Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TEST-198 Refactor JsonWebToken API in MP TCK Runner JWT Auth #4054

Merged
merged 10 commits into from Jul 4, 2019
Merged

TEST-198 Refactor JsonWebToken API in MP TCK Runner JWT Auth #4054

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
deb44da
Merge pull request #9 from payara/master
AlanRoth Jun 7, 2019
a8e092a
Moved TokenParser class from MP TCK to Payara Server
AlanRoth Jun 12, 2019
7954535
Moved TokenParser and made slight changes to compatability
AlanRoth Jun 12, 2019
4f5708c
License date
AlanRoth Jun 17, 2019
c930adc
Added null check
AlanRoth Jun 19, 2019
c901b47
Fixed null check
AlanRoth Jun 19, 2019
c19658a
Added MockPrefix
AlanRoth Jul 3, 2019
a1c9d8e
Added Mock JWT parser
AlanRoth Jul 3, 2019
5c9ccd0
Reverted a change
AlanRoth Jul 3, 2019
0e00ba8
Formatting suggestions
AlanRoth Jul 3, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 3 additions & 7 deletions ...uth/src/main/java/fish/payara/microprofile/jwtauth/eesecurity/SignedJWTIdentityStore.java
View file
Open in desktop
@@ -1,7 +1,7 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2017-2018 Payara Foundation and/or its affiliates. All rights reserved.
* Copyright (c) 2017-2019 Payara Foundation and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
Expand Down Expand Up @@ -113,12 +113,8 @@ public CredentialValidationResult validate(SignedJWTCredential signedJWTCredenti
throw new IllegalStateException("No PublicKey found");
}

JsonWebTokenImpl jsonWebToken
= jwtTokenParser.parse(
signedJWTCredential.getSignedJWT(),
acceptedIssuer,
publicKey.get()
);
jwtTokenParser.parse(signedJWTCredential.getSignedJWT());
JsonWebTokenImpl jsonWebToken = jwtTokenParser.verify(acceptedIssuer, publicKey.get());

List<String> groups = new ArrayList<>(
jsonWebToken.getClaim("groups"));
Expand Down
20 changes: 16 additions & 4 deletions ...roprofile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/jwt/JwtTokenParser.java
View file
Open in desktop
@@ -1,7 +1,7 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2017-2018 Payara Foundation and/or its affiliates. All rights reserved.
* Copyright (c) 2017-2019 Payara Foundation and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
Expand Down Expand Up @@ -72,6 +72,9 @@ public class JwtTokenParser {
private final boolean enableNamespacedClaims;
private final Optional<String> customNamespace;

private String rawToken;
private SignedJWT signedJWT;
AlanRoth marked this conversation as resolved.
Show resolved Hide resolved

public JwtTokenParser(Optional<Boolean> enableNamespacedClaims, Optional<String> customNamespace) {
this.enableNamespacedClaims = enableNamespacedClaims.orElse(false);
this.customNamespace = customNamespace;
Expand All @@ -81,8 +84,17 @@ public JwtTokenParser() {
this(Optional.empty(), Optional.empty());
}

public JsonWebTokenImpl parse(String bearerToken, String issuer, PublicKey publicKey) throws Exception {
SignedJWT signedJWT = SignedJWT.parse(bearerToken);
public void parse(String bearerToken) throws Exception {
rawToken = bearerToken;
signedJWT = SignedJWT.parse(rawToken);

if(!checkIsJWT(signedJWT.getHeader())){
AlanRoth marked this conversation as resolved.
Show resolved Hide resolved
throw new IllegalStateException("Not JWT");
}
}

public JsonWebTokenImpl verify(String issuer, PublicKey publicKey) throws Exception {
SignedJWT signedJWT = SignedJWT.parse(rawToken);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't feel great about the ambiguity of this local variable having the same name as the signedJWT variable at line 76 - could it have a slightly different name?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

signedJWT2? I don't think its worth the change as #3799 is refactoring this class, I just did the minimum to make it function for now with the least amount of changes; #3799 is due for a merge shortly after this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That line can be removed and a null check added - as you should call parse before calling verify


// MP-JWT 1.0 4.1 typ
if (!checkIsJWT(signedJWT.getHeader())) {
Expand Down Expand Up @@ -127,7 +139,7 @@ public JsonWebTokenImpl parse(String bearerToken, String issuer, PublicKey publi

rawClaims.put(
raw_token.name(),
createObjectBuilder().add("token", bearerToken).build().get("token"));
createObjectBuilder().add("token", rawToken).build().get("token"));

return new JsonWebTokenImpl(callerPrincipalName, rawClaims);
}
Expand Down
69 changes: 69 additions & 0 deletions ...microprofile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/tck/TokenParser.java
View file
Open in desktop
@@ -0,0 +1,69 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2017-2019 Payara Foundation and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://github.com/payara/Payara/blob/master/LICENSE.txt
* See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at glassfish/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* The Payara Foundation designates this particular file as subject to the "Classpath"
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package fish.payara.microprofile.jwtauth.tck;

import java.security.PublicKey;
import org.eclipse.microprofile.jwt.JsonWebToken;
import fish.payara.microprofile.jwtauth.jwt.JwtTokenParser;

/**
*
* * This implements the artefact mandated by the MP-JWT TCK for offline
* (outside container) testing
* of the token parser.
*
* @author Arjan Tijms
*
*/
public class TokenParser {

private final JwtTokenParser jwtTokenParser = new JwtTokenParser();

public JsonWebToken parse(String bearerToken, String issuer, PublicKey signedBy) throws Exception {
try {
jwtTokenParser.parse(bearerToken);
return jwtTokenParser.verify(issuer, signedBy);
} catch (Exception e) {
throw new IllegalStateException("", e);
}
}

}