adding addition test cases to JWT Authenticator

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml

@@ -167,21 +167,19 @@
             <groupId>org.wso2.tomcat</groupId>
             <artifactId>tomcat-servlet-api</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.wso2.carbon</groupId>
-            <artifactId>org.wso2.carbon.logging</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.tomcat.ext</artifactId>
         </dependency>
-        <!--dependency>
-            <groupId>org.apache.ws.commons.axiom.wso2</groupId>
-            <artifactId>axiom</artifactId>
-        </dependency-->
         <dependency>
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.base</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.opensaml</groupId>
+                    <artifactId>xmltooling</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.framework</groupId>
@@ -190,6 +188,12 @@
         <dependency>
             <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
             <artifactId>org.wso2.carbon.identity.oauth</artifactId>
+            <!--<exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+            </exclusions>-->
         </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
@@ -258,6 +262,16 @@
             <artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-nop</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.testing.osgi-mock</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
 </project>

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java

@@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.certificate.mgt.core.bean.Certificate;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.util.KeyStoreManager;
 import org.wso2.carbon.registry.core.exceptions.RegistryException;
@@ -100,7 +101,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
             requestUri = "";
         }
         StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
-        String context = tokenizer.nextToken();
+        String context = tokenizer.hasMoreTokens() ? tokenizer.nextToken() : null;
         if (context == null || "".equals(context)) {
             authenticationInfo.setStatus(Status.CONTINUE);
         }
@@ -114,7 +115,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
             issuer = jwsObject.getJWTClaimsSet().getIssuer();
         } catch (ParseException e) {
             log.error("Error occurred while parsing JWT header.", e);
-            return null;
+            authenticationInfo.setMessage("Error occured while parsing JWT header");
+            return authenticationInfo;
         }
         try {
 
@@ -135,7 +137,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
                         String trustStorePassword = serverConfig.getFirstProperty(
                                 DEFAULT_TRUST_STORE_PASSWORD);
                         keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
-                        publicKey = keyStore.getCertificate(alias).getPublicKey();
+                        java.security.cert.Certificate certificate = keyStore.getCertificate(alias);
+                        publicKey = certificate == null ? null : certificate.getPublicKey();
                     } else {
                         authenticationInfo.setStatus(Status.FAILURE);
                         return  authenticationInfo;
@@ -157,26 +160,25 @@ public class JWTAuthenticator implements WebappAuthenticator {
             }
             if (verifier != null && jwsObject.verify(verifier)) {
                 username = MultitenantUtils.getTenantAwareUsername(username);
-                if (tenantId == -1) {
+                UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
-                    log.error("tenantDomain is not valid. username : " + username + ", tenantDomain " +
+                        getTenantUserRealm(tenantId).getUserStoreManager();
-                            ": " + tenantDomain);
+                if (userStore.isExistingUser(username)) {
+                    authenticationInfo.setTenantId(tenantId);
+                    authenticationInfo.setUsername(username);
+                    authenticationInfo.setTenantDomain(tenantDomain);
+                    authenticationInfo.setStatus(Status.CONTINUE);
                 } else {
-                    UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
+                    authenticationInfo.setStatus(Status.FAILURE);
-                            getTenantUserRealm(tenantId).getUserStoreManager();
-                    if (userStore.isExistingUser(username)) {
-                        authenticationInfo.setTenantId(tenantId);
-                        authenticationInfo.setUsername(username);
-                        authenticationInfo.setTenantDomain(tenantDomain);
-                        authenticationInfo.setStatus(Status.CONTINUE);
-                    }
                 }
             } else {
                 authenticationInfo.setStatus(Status.FAILURE);
             }
         } catch (UserStoreException e) {
             log.error("Error occurred while obtaining the user.", e);
+            authenticationInfo.setStatus(Status.FAILURE);
         }  catch (Exception e) {
             log.error("Error occurred while verifying the JWT header.", e);
+            authenticationInfo.setStatus(Status.FAILURE);
         } finally {
             PrivilegedCarbonContext.endTenantFlow();
         }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticatorTest.java

@@ -1,3 +1,21 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.wso2.carbon.webapp.authenticator.framework.authenticator;
 
 import org.apache.catalina.connector.Request;
@@ -11,13 +29,9 @@ import org.wso2.carbon.identity.jwt.client.extension.dto.JWTConfig;
 import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
 import org.wso2.carbon.identity.jwt.client.extension.util.JWTClientUtil;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
-import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder;
-import org.wso2.carbon.webapp.authenticator.framework.util.TestTenantIndexingLoader;
-import org.wso2.carbon.webapp.authenticator.framework.util.TestTenantRegistryLoader;
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.net.URL;
@@ -30,6 +44,8 @@ public class JWTAuthenticatorTest {
     private Field headersField;
     private final String JWT_HEADER = "X-JWT-Assertion";
     private String jwtToken;
+    private String wrongJwtToken;
+    private String jwtTokenWithWrongUser;
     private static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
     private static final String SIGNED_JWT_AUTH_TENANT_ID = "http://wso2.org/claims/enduserTenantId";
     private Properties properties;
@@ -39,9 +55,6 @@ public class JWTAuthenticatorTest {
     @BeforeClass
     public void setup() throws NoSuchFieldException, IOException, JWTClientException {
         jwtAuthenticator = new JWTAuthenticator();
-        properties = new Properties();
-        properties.setProperty(ISSUER, ALIAS);
-        jwtAuthenticator.setProperties(properties);
         headersField = org.apache.coyote.Request.class.getDeclaredField("headers");
         headersField.setAccessible(true);
         ClassLoader classLoader = getClass().getClassLoader();
@@ -60,9 +73,17 @@ public class JWTAuthenticatorTest {
         customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin");
         customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID));
         jwtToken = JWTClientUtil.generateSignedJWTAssertion("admin", jwtConfig, false, customClaims);
+        customClaims = new HashMap<>();
+        customClaims.put(SIGNED_JWT_AUTH_USERNAME, "admin");
+        customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, "-1");
+        wrongJwtToken = JWTClientUtil.generateSignedJWTAssertion("admin", jwtConfig, false, customClaims);
+        customClaims = new HashMap<>();
+        customClaims.put(SIGNED_JWT_AUTH_USERNAME, "notexisting");
+        customClaims.put(SIGNED_JWT_AUTH_TENANT_ID, String.valueOf(MultitenantConstants.SUPER_TENANT_ID));
+        jwtTokenWithWrongUser = JWTClientUtil.generateSignedJWTAssertion("notexisting", jwtConfig, false, customClaims);
     }
 
-    @Test(description = "This method tests the get methods in the JWTAuthenticator")
+    @Test(description = "This method tests the get methods in the JWTAuthenticator", dependsOnMethods = "testAuthenticate")
     public void testGetMethods() {
         Assert.assertEquals(jwtAuthenticator.getName(), "JWT", "GetName method returns wrong value");
         Assert.assertNotNull(jwtAuthenticator.getProperties(), "Properties are not properly added to JWT "
@@ -87,8 +108,61 @@ public class JWTAuthenticatorTest {
         Assert.assertTrue(jwtAuthenticator.canHandle(request));
     }
 
-    @Test(description = "This method tests authenticate method under the successful condition")
+    @Test(description = "This method tests authenticate method under the successful condition", dependsOnMethods =
+            {"testAuthentiateFailureScenarios"})
     public void testAuthenticate() throws IllegalAccessException, NoSuchFieldException {
+        Request request = createJWTRequest(jwtToken, "test");
+        AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo.getUsername(), "Proper authentication request is not properly "
+                + "authenticated by the JWTAuthenticator");
+    }
+
+    @Test(description = "This method tests the authenticate method under failure conditions")
+    public void testAuthentiateFailureScenarios() throws NoSuchFieldException, IllegalAccessException {
+        Request request = createJWTRequest("test", "");
+        AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
+
+        request = createJWTRequest(jwtToken, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertNull(authenticationInfo.getUsername(), "Un-authenticated request contain username");
+
+        properties = new Properties();
+        properties.setProperty(ISSUER, "test");
+        jwtAuthenticator.setProperties(properties);
+        request = createJWTRequest(jwtToken, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
+                "Un authenticated request does not contain status as failure");
+
+        properties = new Properties();
+        properties.setProperty(ISSUER, ALIAS);
+        jwtAuthenticator.setProperties(properties);
+
+        request = createJWTRequest(wrongJwtToken, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
+                "Un authenticated request does not contain status as failure");
+
+        request = createJWTRequest(jwtTokenWithWrongUser, "");
+        authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        Assert.assertNotNull(authenticationInfo, "Returned authentication info was null");
+        Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE,
+                "Un authenticated request does not contain status as failure");
+    }
+
+
+    /**
+     * To create a JWT request with the given jwt header.
+     *  @param jwtToken JWT token to be added to the header
+     * @param requestUri Request URI to be added to the request.
+     */
+    private Request createJWTRequest(String jwtToken, String requestUri)
+            throws IllegalAccessException, NoSuchFieldException {
         Request request = new Request();
         org.apache.coyote.Request coyoteRequest = new org.apache.coyote.Request();
         MimeHeaders mimeHeaders = new MimeHeaders();
@@ -98,12 +172,12 @@ public class JWTAuthenticatorTest {
         Field uriMB = org.apache.coyote.Request.class.getDeclaredField("uriMB");
         uriMB.setAccessible(true);
         bytes = MessageBytes.newInstance();
-        bytes.setString("test");
+        bytes.setString(requestUri);
         uriMB.set(coyoteRequest, bytes);
         request.setCoyoteRequest(coyoteRequest);
 
-        AuthenticationInfo authenticationInfo = jwtAuthenticator.authenticate(request, null);
+        return request;
-        Assert.assertNotNull(authenticationInfo.getUsername(), "Proper authentication request is not properly "
-                + "authenticated by the JWTAuthenticator");
     }
+
+
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponentTest.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.webapp.authenticator.framework.internal;
+
+import org.apache.sling.testing.mock.osgi.MockOsgi;
+import org.testng.annotations.Test;
+
+/**
+ * This is a test class for {@link WebappAuthenticatorFrameworkServiceComponent}
+ */
+public class WebappAuthenticatorFrameworkServiceComponentTest {
+
+    @Test(description = "This method tests whether the bundle activator does not throw any exceptions, even under "
+            + "possible exception scenarios")
+    public void testActivateWithException() {
+        WebappAuthenticatorFrameworkServiceComponent webappAuthenticatorFrameworkServiceComponent = new
+                WebappAuthenticatorFrameworkServiceComponent();
+        webappAuthenticatorFrameworkServiceComponent.activate(null);
+    }
+
+    @Test(description = "This method tests whether bundle activation succeed with the proper confitions.")
+    public void testActivateWithoutExceptions() {
+        WebappAuthenticatorFrameworkServiceComponent webappAuthenticatorFrameworkServiceComponent = new
+                WebappAuthenticatorFrameworkServiceComponent();
+        webappAuthenticatorFrameworkServiceComponent.activate(MockOsgi.newComponentContext());
+    }
+}

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/testng.xml

@@ -22,7 +22,7 @@
 <suite name="WebappAuthenticatorFramework">
     <parameter name="useDefaultListeners" value="false"/>
 
-    <test name="WebappAuthenticatorTests" preserve-order="true">
+    <test name="WebappAuthenticatorTests" parallel="false">
         <classes>
             <class name="org.wso2.carbon.webapp.authenticator.framework.BaseWebAppAuthenticatorFrameworkTest"/>
             <class name="org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorConfigTest"/>
@@ -32,6 +32,7 @@
             <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticatorTest" />
             <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.OauthAuthenticatorTest" />
             <class name="org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticatorTest" />
+            <class name="org.wso2.carbon.webapp.authenticator.framework.internal.WebappAuthenticatorFrameworkServiceComponentTest"/>
         </classes>
     </test>
 

pom.xml

@@ -1568,6 +1568,12 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-nop</artifactId>
+                <scope>test</scope>
+                <version>${slf4j.nop.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -2005,6 +2011,7 @@
         <ant.contrib.version>1.0b3</ant.contrib.version>
         <power.mock.version>1.7.0</power.mock.version>
         <commons.dbcp.version>1.4.0.wso2v1</commons.dbcp.version>
+        <slf4j.nop.version>1.7.25</slf4j.nop.version>
 
     </properties>