PR suggestions, null checks, java.util.Date

Signed-off-by: Maciej Mierzwa <[email protected]>
MaciejMierzwa · Oct 4, 2023 · 7e2c6ca · 7e2c6ca
1 parent a597cf5
commit 7e2c6ca
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java
@@ -31,7 +31,6 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
-import com.google.common.base.Strings;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory;
@@ -48,6 +47,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.joda.time.DateTime;
+import org.opensearch.core.common.Strings;
 import org.opensearch.security.authtoken.jwt.JwtVendor;
 
 import org.opensearch.OpenSearchSecurityException;
@@ -255,7 +255,7 @@ JWK createJwkFromSettings(Settings settings, Settings jwtSettings) throws Except
         } else {
             Settings jwkSettings = jwtSettings.getAsSettings("key");
 
-            if (jwkSettings.isEmpty() || jwkSettings.get("k") == null || jwkSettings.get("k").isBlank()) {
+            if (!jwkSettings.hasValue("k") && !Strings.isNullOrEmpty(jwkSettings.get("k"))) {
                 throw new Exception(
                     "Settings for key exchange missing. Please specify at least the option exchange_key with a shared secret."
                 );
@@ -270,9 +270,9 @@ JWK createJwkFromSettings(Settings settings, Settings jwtSettings) throws Except
 
     private String createJwt(SamlResponse samlResponse) throws Exception {
         JWTClaimsSet.Builder jwtClaimsBuilder = new JWTClaimsSet.Builder().notBeforeTime(
-            new Date(new Timestamp(System.currentTimeMillis()).getTime())
+            new Date()
         )
-            .expirationTime(new Date(new Timestamp(getJwtExpiration(samlResponse)).getTime()))
+            .expirationTime(new Date(getJwtExpiration(samlResponse)))
             .claim(this.jwtSubjectKey, this.extractSubject(samlResponse));
 
         if (this.samlSubjectKey != null) {

diff --git a/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java b/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java
@@ -143,7 +143,7 @@ public String createJwt(
         if (expirySeconds <= 0) {
             throw new Exception("The expiration time should be a positive integer");
         }
-        final Date expiryTime = new Date(timeProvider.getAsLong() + expirySeconds);
+        final Date expiryTime = new Date(timeProvider.getAsLong() + expirySeconds * 1000);
         claimsBuilder.expirationTime(expiryTime);
 
         if (roles != null) {

diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
@@ -11,6 +11,7 @@
 
 package org.opensearch.security.authtoken.jwt;
 
+import java.util.Date;
 import java.util.List;
 import java.util.Optional;
 import java.util.function.LongSupplier;
@@ -62,7 +63,8 @@ public void testCreateJwtWithRoles() throws Exception {
         List<String> backendRoles = List.of("Sales", "Support");
         String expectedRoles = "IT,HR";
         int expirySeconds = 300;
-        LongSupplier currentTime = () -> (long) 100;
+        //2023 oct 4, 10:00:00 AM GMT
+        LongSupplier currentTime = () -> 1696413600000L;
         String claimsEncryptionKey = "1234567890123456";
         Settings settings = Settings.builder().put("signing_key", "abc123").put("encryption_key", claimsEncryptionKey).build();
 
@@ -74,8 +76,10 @@ public void testCreateJwtWithRoles() throws Exception {
         assertThat(signedJWT.getJWTClaimsSet().getClaims().get("iss"), equalTo("cluster_0"));
         assertThat(signedJWT.getJWTClaimsSet().getClaims().get("sub"), equalTo("admin"));
         assertThat(signedJWT.getJWTClaimsSet().getClaims().get("aud").toString(), equalTo("[audience_0]"));
-        assertThat(signedJWT.getJWTClaimsSet().getClaims().get("iat"), is(notNullValue()));
-        assertThat(signedJWT.getJWTClaimsSet().getClaims().get("exp"), is(notNullValue()));
+        //2023 oct 4, 10:00:00 AM GMT
+        assertThat(((Date) signedJWT.getJWTClaimsSet().getClaims().get("iat")).getTime(), is(1696413600000L));
+        //2023 oct 4, 10:05:00 AM GMT
+        assertThat(((Date) signedJWT.getJWTClaimsSet().getClaims().get("exp")).getTime(), is(1696413900000L));
         EncryptionDecryptionUtil encryptionUtil = new EncryptionDecryptionUtil(claimsEncryptionKey);
         assertThat(encryptionUtil.decrypt(signedJWT.getJWTClaimsSet().getClaims().get("er").toString()), equalTo(expectedRoles));
     }
@@ -96,7 +100,9 @@ public void testCreateJwtWithRoleSecurityMode() throws Exception {
         Settings settings = Settings.builder()
             .put("signing_key", "abc123")
             .put("encryption_key", claimsEncryptionKey)
+            // CS-SUPPRESS-SINGLE: RegexpSingleline get Extensions Settings
             .put(ConfigConstants.EXTENSIONS_BWC_PLUGIN_MODE, true)
+            // CS-ENFORCE-SINGLE
             .build();
         final JwtVendor jwtVendor = new JwtVendor(settings, Optional.of(currentTime));
         final String encodedJwt = jwtVendor.createJwt(issuer, subject, audience, expirySeconds, roles, backendRoles, false);