src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java - plugins/cfoauth - Git at Google

 // Copyright (C) 2015 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.googlesource.gerrit.plugins.cfoauth;

 import static org.junit.Assert.*;
 import static com.googlesource.gerrit.plugins.cfoauth.JsonUtils.getAttribute;
 import static com.googlesource.gerrit.plugins.cfoauth.JsonUtils.getLongAttribute;

 import com.google.gson.JsonObject;

 import org.junit.Before;
 import org.junit.Test;

 public class UAAClientTest {

   private static final String HS256_TEST_TOKEN =
       "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI4MWI4M2RhNy0yZmI2LTQ4OTUtYTM5ZS0zZ"
       + "TFjZWEzNzQ2ZDkiLCJzdWIiOiJmNmM1YTgxMi0yNWM2LTQ5ZjItOTJiMS0yYjQ5N"
       + "mRjOTAyNTUiLCJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkIjoiZ2Vycml0L"
       + "WlkIiwiY2lkIjoiZ2Vycml0LWlkIiwiYXpwIjoiZ2Vycml0LWlkIiwiZ3JhbnRfd"
       + "HlwZSI6ImF1dGhvcml6YXRpb25fY29kZSIsInVzZXJfaWQiOiJmNmM1YTgxMi0yN"
       + "WM2LTQ5ZjItOTJiMS0yYjQ5NmRjOTAyNTUiLCJ1c2VyX25hbWUiOiJtYXJpc3NhI"
       + "iwiZW1haWwiOiJtYXJpc3NhQHRlc3Qub3JnIiwicmV2X3NpZyI6IjkwZGQzNTNlI"
       + "iwiaWF0IjoxNDM2MTg5NzMyLCJleHAiOjE0MzYyMzI5MzIsImlzcyI6Imh0dHA6L"
       + "y9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhd"
       + "WQiOlsiZ2Vycml0LWlkIiwib3BlbmlkIl19.ynnx6J9CO-jnKETDn4DSEdvWMZkC"
       + "2mTynnhgYL-TyaU";

   private static final String[] HS256_TOKEN_PARTS =
       HS256_TEST_TOKEN.split("\\.");

   private static final String HS256_SIGNED_CONTENT =
       HS256_TOKEN_PARTS[0] + "." + HS256_TOKEN_PARTS[1];
   private static final String HS256_SIGNATURE =
       HS256_TOKEN_PARTS[2];
   private static final String HS256_INVALID_SIGNATURE =
       ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";


   private static final String HS256_TOKEN_INVALID_HEADER = ""
       + "foo" + HS256_TOKEN_PARTS[1] + "." + HS256_TOKEN_PARTS[2];
   private static final String HS256_TOKEN_INVLID_CLAIMS =
       HS256_TOKEN_PARTS[0] + ".foo." + HS256_TOKEN_PARTS[2];
   private static final String HS256_TOKEN_INVALID_SIGNATURE =
       HS256_TOKEN_PARTS[0] + "." + HS256_TOKEN_PARTS[1]
           + HS256_INVALID_SIGNATURE;

   private static final String HS256_ACCESS_TOKEN_RESPONSE = "{"
       + "\"access_token\":\"" + HS256_TEST_TOKEN + "\","
       + "\"token_type\":\"bearer\","
       + "\"expires_in\":3600}";

   private static final String MISSING_ACCESS_TOKEN_ATTRIBUTE= "{"
       + "\"access_token1\":\"" + HS256_TEST_TOKEN + "\"}";

   private static final String INVALID_TOKEN_ATTRIBUTE= "{"
       + "\"access_token\":\"" + HS256_TOKEN_INVALID_SIGNATURE + "\"}";

   private static final String UAA_SERVER_URL = "http://uaa.example.org/uaa";
   private static final String CLIENT_ID = "gerrit";
   private static final String CLIENT_SECRET = "gerritsecret";
   private static final String REDIRECT_URL = "http://gerrit.example.org/oauth";

   private static final String TOKEN_KEY = "tokenkey";

   private static class UAATestClient extends UAAClient {

     public UAATestClient() {
       super(UAA_SERVER_URL, CLIENT_ID, CLIENT_SECRET, true, false,
           REDIRECT_URL);
     }

     @Override
     SignatureVerifier getSignatureVerifier(String alg, boolean refresh)
         throws UAAClientException {
       return new HMACSHA256SignatureVerifier(TOKEN_KEY);
     }
   }

   private UAAClient client;

   @Before
   public void setup() throws Exception {
     client = new UAATestClient();
   }

   @Test
   public void testGetAuthorizationUrl() throws Exception {
     assertEquals("http://uaa.example.org/uaa/oauth/authorize?"
         + "response_type=code&client_id=gerrit&redirect_uri="
         + "http%3A%2F%2Fgerrit.example.org%2Foauth",
         client.getAuthorizationUrl());
   }

   @Test
   public void testToJsonWebToken() throws Exception {
     JsonObject jsonWebToken = client.toJsonWebToken(HS256_TEST_TOKEN);
     assertEquals("marissa", getAttribute(jsonWebToken, "user_name"));
     assertEquals("marissa@test.org", getAttribute(jsonWebToken, "email"));
     assertEquals(1436232932L, getLongAttribute(jsonWebToken, "exp", 0));
   }

   @Test(expected = UAAClientException.class)
   public void testToJsonWebTokenInvalidToken() throws Exception {
     client.toJsonWebToken("foobar");
   }

   @Test(expected = UAAClientException.class)
   public void testToJsonWebTokenInvalidPrefix() throws Exception {
     client.toJsonWebToken(HS256_TOKEN_INVALID_HEADER);
   }

   @Test(expected = UAAClientException.class)
   public void testToJsonWebTokenInvalidClaims() throws Exception {
     client.toJsonWebToken(HS256_TOKEN_INVLID_CLAIMS);
   }

   @Test(expected = UAAClientException.class)
   public void testToJsonWebTokenInvalidSignature() throws Exception {
     client.toJsonWebToken(HS256_TOKEN_INVALID_SIGNATURE);
   }

   @Test
   public void testGetAsAccessToken() throws Exception {
     AccessToken accessToken = client.toAccessToken(HS256_TEST_TOKEN,
         HS256_ACCESS_TOKEN_RESPONSE);
     assertHS266AccessToken(accessToken);
   }

   @Test
   public void testVerifySignature() throws Exception {
     client.verifySignature(HS256_SIGNED_CONTENT, HS256_SIGNATURE, "HS256");
   }

   @Test(expected = UAAClientException.class)
   public void testVerifyInvalidSignature() throws Exception {
     client.verifySignature(HS256_SIGNED_CONTENT, HS256_INVALID_SIGNATURE,
         "HS256");
   }

   @Test
   public void testParseAccessTokenResponse() throws Exception {
     AccessToken accessToken = client.parseAccessTokenResponse(
         HS256_ACCESS_TOKEN_RESPONSE);
     assertHS266AccessToken(accessToken);
   }

   @Test(expected = UAAClientException.class)
   public void testParseAccessTokenResponseMissingAccessTokenAttribute()
       throws Exception {
     client.parseAccessTokenResponse(MISSING_ACCESS_TOKEN_ATTRIBUTE);
   }

   @Test(expected = UAAClientException.class)
   public void testParseAccessTokenResponseInvalidTokenAttribute()
       throws Exception {
     client.parseAccessTokenResponse(INVALID_TOKEN_ATTRIBUTE);
   }

   private void assertHS266AccessToken(AccessToken accessToken) {
     assertEquals(HS256_TEST_TOKEN, accessToken.getValue());
     assertEquals(1436232932L, accessToken.getExpiresAt());
     UserInfo userInfo = accessToken.getUserInfo();
     assertEquals("external:marissa", userInfo.getExternalId());
     assertEquals("marissa", userInfo.getUserName());
     assertEquals("marissa@test.org", userInfo.getEmailAddress());
   }
 }
	// Copyright (C) 2015 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.googlesource.gerrit.plugins.cfoauth;

	import static org.junit.Assert.*;
	import static com.googlesource.gerrit.plugins.cfoauth.JsonUtils.getAttribute;
	import static com.googlesource.gerrit.plugins.cfoauth.JsonUtils.getLongAttribute;

	import com.google.gson.JsonObject;

	import org.junit.Before;
	import org.junit.Test;

	public class UAAClientTest {

	private static final String HS256_TEST_TOKEN =
	"eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI4MWI4M2RhNy0yZmI2LTQ4OTUtYTM5ZS0zZ"
	+ "TFjZWEzNzQ2ZDkiLCJzdWIiOiJmNmM1YTgxMi0yNWM2LTQ5ZjItOTJiMS0yYjQ5N"
	+ "mRjOTAyNTUiLCJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkIjoiZ2Vycml0L"
	+ "WlkIiwiY2lkIjoiZ2Vycml0LWlkIiwiYXpwIjoiZ2Vycml0LWlkIiwiZ3JhbnRfd"
	+ "HlwZSI6ImF1dGhvcml6YXRpb25fY29kZSIsInVzZXJfaWQiOiJmNmM1YTgxMi0yN"
	+ "WM2LTQ5ZjItOTJiMS0yYjQ5NmRjOTAyNTUiLCJ1c2VyX25hbWUiOiJtYXJpc3NhI"
	+ "iwiZW1haWwiOiJtYXJpc3NhQHRlc3Qub3JnIiwicmV2X3NpZyI6IjkwZGQzNTNlI"
	+ "iwiaWF0IjoxNDM2MTg5NzMyLCJleHAiOjE0MzYyMzI5MzIsImlzcyI6Imh0dHA6L"
	+ "y9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhd"
	+ "WQiOlsiZ2Vycml0LWlkIiwib3BlbmlkIl19.ynnx6J9CO-jnKETDn4DSEdvWMZkC"
	+ "2mTynnhgYL-TyaU";

	private static final String[] HS256_TOKEN_PARTS =
	HS256_TEST_TOKEN.split("\\.");

	private static final String HS256_SIGNED_CONTENT =
	HS256_TOKEN_PARTS[0] + "." + HS256_TOKEN_PARTS[1];
	private static final String HS256_SIGNATURE =
	HS256_TOKEN_PARTS[2];
	private static final String HS256_INVALID_SIGNATURE =
	".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";


	private static final String HS256_TOKEN_INVALID_HEADER = ""
	+ "foo" + HS256_TOKEN_PARTS[1] + "." + HS256_TOKEN_PARTS[2];
	private static final String HS256_TOKEN_INVLID_CLAIMS =
	HS256_TOKEN_PARTS[0] + ".foo." + HS256_TOKEN_PARTS[2];
	private static final String HS256_TOKEN_INVALID_SIGNATURE =
	HS256_TOKEN_PARTS[0] + "." + HS256_TOKEN_PARTS[1]
	+ HS256_INVALID_SIGNATURE;

	private static final String HS256_ACCESS_TOKEN_RESPONSE = "{"
	+ "\"access_token\":\"" + HS256_TEST_TOKEN + "\","
	+ "\"token_type\":\"bearer\","
	+ "\"expires_in\":3600}";

	private static final String MISSING_ACCESS_TOKEN_ATTRIBUTE= "{"
	+ "\"access_token1\":\"" + HS256_TEST_TOKEN + "\"}";

	private static final String INVALID_TOKEN_ATTRIBUTE= "{"
	+ "\"access_token\":\"" + HS256_TOKEN_INVALID_SIGNATURE + "\"}";

	private static final String UAA_SERVER_URL = "http://uaa.example.org/uaa";
	private static final String CLIENT_ID = "gerrit";
	private static final String CLIENT_SECRET = "gerritsecret";
	private static final String REDIRECT_URL = "http://gerrit.example.org/oauth";

	private static final String TOKEN_KEY = "tokenkey";

	private static class UAATestClient extends UAAClient {

	public UAATestClient() {
	super(UAA_SERVER_URL, CLIENT_ID, CLIENT_SECRET, true, false,
	REDIRECT_URL);
	}

	@Override
	SignatureVerifier getSignatureVerifier(String alg, boolean refresh)
	throws UAAClientException {
	return new HMACSHA256SignatureVerifier(TOKEN_KEY);
	}
	}

	private UAAClient client;

	@Before
	public void setup() throws Exception {
	client = new UAATestClient();
	}

	@Test
	public void testGetAuthorizationUrl() throws Exception {
	assertEquals("http://uaa.example.org/uaa/oauth/authorize?"
	+ "response_type=code&client_id=gerrit&redirect_uri="
	+ "http%3A%2F%2Fgerrit.example.org%2Foauth",
	client.getAuthorizationUrl());
	}

	@Test
	public void testToJsonWebToken() throws Exception {
	JsonObject jsonWebToken = client.toJsonWebToken(HS256_TEST_TOKEN);
	assertEquals("marissa", getAttribute(jsonWebToken, "user_name"));
	assertEquals("marissa@test.org", getAttribute(jsonWebToken, "email"));
	assertEquals(1436232932L, getLongAttribute(jsonWebToken, "exp", 0));
	}

	@Test(expected = UAAClientException.class)
	public void testToJsonWebTokenInvalidToken() throws Exception {
	client.toJsonWebToken("foobar");
	}

	@Test(expected = UAAClientException.class)
	public void testToJsonWebTokenInvalidPrefix() throws Exception {
	client.toJsonWebToken(HS256_TOKEN_INVALID_HEADER);
	}

	@Test(expected = UAAClientException.class)
	public void testToJsonWebTokenInvalidClaims() throws Exception {
	client.toJsonWebToken(HS256_TOKEN_INVLID_CLAIMS);
	}

	@Test(expected = UAAClientException.class)
	public void testToJsonWebTokenInvalidSignature() throws Exception {
	client.toJsonWebToken(HS256_TOKEN_INVALID_SIGNATURE);
	}

	@Test
	public void testGetAsAccessToken() throws Exception {
	AccessToken accessToken = client.toAccessToken(HS256_TEST_TOKEN,
	HS256_ACCESS_TOKEN_RESPONSE);
	assertHS266AccessToken(accessToken);
	}

	@Test
	public void testVerifySignature() throws Exception {
	client.verifySignature(HS256_SIGNED_CONTENT, HS256_SIGNATURE, "HS256");
	}

	@Test(expected = UAAClientException.class)
	public void testVerifyInvalidSignature() throws Exception {
	client.verifySignature(HS256_SIGNED_CONTENT, HS256_INVALID_SIGNATURE,
	"HS256");
	}

	@Test
	public void testParseAccessTokenResponse() throws Exception {
	AccessToken accessToken = client.parseAccessTokenResponse(
	HS256_ACCESS_TOKEN_RESPONSE);
	assertHS266AccessToken(accessToken);
	}

	@Test(expected = UAAClientException.class)
	public void testParseAccessTokenResponseMissingAccessTokenAttribute()
	throws Exception {
	client.parseAccessTokenResponse(MISSING_ACCESS_TOKEN_ATTRIBUTE);
	}

	@Test(expected = UAAClientException.class)
	public void testParseAccessTokenResponseInvalidTokenAttribute()
	throws Exception {
	client.parseAccessTokenResponse(INVALID_TOKEN_ATTRIBUTE);
	}

	private void assertHS266AccessToken(AccessToken accessToken) {
	assertEquals(HS256_TEST_TOKEN, accessToken.getValue());
	assertEquals(1436232932L, accessToken.getExpiresAt());
	UserInfo userInfo = accessToken.getUserInfo();
	assertEquals("external:marissa", userInfo.getExternalId());
	assertEquals("marissa", userInfo.getUserName());
	assertEquals("marissa@test.org", userInfo.getEmailAddress());
	}
	}