-
Notifications
You must be signed in to change notification settings - Fork 215
/
ImmutableJsonWebTokenTest.java
116 lines (93 loc) · 4.36 KB
/
ImmutableJsonWebTokenTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/*
* Copyright (c) 2017 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.jwt.model;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mutabilitydetector.unittesting.AllowedReason.assumingFields;
import static org.mutabilitydetector.unittesting.AllowedReason.provided;
import static org.mutabilitydetector.unittesting.MutabilityAssert.assertInstancesOf;
import static org.mutabilitydetector.unittesting.MutabilityMatchers.areImmutable;
import java.time.Instant;
import java.util.Base64;
import org.eclipse.ditto.base.model.auth.AuthorizationSubject;
import org.junit.Test;
import nl.jqno.equalsverifier.EqualsVerifier;
/**
* Unit test for {@link ImmutableJsonWebToken}.
* Tokens can be decrypted at https://jwt.io
*/
public final class ImmutableJsonWebTokenTest {
@Test
public void assertImmutability() {
assertInstancesOf(ImmutableJsonWebToken.class,
areImmutable(),
provided(AuthorizationSubject.class).areAlsoImmutable(),
assumingFields("authorizationSubjects", "authorizationSubjectsWithPrefixes")
.areSafelyCopiedUnmodifiableCollectionsWithImmutableElements());
}
@Test
public void testHashCodeAndEquals() {
EqualsVerifier.forClass(ImmutableJsonWebToken.class)
.usingGetClass()
.withRedefinedSuperclass()
.verify();
}
@Test
public void tryToCreateInstanceFromEmptyTokenString() {
assertThatExceptionOfType(IllegalArgumentException.class)
.isThrownBy(() -> ImmutableJsonWebToken.fromAuthorization(""))
.withNoCause();
}
@Test
public void tryToParseTokenFromMissingAuthorization() {
assertThatExceptionOfType(JwtInvalidException.class)
.isThrownBy(() -> ImmutableJsonWebToken.fromAuthorization("Authorization"))
.withNoCause();
}
@Test
public void tryToParseTokenFromInvalidAuthorization() {
assertThatExceptionOfType(JwtInvalidException.class)
.isThrownBy(() -> ImmutableJsonWebToken.fromAuthorization("Authorization foo"));
}
@Test
public void tryToParseTokenWithMissingSignature() {
final String header = "{\"header\":\"value\"}";
final String payload = "{\"payload\":\"foo\"}";
final String authorizationHeader = "Bearer " + base64(header) + "." + base64(payload);
assertThatExceptionOfType(JwtInvalidException.class)
.isThrownBy(() -> ImmutableJsonWebToken.fromAuthorization(authorizationHeader));
}
@Test
public void parseToken() {
final String header = "{\"header\":\"value\"}";
final String payload = "{\"payload\":\"foo\"}";
final String signature = "{\"signature\":\"foo\"}";
final String authorizationHeader = "Bearer " + base64(header) + "." + base64(payload) + "." + base64(signature);
final JsonWebToken immutableJsonWebToken = ImmutableJsonWebToken.fromAuthorization(authorizationHeader);
assertThat(immutableJsonWebToken.getHeader().toString()).isEqualTo(header);
assertThat(immutableJsonWebToken.getBody().toString()).isEqualTo(payload);
assertThat(immutableJsonWebToken.getSignature()).isEqualTo(base64(signature));
}
@Test
public void checkTokenExpiration() {
final String header = "{\"header\":\"value\"}";
final String payload = String.format("{\"exp\":%d}", Instant.now().getEpochSecond());
final String signature = "{\"signature\":\"foo\"}";
final String authorizationHeader = "Bearer " + base64(header) + "." + base64(payload) + "." + base64(signature);
final JsonWebToken expiredJsonWebToken = ImmutableJsonWebToken.fromAuthorization(authorizationHeader);
assertThat(expiredJsonWebToken.isExpired()).isEqualTo(true);
}
private static String base64(final String value) {
return new String(Base64.getUrlEncoder().encode(value.getBytes()));
}
}