There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact forum-support@opengroup.org

Commit 94078b98 authored by Abhishek Patil's avatar Abhishek Patil
Browse files

Using AzureServicePrincipleTokenService in implementation of IServiceAccountJwtClient

parent 751bf31b
Pipeline #63051 passed with stages
in 23 minutes and 31 seconds
......@@ -14,82 +14,19 @@
package org.opengroup.osdu.notification.provider.azure.util;
import com.auth0.jwt.JWT;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import org.apache.http.HttpStatus;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.search.IdToken;
import org.opengroup.osdu.core.common.provider.interfaces.IJwtCache;
import org.opengroup.osdu.azure.util.AzureServicePrincipleTokenService;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.net.MalformedURLException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
@Component
public class ServiceAccountJwtAzureClientImpl implements IServiceAccountJwtClient {
@Autowired
private AppProperties config;
@Autowired
private IJwtCache tenantJwtCache;
public String getIdToken(String tenantName) {
String ACCESS_TOKEN = "";
ExecutorService service = null;
try {
// TODO : Refactor to move ID token form Common.Core.model.search to Common.core
IdToken cachedToken = (IdToken) this.tenantJwtCache.get(tenantName);
if ((cachedToken != null) && !IdToken.refreshToken(cachedToken)) {
return "Bearer " + cachedToken.getTokenValue();
}
// TODO : Control the thread count via config and pool should be created once.
service = Executors.newFixedThreadPool(1);
ACCESS_TOKEN = getAccessToken(service);
IdToken idToken = IdToken.builder().tokenValue(ACCESS_TOKEN).expirationTimeMillis(JWT.decode(ACCESS_TOKEN).getExpiresAt().getTime()).build();
this.tenantJwtCache.put(tenantName, idToken);
} finally {
if(service != null) {
service.shutdown();
}
}
return "Bearer " + ACCESS_TOKEN;
}
// TODO : Refactor for making it test-able.
// THIS METHOD IS PUBLIC ONLY TO ENABLE UNIT TESTING
public String getAccessToken(ExecutorService service) {
AuthenticationContext context = null;
ClientCredential credential = null;
String ACCESS_TOKEN = null;
try {
context = new AuthenticationContext(this.config.getAuthURL(), false, service);
credential = new ClientCredential(this.config.getAuthClientID(), this.config.getAuthClientSecret());
Future<AuthenticationResult> future = context.acquireToken(this.config.getAadClientID(), credential, null);
private AzureServicePrincipleTokenService tokenService;
if (future == null) {
throw new AppException(HttpStatus.SC_FORBIDDEN, "Token not generated", "The user is not authorized to obtain Token From AAD");
}
ACCESS_TOKEN = future.get().getAccessToken();
} catch (MalformedURLException malformedURLException) {
malformedURLException.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return ACCESS_TOKEN;
@Override
public String getIdToken(String partitionId){
return "Bearer " + this.tokenService.getAuthorizationToken();
}
}
......@@ -14,104 +14,56 @@
package org.opengroup.osdu.notification.util;
import org.apache.http.HttpStatus;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Spy;
import org.mockito.junit.MockitoJUnitRunner;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.mockito.junit.jupiter.MockitoExtension;
import org.omg.CORBA.portable.ApplicationException;
import org.opengroup.osdu.azure.util.AzureServicePrincipleTokenService;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.search.IdToken;
import org.opengroup.osdu.notification.provider.azure.cache.JwtCache;
import org.opengroup.osdu.notification.provider.azure.util.AppProperties;
import org.opengroup.osdu.notification.provider.azure.util.ServiceAccountJwtAzureClientImpl;
import java.util.concurrent.ExecutorService;
import java.io.UnsupportedEncodingException;
import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
import static org.mockito.Mockito.times;
@RunWith(MockitoJUnitRunner.class)
@ExtendWith(MockitoExtension.class)
public class ServiceAccountClientImplTest {
final String tenantName = "Test Tenant";
final String validToken = "validToken";
@Mock
private IdToken idToken;
@Mock
private ExecutorService executorService;
@Mock
private AppProperties appProperties;
@Mock
private JwtCache tenantJwtCacheMock;
@Mock
private JaxRsDpsLog logger;
private static final String tenantId = "tenantId";
private static final String token = "jwt-token";
@InjectMocks
@Spy
private ServiceAccountJwtAzureClientImpl sut;
private ServiceAccountJwtAzureClientImpl serviceAccountJwtAzureClient;
@Before
public void setup() {
initMocks(this);
idToken = IdToken.builder().tokenValue(validToken).expirationTimeMillis(System.currentTimeMillis() + 10000000L).build();
}
@Mock
private AzureServicePrincipleTokenService azureServicePrincipleTokenService;
@Test
public void should_getTokenFromCache_getIdTokenTest() {
// SetUp
when(tenantJwtCacheMock.get(any())).thenReturn(idToken);
String expectedToken = "Bearer " +idToken.getTokenValue();
public void shouldSuccessfullyGenerateToken() throws UnsupportedEncodingException, ApplicationException {
// Act
String returnedIdToken = sut.getIdToken(tenantName);
when(azureServicePrincipleTokenService.getAuthorizationToken()).thenReturn(token);
// Assert
Assert.assertEquals(expectedToken, returnedIdToken);
String result = serviceAccountJwtAzureClient.getIdToken(tenantId);
assertEquals("Bearer " + token, result);
verify(azureServicePrincipleTokenService, times(1)).getAuthorizationToken();
}
@Test
public void should_updateCache_getIdTokenTest() {
// Set up
when(tenantJwtCacheMock.get(any())).thenReturn(idToken);
String expectedToken = "Bearer " +idToken.getTokenValue();
public void shouldThrowAppException() throws UnsupportedEncodingException {
// Act
String returnedToken = this.sut.getIdToken(tenantName);
doThrow(AppException.class).when(azureServicePrincipleTokenService).getAuthorizationToken();
// Assert
Assert.assertEquals(expectedToken, returnedToken);
}
AppException exception = assertThrows(AppException.class, () -> {
serviceAccountJwtAzureClient.getIdToken(tenantId);
});
@Test
public void should_return403GivenInvalidApplicationProperties_getAccessToken() {
when(appProperties.getAuthURL()).thenReturn("https://login.microsoftonline.com/s/oauth2/token/");
when(appProperties.getAuthClientID()).thenReturn("testAuthClientID");
when(appProperties.getAuthClientSecret()).thenReturn("testAuthClientSecret");
when(appProperties.getAadClientID()).thenReturn("testAadClientID");
try {
// Act
sut.getAccessToken(executorService);
// Assert
fail("Should throw exception");
} catch (AppException appException) {
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, appException.getError().getCode());
} catch (Exception e) {
fail("Should not throw this exception" + e.getMessage());
}
assertNotNull(exception);
verify(azureServicePrincipleTokenService, times(1)).getAuthorizationToken();
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment