update test, change naming

Author: nilsbehlen

src/main/java/org/privacyidea/AsyncRequestCallable.java

@@ -63,7 +63,7 @@ public String call() throws Exception
         if (this.authTokenRequired)
         {
             // Wait for the auth token to be retrieved and add it to the header
-            headers.put(PIConstants.HEADER_AUTHORIZATION, privacyIDEA.getAuthToken());
+            headers.put(PIConstants.HEADER_AUTHORIZATION, privacyIDEA.getJWT());
         }
 
         // Do the actual request

src/main/java/org/privacyidea/Endpoint.java

@@ -37,7 +37,7 @@
 /**
  * This class handles sending requests to the server.
  */
-class Endpoint
+public class Endpoint
 {
     private final PrivacyIDEA privacyIDEA;
     private final PIConfig piConfig;

src/main/java/org/privacyidea/JSONParser.java

@@ -83,7 +83,7 @@ LinkedHashMap<String, String> extractAuthToken(String serverResponse)
                     int respDate = obj.getAsJsonPrimitive(TIME).getAsInt();
                     int expDate = JsonParser.parseString(dec).getAsJsonObject().getAsJsonPrimitive(EXP).getAsInt();
                     int difference = expDate - respDate;
-                    privacyIDEA.log("Authentication token's durability: " + difference / 60 + " minutes. Token expires at: " + new Date(expDate * 1000L));
+                    privacyIDEA.log("JWT Validity: " + difference / 60 + " minutes. Token expires at: " + new Date(expDate * 1000L));
 
                     return new LinkedHashMap<>(Map.of(AUTH_TOKEN, authToken, AUTH_TOKEN_EXP, String.valueOf(expDate)));
                 }
@@ -528,4 +528,4 @@ private JsonPrimitive getPrimitiveOrNull(JsonObject obj, String name)
         }
         return primitive;
     }
-}
+}

src/main/java/org/privacyidea/PrivacyIDEA.java

@@ -33,12 +33,12 @@ public class PrivacyIDEA implements Closeable
     private final IPILogger log;
     private final IPISimpleLogger simpleLog;
     private final Endpoint endpoint;
-    protected String authToken = null;
+    private String jwt = null;
     // Thread pool for connections
     private final BlockingQueue<Runnable> queue = new ArrayBlockingQueue<>(1000);
     private final ThreadPoolExecutor threadPool = new ThreadPoolExecutor(20, 20, 10, TimeUnit.SECONDS, queue);
     private final ScheduledExecutorService scheduler = Executors.newScheduledThreadPool(1);
-    private CountDownLatch authTokenLatch;
+    private CountDownLatch jwtRetrievalLatch;
     final JSONParser parser;
     // Responses from these endpoints will not be logged. The list can be overwritten.
     private List<String> logExcludedEndpoints = Arrays.asList(PIConstants.ENDPOINT_AUTH,
@@ -54,7 +54,7 @@ private PrivacyIDEA(PIConfig configuration, IPILogger logger, IPISimpleLogger si
         this.threadPool.allowCoreThreadTimeOut(true);
         if (serviceAccountAvailable())
         {
-            retrieveAuthToken();
+            retrieveJWT();
         }
     }
 
@@ -364,53 +364,58 @@ private void appendRealm(Map<String, String> params)
     }
 
     /**
-     * Retrieve the auth token from the /auth endpoint and schedule the next retrieval.
+     * Retrieve the JWT from the /auth endpoint and schedule the next retrieval.
      */
-    private void retrieveAuthToken()
+    private void retrieveJWT()
     {
         try
         {
-            authTokenLatch = new CountDownLatch(1);
+            this.jwtRetrievalLatch = new CountDownLatch(1);
             String response = runRequestAsync(ENDPOINT_AUTH, serviceAccountParam(), Collections.emptyMap(), false, POST);
             LinkedHashMap<String, String> authTokenMap = parser.extractAuthToken(response);
-            this.authToken = authTokenMap.get(AUTH_TOKEN);
+            this.jwt = authTokenMap.get(AUTH_TOKEN);
             long authTokenExp = Integer.parseInt(authTokenMap.get(AUTH_TOKEN_EXP));
 
             // Schedule the next token retrieval to 1 min before expiration
             long delay = Math.max(1, authTokenExp - 60 - (System.currentTimeMillis() / 1000L));
-            scheduler.schedule(this::retrieveAuthToken, delay, TimeUnit.SECONDS);
-
+            this.scheduler.schedule(this::retrieveJWT, delay, TimeUnit.SECONDS);
+            log("Next JWT retrieval in " + delay + " seconds.");
             // Count down the latch to indicate that the token is retrieved
-            authTokenLatch.countDown();
+            this.jwtRetrievalLatch.countDown();
         }
         catch (Exception e)
         {
             error("Failed to retrieve auth token: " + e.getMessage());
-            authTokenLatch.countDown();
+            this.jwtRetrievalLatch.countDown();
         }
     }
 
     /**
-     * Get the auth token from the /auth endpoint using the service account.
+     * Get the JWT from the /auth endpoint using the service account.
      *
-     * @return auth token or null.
-     * @throws InterruptedException if the thread is interrupted while waiting for the auth token.
+     * @return JWT as string or null on error.
      */
-    public String getAuthToken() throws InterruptedException
+    public String getJWT()
     {
-        // Wait for the auth token to be retrieved
-        authTokenLatch.await();
-        return this.authToken;
+        try
+        {
+            jwtRetrievalLatch.await();
+        }
+        catch (InterruptedException e)
+        {
+            error(e);
+            return null;
+        }
+        return this.jwt;
     }
 
     /**
      * @return true if a service account is available
      */
     public boolean serviceAccountAvailable()
     {
-        return configuration.serviceAccountName != null && !configuration.serviceAccountName.isEmpty()
-               && configuration.serviceAccountPass != null &&
-               !configuration.serviceAccountPass.isEmpty();
+        return configuration.serviceAccountName != null && !configuration.serviceAccountName.isEmpty() &&
+               configuration.serviceAccountPass != null && !configuration.serviceAccountPass.isEmpty();
     }
 
     /**
@@ -424,16 +429,15 @@ public boolean serviceAccountAvailable()
      * @param method            http request method
      * @return response of the server as string or null
      */
-    private String runRequestAsync(String path, Map<String, String> params, Map<String, String> headers,
-                                   boolean authTokenRequired,
+    private String runRequestAsync(String path, Map<String, String> params, Map<String, String> headers, boolean authTokenRequired,
                                    String method)
     {
         if (!configuration.forwardClientIP.isEmpty())
         {
             params.put(CLIENT_IP, configuration.forwardClientIP);
         }
-        Callable<String> callable = new AsyncRequestCallable(this, endpoint, path, params, headers, authTokenRequired, method);
-        Future<String> future = threadPool.submit(callable);
+        Callable<String> callable = new AsyncRequestCallable(this, this.endpoint, path, params, headers, authTokenRequired, method);
+        Future<String> future = this.threadPool.submit(callable);
         String response = null;
         try
         {
@@ -535,10 +539,6 @@ else if (this.simpleLog != null)
             {
                 this.simpleLog.piLog(message);
             }
-            else
-            {
-                System.out.println(message);
-            }
         }
     }
 
@@ -559,10 +559,6 @@ else if (this.simpleLog != null)
             {
                 this.simpleLog.piLog(e.getMessage());
             }
-            else
-            {
-                System.out.println(e.getLocalizedMessage());
-            }
         }
     }
 
@@ -743,7 +739,7 @@ public Builder proxy(String proxyHost, int proxyPort)
 
         /**
          * Build the PrivacyIDEA instance with the set parameters.
-         *
+         * If a service account is set, the JWT retrieval is done immediately.
          * @return PrivacyIDEA instance
          */
         public PrivacyIDEA build()

src/test/java/org/privacyidea/TestGetTokenInfo.java

@@ -17,7 +17,6 @@
 package org.privacyidea;
 
 import java.util.ArrayList;
-import java.util.LinkedHashMap;
 import java.util.List;
 import org.junit.After;
 import org.junit.Before;
@@ -100,7 +99,7 @@ public void testSuccess() throws InterruptedException
         assertEquals("defrealm", tokenInfo.userRealm);
         assertEquals("Test", tokenInfo.username);
 
-        assertEquals(authToken, privacyIDEA.getAuthToken());
+        assertEquals(authToken, privacyIDEA.getJWT());
     }
 
     @Test

src/test/java/org/privacyidea/TestJWT.java

@@ -0,0 +1,115 @@
+package org.privacyidea;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockserver.integration.ClientAndServer;
+import org.mockserver.model.Delay;
+import org.mockserver.model.HttpRequest;
+import org.mockserver.model.HttpResponse;
+
+import java.util.Date;
+
+import static org.junit.Assert.assertEquals;
+
+public class TestJWT extends PILogImplementation implements org.mockserver.mock.action.ExpectationResponseCallback
+{
+    private ClientAndServer mockServer;
+    private String jwt;
+    private int jwtExpirationTimeMs = 3000;
+    private int mockServerResponseDelayMs = 2000;
+    private int testIterations = 3;
+
+    private final String serviceAccount = "admin";
+    private final String servicePassword = "admin";
+    private PrivacyIDEA privacyIDEA;
+
+
+    @Before
+    public void setup()
+    {
+        this.mockServer = ClientAndServer.startClientAndServer(1080);
+        this.mockServer.when(HttpRequest.request()
+                                        .withPath(PIConstants.ENDPOINT_AUTH)
+                                        .withMethod("POST")
+                                        .withBody("username=" + serviceAccount + "&password=" + servicePassword))
+                       .respond(this, new Delay(TimeUnit.MILLISECONDS, this.mockServerResponseDelayMs));
+        // When build() is called with a service account set, a jwt retrieval is attempted immediately, therefore, the mock server has to
+        // be ready
+        this.privacyIDEA = PrivacyIDEA.newBuilder("https://127.0.0.1:1080", "test")
+                                      .serviceAccount(this.serviceAccount, this.servicePassword)
+                                      .httpTimeoutMs(15000)
+                                      //.logger(this)
+                                      .verifySSL(false)
+                                      .build();
+    }
+
+    @Test
+    public void testSuccess() throws IOException
+    {
+        for (int i = 0; i < this.testIterations; i++)
+        {
+            assertEquals(this.jwt, privacyIDEA.getJWT());
+            try
+            {
+                Thread.sleep(this.jwtExpirationTimeMs);
+            }
+            catch (InterruptedException e)
+            {
+                Thread.currentThread().interrupt();
+            }
+        }
+        // Wait for the last connection to finish before closing
+        try
+        {
+            Thread.sleep(this.mockServerResponseDelayMs);
+        }
+        catch (InterruptedException e)
+        {
+            throw new RuntimeException(e);
+        }
+        privacyIDEA.close();
+    }
+
+    @After
+    public void tearDown()
+    {
+        mockServer.stop();
+    }
+
+    private String generateJWT(long validityMs)
+    {
+        //log("JWT expiration date: " + new Date(System.currentTimeMillis() + validityMs));
+        return JWT.create()
+                  .withSubject("testUser")
+                  .withIssuer("testIssuer")
+                  .withExpiresAt(new Date(System.currentTimeMillis() + validityMs))
+                  .sign(Algorithm.HMAC256("testSecret"));
+    }
+
+    private String postAuthSuccessResponse(String jwt)
+    {
+        return "{\n" + "    \"id\": 1,\n" + "    \"jsonrpc\": \"2.0\",\n" + "    \"result\": {\n" + "        \"status\": true,\n" +
+               "        \"value\": {\n" + "            \"log_level\": 20,\n" + "            \"menus\": [\n" +
+               "                \"components\",\n" + "                \"machines\"\n" + "            ],\n" +
+               "            \"realm\": \"\",\n" + "            \"rights\": [\n" + "                \"policydelete\",\n" +
+               "                \"resync\"\n" + "            ],\n" + "            \"role\": \"admin\",\n" + "            \"token\": \"" +
+               jwt + "\",\n" + "            \"username\": \"admin\",\n" + "            \"logout_time\": 120,\n" +
+               "            \"default_tokentype\": \"hotp\",\n" + "            \"user_details\": false,\n" +
+               "            \"subscription_status\": 0\n" + "        }\n" + "    },\n" + "    \"time\": " +
+               (System.currentTimeMillis() / 1000L) + ",\n" + "    \"version\": \"privacyIDEA 3.2.1\",\n" +
+               "    \"versionnumber\": \"3.2.1\",\n" + "    \"signature\": \"rsa_sha256_pss:\"\n" + "}";
+    }
+
+    @Override
+    public HttpResponse handle(HttpRequest httpRequest) throws Exception
+    {
+        // The next retrieval is always scheduled for 1 minute before expiration
+        this.jwt = generateJWT(60000 + this.jwtExpirationTimeMs);
+        return HttpResponse.response().withBody(postAuthSuccessResponse(this.jwt));
+    }
+}