Cherry pick branch 'genexuslabs:securityapicommons' into beta

Author: sgrampone

gxjwt/src/test/java/com/genexus/test/jwt/features/CreateFromJSONTest.java

@@ -0,0 +1,43 @@
+package com.genexus.test.jwt.features;
+
+import com.genexus.JWT.JWTCreator;
+import com.genexus.commons.JWTOptions;
+import com.genexus.securityapicommons.keys.SymmetricKeyGenerator;
+import com.genexus.test.commons.SecurityAPITestObject;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+public class CreateFromJSONTest extends SecurityAPITestObject{
+
+	protected static String payload;
+	protected static String key;
+	protected static SymmetricKeyGenerator keyGen;
+	protected static JWTCreator jwt;
+	protected static JWTOptions options;
+
+	public static Test suite() {
+		return new TestSuite(CreateFromJSONTest.class);
+	}
+
+	@Override
+	public void runTest() {
+		testCreateFromJSON();
+	}
+
+	@Override
+	public void setUp() {
+		payload = "{\"sub\":\"subject1\",\"aud\":\"audience1\",\"nbf\":1594116920,\"hola1\":\"hola1\",\"iss\":\"GXSA\",\"hola2\":\"hola2\",\"exp\":1909649720,\"iat\":1596449720,\"jti\":\"0696bb20-6223-4a1c-9ebf-e15c74387b9c, 0696bb20-6223-4a1c-9ebf-e15c74387b9c\"}";
+		SymmetricKeyGenerator keyGen = new SymmetricKeyGenerator();
+		key = keyGen.doGenerateKey("GENERICRANDOM", 256);
+		jwt = new JWTCreator();
+		options = new JWTOptions();
+	}
+
+	public void testCreateFromJSON() {
+		options.setSecret(key);
+		String token = jwt.doCreateFromJSON("HS256", payload, options);
+		boolean verifies = jwt.doVerifyJustSignature(token, "HS256", options);
+		True(verifies, jwt);
+	}
+}

gxjwt/src/test/java/com/genexus/test/jwt/features/JwtDiverseDataTypesTest.java

@@ -0,0 +1,78 @@
+package com.genexus.test.jwt.features;
+
+import com.genexus.JWT.JWTCreator;
+import com.genexus.JWT.claims.PrivateClaims;
+import com.genexus.JWT.utils.DateUtil;
+import com.genexus.commons.JWTOptions;
+import com.genexus.securityapicommons.keys.SymmetricKeyGenerator;
+import com.genexus.test.commons.SecurityAPITestObject;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+public class JwtDiverseDataTypesTest extends SecurityAPITestObject{
+
+	protected static JWTCreator jwt;
+	protected static JWTOptions options;
+	protected static SymmetricKeyGenerator keyGen;
+	protected static DateUtil du;
+	protected PrivateClaims claimslevel1;
+	protected PrivateClaims claimslevel2;
+	protected PrivateClaims claimslevel3;
+	protected static String token;
+	protected static String currentDate;
+	protected static String hexaKey;
+
+	public static Test suite() {
+		return new TestSuite(JwtDiverseDataTypesTest.class);
+	}
+
+	@Override
+	public void runTest() {
+		testPositive();
+	}
+
+	@Override
+	public void setUp() {
+		jwt = new JWTCreator();
+		options = new JWTOptions();
+		du = new DateUtil();
+		keyGen = new SymmetricKeyGenerator();
+		claimslevel1 = new PrivateClaims();
+		claimslevel2 = new PrivateClaims();
+		claimslevel3 = new PrivateClaims();
+
+		currentDate = du.getCurrentDate();
+		hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
+
+		options.addRegisteredClaim("aud", "jitsi");
+		options.addRegisteredClaim("iss", "my_client");
+		options.addRegisteredClaim("sub", "meet.jit.si");
+		options.addCustomTimeValidationClaim("exp", currentDate, "20");
+
+		claimslevel1.setClaim("room", "*");
+		claimslevel1.setNumericClaim("uno", 1);
+		claimslevel1.setBooleanClaim("boolean", true);
+		//1607626804
+		claimslevel1.setDateClaim("date", 1607626804);
+
+
+		claimslevel1.setClaim("context", claimslevel2);
+
+		claimslevel2.setClaim("user", claimslevel3);
+		claimslevel3.setClaim("avatar", "https:/gravatar.com/avatar/abc123");
+		claimslevel3.setClaim("name", "John Doe");
+		claimslevel3.setClaim("email", "[email protected]");
+		claimslevel3.setClaim("id", "abcd:a1b2c3-d4e5f6-0abc1-23de-abcdef01fedcba");
+		claimslevel2.setClaim("group", "a123-123-456-789");
+
+		options.setSecret(hexaKey);
+		token = jwt.doCreate("HS256", claimslevel1, options);
+	}
+
+	public void testPositive()
+	{
+		boolean verification = jwt.doVerify(token, "HS256", claimslevel1, options);
+		True(verification, jwt);
+	}
+}

gxjwt/src/test/java/com/genexus/test/jwt/features/JwtHeaderParametersTest.java

@@ -0,0 +1,105 @@
+package com.genexus.test.jwt.features;
+
+import com.genexus.JWT.JWTCreator;
+import com.genexus.JWT.claims.PrivateClaims;
+import com.genexus.JWT.utils.DateUtil;
+import com.genexus.commons.JWTOptions;
+import com.genexus.securityapicommons.keys.SymmetricKeyGenerator;
+import com.genexus.test.commons.SecurityAPITestObject;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+public class JwtHeaderParametersTest extends SecurityAPITestObject {
+
+	protected static JWTCreator jwt;
+	protected static JWTOptions options;
+	protected static SymmetricKeyGenerator keyGen;
+	protected static DateUtil du;
+	protected PrivateClaims claims;
+	protected static String token;
+	protected static String currentDate;
+	protected static String hexaKey;
+
+	public static Test suite() {
+		return new TestSuite(JwtHeaderParametersTest.class);
+	}
+
+	@Override
+	public void runTest() {
+		testPositive();
+		testNegative1();
+		testNegative2();
+		testNegative3();
+	}
+
+	@Override
+	public void setUp() {
+		jwt = new JWTCreator();
+		options = new JWTOptions();
+		du = new DateUtil();
+		keyGen = new SymmetricKeyGenerator();
+		claims = new PrivateClaims();
+
+
+		currentDate = du.getCurrentDate();
+		hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
+
+		options.addRegisteredClaim("aud", "jitsi");
+		options.addRegisteredClaim("iss", "my_client");
+		options.addRegisteredClaim("sub", "meet.jit.si");
+		options.addCustomTimeValidationClaim("exp", currentDate, "20");
+
+		claims.setClaim("hola", "hola");
+
+		options.addHeaderParameter("cty", "twilio-fpa;v=1");
+		options.setSecret(hexaKey);
+
+		token = jwt.doCreate("HS256", claims, options);
+	}
+
+	public void testPositive()
+	{
+		boolean verification = jwt.doVerify(token, "HS256", claims, options);
+		True(verification, jwt);
+	}
+
+	public void testNegative1()
+	{
+		options.addHeaderParameter("pepe", "whatever");
+		boolean verification = jwt.doVerify(token, "HS256", claims, options);
+		assertFalse(verification);
+		assertFalse(jwt.hasError());
+	}
+
+	public void testNegative2()
+	{
+		JWTOptions op = new JWTOptions();
+		op.addRegisteredClaim("aud", "jitsi");
+		op.addRegisteredClaim("iss", "my_client");
+		op.addRegisteredClaim("sub", "meet.jit.si");
+		op.addCustomTimeValidationClaim("exp", currentDate, "20");
+		op.setSecret(hexaKey);
+		op.addHeaderParameter("pepe", "whatever");
+
+		boolean verification = jwt.doVerify(token, "HS256", claims, op);
+		assertFalse(verification);
+		assertFalse(jwt.hasError());
+
+	}
+
+	public void testNegative3()
+	{
+		JWTOptions op = new JWTOptions();
+		op.addRegisteredClaim("aud", "jitsi");
+		op.addRegisteredClaim("iss", "my_client");
+		op.addRegisteredClaim("sub", "meet.jit.si");
+		op.addCustomTimeValidationClaim("exp", currentDate, "20");
+		op.setSecret(hexaKey);
+
+
+		boolean verification = jwt.doVerify(token, "HS256", claims, op);
+		assertFalse(verification);
+		assertFalse(jwt.hasError());
+	}
+}

gxjwt/src/test/java/com/genexus/test/jwt/features/JwtNestedClaimsTest.java

@@ -0,0 +1,103 @@
+package com.genexus.test.jwt.features;
+
+import com.genexus.JWT.JWTCreator;
+import com.genexus.JWT.claims.PrivateClaims;
+import com.genexus.JWT.utils.DateUtil;
+import com.genexus.commons.JWTOptions;
+import com.genexus.securityapicommons.keys.SymmetricKeyGenerator;
+import com.genexus.test.commons.SecurityAPITestObject;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+public class JwtNestedClaimsTest extends SecurityAPITestObject {
+
+	protected static JWTCreator jwt;
+	protected static JWTOptions options;
+	protected static SymmetricKeyGenerator keyGen;
+	protected static DateUtil du;
+	protected PrivateClaims claimslevel1;
+	protected PrivateClaims claimslevel2;
+	protected PrivateClaims claimslevel3;
+	protected static String token;
+	protected static String currentDate;
+	protected static String hexaKey;
+
+	public static Test suite() {
+		return new TestSuite(JwtNestedClaimsTest.class);
+	}
+
+	@Override
+	public void runTest() {
+		testPositive();
+		testNegative1();
+		testNegative2();
+	}
+
+	@Override
+	public void setUp() {
+		jwt = new JWTCreator();
+		options = new JWTOptions();
+		du = new DateUtil();
+		keyGen = new SymmetricKeyGenerator();
+		claimslevel1 = new PrivateClaims();
+		claimslevel2 = new PrivateClaims();
+		claimslevel3 = new PrivateClaims();
+
+		currentDate = du.getCurrentDate();
+		hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
+
+		options.addRegisteredClaim("aud", "jitsi");
+		options.addRegisteredClaim("iss", "my_client");
+		options.addRegisteredClaim("sub", "meet.jit.si");
+		options.addCustomTimeValidationClaim("exp", currentDate, "20");
+
+		claimslevel1.setClaim("room", "*");
+
+		claimslevel1.setClaim("context", claimslevel2);
+
+		claimslevel2.setClaim("user", claimslevel3);
+		claimslevel3.setClaim("avatar", "https:/gravatar.com/avatar/abc123");
+		claimslevel3.setClaim("name", "John Doe");
+		claimslevel3.setClaim("email", "[email protected]");
+		claimslevel3.setClaim("id", "abcd:a1b2c3-d4e5f6-0abc1-23de-abcdef01fedcba");
+		claimslevel2.setClaim("group", "a123-123-456-789");
+
+		options.setSecret(hexaKey);
+		token = jwt.doCreate("HS256", claimslevel1, options);
+	}
+
+	public void testPositive()
+	{
+		boolean verification = jwt.doVerify(token, "HS256", claimslevel1, options);
+		True(verification, jwt);
+	}
+
+	public void testNegative1()
+	{
+		claimslevel2.setClaim("pepe", "whatever");
+		boolean verification = jwt.doVerify(token, "HS256", claimslevel1, options);
+		assertFalse(verification);
+		assertFalse(jwt.hasError());
+	}
+
+	public void testNegative2()
+	{
+		PrivateClaims claimslevel11 = new PrivateClaims();
+		PrivateClaims claimslevel21 = new PrivateClaims();
+		PrivateClaims claimslevel31 = new PrivateClaims();
+		claimslevel11.setClaim("room", "*");
+
+		claimslevel11.setClaim("context", claimslevel21);
+
+		claimslevel21.setClaim("user", claimslevel31);
+		claimslevel31.setClaim("avatar", "https:/gravatar.com/avatar/abc123");
+		claimslevel31.setClaim("name", "John Doe");
+		claimslevel31.setClaim("email", "[email protected]");
+		claimslevel31.setClaim("id", "abcd:a1b2c3-d4e5f6-0abc1-23de-abcdef01fedcba");
+
+		boolean verification = jwt.doVerify(token, "HS256", claimslevel11, options);
+		assertFalse(verification);
+	}
+
+}