From d5bfef38ba709dc641167a8836adff51cd142386 Mon Sep 17 00:00:00 2001
From: Ryan Liang <jiallian@amazon.com>
Date: Tue, 21 Mar 2023 14:42:16 -0700
Subject: [PATCH] Add unit tests and licences headers

Signed-off-by: Ryan Liang <jiallian@amazon.com>
---
 .../security/authtoken/jwt/JwtVendor.java     | 41 ++++++++----
 .../security/authtoken/jwt/JwtVendorTest.java | 67 +++++++++++++++++++
 2 files changed, 96 insertions(+), 12 deletions(-)
 create mode 100644 src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java

diff --git a/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java b/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java
index 6d329707de..451534c8ec 100644
--- a/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java
+++ b/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java
@@ -1,3 +1,14 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
 package org.opensearch.security.authtoken.jwt;
 
 import com.google.common.base.Strings;
@@ -34,20 +45,31 @@ public class JwtVendor {
     private static JsonMapObjectReaderWriter jsonMapReaderWriter = new JsonMapObjectReaderWriter();
 
     private JsonWebKey signingKey;
+    private JoseJwtProducer jwtProducer;
     private ConfigModel configModel;
     private ThreadContext threadContext;
 
+    public JwtVendor(Settings settings) {
+        JoseJwtProducer jwtProducer = new JoseJwtProducer();
+        try {
+            this.signingKey = createJwkFromSettings(settings);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+        this.jwtProducer = jwtProducer;
+    }
+
     static JsonWebKey createJwkFromSettings(Settings settings) throws Exception {
-        String exchangeKey = settings.get("exchange_key");
+        String signingKey = settings.get("signing_key");
 
-        if (!Strings.isNullOrEmpty(exchangeKey)) {
+        if (!Strings.isNullOrEmpty(signingKey)) {
 
             JsonWebKey jwk = new JsonWebKey();
 
             jwk.setKeyType(KeyType.OCTET);
             jwk.setAlgorithm("HS512");
             jwk.setPublicKeyUse(PublicKeyUse.SIGN);
-            jwk.setProperty("k", exchangeKey);
+            jwk.setProperty("k", signingKey);
 
             return jwk;
         } else {
@@ -55,7 +77,7 @@ static JsonWebKey createJwkFromSettings(Settings settings) throws Exception {
 
             if (jwkSettings.isEmpty()) {
                 throw new Exception(
-                        "Settings for key exchange missing. Please specify at least the option exchange_key with a shared secret.");
+                        "Settings for key is missing. Please specify at least the option signing_key with a shared secret.");
             }
 
             JsonWebKey jwk = new JsonWebKey();
@@ -68,7 +90,7 @@ static JsonWebKey createJwkFromSettings(Settings settings) throws Exception {
         }
     }
 
-    //Getting roles from User
+    //TODO:Getting roles from User
     public Map<String, String> prepareClaimsForUser(User user, ThreadPool threadPool) {
         Map<String, String> claims = new HashMap<>();
         this.threadContext = threadPool.getThreadContext();
@@ -82,13 +104,7 @@ public Set<String> mapRoles(final User user, final TransportAddress caller) {
         return this.configModel.mapSecurityRoles(user, caller);
     }
 
-    private String createJwt(Map<String, String> claims, Settings settings) {
-        JoseJwtProducer jwtProducer = new JoseJwtProducer();
-        try {
-            signingKey = createJwkFromSettings(settings);
-        } catch (Exception e) {
-            throw new RuntimeException(e);
-        }
+    public String createJwt(Map<String, String> claims) {
 
         jwtProducer.setSignatureProvider(JwsUtils.getSignatureProvider(signingKey));
         JwtClaims jwtClaims = new JwtClaims();
@@ -129,6 +145,7 @@ private String createJwt(Map<String, String> claims, Settings settings) {
                             + JwtUtils.claimsToJson(jwt.getClaims())
             );
         }
+
         return encodedJwt;
     }
 }
diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
new file mode 100644
index 0000000000..a8016b0c6d
--- /dev/null
+++ b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
@@ -0,0 +1,67 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.authtoken.jwt;
+
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.opensearch.OpenSearchSecurityException;
+import org.opensearch.common.settings.Settings;
+
+import java.util.Map;
+
+public class JwtVendorTest {
+
+    @Test
+    public void testCreateJwkFromSettings() throws Exception {
+        Settings settings = Settings.builder()
+                .put("signing_key", "abc123").build();
+
+        JsonWebKey jwk = JwtVendor.createJwkFromSettings(settings);
+        Assert.assertEquals("HS512", jwk.getAlgorithm());
+        Assert.assertEquals("sig", jwk.getPublicKeyUse().toString());
+        Assert.assertEquals("abc123", jwk.getProperty("k"));
+        System.out.print(jwk.getPublicKeyUse());
+    }
+
+    @Test (expected = Exception.class)
+    public void testCreateJwkFromSettingsWithoutSigningKey() throws Exception{
+        Settings settings = Settings.builder()
+                .put("jwt", "").build();
+        JwtVendor.createJwkFromSettings(settings);
+    }
+
+    @Test
+    public void testCreateJwt() {
+        Settings settings =  Settings.builder().put("signing_key", "abc123").build();
+        JwtVendor jwtVendor = new JwtVendor(settings);
+        Map <String, String> myClaims = Map.of("sub","admin");
+        String encodedJwt = jwtVendor.createJwt(myClaims);
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(encodedJwt);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        Assert.assertEquals("admin", jwt.getClaim("sub"));
+        Assert.assertNotNull(jwt.getClaim("iat"));
+        Assert.assertNotNull(jwt.getClaim("exp"));
+    }
+
+    @Test (expected = OpenSearchSecurityException.class)
+    public void testCreateJwtWithBadClaims(){
+        Settings settings =  Settings.builder().put("signing_key", "abc123").build();
+        JwtVendor jwtVendor = new JwtVendor(settings);
+        Map <String, String> myClaims = Map.of("roles","admin");
+        jwtVendor.createJwt(myClaims);
+    }
+}