Skip to content

Commit

Permalink
Add unit tests and licences headers
Browse files Browse the repository at this point in the history 
Signed-off-by: Ryan Liang <jiallian@amazon.com>
  • Loading branch information
@RyanL1997
RyanL1997 committed Mar 21, 2023
1 parent e11e5f9 commit d5bfef3
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 12 deletions.
41 changes: 29 additions & 12 deletions src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,14 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

package org.opensearch.security.authtoken.jwt;

import com.google.common.base.Strings;
Expand Down Expand Up @@ -34,28 +45,39 @@ public class JwtVendor {
private static JsonMapObjectReaderWriter jsonMapReaderWriter = new JsonMapObjectReaderWriter();

private JsonWebKey signingKey;
private JoseJwtProducer jwtProducer;
private ConfigModel configModel;
private ThreadContext threadContext;

public JwtVendor(Settings settings) {
JoseJwtProducer jwtProducer = new JoseJwtProducer();
try {
this.signingKey = createJwkFromSettings(settings);
} catch (Exception e) {
throw new RuntimeException(e);
}
this.jwtProducer = jwtProducer;
}

static JsonWebKey createJwkFromSettings(Settings settings) throws Exception {
String exchangeKey = settings.get("exchange_key");
String signingKey = settings.get("signing_key");

if (!Strings.isNullOrEmpty(exchangeKey)) {
if (!Strings.isNullOrEmpty(signingKey)) {

JsonWebKey jwk = new JsonWebKey();

jwk.setKeyType(KeyType.OCTET);
jwk.setAlgorithm("HS512");
jwk.setPublicKeyUse(PublicKeyUse.SIGN);
jwk.setProperty("k", exchangeKey);
jwk.setProperty("k", signingKey);

return jwk;
} else {
Settings jwkSettings = settings.getAsSettings("jwt").getAsSettings("key");

if (jwkSettings.isEmpty()) {
throw new Exception(
"Settings for key exchange missing. Please specify at least the option exchange_key with a shared secret.");
"Settings for key is missing. Please specify at least the option signing_key with a shared secret.");
}

JsonWebKey jwk = new JsonWebKey();
Expand All @@ -68,7 +90,7 @@ static JsonWebKey createJwkFromSettings(Settings settings) throws Exception {
}
}

//Getting roles from User
//TODO:Getting roles from User
public Map<String, String> prepareClaimsForUser(User user, ThreadPool threadPool) {
Map<String, String> claims = new HashMap<>();
this.threadContext = threadPool.getThreadContext();
Expand All @@ -82,13 +104,7 @@ public Set<String> mapRoles(final User user, final TransportAddress caller) {
return this.configModel.mapSecurityRoles(user, caller);
}

private String createJwt(Map<String, String> claims, Settings settings) {
JoseJwtProducer jwtProducer = new JoseJwtProducer();
try {
signingKey = createJwkFromSettings(settings);
} catch (Exception e) {
throw new RuntimeException(e);
}
public String createJwt(Map<String, String> claims) {

jwtProducer.setSignatureProvider(JwsUtils.getSignatureProvider(signingKey));
JwtClaims jwtClaims = new JwtClaims();
Expand Down Expand Up @@ -129,6 +145,7 @@ private String createJwt(Map<String, String> claims, Settings settings) {
+ JwtUtils.claimsToJson(jwt.getClaims())
);
}

return encodedJwt;
}
}
67 changes: 67 additions & 0 deletions src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

package org.opensearch.security.authtoken.jwt;

import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;

import org.junit.Assert;
import org.junit.Test;

import org.opensearch.OpenSearchSecurityException;
import org.opensearch.common.settings.Settings;

import java.util.Map;

public class JwtVendorTest {

@Test
public void testCreateJwkFromSettings() throws Exception {
Settings settings = Settings.builder()
.put("signing_key", "abc123").build();

JsonWebKey jwk = JwtVendor.createJwkFromSettings(settings);
Assert.assertEquals("HS512", jwk.getAlgorithm());
Assert.assertEquals("sig", jwk.getPublicKeyUse().toString());
Assert.assertEquals("abc123", jwk.getProperty("k"));
System.out.print(jwk.getPublicKeyUse());
}

@Test (expected = Exception.class)
public void testCreateJwkFromSettingsWithoutSigningKey() throws Exception{
Settings settings = Settings.builder()
.put("jwt", "").build();
JwtVendor.createJwkFromSettings(settings);
}

@Test
public void testCreateJwt() {
Settings settings = Settings.builder().put("signing_key", "abc123").build();
JwtVendor jwtVendor = new JwtVendor(settings);
Map <String, String> myClaims = Map.of("sub","admin");
String encodedJwt = jwtVendor.createJwt(myClaims);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(encodedJwt);
JwtToken jwt = jwtConsumer.getJwtToken();
Assert.assertEquals("admin", jwt.getClaim("sub"));
Assert.assertNotNull(jwt.getClaim("iat"));
Assert.assertNotNull(jwt.getClaim("exp"));
}

@Test (expected = OpenSearchSecurityException.class)
public void testCreateJwtWithBadClaims(){
Settings settings = Settings.builder().put("signing_key", "abc123").build();
JwtVendor jwtVendor = new JwtVendor(settings);
Map <String, String> myClaims = Map.of("roles","admin");
jwtVendor.createJwt(myClaims);
}
}

0 comments on commit d5bfef3

Please sign in to comment.