Package uk.co.spudsoft.jwtvalidatorvertx
Class AbstractTokenValidationTester
java.lang.Object
uk.co.spudsoft.jwtvalidatorvertx.AbstractTokenValidationTester
- Direct Known Subclasses:
TestJwtValidatorVertx
Required tests:
- Invalid structure (not three dots)
- Invalid structure (first part not base64)
- Invalid structure (second part not base64)
- Invalid structure (third part not base64)
- Invalid structure (first part not JSON)
- Invalid structure (second part not JSON)
- Algorithm none
- Algorithm not in acceptable list (RS256, RS384, RS512) but token otherwise valid
- Signature invalid
- Key not in jwks output
- Token exp value in the past - measure acceptable leeway over < 1 hour
- Token nbf claim in the future - measure acceptable leeway over < 1 hour
- Token bad iss accepted - not matching preconfigured values
- Token bad aud accepted
- Token aud not accepted when single value despite being the aud for the service
- Token aud not accepted when single element array despite being the aud for the service
- Token aud not accepted when first element of array despite being the aud for the service
- Token aud not accepted when last element of array despite being the aud for the service
- Token sub not present
- Author:
- jtalbut
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected classprotected static interfaceclass -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract TokenBuildercreateTokenBuilder(com.google.common.cache.Cache<String, AlgorithmAndKeyPair> keyCache) protected abstract StringgetAud()protected abstract Stringprotected abstract StringgetKeyId()protected voidperformTest(String testName, AbstractTokenValidationTester.TestFunction function) voidprotected abstract booleanprotected abstract booleanprotected abstract void
-
Constructor Details
-
AbstractTokenValidationTester
public AbstractTokenValidationTester()
-
-
Method Details
-
createTokenBuilder
protected abstract TokenBuilder createTokenBuilder(com.google.common.cache.Cache<String, AlgorithmAndKeyPair> keyCache) -
useToken
-
getAud
-
getIssuer
-
getKeyId
-
requiresExp
protected abstract boolean requiresExp() -
requiresNbf
protected abstract boolean requiresNbf() -
getResults
-
performTest
-
performTests
public void performTests() -
testValidRs256
- Throws:
Exception
-
testValidRs384
- Throws:
Exception
-
testValidRs512
- Throws:
Exception
-
testInvalidStructureNotThreeParts
-
testInvalidStructureFirstPartNotBase64
public String testInvalidStructureFirstPartNotBase64() throws Exception, AbstractTokenValidationTester.TestFailure -
testInvalidStructureSecondPartNotBase64
public String testInvalidStructureSecondPartNotBase64() throws Exception, AbstractTokenValidationTester.TestFailure -
testInvalidStructureThirdPartNotBase64
public String testInvalidStructureThirdPartNotBase64() throws Exception, AbstractTokenValidationTester.TestFailure -
testInvalidStructureFirstPartNotJson
public String testInvalidStructureFirstPartNotJson() throws Exception, AbstractTokenValidationTester.TestFailure -
testInvalidStructureSecondPartNotJson
public String testInvalidStructureSecondPartNotJson() throws Exception, AbstractTokenValidationTester.TestFailure -
testAlgorithmNone
-
testAlgorithmES512
-
testAlgorithmHS512
-
testInvalidSignature
-
testKeyNotInJwksOutput
-
testNoExpPermitted
-
testExpInThePast
-
testNoNbfPermitted
-
testNbfInTheFuture
-
testBadIssAccepted
-
testBadAudAccepted
-
testAudNotAcceptedAsSingleElementArray
public String testAudNotAcceptedAsSingleElementArray() throws Exception, AbstractTokenValidationTester.TestFailure -
testAudNotAcceptedAsSingleValue
public String testAudNotAcceptedAsSingleValue() throws Exception, AbstractTokenValidationTester.TestFailure -
testAudNotAcceptedAsFirstElementOfArray
public String testAudNotAcceptedAsFirstElementOfArray() throws Exception, AbstractTokenValidationTester.TestFailure -
testAudNotAcceptedAsLastElementOfArray
public String testAudNotAcceptedAsLastElementOfArray() throws Exception, AbstractTokenValidationTester.TestFailure -
testNoSubAccepted
-