Merge pull request #14232 from sberyozkin/smallrye-jwt-sign-encrypt

Add JWT innerSign/encrypt test

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/DefaultGroupsCustomFactoryUnitTest.java

@@ -1,10 +1,9 @@
 package io.quarkus.jwt.test;
 
-import java.net.HttpURLConnection;
+import static org.hamcrest.Matchers.equalTo;
 
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
@@ -42,21 +41,19 @@ public void generateToken() throws Exception {
      */
     @Test
     public void echoGroups() {
-        io.restassured.response.Response response = RestAssured.given().auth()
+        RestAssured.given().auth()
                 .oauth2(token)
-                .get("/endp/echo").andReturn();
-
-        Assertions.assertEquals(HttpURLConnection.HTTP_OK, response.getStatusCode());
-        Assertions.assertEquals("User", response.body().asString());
+                .get("/endp/echo")
+                .then().assertThat().statusCode(200)
+                .body(equalTo("User"));
     }
 
     @Test
     public void echoGroupsWithParser() {
-        io.restassured.response.Response response = RestAssured.given().auth()
+        RestAssured.given().auth()
                 .oauth2(token)
-                .get("/endp/echo-parser").andReturn();
-
-        Assertions.assertEquals(HttpURLConnection.HTTP_OK, response.getStatusCode());
-        Assertions.assertEquals("parser:User", response.body().asString());
+                .get("/endp/echo-parser")
+                .then().assertThat().statusCode(200)
+                .body(equalTo("parser:User"));
     }
 }

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/DefaultGroupsSignEncryptUnitTest.java

@@ -0,0 +1,54 @@
+package io.quarkus.jwt.test;
+
+import static org.hamcrest.Matchers.equalTo;
+
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.restassured.RestAssured;
+import io.smallrye.jwt.algorithm.KeyEncryptionAlgorithm;
+import io.smallrye.jwt.build.Jwt;
+
+public class DefaultGroupsSignEncryptUnitTest {
+    private static Class<?>[] testClasses = {
+            DefaultGroupsEndpoint.class,
+            TokenUtils.class
+    };
+    /**
+     * The test generated JWT token string
+     */
+    private String token;
+
+    @RegisterExtension
+    static final QuarkusUnitTest config = new QuarkusUnitTest()
+            .setArchiveProducer(() -> ShrinkWrap.create(JavaArchive.class)
+                    .addClasses(testClasses)
+                    .addAsResource("publicKey.pem")
+                    .addAsResource("privateKey.pem")
+                    .addAsResource("applicationDefaultGroupsSignEncrypt.properties", "application.properties"));
+
+    @BeforeEach
+    public void generateToken() throws Exception {
+        token = Jwt.issuer("https://server.example.com").innerSign()
+                .keyAlgorithm(KeyEncryptionAlgorithm.RSA_OAEP)
+                .encrypt();
+    }
+
+    /**
+     * Validate a request with MP-JWT without a 'groups' claim is successful
+     * due to the default value being provided in the configuration
+     *
+     */
+    @Test
+    public void echoGroups() {
+        RestAssured.given().auth()
+                .oauth2(token)
+                .get("/endp/echo")
+                .then().assertThat().statusCode(200)
+                .body(equalTo("User"));
+    }
+}

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/DefaultGroupsUnitTest.java

@@ -1,10 +1,9 @@
 package io.quarkus.jwt.test;
 
-import java.net.HttpURLConnection;
+import static org.hamcrest.Matchers.equalTo;
 
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
@@ -43,23 +42,19 @@ public void generateToken() throws Exception {
      */
     @Test
     public void echoGroups() {
-        io.restassured.response.Response response = RestAssured.given().auth()
+        RestAssured.given().auth()
                 .oauth2(token)
-                .get("/endp/echo").andReturn();
-
-        Assertions.assertEquals(HttpURLConnection.HTTP_OK, response.getStatusCode());
-        String replyString = response.body().asString();
-        // The missing 'groups' claim's default value, 'User' is expected
-        Assertions.assertEquals("User", replyString);
+                .get("/endp/echo")
+                .then().assertThat().statusCode(200)
+                .body(equalTo("User"));
     }
 
     @Test
     public void echoGroupsWithParser() {
-        io.restassured.response.Response response = RestAssured.given().auth()
+        RestAssured.given().auth()
                 .oauth2(token)
-                .get("/endp/echo-parser").andReturn();
-
-        Assertions.assertEquals(HttpURLConnection.HTTP_OK, response.getStatusCode());
-        Assertions.assertEquals("parser:User", response.body().asString());
+                .get("/endp/echo-parser")
+                .then().assertThat().statusCode(200)
+                .body(equalTo("parser:User"));
     }
 }

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/JwtAuthUnitTest.java

@@ -21,7 +21,7 @@
 import io.restassured.response.Response;
 
 public class JwtAuthUnitTest {
-    private static Class[] testClasses = {
+    private static Class<?>[] testClasses = {
             JsonValuejectionEndpoint.class,
             TokenUtils.class
     };
@@ -30,9 +30,7 @@ public class JwtAuthUnitTest {
      */
     private String token;
     // Time claims in the token
-    private Long iatClaim;
     private Long authTimeClaim;
-    private Long expClaim;
 
     @RegisterExtension
     static final QuarkusUnitTest config = new QuarkusUnitTest()
@@ -47,9 +45,7 @@ public class JwtAuthUnitTest {
     public void generateToken() throws Exception {
         HashMap<String, Long> timeClaims = new HashMap<>();
         token = TokenUtils.generateTokenString("/Token1.json", null, timeClaims);
-        iatClaim = timeClaims.get(Claims.iat.name());
         authTimeClaim = timeClaims.get(Claims.auth_time.name());
-        expClaim = timeClaims.get(Claims.exp.name());
     }
 
     // Basic @ServletSecurity tests

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/JwtCookieDevModeTestCase.java

@@ -1,8 +1,9 @@
 package io.quarkus.jwt.test;
 
+import static org.hamcrest.Matchers.equalTo;
+
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
@@ -54,22 +55,18 @@ public void echoGroupsHotReplacement() throws Exception {
     }
 
     private void testOKResponse(String cookieName) {
-        io.restassured.response.Response response = RestAssured.given()
+        RestAssured.given()
                 .header("Cookie", cookieName + "=" + token)
-                .get("/endp/echo").andReturn();
-
-        Assertions.assertEquals(200, response.getStatusCode());
-        String replyString = response.body().asString();
-        // The missing 'groups' claim's default value, 'User' is expected
-        Assertions.assertEquals("User", replyString);
+                .get("/endp/echo")
+                .then().assertThat().statusCode(200)
+                .body(equalTo("User"));
     }
 
     private void testBadResponse(String cookieName) {
-        io.restassured.response.Response response = RestAssured.given()
+        RestAssured.given()
                 .header("Cookie", cookieName + "=" + token)
-                .get("/endp/echo").andReturn();
-
-        Assertions.assertEquals(401, response.getStatusCode());
+                .get("/endp/echo")
+                .then().assertThat().statusCode(401);
     }
 
 }

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/JwtCookieUnitTest.java

@@ -1,10 +1,9 @@
 package io.quarkus.jwt.test;
 
-import java.net.HttpURLConnection;
+import static org.hamcrest.Matchers.equalTo;
 
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
@@ -42,13 +41,10 @@ public void generateToken() throws Exception {
      */
     @Test
     public void echoGroups() {
-        io.restassured.response.Response response = RestAssured.given()
+        RestAssured.given()
                 .header("Cookie", "cookie_a=" + token)
-                .get("/endp/echo").andReturn();
-
-        Assertions.assertEquals(HttpURLConnection.HTTP_OK, response.getStatusCode());
-        String replyString = response.body().asString();
-        // The missing 'groups' claim's default value, 'User' is expected
-        Assertions.assertEquals("User", replyString);
+                .get("/endp/echo")
+                .then().assertThat().statusCode(200)
+                .body(equalTo("User"));
     }
 }

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/PKSubUnitTest.java

@@ -7,7 +7,7 @@
 
 import io.quarkus.smallrye.jwt.runtime.auth.PublicKeyProxy;
 import io.quarkus.smallrye.jwt.runtime.auth.PublicKeySubstitution;
-import io.smallrye.jwt.KeyUtils;
+import io.smallrye.jwt.util.KeyUtils;
 
 public class PKSubUnitTest {
     @Test

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/PrincipalInjectionEndpoint.java

@@ -32,7 +32,6 @@
 @RequestScoped
 @RolesAllowed("Tester")
 public class PrincipalInjectionEndpoint {
-    private static final JsonString ANOYNMOUS = Json.createValue("anonymous");
 
     @Inject
     Principal principal;

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/PrincipalInjectionUnitTest.java

@@ -20,7 +20,7 @@
 import io.restassured.RestAssured;
 
 public class PrincipalInjectionUnitTest {
-    private static Class[] testClasses = {
+    private static Class<?>[] testClasses = {
             PrincipalInjectionEndpoint.class,
             TokenUtils.class
     };
@@ -29,9 +29,7 @@ public class PrincipalInjectionUnitTest {
      */
     private String token;
     // Time claims in the token
-    private Long iatClaim;
     private Long authTimeClaim;
-    private Long expClaim;
 
     @RegisterExtension
     static final QuarkusUnitTest config = new QuarkusUnitTest()
@@ -46,9 +44,7 @@ public class PrincipalInjectionUnitTest {
     public void generateToken() throws Exception {
         HashMap<String, Long> timeClaims = new HashMap<>();
         token = TokenUtils.generateTokenString("/Token1.json", null, timeClaims);
-        iatClaim = timeClaims.get(Claims.iat.name());
         authTimeClaim = timeClaims.get(Claims.auth_time.name());
-        expClaim = timeClaims.get(Claims.exp.name());
     }
 
     /**

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java

@@ -3,7 +3,6 @@
 import java.net.HttpURLConnection;
 import java.util.HashMap;
 
-import org.eclipse.microprofile.jwt.Claims;
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
 import org.junit.jupiter.api.Assertions;
@@ -27,10 +26,6 @@ public class RolesAllowedUnitTest {
      * The test generated JWT token string
      */
     private String token;
-    // Time claims in the token
-    private Long iatClaim;
-    private Long authTimeClaim;
-    private Long expClaim;
 
     @RegisterExtension
     static final QuarkusUnitTest config = new QuarkusUnitTest()
@@ -46,9 +41,6 @@ public class RolesAllowedUnitTest {
     public void generateToken() throws Exception {
         HashMap<String, Long> timeClaims = new HashMap<>();
         token = TokenUtils.generateTokenString("/Token1.json", null, timeClaims);
-        iatClaim = timeClaims.get(Claims.iat.name());
-        authTimeClaim = timeClaims.get(Claims.auth_time.name());
-        expClaim = timeClaims.get(Claims.exp.name());
     }
 
     @Test()

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/SmallRyeJwtDisabledTest.java

@@ -1,10 +1,7 @@
 package io.quarkus.jwt.test;
 
-import java.net.HttpURLConnection;
-
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 
@@ -24,8 +21,6 @@ public class SmallRyeJwtDisabledTest {
 
     @Test
     public void serviceIsNotSecured() throws Exception {
-        io.restassured.response.Response response = RestAssured.given().get("/endp/echo").andReturn();
-
-        Assertions.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, response.getStatusCode());
+        RestAssured.given().get("/endp/echo").then().assertThat().statusCode(403);
     }
 }

extensions/smallrye-jwt/deployment/src/test/resources/applicationDefaultGroupsSignEncrypt.properties

@@ -0,0 +1,11 @@
+mp.jwt.verify.publickey.location=/publicKey.pem
+smallrye.jwt.decrypt.key.location=/privateKey.pem
+
+smallrye.jwt.sign.key-location=/privateKey.pem
+smallrye.jwt.encrypt.key-location=/publicKey.pem
+
+mp.jwt.verify.issuer=https://server.example.com
+smallrye.jwt.claims.groups=User
+
+quarkus.log.category."io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator".min-level=TRACE
+quarkus.log.category."io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator".level=TRACE