private BlobCrypterSecurityToken getBlobCrypterSecurityToken(String moduleUrl, String moduleId, String ownerId, User user) { Map<String, String> values = new HashMap<String, String>(); values.put(AbstractSecurityToken.Keys.APP_URL.getKey(), moduleUrl); values.put(AbstractSecurityToken.Keys.MODULE_ID.getKey(), moduleId); values.put(AbstractSecurityToken.Keys.OWNER.getKey(), String.valueOf(userService.getUserById(ownerId).getUsername())); values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf(user.getUsername())); values.put(AbstractSecurityToken.Keys.TRUSTED_JSON.getKey(), ""); values.put(AbstractSecurityToken.Keys.EXPIRES.getKey(), String.valueOf(System.currentTimeMillis() + (24 * 60 * 60 * 1000))); return new BlobCrypterSecurityToken(container, domain, null, values); }
@Test(expected=BlobExpiredException.class) public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); // one hour plus clock skew timeSource.incrementSeconds(3600 + 181); String[] fields = StringUtils.split(token, ':'); // expect an exception BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); } }
@Test(expected=BlobExpiredException.class) public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); // one hour plus clock skew timeSource.incrementSeconds(3600 + 181); String[] fields = StringUtils.split(token, ':'); // expect an exception BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); } }
@Test public void testUnknownContainer() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", null, null, values); String encrypted = t.getContainer() + ":" + getBlobCrypter(getContainerKey("container")).wrap(t.toMap()); encrypted = encrypted.replace("container:", "other:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have reported that container was unknown"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Unknown container")); } }
@Test public void testUnknownContainer() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", null, null, values); String encrypted = t.getContainer() + ":" + getBlobCrypter(getContainerKey("container")).wrap(t.toMap()); encrypted = encrypted.replace("container:", "other:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have reported that container was unknown"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Unknown container")); } }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void testWrongContainer() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", null, null, values); String encrypted = t.getContainer() + ":" + getBlobCrypter(getContainerKey("container")).wrap(t.toMap()); encrypted = encrypted.replace("container:", "example:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have tried to decrypt with wrong key"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Invalid token signature")); } }
@Test public void testUnknownContainer() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", null, null, values); String encrypted = t.getContainer() + ":" + getBlobCrypter(getContainerKey("container")).wrap(t.toMap()); encrypted = encrypted.replace("container:", "other:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have reported that container was unknown"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Unknown container")); } }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void testWrongContainer() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", null, null, values); String encrypted = t.getContainer() + ":" + getBlobCrypter(getContainerKey("container")).wrap(t.toMap()); encrypted = encrypted.replace("container:", "example:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have tried to decrypt with wrong key"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Invalid token signature")); } }
@Test public void testCreateToken() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", null, null, values); String encrypted = t.getContainer() + ":" + getBlobCrypter(getContainerKey("container")).wrap(t.toMap()); SecurityToken t2 = codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); assertEquals("http://www.example.com/gadget.xml", t2.getAppId()); assertEquals("http://www.example.com/gadget.xml", t2.getAppUrl()); assertEquals("container.com", t2.getDomain()); assertEquals(12345L, t2.getModuleId()); assertEquals("owner", t2.getOwnerId()); assertEquals("viewer", t2.getViewerId()); assertEquals("trusted", t2.getTrustedJson()); }
@Test public void testUnknownContainer() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); encrypted = encrypted.replace("container:", "other:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have reported that container was unknown"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Unknown container")); } }
@Test public void testWrongContainer() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); encrypted = encrypted.replace("container:", "example:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have tried to decrypt with wrong key"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Invalid token signature")); } }
@Test public void testUnknownContainer() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); encrypted = encrypted.replace("container:", "other:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have reported that container was unknown"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Unknown container")); } }
@Test public void testWrongContainer() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); encrypted = encrypted.replace("container:", "example:"); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have tried to decrypt with wrong key"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Invalid token signature")); } }
public static BlobCrypterSecurityToken fromToken(SecurityToken token) { BlobCrypterSecurityToken interpretedToken = new BlobCrypterSecurityToken(token.getContainer(), token.getDomain(), token.getActiveUrl(), null); interpretedToken .setAppId(token.getAppId()) .setAppUrl(token.getAppUrl()) .setExpiresAt(token.getExpiresAt()) .setModuleId(token.getModuleId()) .setOwnerId(token.getOwnerId()) .setTrustedJson(token.getTrustedJson()) .setViewerId(token.getViewerId()); return interpretedToken; } }
public static BlobCrypterSecurityToken fromToken(SecurityToken token) { BlobCrypterSecurityToken interpretedToken = new BlobCrypterSecurityToken(token.getContainer(), token.getDomain(), token.getActiveUrl(), null); interpretedToken .setAppId(token.getAppId()) .setAppUrl(token.getAppUrl()) .setExpiresAt(token.getExpiresAt()) .setModuleId(token.getModuleId()) .setOwnerId(token.getOwnerId()) .setTrustedJson(token.getTrustedJson()) .setViewerId(token.getViewerId()); return interpretedToken; } }
public static BlobCrypterSecurityToken fromToken(SecurityToken token) { BlobCrypterSecurityToken interpretedToken = new BlobCrypterSecurityToken(token.getContainer(), token.getDomain(), token.getActiveUrl(), null); interpretedToken .setAppId(token.getAppId()) .setAppUrl(token.getAppUrl()) .setExpiresAt(token.getExpiresAt()) .setModuleId(token.getModuleId()) .setOwnerId(token.getOwnerId()) .setTrustedJson(token.getTrustedJson()) .setViewerId(token.getViewerId()); return interpretedToken; } }
@Test public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); timeSource.incrementSeconds(3600 + 181); // one hour plus clock skew try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); timeSource.incrementSeconds(3600 + 181); // one hour plus clock skew try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }