Mobile,C=LK"; String defaultPrinciple = "CN=" + serialNumber + ",O=WSO2,OU=Mobile,C=LK";
CommonUtil commonUtil = new CommonUtil(); CommonUtil commonUtil = new CommonUtil();
Date validityBeginDate = commonUtil.getValidityStartDate(); Date validityBeginDate = commonUtil.getValidityStartDate();
Date validityEndDate = commonUtil.getValidityEndDate(); Date validityEndDate = commonUtil.getValidityEndDate();
Security.addProvider(new BouncyCastleProvider()); Security.addProvider(new BouncyCastleProvider());
try { try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( KeyPairGenerator keyPairGenerator = KeyPairGenerator
CertificateManagementConstants.RSA, CertificateManagementConstants.PROVIDER); .getInstance(CertificateManagementConstants.RSA, CertificateManagementConstants.PROVIDER);
keyPairGenerator.initialize(CertificateManagementConstants.RSA_KEY_LENGTH, new SecureRandom()); keyPairGenerator.initialize(CertificateManagementConstants.RSA_KEY_LENGTH, new SecureRandom());
KeyPair pair = keyPairGenerator.generateKeyPair(); KeyPair pair = keyPairGenerator.generateKeyPair();
X500Principal principal = new X500Principal(defaultPrinciple); X500Principal principal = new X500Principal(defaultPrinciple);
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(principal, serialNumber,
principal, serialNumber, validityBeginDate, validityEndDate, validityBeginDate, validityEndDate, principal, pair.getPublic());
principal, pair.getPublic());
ContentSigner contentSigner = new JcaContentSignerBuilder(CertificateManagementConstants.SHA256_RSA) ContentSigner contentSigner = new JcaContentSignerBuilder(CertificateManagementConstants.SHA256_RSA)
.setProvider(CertificateManagementConstants.PROVIDER).build( .setProvider(CertificateManagementConstants.PROVIDER).build(pair.getPrivate());
pair.getPrivate());
X509Certificate certificate = new JcaX509CertificateConverter() X509Certificate certificate = new JcaX509CertificateConverter()
.setProvider(CertificateManagementConstants.PROVIDER).getCertificate( .setProvider(CertificateManagementConstants.PROVIDER)
certificateBuilder.build(contentSigner)); .getCertificate(certificateBuilder.build(contentSigner));
certificate.verify(certificate.getPublicKey()); certificate.verify(certificate.getPublicKey());
List<Certificate> certificates = new ArrayList<>(); List<Certificate> certificates = new ArrayList<>();
org.wso2.carbon.certificate.mgt.core.bean.Certificate certificateToStore = org.wso2.carbon.certificate.mgt.core.bean.Certificate certificateToStore =
@ -116,5 +122,4 @@ public class TestCertificateGenerator extends CertificateGenerator {
return null; return null;
} }
} }
} }

@ -1,9 +1,30 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework.util; package org.wso2.carbon.webapp.authenticator.framework.util;
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
/**
* This is a mock implementation of {@link TenantIndexingLoader}
*/
public class TestTenantIndexingLoader implements TenantIndexingLoader { public class TestTenantIndexingLoader implements TenantIndexingLoader {
@Override public void loadTenantIndex(int i) { @Override
public void loadTenantIndex(int i) { }
}
} }

@ -1,11 +1,30 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework.util; package org.wso2.carbon.webapp.authenticator.framework.util;
import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
/**
* This is a mock implementation of {@link TenantRegistryLoader} for the test cases.
*/
public class TestTenantRegistryLoader implements TenantRegistryLoader { public class TestTenantRegistryLoader implements TenantRegistryLoader {
@Override @Override
public void loadTenantRegistry(int i) throws RegistryException { public void loadTenantRegistry(int i) throws RegistryException { }
}
} }

@ -1,5 +1,5 @@
# #
# Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. # Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
# #
# WSO2 Inc. licenses this file to you under the Apache License, # WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except # Version 2.0 (the "License"); you may not use this file except

Loading…
Cancel
Save