adding addition test cases to JWT Authenticator

7 years ago · a20967e855
parent 4d1624b60d
commit a20967e855
6 changed files with 177 additions and 36 deletions
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
@ -167,21 +167,19 @@
            <groupId>org.wso2.tomcat</groupId>
            <artifactId>tomcat-servlet-api</artifactId>
        </dependency>
-        <dependency>
-            <groupId>org.wso2.carbon</groupId>
-            <artifactId>org.wso2.carbon.logging</artifactId>
-        </dependency>
        <dependency>
            <groupId>org.wso2.carbon</groupId>
            <artifactId>org.wso2.carbon.tomcat.ext</artifactId>
        </dependency>
-        <!--dependency>
-            <groupId>org.apache.ws.commons.axiom.wso2</groupId>
-            <artifactId>axiom</artifactId>
-        </dependency-->
        <dependency>
            <groupId>org.wso2.carbon.identity.framework</groupId>
            <artifactId>org.wso2.carbon.identity.base</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.opensaml</groupId>
+                    <artifactId>xmltooling</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.wso2.carbon.identity.framework</groupId>
@ -190,6 +188,12 @@
        <dependency>
            <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
            <artifactId>org.wso2.carbon.identity.oauth</artifactId>
+            <!--<exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+            </exclusions>-->
        </dependency>
        <dependency>
            <groupId>org.wso2.carbon</groupId>
@ -258,6 +262,16 @@
            <artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-nop</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.testing.osgi-mock</artifactId>
+            <scope>test</scope>
+        </dependency>
    </dependencies>

 </project>
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.certificate.mgt.core.bean.Certificate;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.util.KeyStoreManager;
 import org.wso2.carbon.registry.core.exceptions.RegistryException;
@ -100,7 +101,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
            requestUri = "";
        }
        StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
-        String context = tokenizer.nextToken();
+        String context = tokenizer.hasMoreTokens() ? tokenizer.nextToken() : null;
        if (context == null || "".equals(context)) {
            authenticationInfo.setStatus(Status.CONTINUE);
        }
@ -114,7 +115,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
            issuer = jwsObject.getJWTClaimsSet().getIssuer();
        } catch (ParseException e) {
            log.error("Error occurred while parsing JWT header.", e);
-            return null;
+            authenticationInfo.setMessage("Error occured while parsing JWT header");
+            return authenticationInfo;
        }
        try {

@ -135,7 +137,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
                        String trustStorePassword = serverConfig.getFirstProperty(
                                DEFAULT_TRUST_STORE_PASSWORD);
                        keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
-                        publicKey = keyStore.getCertificate(alias).getPublicKey();
+                        java.security.cert.Certificate certificate = keyStore.getCertificate(alias);
+                        publicKey = certificate == null ? null : certificate.getPublicKey();
                    } else {
                        authenticationInfo.setStatus(Status.FAILURE);
                        return  authenticationInfo;
@ -157,26 +160,25 @@ public class JWTAuthenticator implements WebappAuthenticator {
            }
            if (verifier != null && jwsObject.verify(verifier)) {
                username = MultitenantUtils.getTenantAwareUsername(username);
-                if (tenantId == -1) {
-                    log.error("tenantDomain is not valid. username : " + username + ", tenantDomain " +
-                            ": " + tenantDomain);
+                UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
+                        getTenantUserRealm(tenantId).getUserStoreManager();
+                if (userStore.isExistingUser(username)) {
+                    authenticationInfo.setTenantId(tenantId);
+                    authenticationInfo.setUsername(username);
+                    authenticationInfo.setTenantDomain(tenantDomain);
+                    authenticationInfo.setStatus(Status.CONTINUE);
                } else {
-                    UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
-                            getTenantUserRealm(tenantId).getUserStoreManager();
-                    if (userStore.isExistingUser(username)) {
-                        authenticationInfo.setTenantId(tenantId);
-                        authenticationInfo.setUsername(username);
-                        authenticationInfo.setTenantDomain(tenantDomain);
-                        authenticationInfo.setStatus(Status.CONTINUE);
-                    }
+                    authenticationInfo.setStatus(Status.FAILURE);
                }
            } else {
                authenticationInfo.setStatus(Status.FAILURE);
            }
        } catch (UserStoreException e) {
            log.error("Error occurred while obtaining the user.", e);
+            authenticationInfo.setStatus(Status.FAILURE);
        }  catch (Exception e) {
            log.error("Error occurred while verifying the JWT header.", e);
+            authenticationInfo.setStatus(Status.FAILURE);
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticatorTest.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticatorTest.java
@ -1,3 +1,21 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.wso2.carbon.webapp.authenticator.framework.authenticator;

 import org.apache.catalina.connector.Request;
@ -11,13 +29,9 @@ import org.wso2.carbon.identity.jwt.client.extension.dto.JWTConfig;
 import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
 import org.wso2.carbon.identity.jwt.client.extension.util.JWTClientUtil;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
-import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder;
-import org.wso2.carbon.webapp.authenticator.framework.util.TestTenantIndexingLoader;
-import org.wso2.carbon.webapp.authenticator.framework.util.TestTenantRegistryLoader;

 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.net.URL;
@ -30,6 +44,8 @@ public class JWTAuthenticatorTest {
    private Field headersField;
    private final String JWT_HEADER = "X-JWT-Assertion";
    private String jwtToken;
+    private String wrongJwtToken;
+    private String jwtTokenWithWrongUser;
    private static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
    private static final String SIGNED_JWT_AUTH_TENANT_ID = "http://wso2.org/claims/enduserTenantId";
    private Properties properties;
@ -39,9 +55,6 @@ public class JWTAuthenticatorTest {
    @BeforeClass
    public void setup() throws NoSuchFieldException, IOException, JWTClientException {
        jwtAuthenticator = new JWTAuthenticator();
-        properties = new Properties();
-        properties.setProperty(ISSUER, ALIAS);
-        jwtAuthenticator.setProperties(properties);
        headersField = org.apache.coyote.Request.class.getDeclaredField("headers");
        headersField.setAccessible(true);
        ClassLoader classLoader = getClass().getClassLoader();
@ -60,9 +73,17 @@ public class JWTAuthenticatorTest {
        customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin");
        customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID));
        jwtToken = JWTClientUtil.generateSignedJWTAssertion("admin", jwtConfig, false, customClaims);
+        customClaims = new HashMap<>();
+        customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin");
+        customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, "-1");
+        wrongJwtToken = JWTClientUtil.generateSignedJWTAssertion("admin", jwtConfig, false, customClaims);
+        customClaims = new HashMap<>();
+        customClaims.put(SIGNED_JWT_AUTH_USERNAME, "notexisting");
+        customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID));
+        jwtTokenWithWrongUser = JWTClientUtil.generateSignedJWTAssertion("notexisting", jwtConfig, false, customClaims);
    }

-    @Test(description = "This method tests the get methods in the JWTAuthenticator")
+    @Test(description = "This method tests the get methods in the JWTAuthenticator", dependsOnMethods = "testAuthenticate")
    public void testGetMethods() {
        Assert.assertEquals(jwtAuthenticator.getName(), "JWT", "GetName method returns wrong value");
        Assert.assertNotNull(jwtAuthenticator.getProperties(), "Properties are not properly added to JWT "
@ -87,8 +108,61 @@ public class JWTAuthenticatorTest {
        Assert.assertTrue(jwtAuthenticator.canHandle(request));
    }

-    @Test(description = "This method tests authenticate method under the successful condition")
+    @Test(description = "This method tests authenticate method under the successful condition", dependsOnMethods =
+            {"testAuthentiateFailureScenarios"})
    public void testAuthenticate() throws IllegalAccessException, NoSuchFieldException {
+        Request request = createJWTRequest(jwtToken, "test");
+        AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo.getUsername(), "Proper authentication request is not properly "
+                + "authenticated by the JWTAuthenticator");
+    }
+
+    @Test(description = "This method tests the authenticate method under failure conditions")
+    public void testAuthentiateFailureScenarios() throws NoSuchFieldException, IllegalAccessException {
+        Request request = createJWTRequest("test", "");
+        AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
+
+        request = createJWTRequest(jwtToken, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
+
+        properties = new Properties();
+        properties.setProperty(ISSUER, "test");
+        jwtAuthenticator.setProperties(properties);
+        request = createJWTRequest(jwtToken, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
+                "Un authenticated request does not contain status as failure");
+
+        properties = new Properties();
+        properties.setProperty(ISSUER, ALIAS);
+        jwtAuthenticator.setProperties(properties);
+
+        request = createJWTRequest(wrongJwtToken, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
+                "Un authenticated request does not contain status as failure");
+
+        request = createJWTRequest(jwtTokenWithWrongUser, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
+                "Un authenticated request does not contain status as failure");
+    }
+
+
+    /**
+     * To create a JWT request with the given jwt header.
+     *  @param jwtToken JWT token to be added to the header
+     * @param requestUri Request URI to be added to the request.
+     */
+    private Request createJWTRequest(String jwtToken, String requestUri)
+            throws IllegalAccessException, NoSuchFieldException {
        Request request = new Request();
        org.apache.coyote.Request coyoteRequest = new org.apache.coyote.Request();
        MimeHeaders mimeHeaders = new MimeHeaders();
@ -98,12 +172,12 @@ public class JWTAuthenticatorTest {
        Field uriMB = org.apache.coyote.Request.class.getDeclaredField("uriMB");
        uriMB.setAccessible(true);
        bytes = MessageBytes.newInstance();
-        bytes.setString("test");
+        bytes.setString(requestUri);
        uriMB.set(coyoteRequest, bytes);
        request.setCoyoteRequest(coyoteRequest);

-        AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
-        Assert.assertNotNull(authenticationInfo.getUsername(), "Proper authentication request is not properly "
-                + "authenticated by the JWTAuthenticator");
+        return request;
    }
+
+
 }
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponentTest.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponentTest.java
@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.webapp.authenticator.framework.internal;
+
+import org.apache.sling.testing.mock.osgi.MockOsgi;
+import org.testng.annotations.Test;
+
+/**
+ * This is a test class for {@link WebappAuthenticatorFrameworkServiceComponent}
+ */
+public class WebappAuthenticatorFrameworkServiceComponentTest {
+
+    @Test(description = "This method tests whether the bundle activator does not throw any exceptions, even under "
+            + "possible exception scenarios")
+    public void testActivateWithException() {
+        WebappAuthenticatorFrameworkServiceComponent webappAuthenticatorFrameworkServiceComponent = new
+                WebappAuthenticatorFrameworkServiceComponent();
+        webappAuthenticatorFrameworkServiceComponent.activate(null);
+    }
+
+    @Test(description = "This method tests whether bundle activation succeed with the proper confitions.")
+    public void testActivateWithoutExceptions() {
+        WebappAuthenticatorFrameworkServiceComponent webappAuthenticatorFrameworkServiceComponent = new
+                WebappAuthenticatorFrameworkServiceComponent();
+        webappAuthenticatorFrameworkServiceComponent.activate(MockOsgi.newComponentContext());
+    }
+}
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/testng.xml
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/testng.xml
@ -22,7 +22,7 @@
 <suite name="WebappAuthenticatorFramework">
    <parameter name="useDefaultListeners" value="false"/>

-    <test name="WebappAuthenticatorTests" preserve-order="true">
+    <test name="WebappAuthenticatorTests" parallel="false">
        <classes>
            <class name="org.wso2.carbon.webapp.authenticator.framework.BaseWebAppAuthenticatorFrameworkTest"/>
            <class name="org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorConfigTest"/>
@ -32,6 +32,7 @@
            <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticatorTest" />
            <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.OauthAuthenticatorTest" />
            <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticatorTest" />
+            <class name="org.wso2.carbon.webapp.authenticator.framework.internal.WebappAuthenticatorFrameworkServiceComponentTest"/>
        </classes>
    </test>

--- a/pom.xml
+++ b/pom.xml
@ -1568,6 +1568,12 @@
                    </exclusion>
                </exclusions>
            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-nop</artifactId>
+                <scope>test</scope>
+                <version>${slf4j.nop.version}</version>
+            </dependency>
        </dependencies>
    </dependencyManagement>

@ -2005,6 +2011,7 @@
        <ant.contrib.version>1.0b3</ant.contrib.version>
        <power.mock.version>1.7.0</power.mock.version>
        <commons.dbcp.version>1.4.0.wso2v1</commons.dbcp.version>
+        <slf4j.nop.version>1.7.25</slf4j.nop.version>

    </properties>