Skip to content

Commit

Permalink
Merge branch 'sztupy-bugfix-audience'
Browse files Browse the repository at this point in the history
  • Loading branch information
DinoChiesa committed Jul 19, 2017
2 parents 9fd17b7 + c52a64c commit ecdad26
Show file tree
Hide file tree
Showing 17 changed files with 57 additions and 45 deletions.
24 changes: 14 additions & 10 deletions jwt_signed/apiproxy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -204,14 +204,18 @@ For example, this is how to configure the JWT creation with algorithm=HS256, whi
</Properties>

<ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

All properties accept a string as a value. If enclosed in curlies, the
string is treated as a variable name, which is dereferenced to obtain the
value.

The audience can be a comma-separated (And optionally space-delimited)
string, in which case it is treated as a list of audiences which will be
embedded into the JWT. It is not supported to include an audience string that
itself contains a comma.


To configure JWT creation with private key signing using an RSA key:
Expand Down Expand Up @@ -239,7 +243,7 @@ To configure JWT creation with private key signing using an RSA key:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand Down Expand Up @@ -285,7 +289,7 @@ configuration, using the private-key Property, like this:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand All @@ -311,7 +315,7 @@ To configure JWT parsing with HS256:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand Down Expand Up @@ -362,7 +366,7 @@ the policy to get that behavior. Like so:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand Down Expand Up @@ -392,7 +396,7 @@ To configure JWT parsing with RS256:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand Down Expand Up @@ -443,7 +447,7 @@ public-key property, like so:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand Down Expand Up @@ -491,7 +495,7 @@ certificate.
</Properties>

<ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand All @@ -515,7 +519,7 @@ or, like so:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand All @@ -542,7 +546,7 @@ those values:
</Properties>

<ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
<ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
```

Expand Down
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Create-HS256.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Create-RS256-2.xml
Original file line number Diff line number Diff line change
Expand Up @@ -53,5 +53,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Create-RS256.xml
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Parse-HS256-2.xml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Parse-HS256-paypal.xml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Parse-HS256.xml
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Parse-OpenIDConnect.xml
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Parse-RS256-2.xml
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Parse-RS256.xml
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
2 changes: 1 addition & 1 deletion jwt_signed/apiproxy/policies/JWT-Parse-Verify-RS256-ms.xml
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,5 @@ H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
Original file line number Diff line number Diff line change
Expand Up @@ -50,5 +50,5 @@
</Properties>

<ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.9.jar</ResourceURL>
<ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.10.jar</ResourceURL>
</JavaCallout>
Binary file not shown.
2 changes: 1 addition & 1 deletion jwt_signed/callout/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.apigee.callouts</groupId>
<artifactId>apigee-edge-callout-jwt-signed</artifactId>
<version>1.0.9</version>
<version>1.0.10</version>
<name>JwtSignedEdgeCallout</name>
<url>http://maven.apache.org</url>
<packaging>jar</packaging>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -193,13 +193,20 @@ private String[] getAudience(MessageContext msgCtxt) throws Exception {
return null;
}

// Audience is an array, or a simple string. We always return array
String[] audiences = StringUtils.split(audience,",");
for(int i=0; i<audiences.length; i++) {
audiences[i] = (String) resolvePropertyValue(audiences[i], msgCtxt);
Object resolvedValue = resolvePropertyValue(audience, msgCtxt);
if (resolvedValue instanceof String[]) {
// we might already have an array from a property
return (String[])resolvedValue;
} else if (resolvedValue instanceof org.mozilla.javascript.NativeArray) {
return nativeToJavaArray((org.mozilla.javascript.NativeArray)resolvedValue);
} else {
// Audience is an array, or a simple string. We always return array
String[] audiences = StringUtils.split(resolvedValue.toString(), ",");
for (int i = 0; i < audiences.length; i++) {
audiences[i] = (String) resolvePropertyValue(audiences[i], msgCtxt);
}
return audiences;
}

return audiences;
}

private String getJwtId(MessageContext msgCtxt) throws Exception {
Expand Down Expand Up @@ -439,22 +446,19 @@ public ExecutionResult execute(MessageContext msgCtxt, ExecutionContext exeCtxt)
if (parts.length == 2 && parts[0].equals("claim") &&
providedValue != null) {
String claimName = parts[1];
Object resolvedValue = resolvePropertyValue(providedValue, msgCtxt);
// special case aud, which can be an array
if (claimName.equals("aud") && providedValue.indexOf(",")!=-1) {
if (claimName.equals("aud") && resolvedValue instanceof String) {
audiences = StringUtils.split(providedValue,",");
for(int i=0; i<audiences.length; i++) {
audiences[i] = (String) resolvePropertyValue(audiences[i], msgCtxt);
}
claims.setAudience(java.util.Arrays.asList(audiences));
}
else {
Object resolvedValue = resolvePropertyValue(providedValue, msgCtxt);
if (resolvedValue instanceof String[]) {
claims.setClaim(claimName, resolvedValue);
claims.setClaim(claimName, java.util.Arrays.asList((String[])resolvedValue));
}
else if (resolvedValue instanceof org.mozilla.javascript.NativeArray) {
// an array set in a JavaScript callout
claims.setClaim(claimName, nativeToJavaArray((org.mozilla.javascript.NativeArray)resolvedValue));
claims.setClaim(claimName, java.util.Arrays.asList(nativeToJavaArray((org.mozilla.javascript.NativeArray)resolvedValue)));
}
else if (resolvedValue != null){
//claims.setCustomClaim(claimName, providedValue);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -310,21 +310,22 @@ public void CreateAndParseWithGeneratedId() {
@Test()
public void BasicCreateAndParseMultiAudience() {
String issuer = "urn:78B13CD0-CEFD-4F6A-BB76-AF236D876239";
String audience = "everyone,anyone";
String subject = "urn:75E70AF6-B468-4BCE-B096-88F13D6DB03F";
Arrays.stream(new String[] { null, "true", "false" } )
.map((String continueOnErrorString) -> {
msgCtxt.setVariable("audienceVar", new String[] {"everyone","anyone"});
Arrays.stream(new String[] { "audience","claim_aud"}).forEach(audienceProperty -> {
Arrays.stream(new String[]{"everyone,anyone", "{audienceVar}"}).forEach(audience -> {
Arrays.stream(new String[]{null, "true", "false"}).forEach((String continueOnErrorString) -> {
ExecutionResult expectedResult = ("true".equals(continueOnErrorString)) ?
ExecutionResult.SUCCESS : ExecutionResult.ABORT ;
ExecutionResult.SUCCESS : ExecutionResult.ABORT;

Map properties = new HashMap();
properties.put("algorithm", "HS256");
properties.put("debug", "true");
properties.put("secret-key", "ABCDEFGH12345678_ABCDEFGH12345678");
properties.put("subject", subject);
properties.put("issuer", issuer);
properties.put("audience", audience);
if (continueOnErrorString!=null) {
properties.put(audienceProperty, audience);
if (continueOnErrorString != null) {
properties.put("continueOnError", continueOnErrorString);
}

Expand All @@ -345,6 +346,9 @@ public void BasicCreateAndParseMultiAudience() {
properties.put("claim_aud", "anyone");
properties.put("claim_sub", subject);
properties.put("secret-key", "ABCDEFGH12345678_ABCDEFGH12345678");
if (continueOnErrorString != null) {
properties.put("continueOnError", continueOnErrorString);
}
JwtParserCallout callout2 = new JwtParserCallout(properties);
result = callout2.execute(msgCtxt, exeCtxt);

Expand Down Expand Up @@ -382,12 +386,12 @@ public void BasicCreateAndParseMultiAudience() {
Assert.assertEquals(isValid, "false", "isValid");
Assert.assertEquals(isExpired, "false", "isExpired");
Assert.assertEquals(reason, "audience violation", "audience");
return null; // to satisfy .map()
});
});
});
}


private void tryDeserializeKey(String key, String password)
private void tryDeserializeKey(String key, String password)
throws InvalidKeySpecException, GeneralSecurityException, NoSuchAlgorithmException
{
byte[] keybytes = key.getBytes(StandardCharsets.UTF_8);
Expand Down

0 comments on commit ecdad26

Please sign in to comment.