diff options
Diffstat (limited to 'sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap')
7 files changed, 162 insertions, 17 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java index 1fbe43a07..ab6dc4ec2 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java @@ -41,6 +41,7 @@ import java.util.Optional; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.shiro.authc.BearerToken; import org.jolokia.osgi.security.Authenticator; import org.json.JSONArray; import org.junit.BeforeClass; @@ -49,6 +50,7 @@ import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient; import org.onap.ccsdk.features.sdnr.wt.common.test.ServletOutputStreamToByteArrayOutputStream; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.CustomObjectMapper; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet; @@ -57,7 +59,6 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlJsonMapper; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlXmlMapper; import org.opendaylight.aaa.api.IdMService; -import org.apache.shiro.authc.BearerToken; import org.opendaylight.mdsal.binding.api.DataBroker; import org.opendaylight.mdsal.binding.api.ReadTransaction; import org.opendaylight.mdsal.common.api.LogicalDatastoreType; @@ -84,14 +85,15 @@ public class TestAuthHttpServlet { // Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue("admin@sdn", "admin"))); @BeforeClass - public static void init() { + public static void init() throws IllegalArgumentException, Exception { try { Config config = createConfigFile(); tokenCreator = TokenCreator.getInstance(config); servlet = new TestServlet(); shiroConfiguration = loadShiroConfig(TESTSHIROCONFIGFILE); - } catch (IOException e) { + } catch (IOException | InvalidConfigurationException e) { + e.printStackTrace(); fail(e.getMessage()); } servlet.setDataBroker(dataBroker); @@ -124,7 +126,7 @@ public class TestAuthHttpServlet { return mapper.readValue(new File(filename), ShiroConfigurationBuilder.class).build(); } - private static Config createConfigFile() throws IOException { + private static Config createConfigFile() throws IOException, InvalidConfigurationException { return Config.getInstance(TESTCONFIGFILE); } @@ -351,7 +353,7 @@ public class TestAuthHttpServlet { private static final long serialVersionUID = 1L; - public TestServlet() throws IOException { + public TestServlet() throws IllegalArgumentException, Exception { super(); } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java index d07950de7..80ae8cf95 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java @@ -21,25 +21,60 @@ */ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import java.io.IOException; import org.junit.Test; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; public class TestConfig { public static String TEST_CONFIG_FILENAME = "src/test/resources/test.config.json"; public static String TEST_OOMCONFIG_FILENAME = "src/test/resources/oom.test.config.json"; + public static String TEST_RS256_FILENAME = "src/test/resources/test.configRS256.json"; + public static String TEST_RS256INVALID_FILENAME = "src/test/resources/test.configRS256-invalid.json"; + public static String TEST_RS512_FILENAME = "src/test/resources/test.configRS512.json"; + + @Test - public void test() throws IOException { + public void test() throws IOException, InvalidConfigurationException { Config config = Config.load(TEST_CONFIG_FILENAME); System.out.println("config="+config); + assertEquals(60*60,config.getTokenLifetime()); + assertNotNull(config.getAlgorithm()); + assertNotNull(config.getTokenSecret()); + //assertNotNull(config.getPublicKey()); + assertEquals(Config.TOKENALG_HS256, config.getAlgorithm()); } @Test - public void testOom() throws IOException { + public void testOom() throws IOException, InvalidConfigurationException { Config config = Config.load(TEST_OOMCONFIG_FILENAME); System.out.println("config="+config); + assertEquals(30*60,config.getTokenLifetime()); + + } + @Test + public void testRS256() throws IOException, InvalidConfigurationException { + + Config config = Config.load(TEST_RS256_FILENAME); + System.out.println("config="+config); + assertEquals(60*60,config.getTokenLifetime()); + + } + @Test + public void testRS512() throws IOException, InvalidConfigurationException { + + Config config = Config.load(TEST_RS512_FILENAME); + System.out.println("config="+config); + assertEquals(60*60,config.getTokenLifetime()); + + } + @Test(expected = InvalidConfigurationException.class) + public void testRS256Invalid() throws IOException, InvalidConfigurationException { + Config.load(TEST_RS256INVALID_FILENAME); } } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java index 65ef2cbd6..421b61919 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java @@ -40,8 +40,6 @@ public class TestDeserializer { final String token = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1OHNXaTF4QWxjT1pyelY4X0l2VjliMlJTaFdZUWV4aXZYUXNYLTFTME" + "RNIn0.eyJleHAiOjE2MTAzNjE2OTQsImlhdCI6MTYxMDM2MTM5NCwianRpIjoiOWRhOThmMTYtOTEyOS00N2NmLTgzOGQtNWQzYmVkYzYyZTJjIiwiaXNzIjoiaHR0cDovLzEwLjIwLjExLjE2MDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsInN1YiI6IjE4MzhjNGYyLTVmZTMtNGYwYy1iMmQyLWQzNjRiMjdhNDk5NyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFkbWluLWNsaSIsInNlc3Npb25fc3RhdGUiOiJjYzcxZmMxZi1hZGQ0LTRhODYtYWU1ZS1jMzRkZjQwM2M3NzIiLCJhY3IiOiIxIiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiJ9.PUT4NzCM1ej3sNMMCkQa1NuQQwDgn19G-OnWL4NgLvZ3ocJUZ1Yfr9KAPkrJHaiK_HXQqwTA-Ma6Qn7BBMoXNdFjwu0k_HpqyUbBDilGN4wpkGiUeS1p5SW4T_hnWJtwCJ5BYkEvF6WaEbi7MFCbEVO9LVcUvsa-7St1WZ8V8RVfbWgjAu7ejlxe6RYUDMYzIKDj5F5y1-qCyoKzGIjt5ajcA9FWrexHifLJECKO8ZG08Wp7xQld1sYPOdde6XHMwiyNelTwd_EzCBgUw_8664rETGDVtyfuYchowo5Z6fmn4U87L6EGjEuxiAE8f3USy_jh6UF0LnvyTyq_9I" + "M1VA"; - final String token2 = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1OHNXaTF4QWxjT1pyelY4X0l2VjliMlJTaFdZUWV4aXZYUXNYLTFTMERNIn0." - + "eyJleHAiOjE2MTAzNzA3MDcsImlhdCI6MTYxMDM3MDQwNywianRpIjoiMTczMmI0YzQtNDJlYS00ZWM4LTlhNjMtMTY2YTg4ZTk5ZjQ0IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsInN1YiI6IjE4MzhjNGYyLTVmZTMtNGYwYy1iMmQyLWQzNjRiMjdhNDk5NyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFkbWluLWNsaSIsInNlc3Npb25fc3RhdGUiOiJhZjVkYTk2NS1jYmIzLTQzOTYtYmNjNi1kZTBkMDUyOWMyNDgiLCJhY3IiOiIxIiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiJ9.G_1ByqQlPuJ6_5nuIECfY1VqGufzWQpnFKuOy8YPOOug_jJsIwhVo-JQJiKAxYbHbmDNLrpRJTFlSub0K-1AFyxMw0k_W_YLV0dOTqIakVMTKk9obHFAYtthvhdbt5zb9-33OdCRMMKjA-arj8UeOLEAeFkaeYYBARCD4mEnMFG0vzEiovCCD-jXsfISiS-lOYnCd3hWK8e0brk_bvauxS9W4Z6nptE2564wshe9N_j9-3bQRRAHiAt6f755PhbYgJAu87GdA0bLh_TDe6fie-03goIFMssHoq4n67i-8501UoIG_LccijnfexCS-YwxkfTLbz5d8PvsNadqvFlvig"; final String response = "{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1OHNXaTF4QWxjT1pyelY4X0l2VjliMlJTaFdZUWV4aXZYUXNYLTFTME" + "RNIn0.eyJleHAiOjE2MTAzNjE2OTQsImlhdCI6MTYxMDM2MTM5NCwianRpIjoiOWRhOThmMTYtOTEyOS00N2NmLTgzOGQtNWQzYmVkYzYyZTJjIiwiaXNzIjoiaHR0cDovLzEwLjIwLjExLjE2MDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsInN1YiI6IjE4MzhjNGYyLTVmZTMtNGYwYy1iMmQyLWQzNjRiMjdhNDk5NyIsInR5cCI6IkJlYXJlciIsImF6cCI6I" diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java index 6c46ed25f..dda3ba1e0 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java @@ -41,6 +41,7 @@ import javax.servlet.http.HttpServletResponse; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.GitlabProviderService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; @@ -57,9 +58,9 @@ public class TestGitlabAuthService { private static final String REDIRECT_URI = "/odlux/token?"; @BeforeClass - public static void init() { + public static void init() throws IllegalArgumentException, Exception { - TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer"); + TokenCreator tokenCreator = TokenCreator.getInstance(Config.TOKENALG_HS256, TOKENCREATOR_SECRET, "issuer", 30*60); OAuthProviderConfig config = new OAuthProviderConfig("git", GITURL, null, "odlux.app", OAUTH_SECRET, "openid", "gitlab test", "", false); oauthService = new GitlabProviderServiceToTest(config, REDIRECT_URI, tokenCreator); @@ -160,7 +161,6 @@ public class TestGitlabAuthService { final String uri = t.getRequestURI().toString(); System.out.println(String.format("req received: %s %s", method, t.getRequestURI())); OutputStream os = null; - String response = ""; try { if (method.equals("GET")) { if (uri.equals(GITLAB_USER_ENDPOINT)) { diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java index 30b24af03..e4c5e4d82 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java @@ -41,6 +41,7 @@ import javax.servlet.http.HttpServletResponse; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.KeycloakProviderService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; @@ -57,9 +58,9 @@ public class TestKeycloakAuthService { private static final String REDIRECT_URI = "/odlux/token?"; @BeforeClass - public static void init() { + public static void init() throws IllegalArgumentException, Exception { - TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer"); + TokenCreator tokenCreator = TokenCreator.getInstance(Config.TOKENALG_HS256, TOKENCREATOR_SECRET, "issuer", 30*60); OAuthProviderConfig config = new OAuthProviderConfig("kc", KEYCLOAKURL, null, "odlux.app", OAUTH_SECRET, "openid", "keycloak test", "onap", false); oauthService = new KeycloakProviderServiceToTest(config, REDIRECT_URI, tokenCreator); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java new file mode 100644 index 000000000..84d8e0a96 --- /dev/null +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java @@ -0,0 +1,108 @@ +/* + * ============LICENSE_START======================================================= + * ONAP : ccsdk features + * ================================================================================ + * Copyright (C) 2020 highstreet technologies GmbH Intellectual Property. + * All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + */ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test; + +import static org.junit.Assert.fail; +import com.auth0.jwt.JWT; +import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.exceptions.JWTVerificationException; +import com.auth0.jwt.interfaces.JWTVerifier; +import java.io.IOException; +import java.security.Security; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.Date; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.BeforeClass; +import org.junit.Test; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.RSAKeyReader; + +/** + * + * @author jack + * + */ +public class TestRSAAlgorithms { + + private static final String ISSUER = "jwttest"; + private static final String SUBJECT = "meandmymonkey"; + + @BeforeClass + public static void init() { + Security.addProvider( + new BouncyCastleProvider() + ); + } + + /** + * private and public key were generated in ubuntu 20.04 with + * $ ssh-keygen -t rsa -b 4096 -m PEM -P "" -f jwtRS512.key + * $ openssl rsa -in jwtRS512.key -pubout -outform PEM -out jwtRS512.key.pub + */ + @Test + public void testRSA512() { + RSAPrivateKey privKey = null; + RSAPublicKey pubKey = null; + try { + privKey = RSAKeyReader.getPrivateKey("file://src/test/resources/jwtRS512.key"); + pubKey = RSAKeyReader.getPublicKey("file://src/test/resources/jwtRS512.key.pub"); + } catch (IOException e) { + e.printStackTrace(); + fail(e.getMessage()); + } + verifyAlg(Algorithm.RSA512(pubKey, privKey)); + } + + /** + * private and public key were generated in ubuntu 20.04 with + * $ openssl genrsa 2048 -out rsa-2048bit-jwtRS256.key + * $ openssl rsa -in jwtRS256.key -pubout > jwtRS256.key.pub + */ + @Test + public void testRSA256() { + RSAPrivateKey privKey = null; + RSAPublicKey pubKey = null; + try { + privKey = RSAKeyReader.getPrivateKey("file://src/test/resources/jwtRS256.key"); + pubKey = RSAKeyReader.getPublicKey("file://src/test/resources/jwtRS256.key.pub"); + } catch (IOException e) { + e.printStackTrace(); + fail(e.getMessage()); + } + verifyAlg(Algorithm.RSA512(pubKey, privKey)); + } + + private static void verifyAlg(Algorithm a) { + long now = new Date().getTime(); + final String token = JWT.create().withIssuer(ISSUER).withExpiresAt(new Date(now+10000)) + .withIssuedAt(new Date(now)) + .withSubject(SUBJECT) + .sign(a); + try { + JWTVerifier verifier = JWT.require(a).withIssuer(ISSUER).build(); + verifier.verify(token); + + } catch (JWTVerificationException e) { + fail(e.getMessage()); + } + } +} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java index 4b2011836..c08f395fb 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java @@ -34,6 +34,7 @@ import java.util.List; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.BearerToken; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.subject.PrincipalCollection; @@ -44,7 +45,6 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal; -import org.apache.shiro.authc.BearerToken; import org.opendaylight.aaa.shiro.tokenauthrealm.auth.AuthenticationManager; import org.opendaylight.aaa.shiro.tokenauthrealm.auth.TokenAuthenticators; import org.opendaylight.aaa.shiro.web.env.ThreadLocals; @@ -55,7 +55,7 @@ public class TestRealm { private static TokenCreator tokenCreator; @BeforeClass - public static void init() { + public static void init() throws IllegalArgumentException, Exception { ThreadLocals.AUTH_SETVICE_TL.set(new AuthenticationManager()); ThreadLocals.TOKEN_AUTHENICATORS_TL.set(new TokenAuthenticators()); try { @@ -135,6 +135,7 @@ public class TestRealm { fail(e.getMessage()); } //odl token use case + ai=null; atoken = new UsernamePasswordToken("admin", "admin"); try { ai = realm.doGetAuthenticationInfo(atoken); @@ -155,7 +156,7 @@ public class TestRealm { public static class OAuth2RealmToTest extends OAuth2Realm { - public OAuth2RealmToTest() throws IOException { + public OAuth2RealmToTest() throws IllegalArgumentException, Exception { super(); } |