-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathTokenEncodingTest.java
More file actions
120 lines (98 loc) · 5.56 KB
/
TokenEncodingTest.java
File metadata and controls
120 lines (98 loc) · 5.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package com.uid2.operator;
import com.uid2.operator.model.*;
import com.uid2.operator.service.EncodingUtils;
import com.uid2.operator.service.EncryptedTokenEncoder;
import com.uid2.operator.service.TokenUtils;
import com.uid2.shared.Const.Data;
import com.uid2.shared.model.TokenVersion;
import com.uid2.shared.store.CloudPath;
import com.uid2.shared.cloud.EmbeddedResourceStorage;
import com.uid2.shared.store.reader.RotatingKeysetKeyStore;
import com.uid2.shared.store.reader.RotatingKeysetProvider;
import com.uid2.shared.store.scope.GlobalScope;
import io.micrometer.core.instrument.Metrics;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.json.JsonObject;
import org.junit.Assert;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EnumSource;
import org.junit.jupiter.params.provider.ValueSource;
import java.time.Instant;
import static org.junit.jupiter.api.Assertions.*;
class TokenEncodingTest {
private final KeyManager keyManager;
public TokenEncodingTest() throws Exception {
RotatingKeysetKeyStore keysetKeyStore = new RotatingKeysetKeyStore(
new EmbeddedResourceStorage(Main.class),
new GlobalScope(new CloudPath("/com.uid2.core/test/keyset_keys/metadata.json")));
JsonObject m1 = keysetKeyStore.getMetadata();
keysetKeyStore.loadContent(m1);
RotatingKeysetProvider keysetProvider = new RotatingKeysetProvider(
new EmbeddedResourceStorage(Main.class),
new GlobalScope(new CloudPath("/com.uid2.core/test/keysets/metadata.json")));
JsonObject m2 = keysetProvider.getMetadata();
keysetProvider.loadContent(m2);
this.keyManager = new KeyManager(keysetKeyStore, keysetProvider);
}
@ParameterizedTest
@EnumSource(value = TokenVersion.class, names = {"V3", "V4"})
void testRefreshTokenEncoding(TokenVersion tokenVersion) {
final EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(this.keyManager);
final Instant now = EncodingUtils.NowUTCMillis();
final byte[] firstLevelHash = TokenUtils.getFirstLevelHashFromIdentity("test@example.com", "some-salt");
final RefreshToken token = new RefreshToken(tokenVersion,
now,
now.plusSeconds(360),
new OperatorIdentity(101, OperatorType.Service, 102, 103),
new PublisherIdentity(111, 112, 113),
new UserIdentity(IdentityScope.UID2, IdentityType.Email, firstLevelHash, 121, now, now.minusSeconds(122))
);
if (tokenVersion == TokenVersion.V4) {
Assert.assertThrows(Exception.class, () -> encoder.encode(token, now));
return; //V4 not supported for RefreshTokens
}
final byte[] encodedBytes = encoder.encode(token, now);
final RefreshToken decoded = encoder.decodeRefreshToken(EncodingUtils.toBase64String(encodedBytes));
assertEquals(tokenVersion, decoded.version);
assertEquals(token.createdAt, decoded.createdAt);
int addSeconds = (tokenVersion == TokenVersion.V2) ? 60 : 0; //todo: why is there a 60 second buffer in encodeV2() but not in encodeV3()?
assertEquals(token.expiresAt.plusSeconds(addSeconds), decoded.expiresAt);
assertTrue(token.userIdentity.matches(decoded.userIdentity));
assertEquals(token.userIdentity.privacyBits, decoded.userIdentity.privacyBits);
assertEquals(token.userIdentity.establishedAt, decoded.userIdentity.establishedAt);
assertEquals(token.publisherIdentity.siteId, decoded.publisherIdentity.siteId);
Buffer b = Buffer.buffer(encodedBytes);
int keyId = b.getInt(tokenVersion == TokenVersion.V2 ? 25 : 2);
assertEquals(Data.RefreshKeySiteId, keyManager.getSiteIdFromKeyId(keyId));
assertNotNull(Metrics.globalRegistry
.get("uid2_refresh_token_served_count_total")
.counter());
}
@ParameterizedTest
@ValueSource(booleans = {false, true})
void testAdvertisingTokenEncodings(boolean useRawUIDv3) {
final EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(this.keyManager);
final Instant now = EncodingUtils.NowUTCMillis();
final byte[] rawUid = UIDOperatorVerticleTest.getRawUid(IdentityScope.UID2, IdentityType.Email, "test@example.com", useRawUIDv3);
final AdvertisingToken token = new AdvertisingToken(
TokenVersion.V4,
now,
now.plusSeconds(60),
new OperatorIdentity(101, OperatorType.Service, 102, 103),
new PublisherIdentity(111, 112, 113),
new UserIdentity(IdentityScope.UID2, IdentityType.Email, rawUid, 121, now, now.minusSeconds(122))
);
final byte[] encodedBytes = encoder.encode(token, now);
final AdvertisingToken decoded = encoder.decodeAdvertisingToken(EncryptedTokenEncoder.bytesToBase64Token(encodedBytes, TokenVersion.V4));
assertEquals(TokenVersion.V4, decoded.version);
assertEquals(token.createdAt, decoded.createdAt);
assertEquals(token.expiresAt, decoded.expiresAt);
assertTrue(token.userIdentity.matches(decoded.userIdentity));
assertEquals(token.userIdentity.privacyBits, decoded.userIdentity.privacyBits);
assertEquals(token.userIdentity.establishedAt, decoded.userIdentity.establishedAt);
assertEquals(token.publisherIdentity.siteId, decoded.publisherIdentity.siteId);
Buffer b = Buffer.buffer(encodedBytes);
int keyId = b.getInt(2);
assertEquals(Data.MasterKeySiteId, keyManager.getSiteIdFromKeyId(keyId));
}
}