diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/AudValidationRuleTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/AudValidationRuleTest.java new file mode 100644 index 000000000..34831daf7 --- /dev/null +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/AudValidationRuleTest.java @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ +package net.catenax.edc.oauth2.jwt.validation; + +import java.util.List; +import java.util.Map; +import org.eclipse.dataspaceconnector.spi.iam.ClaimToken; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.result.Result; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; + +public class AudValidationRuleTest { + + private static final String AUDIENCE = "audience"; + + private AudValidationRule rule; + + @BeforeEach + public void setup() { + final Monitor monitor = Mockito.mock(Monitor.class); + rule = new AudValidationRule(AUDIENCE, monitor); + } + + @Test + void checkRuleSuccess() { + final Map claims = Map.of("aud", List.of(AUDIENCE)); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + Result result = rule.checkRule(token, null); + + Assertions.assertTrue(result.succeeded()); + } + + @Test + void checkRuleNoClaims() { + final Map claims = Map.of(); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + Result result = rule.checkRule(token, null); + + Assertions.assertFalse(result.succeeded()); + } + + @Test + void checkRuleClaimMissing() { + final Map claims = Map.of("foo", List.of(AUDIENCE)); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + Result result = rule.checkRule(token, null); + + Assertions.assertFalse(result.succeeded()); + } + + @Test + void checkRuleAudNotList() { + final Map claims = Map.of("aud", AUDIENCE); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + Result result = rule.checkRule(token, null); + + Assertions.assertFalse(result.succeeded()); + } +} diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/ExpValidationRuleTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/ExpValidationRuleTest.java new file mode 100644 index 000000000..485b23a76 --- /dev/null +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/ExpValidationRuleTest.java @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ +package net.catenax.edc.oauth2.jwt.validation; + +import java.text.SimpleDateFormat; +import java.time.Clock; +import java.util.Date; +import java.util.Map; +import lombok.SneakyThrows; +import org.eclipse.dataspaceconnector.spi.iam.ClaimToken; +import org.eclipse.dataspaceconnector.spi.result.Result; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; + +public class ExpValidationRuleTest { + + private static final String EXP = "exp"; + + private ExpValidationRule rule; + + // Mocks + private Clock clock; + + @BeforeEach + public void setUp() { + clock = Mockito.mock(Clock.class); + rule = new ExpValidationRule(clock); + } + + @Test + @SneakyThrows + public void checkNotExpired() { + Date date = new SimpleDateFormat("yyyy-MM-dd").parse("2021-01-01"); + final Map claims = Map.of(EXP, date); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + + Mockito.when(clock.instant()).thenReturn(date.toInstant().minusSeconds(30)); + final Result result = rule.checkRule(token, null); + + Assertions.assertTrue(result.succeeded()); + } + + @Test + @SneakyThrows + public void checkExpired() { + Date date = new SimpleDateFormat("yyyy-MM-dd").parse("2021-01-01"); + final Map claims = Map.of(EXP, date); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + + Mockito.when(clock.instant()).thenReturn(date.toInstant().plusSeconds(30)); + final Result result = rule.checkRule(token, null); + + Assertions.assertFalse(result.succeeded()); + } +} diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/IatValidationRuleTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/IatValidationRuleTest.java new file mode 100644 index 000000000..b96f9f272 --- /dev/null +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/validation/IatValidationRuleTest.java @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ +package net.catenax.edc.oauth2.jwt.validation; + +import java.text.SimpleDateFormat; +import java.time.Clock; +import java.util.Date; +import java.util.Map; +import lombok.SneakyThrows; +import org.eclipse.dataspaceconnector.spi.iam.ClaimToken; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; + +public class IatValidationRuleTest { + + private static final String ISSUED_AT = "iat"; + private static final String EXPIRATION = "exp"; + + private IatValidationRule rule; + + // mocks + private Clock clock; + + @BeforeEach + public void setup() { + clock = Mockito.mock(Clock.class); + rule = new IatValidationRule(clock); + } + + @Test + @SneakyThrows + public void testSuccess() { + Date issuedDate = new SimpleDateFormat("yyyy-MM-dd").parse("2021-01-01"); + Date expirationDate = new SimpleDateFormat("yyyy-MM-dd").parse("2022-01-01"); + final Map claims = Map.of(ISSUED_AT, issuedDate, EXPIRATION, expirationDate); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + + Mockito.when(clock.instant()).thenReturn(issuedDate.toInstant().plusSeconds(30)); + final var result = rule.checkRule(token, null); + + Assertions.assertTrue(result.succeeded()); + } + + @Test + @SneakyThrows + public void testIssuedAtClaimMissing() { + Date expirationDate = new SimpleDateFormat("yyyy-MM-dd").parse("2022-01-01"); + final Map claims = Map.of(EXPIRATION, expirationDate); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + + Mockito.when(clock.instant()).thenReturn(expirationDate.toInstant().plusSeconds(30)); + final var result = rule.checkRule(token, null); + + Assertions.assertFalse(result.succeeded()); + } + + @Test + @SneakyThrows + public void testExpirationClaimMissing() { + Date issuedDate = new SimpleDateFormat("yyyy-MM-dd").parse("2022-01-01"); + final Map claims = Map.of(ISSUED_AT, issuedDate); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + + Mockito.when(clock.instant()).thenReturn(issuedDate.toInstant().plusSeconds(30)); + final var result = rule.checkRule(token, null); + + Assertions.assertTrue(result.succeeded()); + } + + @Test + @SneakyThrows + public void testNowBeforeIssuedAt() { + Date issuedDate = new SimpleDateFormat("yyyy-MM-dd").parse("2021-01-01"); + Date expirationDate = new SimpleDateFormat("yyyy-MM-dd").parse("2022-01-01"); + final Map claims = Map.of(ISSUED_AT, issuedDate, EXPIRATION, expirationDate); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + + Mockito.when(clock.instant()).thenReturn(issuedDate.toInstant().minusSeconds(30)); + final var result = rule.checkRule(token, null); + + Assertions.assertFalse(result.succeeded()); + } + + @Test + @SneakyThrows + public void testExpirationBeforeIssuedAt() { + Date issuedDate = new SimpleDateFormat("yyyy-MM-dd").parse("2022-01-01"); + Date expirationDate = new SimpleDateFormat("yyyy-MM-dd").parse("2021-01-01"); + final Map claims = Map.of(ISSUED_AT, issuedDate, EXPIRATION, expirationDate); + final ClaimToken token = ClaimToken.Builder.newInstance().claims(claims).build(); + + Mockito.when(clock.instant()).thenReturn(issuedDate.toInstant().plusSeconds(30)); + final var result = rule.checkRule(token, null); + + Assertions.assertFalse(result.succeeded()); + } +} diff --git a/edc-tests/src/test/java/net/catenax/edc/tests/DataManagementAPI.java b/edc-tests/src/test/java/net/catenax/edc/tests/DataManagementAPI.java index 86668c959..35dace552 100644 --- a/edc-tests/src/test/java/net/catenax/edc/tests/DataManagementAPI.java +++ b/edc-tests/src/test/java/net/catenax/edc/tests/DataManagementAPI.java @@ -181,7 +181,6 @@ private T post(String path, Object object, TypeToken typeToken) throws IO private CloseableHttpResponse sendRequest(HttpRequestBase request) throws IOException { request.addHeader("X-Api-Key", dataMgmtAuthKey); - System.out.println(String.format("Send %-6s %s", request.getMethod(), request.getURI())); log.debug(String.format("Send %-6s %s", request.getMethod(), request.getURI())); final CloseableHttpResponse response = httpClient.execute(request);