james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From btell...@apache.org
Subject [5/5] james-project git commit: JAMES-2273 James should warn when the jwt token is invalid or empty
Date Thu, 04 Jan 2018 02:24:52 GMT
JAMES-2273 James should warn when the jwt token is invalid or empty


Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/7875cc08
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/7875cc08
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/7875cc08

Branch: refs/heads/master
Commit: 7875cc08f2e3d9c7120f85d80a89b5dffa479f61
Parents: f2be591
Author: quynhn <qnguyen@linagora.com>
Authored: Wed Dec 27 17:26:35 2017 +0700
Committer: benwa <btellier@linagora.com>
Committed: Thu Jan 4 09:23:59 2018 +0700

----------------------------------------------------------------------
 .../apache/james/jmap/JMAPConfiguration.java    |  2 +
 .../james/jmap/JMAPConfigurationTest.java       | 11 +++
 .../crypto/JamesSignatureHandlerProvider.java   | 11 +++
 .../org/apache/james/jwt/JwtConfiguration.java  | 10 +++
 .../apache/james/jwt/JwtConfigurationTest.java  | 72 ++++++++++++++++++++
 .../apache/james/jwt/PublicKeyProviderTest.java |  2 +-
 6 files changed, 107 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
b/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
index e194e0f..3117929 100644
--- a/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
+++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/JMAPConfiguration.java
@@ -82,8 +82,10 @@ public class JMAPConfiguration {
             Preconditions.checkState(enabled.isPresent(), "You should specify if JMAP server
should be started");
             Preconditions.checkState(!enabled.get() || !Strings.isNullOrEmpty(keystore),
"'keystore' is mandatory");
             Preconditions.checkState(!enabled.get() || !Strings.isNullOrEmpty(secret), "'secret'
is mandatory");
+            Preconditions.checkState(!enabled.get() || jwtPublicKeyPem.isPresent(), "'publicKey'
is mandatory");
             return new JMAPConfiguration(enabled.get(), keystore, secret, jwtPublicKeyPem,
port);
         }
+
     }
 
     private final boolean enabled;

http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
b/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
index 4ffce68..8dbbda9 100644
--- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
+++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPConfigurationTest.java
@@ -85,6 +85,17 @@ public class JMAPConfigurationTest {
     }
 
     @Test
+    public void buildShouldThrowWhenJwtPublicKeyPemIsEmpty() {
+        assertThatThrownBy(() -> JMAPConfiguration.builder()
+            .enable()
+            .keystore("keystore")
+            .secret("secret")
+            .jwtPublicKeyPem(Optional.empty())
+            .build())
+            .isInstanceOf(IllegalStateException.class);
+    }
+
+    @Test
     public void buildShouldWorkWhenRandomPort() {
         JMAPConfiguration expectedJMAPConfiguration = new JMAPConfiguration(ENABLED, "keystore",
"secret", Optional.of("file://conf/jwt_publickey"), Optional.empty());
 

http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
index f3d0656..b2b84bf 100644
--- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
+++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
@@ -23,11 +23,21 @@ import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Optional;
 
 import org.apache.james.filesystem.api.FileSystem;
 import org.apache.james.jmap.JMAPConfiguration;
 
 public class JamesSignatureHandlerProvider {
+    private static final String JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" +
+        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" +
+        "16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" +
+        "lhDs5DyJtx2qp35AT0zCqfwlaDnlDc/QDlZv1CoRZGpQk1Inyh6SbZwYpxxwh0fi\n" +
+        "+d/4RpE3LBVo8wgOaXPylOlHxsDizfkL8QwXItyakBfMO6jWQRrj7/9WDhGf4Hi+\n" +
+        "GQur1tPGZDl9mvCoRHjFrD5M/yypIPlfMGWFVEvV5jClNMLAQ9bYFuOc7H1fEWw6\n" +
+        "U1LZUUbJW9/CH45YXz82CYqkrfbnQxqRb2iVbVjs/sHopHd1NTiCfUtwvcYJiBVj\n" +
+        "kwIDAQAB\n" +
+        "-----END PUBLIC KEY-----";
 
     public JamesSignatureHandler provide() throws Exception {
         FileSystem fileSystem = new FileSystem() {
@@ -51,6 +61,7 @@ public class JamesSignatureHandlerProvider {
                     .enable()
                     .keystore("keystore")
                     .secret("james72laBalle")
+                    .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY))
                     .build());
         signatureHandler.init();
         return signatureHandler;

http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
----------------------------------------------------------------------
diff --git a/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
b/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
index 3cfcfef..922ea00 100644
--- a/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
+++ b/server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtConfiguration.java
@@ -21,13 +21,23 @@ package org.apache.james.jwt;
 
 import java.util.Optional;
 
+import com.google.common.base.Preconditions;
+
 public class JwtConfiguration {
+    private static final boolean DEFAULT_VALUE = true;
     private final Optional<String> jwtPublicKeyPem;
 
     public JwtConfiguration(Optional<String> jwtPublicKeyPem) {
+        Preconditions.checkState(validPublicKey(jwtPublicKeyPem), "The provided public key
is not valid");
         this.jwtPublicKeyPem = jwtPublicKeyPem;
     }
 
+    private boolean validPublicKey(Optional<String> jwtPublicKeyPem) {
+        PublicKeyReader reader = new PublicKeyReader();
+        return jwtPublicKeyPem.map(value -> reader.fromPEM(Optional.of(value)).isPresent())
+            .orElse(DEFAULT_VALUE);
+    }
+
     public Optional<String> getJwtPublicKeyPem() {
         return jwtPublicKeyPem;
     }

http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java
b/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java
new file mode 100644
index 0000000..34436a9
--- /dev/null
+++ b/server/protocols/jwt/src/test/java/org/apache/james/jwt/JwtConfigurationTest.java
@@ -0,0 +1,72 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one   *
+ * or more contributor license agreements.  See the NOTICE file *
+ * distributed with this work for additional information        *
+ * regarding copyright ownership.  The ASF licenses this file   *
+ * to you under the Apache License, Version 2.0 (the            *
+ * "License"); you may not use this file except in compliance   *
+ * with the License.  You may obtain a copy of the License at   *
+ *                                                              *
+ *   http://www.apache.org/licenses/LICENSE-2.0                 *
+ *                                                              *
+ * Unless required by applicable law or agreed to in writing,   *
+ * software distributed under the License is distributed on an  *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
+ * KIND, either express or implied.  See the License for the    *
+ * specific language governing permissions and limitations      *
+ * under the License.                                           *
+ ****************************************************************/
+
+package org.apache.james.jwt;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import java.util.Optional;
+
+import org.junit.Test;
+
+public class JwtConfigurationTest {
+    private static final String INVALID_PUBLIC_KEY = "invalidPublicKey";
+    private static final String VALID_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" +
+        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" +
+        "16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" +
+        "lhDs5DyJtx2qp35AT0zCqfwlaDnlDc/QDlZv1CoRZGpQk1Inyh6SbZwYpxxwh0fi\n" +
+        "+d/4RpE3LBVo8wgOaXPylOlHxsDizfkL8QwXItyakBfMO6jWQRrj7/9WDhGf4Hi+\n" +
+        "GQur1tPGZDl9mvCoRHjFrD5M/yypIPlfMGWFVEvV5jClNMLAQ9bYFuOc7H1fEWw6\n" +
+        "U1LZUUbJW9/CH45YXz82CYqkrfbnQxqRb2iVbVjs/sHopHd1NTiCfUtwvcYJiBVj\n" +
+        "kwIDAQAB\n" +
+        "-----END PUBLIC KEY-----";
+
+    @Test
+    public void getJwtPublicKeyPemShouldReturnEmptyWhenEmptyPublicKey() throws Exception
{
+        JwtConfiguration jwtConfiguration = new JwtConfiguration(Optional.empty());
+
+        assertThat(jwtConfiguration.getJwtPublicKeyPem()).isNotPresent();
+    }
+
+    @Test
+    public void constructorShouldThrowWhenNullPublicKey() throws Exception {
+        assertThatThrownBy(() -> new JwtConfiguration(null))
+            .isInstanceOf(NullPointerException.class);
+    }
+
+    @Test
+    public void constructorShouldThrowWhenNonePublicKey() throws Exception {
+        assertThatThrownBy(() -> new JwtConfiguration(Optional.of("")))
+            .isInstanceOf(IllegalStateException.class);
+    }
+
+    @Test
+    public void constructorShouldThrowWhenInvalidPublicKey() throws Exception {
+        assertThatThrownBy(() -> new JwtConfiguration(Optional.of(INVALID_PUBLIC_KEY)))
+            .isInstanceOf(IllegalStateException.class);
+    }
+
+    @Test
+    public void getJwtPublicKeyPemShouldReturnWhenValidPublicKey() throws Exception {
+        JwtConfiguration jwtConfiguration = new JwtConfiguration(Optional.of(VALID_PUBLIC_KEY));
+
+        assertThat(jwtConfiguration.getJwtPublicKeyPem()).isPresent();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/james-project/blob/7875cc08/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
b/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
index a48dc79..92dcf77 100644
--- a/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
+++ b/server/protocols/jwt/src/test/java/org/apache/james/jwt/PublicKeyProviderTest.java
@@ -58,7 +58,7 @@ public class PublicKeyProviderTest {
 
     @Test
     public void getShouldThrowWhenPEMKeyNotProvided() {
-        JwtConfiguration configWithPEMKey = new JwtConfiguration(Optional.of(""));
+        JwtConfiguration configWithPEMKey = new JwtConfiguration(Optional.empty());
 
         PublicKeyProvider sut = new PublicKeyProvider(configWithPEMKey, new PublicKeyReader());
 


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message