TEST-198 Refactor JsonWebToken API in MP TCK Runner JWT Auth

payara · Jul 4, 2019 · cd17fdf · cd17fdf
2 parents 9abf9ce + 0e00ba8
commit cd17fdf
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 11 deletions.
diff --git a/...uth/src/main/java/fish/payara/microprofile/jwtauth/eesecurity/SignedJWTIdentityStore.java b/...uth/src/main/java/fish/payara/microprofile/jwtauth/eesecurity/SignedJWTIdentityStore.java
@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2017-2018 Payara Foundation and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017-2019 Payara Foundation and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -113,12 +113,8 @@ public CredentialValidationResult validate(SignedJWTCredential signedJWTCredenti
                 throw new IllegalStateException("No PublicKey found");
             }
 
-            JsonWebTokenImpl jsonWebToken
-                    = jwtTokenParser.parse(
-                            signedJWTCredential.getSignedJWT(),
-                            acceptedIssuer,
-                            publicKey.get()
-                    );
+            jwtTokenParser.parse(signedJWTCredential.getSignedJWT());
+            JsonWebTokenImpl jsonWebToken = jwtTokenParser.verify(acceptedIssuer, publicKey.get());
 
             List<String> groups = new ArrayList<>(
                     jsonWebToken.getClaim("groups"));

diff --git a/...roprofile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/jwt/JwtTokenParser.java b/...roprofile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/jwt/JwtTokenParser.java
@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2017-2018 Payara Foundation and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017-2019 Payara Foundation and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -72,6 +72,9 @@ public class JwtTokenParser {
     private final boolean enableNamespacedClaims;
     private final Optional<String> customNamespace;
 
+    private String rawToken;
+    private SignedJWT signedJWT;
+
     public JwtTokenParser(Optional<Boolean> enableNamespacedClaims, Optional<String> customNamespace) {
         this.enableNamespacedClaims = enableNamespacedClaims.orElse(false);
         this.customNamespace = customNamespace;
@@ -81,8 +84,19 @@ public JwtTokenParser() {
         this(Optional.empty(), Optional.empty());
     }
 
-    public JsonWebTokenImpl parse(String bearerToken, String issuer, PublicKey publicKey) throws Exception {
-        SignedJWT signedJWT = SignedJWT.parse(bearerToken);
+    public void parse(String bearerToken) throws Exception {
+        rawToken = bearerToken;
+        signedJWT = SignedJWT.parse(rawToken);
+
+        if (!checkIsJWT(signedJWT.getHeader())) {
+            throw new IllegalStateException("Not JWT");
+        }
+    }
+
+    public JsonWebTokenImpl verify(String issuer, PublicKey publicKey) throws Exception {
+        if (signedJWT == null) {
+            parse(rawToken);
+        }
 
         // MP-JWT 1.0 4.1 typ
         if (!checkIsJWT(signedJWT.getHeader())) {
@@ -127,7 +141,7 @@ public JsonWebTokenImpl parse(String bearerToken, String issuer, PublicKey publi
 
             rawClaims.put(
                     raw_token.name(),
-                    createObjectBuilder().add("token", bearerToken).build().get("token"));
+                    createObjectBuilder().add("token", rawToken).build().get("token"));
 
             return new JsonWebTokenImpl(callerPrincipalName, rawClaims);
         }

diff --git a/...oprofile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/tck/MockTokenParser.java b/...oprofile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/tck/MockTokenParser.java
@@ -0,0 +1,69 @@
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ *
+ * Copyright (c) 2017-2019 Payara Foundation and/or its affiliates. All rights reserved.
+ *
+ * The contents of this file are subject to the terms of either the GNU
+ * General Public License Version 2 only ("GPL") or the Common Development
+ * and Distribution License("CDDL") (collectively, the "License").  You
+ * may not use this file except in compliance with the License.  You can
+ * obtain a copy of the License at
+ * https://github.com/payara/Payara/blob/master/LICENSE.txt
+ * See the License for the specific
+ * language governing permissions and limitations under the License.
+ *
+ * When distributing the software, include this License Header Notice in each
+ * file and include the License file at glassfish/legal/LICENSE.txt.
+ *
+ * GPL Classpath Exception:
+ * The Payara Foundation designates this particular file as subject to the "Classpath"
+ * exception as provided by the Payara Foundation in the GPL Version 2 section of the License
+ * file that accompanied this code.
+ *
+ * Modifications:
+ * If applicable, add the following below the License Header, with the fields
+ * enclosed by brackets [] replaced by your own identifying information:
+ * "Portions Copyright [year] [name of copyright owner]"
+ *
+ * Contributor(s):
+ * If you wish your version of this file to be governed by only the CDDL or
+ * only the GPL Version 2, indicate your decision by adding "[Contributor]
+ * elects to include this software in this distribution under the [CDDL or GPL
+ * Version 2] license."  If you don't indicate a single choice of license, a
+ * recipient has the option to distribute your version of this file under
+ * either the CDDL, the GPL Version 2 or to extend the choice of license to
+ * its licensees as provided above.  However, if you add GPL Version 2 code
+ * and therefore, elected the GPL Version 2 license, then the option applies
+ * only if the new code is made subject to such option by the copyright
+ * holder.
+ */
+package fish.payara.microprofile.jwtauth.tck;
+
+import java.security.PublicKey;
+import org.eclipse.microprofile.jwt.JsonWebToken;
+import fish.payara.microprofile.jwtauth.jwt.JwtTokenParser;
+
+/**
+ *
+ *  * This implements the artefact mandated by the MP-JWT TCK for offline
+ * (outside container) testing
+ * of the token parser.
+ *
+ * @author Arjan Tijms
+ *
+ */
+public class MockTokenParser {
+
+    private final JwtTokenParser jwtTokenParser = new JwtTokenParser();
+
+    public JsonWebToken parse(String bearerToken, String issuer, PublicKey signedBy) throws Exception {
+        try {
+            jwtTokenParser.parse(bearerToken);
+            return jwtTokenParser.verify(issuer, signedBy);
+        } catch (Exception e) {
+            throw new IllegalStateException("", e);
+        }
+    }
+
+}
+