|
28 | 28 | import org.apache.http.client.methods.HttpGet;
|
29 | 29 | import org.apache.http.impl.client.HttpClientBuilder;
|
30 | 30 | import org.apache.http.message.BasicNameValuePair;
|
| 31 | +import org.apache.http.util.EntityUtils; |
31 | 32 | import org.json.JSONException;
|
32 | 33 | import org.json.JSONObject;
|
33 | 34 | import org.testng.Assert;
|
|
76 | 77 |
|
77 | 78 | import javax.ws.rs.core.Response;
|
78 | 79 |
|
| 80 | +import static org.testng.Assert.assertEquals; |
79 | 81 | import static org.testng.Assert.assertNotNull;
|
80 | 82 | import static org.testng.AssertJUnit.assertTrue;
|
81 | 83 |
|
@@ -107,6 +109,7 @@ public class JWTTestCase extends APIManagerLifecycleBaseTest {
|
107 | 109 | URL tokenEndpointURL;
|
108 | 110 | private String tokenURL;
|
109 | 111 | private String identityLoginURL;
|
| 112 | + private String jwksKidClaim; |
110 | 113 | private final String CALLBACK_URL = "https://localhost:9443/store/";
|
111 | 114 |
|
112 | 115 | @BeforeClass(alwaysRun = true)
|
@@ -191,6 +194,16 @@ public void setEnvironment() throws Exception {
|
191 | 194 | APIMIntegrationConstants.IS_API_EXISTS);
|
192 | 195 | waitForAPIDeploymentSync(user.getUserName(), api2Request.getName(), api2Request.getVersion(),
|
193 | 196 | APIMIntegrationConstants.IS_API_EXISTS);
|
| 197 | + |
| 198 | + // Invoke JWKS endpoint and retrieve kid claim to validate backend JWT |
| 199 | + HttpClient httpclient = HttpClientBuilder.create().build(); |
| 200 | + HttpGet jwksGet = new HttpGet(getAPIInvocationURLHttp("jwks")); |
| 201 | + HttpResponse jwksResponse = httpclient.execute(jwksGet); |
| 202 | + assertEquals(jwksResponse.getStatusLine().getStatusCode(), HTTP_RESPONSE_CODE_OK, |
| 203 | + "Invocation fails for JWKS GET request"); |
| 204 | + String jwksResponseString = EntityUtils.toString(jwksResponse.getEntity(), "UTF-8"); |
| 205 | + JSONObject jwksResponseObject = new JSONObject(jwksResponseString); |
| 206 | + jwksKidClaim = jwksResponseObject.getJSONArray("keys").getJSONObject(0).getString("kid"); |
194 | 207 | }
|
195 | 208 |
|
196 | 209 | @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation for Oauth Based App")
|
@@ -225,7 +238,7 @@ public void testEnableJWTAndClaimsForOauthApp() throws Exception {
|
225 | 238 | //Do the signature verification for super tenant as tenant key store not there accessible
|
226 | 239 | BackendJWTUtil.verifySignature(jwtheader);
|
227 | 240 | log.debug("Decoded JWT header String = " + decodedJWTHeaderString);
|
228 |
| - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); |
| 241 | + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); |
229 | 242 | JSONObject jsonObject = new JSONObject(decodedJWTString);
|
230 | 243 | log.info("JWT Received ==" + jsonObject.toString());
|
231 | 244 | //Validate expiry time
|
@@ -273,7 +286,7 @@ public void testEnableJWTAndClaimsForJWTApp() throws Exception {
|
273 | 286 | //Do the signature verification
|
274 | 287 | BackendJWTUtil.verifySignature(jwtheader);
|
275 | 288 | log.debug("Decoded JWT header String = " + decodedJWTHeaderString);
|
276 |
| - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); |
| 289 | + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); |
277 | 290 | JSONObject jsonObject = new JSONObject(decodedJWTString);
|
278 | 291 |
|
279 | 292 | // check default claims
|
@@ -341,7 +354,7 @@ public void testEnableJWTAndClaimsForAPIKeyApp() throws Exception {
|
341 | 354 | //Do the signature verification
|
342 | 355 | BackendJWTUtil.verifySignature(jwtheader);
|
343 | 356 | log.debug("Decoded JWT header String = " + decodedJWTHeaderString);
|
344 |
| - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); |
| 357 | + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); |
345 | 358 | JSONObject jsonObject = new JSONObject(decodedJWTString);
|
346 | 359 |
|
347 | 360 | // check default claims
|
@@ -386,7 +399,7 @@ public void testBackendJWTWithClientCredentialsGrant() throws Exception {
|
386 | 399 | //Do the signature verification
|
387 | 400 | BackendJWTUtil.verifySignature(jwtheader);
|
388 | 401 | log.debug("Decoded JWT header String = " + decodedJWTHeaderString);
|
389 |
| - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); |
| 402 | + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); |
390 | 403 | JSONObject jsonObject = new JSONObject(decodedJWTString);
|
391 | 404 |
|
392 | 405 | // check default claims
|
@@ -434,7 +447,7 @@ public void testBackendJWTWithAuthCodeGrant() throws Exception {
|
434 | 447 | //Do the signature verification
|
435 | 448 | BackendJWTUtil.verifySignature(jwtheader);
|
436 | 449 | log.debug("Decoded JWT header String = " + decodedJWTHeaderString);
|
437 |
| - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); |
| 450 | + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); |
438 | 451 | JSONObject jsonObject = new JSONObject(decodedJWTString);
|
439 | 452 |
|
440 | 453 | // check default claims
|
|
0 commit comments