diff --git a/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/util/KeyBindedTokenMatcherUtilTest.java b/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/util/KeyBindedTokenMatcherUtilTest.java index 9d246aad32..96f0fc0d43 100644 --- a/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/util/KeyBindedTokenMatcherUtilTest.java +++ b/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/util/KeyBindedTokenMatcherUtilTest.java @@ -5,7 +5,6 @@ import org.bouncycastle.util.io.pem.PemObject; import org.bouncycastle.util.io.pem.PemReader; import org.junit.Assert; -import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; @@ -20,9 +19,16 @@ import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; -import java.util.HashMap; -import java.util.Map; -import java.util.Objects; +import java.util.*; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.crypto.MACSigner; +import com.nimbusds.jose.util.Base64URL; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; @RunWith(SpringRunner.class) public class KeyBindedTokenMatcherUtilTest { @@ -85,8 +91,7 @@ public void matchTestWithInValidThumbprint_thenFail() { } } @Test - @Ignore - public void matchTestWithInValidCerts_thenFail() throws IdAuthenticationBusinessException { + public void matchTestWithInValidCerts_thenFail() throws Exception { ReflectionTestUtils.setField(keyBindedTokenMatcherUtil, "iatAdjSeconds", 30000000); Map properties =new HashMap<>(); Map bindingCertificates =new HashMap<>(); @@ -94,8 +99,7 @@ public void matchTestWithInValidCerts_thenFail() throws IdAuthenticationBusiness input.put("individualId","individualId"); input.put("type","type"); input.put("format","jwt"); - input.put("token","eyJ0eXAiOiJKV1QiLCJ4NXQjUzI1NiI6IjBFSmtKMDYyWnZNZ0dKSk9BRVNYWFo1Tl9hamRDOG04Y0hPTXVKVVRGWUEiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE2OTg5ODgyMTcsIm5iZiI6MTY5ODk4ODIxNywiZXhwIjoxNjk4OTg4ODIyLCJqdGkiOiJYZkpRaGVfU3RuNTNmaWc3YVV3V3MiLCJhdWQiOiJpZGEtYmluZGluZyIsInN1YiI6IjQxNTg2MTI2MDkiLCJpc3MiOiJwb3N0bWFuLWluamkifQ.bSqcJZlq5PyAExwPoww41OF-vBIyaADZ8OsXzA_7gtowNl0kChVAB11eIPEcjuFvYeQiSpQgNZsS2-w84ZBdiqh72kkJQLjN7ItMKNf-cekNRmG6XFf1os1vom7CwrguataoYvboiiXYw0WUfsZTmnhcOKC8XN3qAsB2YAyYEnBJBeKy5aCNAfJiOULTMrqAqcu-A1MA_wtAkaCJggiNxf1-5bJWjZYyQOkis0nHmbgWjzzThdd6TzMkLnUyNxzO2n1E9A19OJ2ZH0ZN1d46c8QBMsYmGX-Kz8B8GBDnDlwC4M5g4hmxuXCN6sBcVjAONl92LxI1htSZ6muv3xL1YQ"); - + input.put("token", generateTestJwtToken()); try { keyBindedTokenMatcherUtil.match(input, bindingCertificates, properties); }catch (IdAuthenticationBusinessException e){ @@ -103,6 +107,33 @@ public void matchTestWithInValidCerts_thenFail() throws IdAuthenticationBusiness } } + private String generateTestJwtToken() throws JOSEException { + // Secret key for signing - in production, this should be stored securely + String secretKey = "your-256-bit-secret-key-for-testing-purposes-only"; + // Create HMAC signer + JWSSigner signer = new MACSigner(secretKey.getBytes()); + // Create header with thumbprint + JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256) + .x509CertSHA256Thumbprint(Base64URL.encode(Base64.getDecoder().decode("dGVzdF90aHVtYnByaW50"))) // "test_thumbprint" in base64 + .build(); + // Prepare JWT with claims + JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() + .subject("test-user") + .issuer("test-issuer") + .claim("name", "Test User") + .claim("email", "test@example.com") + .claim("roles", "ROLE_USER") + .issueTime(new Date()) + .expirationTime(new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000)) // 24 hours + .build(); + // Create signed JWT with custom header + SignedJWT signedJWT = new SignedJWT(header, claimsSet); + // Sign the JWT + signedJWT.sign(signer); + // Serialize to compact form + return signedJWT.serialize(); + } + @Test public void matchTestWithValidCerts_thenFail() throws IdAuthenticationBusinessException { ReflectionTestUtils.setField(keyBindedTokenMatcherUtil, "iatAdjSeconds", 300000000);