/
DefaultOAuthConfigTest.java
118 lines (95 loc) · 4.87 KB
/
DefaultOAuthConfigTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/*
* Copyright (c) 2017 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.gateway.service.util.config.security;
import static org.mutabilitydetector.unittesting.AllowedReason.assumingFields;
import static org.mutabilitydetector.unittesting.AllowedReason.provided;
import static org.mutabilitydetector.unittesting.MutabilityAssert.assertInstancesOf;
import static org.mutabilitydetector.unittesting.MutabilityMatchers.areImmutable;
import java.time.Duration;
import java.util.Collections;
import java.util.List;
import org.assertj.core.api.JUnitSoftAssertions;
import org.eclipse.ditto.policies.model.SubjectIssuer;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import nl.jqno.equalsverifier.EqualsVerifier;
/**
* Unit test for {@link DefaultOAuthConfig}.
*/
public final class DefaultOAuthConfigTest {
private static Config oauthConfig;
@Rule
public final JUnitSoftAssertions softly = new JUnitSoftAssertions();
@BeforeClass
public static void initTestFixture() {
oauthConfig = ConfigFactory.load("oauth-test");
}
@Test
public void assertImmutability() {
assertInstancesOf(DefaultOAuthConfig.class, areImmutable(),
provided(SubjectIssuer.class).isAlsoImmutable(),
assumingFields("openIdConnectIssuers").areSafelyCopiedUnmodifiableCollectionsWithImmutableElements(),
assumingFields(
"openIdConnectIssuersExtension").areSafelyCopiedUnmodifiableCollectionsWithImmutableElements()
);
}
@Test
public void testHashCodeAndEquals() {
EqualsVerifier.forClass(DefaultOAuthConfig.class)
.usingGetClass()
.verify();
}
@Test
public void underTestReturnsDefaultValuesIfBaseConfigWasEmpty() {
final DefaultOAuthConfig underTest = DefaultOAuthConfig.of(ConfigFactory.empty());
softly.assertThat(underTest.getProtocol()).isEqualTo("https");
softly.assertThat(underTest.getAllowedClockSkew()).isEqualTo(Duration.ofSeconds(10));
softly.assertThat(underTest.getOpenIdConnectIssuers())
.as(OAuthConfig.OAuthConfigValue.OPENID_CONNECT_ISSUERS.getConfigPath())
.isEqualTo(OAuthConfig.OAuthConfigValue.OPENID_CONNECT_ISSUERS.getDefaultValue());
softly.assertThat(underTest.getOpenIdConnectIssuers())
.as(OAuthConfig.OAuthConfigValue.OPENID_CONNECT_ISSUERS_EXTENSION.getConfigPath())
.isEqualTo(OAuthConfig.OAuthConfigValue.OPENID_CONNECT_ISSUERS_EXTENSION.getDefaultValue());
softly.assertThat(underTest.getTokenIntegrationSubject())
.isEqualTo(OAuthConfig.OAuthConfigValue.TOKEN_INTEGRATION_SUBJECT.getDefaultValue());
}
@Test
public void underTestReturnsValuesOfConfigFile() {
final DefaultOAuthConfig underTest = DefaultOAuthConfig.of(oauthConfig);
softly.assertThat(underTest.getProtocol()).isEqualTo("http");
softly.assertThat(underTest.getAllowedClockSkew()).isEqualTo(Duration.ofSeconds(20));
softly.assertThat(underTest.getOpenIdConnectIssuers())
.as(OAuthConfig.OAuthConfigValue.OPENID_CONNECT_ISSUERS.getConfigPath())
.isEqualTo(
Collections.singletonMap(
SubjectIssuer.newInstance("google"),
DefaultSubjectIssuerConfig.of(
"https://accounts.google.com",
List.of(
"{{ jwt:sub }}",
"{{ jwt:sub }}/{{ jwt:scope }}",
"{{ jwt:sub }}/{{ jwt:scope }}@{{ jwt:client_id }}",
"{{ jwt:sub }}/{{ jwt:scope }}@{{ jwt:non_existing }}",
"{{ jwt:roles/support }}"
))));
softly.assertThat(underTest.getOpenIdConnectIssuersExtension())
.as(OAuthConfig.OAuthConfigValue.OPENID_CONNECT_ISSUERS_EXTENSION.getConfigPath())
.isEqualTo(Collections.singletonMap(
SubjectIssuer.newInstance("additional"),
DefaultSubjectIssuerConfig.of("https://additional.google.com", List.of("{{ jwt:sub }}"))));
softly.assertThat(underTest.getTokenIntegrationSubject()).isEqualTo("ditto:ditto");
}
}