1+ /*
2+ * Copyright (C) 2018 Google Inc.
3+ *
4+ * Licensed under the Apache License, Version 2.0 (the "License");
5+ * you may not use this file except in compliance with the License.
6+ * You may obtain a copy of the License at
7+ *
8+ * http://www.apache.org/licenses/LICENSE-2.0
9+ *
10+ * Unless required by applicable law or agreed to in writing, software
11+ * distributed under the License is distributed on an "AS IS" BASIS,
12+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+ * See the License for the specific language governing permissions and
14+ * limitations under the License.
15+ */
16+
17+ package org .oidc .msg ;
18+
19+ import java .util .ArrayList ;
20+ import java .util .HashMap ;
21+ import java .util .List ;
22+ import java .util .Map ;
23+ import org .junit .Assert ;
24+ import org .junit .Before ;
25+ import org .junit .Test ;
26+ import org .oidc .msg .oidc .IDToken ;
27+
28+ public class IDTokenTest {
29+
30+ Map <String , Object > claims = new HashMap <String , Object >();
31+ long now ;
32+
33+ /**
34+ * Setuo mandatory claims.
35+ */
36+ @ Before
37+ public void setup () {
38+ now = System .currentTimeMillis () / 1000 ;
39+ claims .clear ();
40+ claims .put ("iss" , "issuer" );
41+ claims .put ("sub" , "subject" );
42+ claims .put ("aud" , "clientid" );
43+ claims .put ("exp" , now + 10 );
44+ claims .put ("iat" , now );
45+ }
46+
47+ @ SuppressWarnings ("unchecked" )
48+ @ Test
49+ public void testSuccessMandatoryParameters () throws InvalidClaimException {
50+ IDToken req = new IDToken (claims );
51+ req .verify ();
52+ Assert .assertEquals ("issuer" , req .getClaims ().get ("iss" ));
53+ Assert .assertEquals ("subject" , req .getClaims ().get ("sub" ));
54+ Assert .assertTrue (((List <String >) req .getClaims ().get ("aud" )).contains ("clientid" ));
55+ Assert .assertEquals (now + 10 , req .getClaims ().get ("exp" ));
56+ Assert .assertEquals (now , req .getClaims ().get ("iat" ));
57+ }
58+
59+ @ Test (expected = InvalidClaimException .class )
60+ public void testFailMissingMandatoryParameter () throws InvalidClaimException {
61+ claims .remove ("iss" );
62+ IDToken req = new IDToken (claims );
63+ req .verify ();
64+ }
65+
66+ @ Test (expected = InvalidClaimException .class )
67+ public void testWrongIssuer () throws InvalidClaimException {
68+ IDToken req = new IDToken (claims );
69+ req .setIssuer ("other_issuer" );
70+ req .verify ();
71+ }
72+
73+ @ Test (expected = InvalidClaimException .class )
74+ public void testWrongClientId () throws InvalidClaimException {
75+ IDToken req = new IDToken (claims );
76+ req .setClientId ("other_clientid" );
77+ req .verify ();
78+ }
79+
80+ @ Test (expected = InvalidClaimException .class )
81+ public void testMissingAzp () throws InvalidClaimException {
82+ List <String > aud = new ArrayList <String >();
83+ aud .add ("clientid" );
84+ aud .add ("other_clientid" );
85+ claims .put ("aud" , aud );
86+ IDToken req = new IDToken (claims );
87+ req .verify ();
88+ }
89+
90+ @ Test (expected = InvalidClaimException .class )
91+ public void testFailAzpExistsNotMatchingAud () throws InvalidClaimException {
92+ List <String > aud = new ArrayList <String >();
93+ aud .add ("clientid" );
94+ aud .add ("other_clientid" );
95+ claims .put ("aud" , aud );
96+ claims .put ("azp" , "notmatching" );
97+ IDToken req = new IDToken (claims );
98+ req .verify ();
99+ }
100+
101+ @ Test
102+ public void testSuccessAzpExistsMatchingAud () throws InvalidClaimException {
103+ List <String > aud = new ArrayList <String >();
104+ aud .add ("clientid" );
105+ aud .add ("other_clientid" );
106+ claims .put ("aud" , aud );
107+ claims .put ("azp" , "other_clientid" );
108+ IDToken req = new IDToken (claims );
109+ req .verify ();
110+ }
111+
112+ @ Test (expected = InvalidClaimException .class )
113+ public void testFailAzpExistsNotMatchingClientId () throws InvalidClaimException {
114+ List <String > aud = new ArrayList <String >();
115+ aud .add ("clientid" );
116+ aud .add ("other_clientid" );
117+ claims .put ("aud" , aud );
118+ claims .put ("azp" , "other_clientid" );
119+ IDToken req = new IDToken (claims );
120+ req .setClientId ("third_clientId" );
121+ req .verify ();
122+ }
123+
124+ @ Test
125+ public void testSuccessAzpExistsMatchingClientId () throws InvalidClaimException {
126+ List <String > aud = new ArrayList <String >();
127+ aud .add ("clientid" );
128+ aud .add ("other_clientid" );
129+ claims .put ("aud" , aud );
130+ claims .put ("azp" , "other_clientid" );
131+ IDToken req = new IDToken (claims );
132+ req .setClientId ("other_clientid" );
133+ req .verify ();
134+ }
135+
136+ @ Test (expected = InvalidClaimException .class )
137+ public void testFailExp () throws InvalidClaimException {
138+ claims .put ("exp" , now - 1 );
139+ IDToken req = new IDToken (claims );
140+ req .verify ();
141+ }
142+
143+ @ Test
144+ public void testSuccessExpSkew () throws InvalidClaimException {
145+ claims .put ("exp" , now - 1 );
146+ IDToken req = new IDToken (claims );
147+ req .setSkew (2 );
148+ req .verify ();
149+ }
150+
151+ @ Test (expected = InvalidClaimException .class )
152+ public void testFailIat () throws InvalidClaimException {
153+ claims .put ("iat" , now - 100 );
154+ IDToken req = new IDToken (claims );
155+ req .setStorageTime (90 );
156+ req .verify ();
157+ }
158+
159+ @ Test
160+ public void testSuccessIat () throws InvalidClaimException {
161+ claims .put ("iat" , now - 100 );
162+ IDToken req = new IDToken (claims );
163+ req .setStorageTime (110 );
164+ req .verify ();
165+ }
166+
167+ @ Test (expected = InvalidClaimException .class )
168+ public void testFailNonceVerification () throws InvalidClaimException {
169+ claims .put ("nonce" , "nonce1" );
170+ IDToken req = new IDToken (claims );
171+ req .setNonce ("nonce2" );
172+ req .verify ();
173+ }
174+
175+ @ Test
176+ public void testSuccessNonceVerification () throws InvalidClaimException {
177+ claims .put ("nonce" , "nonce" );
178+ IDToken req = new IDToken (claims );
179+ req .setNonce ("nonce" );
180+ req .verify ();
181+ }
182+
183+ }
0 commit comments