Renamed method `isSignatureValid()` to `isValid()` since it tests also other aspects (exipration, not before, etc...).
This commit is contained in:
parent
23f387f832
commit
8c009b9a8d
|
@ -4,6 +4,7 @@ import java.net.URL;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import org.gcube.common.keycloak.model.PublishedRealmRepresentation;
|
||||
import org.gcube.common.keycloak.model.TokenIntrospectionResponse;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
|
@ -76,7 +77,8 @@ public interface KeycloakClient {
|
|||
URL getAvatarEndpointURL(URL realmBaseURL) throws KeycloakClientException;
|
||||
|
||||
/**
|
||||
* Get the realm info setup
|
||||
* Get the realm info setup (RSA <code>public_key</code>, <code>token-service</code> URL,
|
||||
* <code>account-service</code> URL and <code>tokens-not-before</code> setting)
|
||||
*
|
||||
* @param realmURL the realm URL
|
||||
* @return the configured realm info
|
||||
|
|
|
@ -48,10 +48,19 @@ public class ModelUtils {
|
|||
}
|
||||
}
|
||||
|
||||
public static RSAPublicKey createRSAPublicKey(String publicKeyPem) {
|
||||
/**
|
||||
* Creates and {@link RSAPublicKey} instance from its string PEM representation
|
||||
*
|
||||
* @param publicKeyPem the public key PEM string
|
||||
* @return the RSA public key
|
||||
* @throws Exception if it's not possbile to create the RSA public key from the PEM string
|
||||
*/
|
||||
public static RSAPublicKey createRSAPublicKey(String publicKeyPem) throws Exception {
|
||||
try {
|
||||
String publicKey = publicKeyPem.replaceFirst("-----BEGIN .+-----\n", "");
|
||||
publicKey = publicKey.replaceFirst("-----END .+-----", "");
|
||||
String publicKey = publicKeyPem.replaceFirst("-----BEGIN (.*)-----\n", "");
|
||||
publicKey = publicKey.replaceFirst("-----END (.*)-----", "");
|
||||
publicKey = publicKey.replaceAll("\r\n", "");
|
||||
publicKey = publicKey.replaceAll("\n", "");
|
||||
|
||||
byte[] encoded = Base64.getDecoder().decode(publicKey);
|
||||
KeyFactory kf = KeyFactory.getInstance("RSA");
|
||||
|
@ -62,14 +71,14 @@ public class ModelUtils {
|
|||
}
|
||||
|
||||
/**
|
||||
* Verifies the token's digital signature
|
||||
* Verifies the token validity
|
||||
*
|
||||
* @param token the base64 JWT token string
|
||||
* @param publicKey the realm's public key on server
|
||||
* @return <code>true</code> if the signature is verified, <code>false</code> otherwise
|
||||
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
|
||||
* @throws RuntimeException if an error occurs constructing the digital signature verifier
|
||||
*/
|
||||
public static boolean isSignatureValid(String token, RSAPublicKey publicKey) throws RuntimeException {
|
||||
public static boolean isValid(String token, RSAPublicKey publicKey) throws RuntimeException {
|
||||
JWTVerifier verifier = null;
|
||||
try {
|
||||
Algorithm algorithm = Algorithm.RSA256(publicKey, null);
|
||||
|
|
|
@ -26,6 +26,7 @@ import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
|||
* @author (modified by) <a href="mailto:mauro.mugnaini@nubisware.com">Mauro Mugnaini</a>
|
||||
*/
|
||||
public class PublishedRealmRepresentation {
|
||||
|
||||
protected String realm;
|
||||
|
||||
@JsonProperty("public_key")
|
||||
|
@ -65,7 +66,11 @@ public class PublishedRealmRepresentation {
|
|||
if (publicKey != null)
|
||||
return publicKey;
|
||||
if (publicKeyPem != null) {
|
||||
publicKey = ModelUtils.createRSAPublicKey(publicKeyPem);
|
||||
try {
|
||||
publicKey = ModelUtils.createRSAPublicKey(publicKeyPem);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
return publicKey;
|
||||
}
|
||||
|
|
|
@ -133,8 +133,6 @@ public class TestKeycloakClient {
|
|||
|
||||
logger.info("*** [1.0] Realm info public key PEM: {}", realmInfo.getPublicKeyPem());
|
||||
logger.info("*** [1.0] Realm info public key: {}", realmInfo.getPublicKey());
|
||||
// TestModels.checkTokenResponse(oidcTR);
|
||||
// TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(oidcTR), "service-account-" + CLIENT_ID, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -149,8 +147,8 @@ public class TestKeycloakClient {
|
|||
TokenResponse oidcTR = client.queryOIDCToken(DEV_ROOT_CONTEXT, CLIENT_ID, CLIENT_SECRET);
|
||||
logger.info("*** [1.0] OIDC access token: {}", oidcTR.getAccessToken());
|
||||
|
||||
Assert.assertTrue("Access token digital signature is not valid",
|
||||
ModelUtils.isSignatureValid(oidcTR.getAccessToken(), realmInfo.getPublicKey()));
|
||||
Assert.assertTrue("Access token is not valid",
|
||||
ModelUtils.isValid(oidcTR.getAccessToken(), realmInfo.getPublicKey()));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -39,8 +39,8 @@ public class TestModelUtils {
|
|||
TokenResponse.class);
|
||||
|
||||
// Valid signature
|
||||
Assert.assertFalse("Token signature is valid", ModelUtils.isSignatureValid(tr.getAccessToken(),
|
||||
ModelUtils.createRSAPublicKey(
|
||||
Assert.assertFalse("Token signature is valid",
|
||||
ModelUtils.isValid(tr.getAccessToken(), ModelUtils.createRSAPublicKey(
|
||||
new String(Files.readAllBytes(Paths.get("src/test/resources/rsa-public-key.pem"))))));
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue