From 7e2c6ca4b9a4fa755e4ca9c81ff156e7f2eab3f1 Mon Sep 17 00:00:00 2001 From: Maciej Mierzwa Date: Wed, 4 Oct 2023 16:41:47 +0200 Subject: [PATCH] PR suggestions, null checks, java.util.Date Signed-off-by: Maciej Mierzwa --- .../auth/http/saml/AuthTokenProcessorHandler.java | 8 ++++---- .../opensearch/security/authtoken/jwt/JwtVendor.java | 2 +- .../security/authtoken/jwt/JwtVendorTest.java | 12 +++++++++--- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java index fc0b38842f..3aace7a9a7 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java @@ -31,7 +31,6 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; -import com.google.common.base.Strings; import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory; @@ -48,6 +47,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.joda.time.DateTime; +import org.opensearch.core.common.Strings; import org.opensearch.security.authtoken.jwt.JwtVendor; import org.opensearch.OpenSearchSecurityException; @@ -255,7 +255,7 @@ JWK createJwkFromSettings(Settings settings, Settings jwtSettings) throws Except } else { Settings jwkSettings = jwtSettings.getAsSettings("key"); - if (jwkSettings.isEmpty() || jwkSettings.get("k") == null || jwkSettings.get("k").isBlank()) { + if (!jwkSettings.hasValue("k") && !Strings.isNullOrEmpty(jwkSettings.get("k"))) { throw new Exception( "Settings for key exchange missing. Please specify at least the option exchange_key with a shared secret." ); @@ -270,9 +270,9 @@ JWK createJwkFromSettings(Settings settings, Settings jwtSettings) throws Except private String createJwt(SamlResponse samlResponse) throws Exception { JWTClaimsSet.Builder jwtClaimsBuilder = new JWTClaimsSet.Builder().notBeforeTime( - new Date(new Timestamp(System.currentTimeMillis()).getTime()) + new Date() ) - .expirationTime(new Date(new Timestamp(getJwtExpiration(samlResponse)).getTime())) + .expirationTime(new Date(getJwtExpiration(samlResponse))) .claim(this.jwtSubjectKey, this.extractSubject(samlResponse)); if (this.samlSubjectKey != null) { diff --git a/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java b/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java index d668f15878..8eaba2aa01 100644 --- a/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java +++ b/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java @@ -143,7 +143,7 @@ public String createJwt( if (expirySeconds <= 0) { throw new Exception("The expiration time should be a positive integer"); } - final Date expiryTime = new Date(timeProvider.getAsLong() + expirySeconds); + final Date expiryTime = new Date(timeProvider.getAsLong() + expirySeconds * 1000); claimsBuilder.expirationTime(expiryTime); if (roles != null) { diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java index 57aa4255b3..f333e3c459 100644 --- a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java +++ b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java @@ -11,6 +11,7 @@ package org.opensearch.security.authtoken.jwt; +import java.util.Date; import java.util.List; import java.util.Optional; import java.util.function.LongSupplier; @@ -62,7 +63,8 @@ public void testCreateJwtWithRoles() throws Exception { List backendRoles = List.of("Sales", "Support"); String expectedRoles = "IT,HR"; int expirySeconds = 300; - LongSupplier currentTime = () -> (long) 100; + //2023 oct 4, 10:00:00 AM GMT + LongSupplier currentTime = () -> 1696413600000L; String claimsEncryptionKey = "1234567890123456"; Settings settings = Settings.builder().put("signing_key", "abc123").put("encryption_key", claimsEncryptionKey).build(); @@ -74,8 +76,10 @@ public void testCreateJwtWithRoles() throws Exception { assertThat(signedJWT.getJWTClaimsSet().getClaims().get("iss"), equalTo("cluster_0")); assertThat(signedJWT.getJWTClaimsSet().getClaims().get("sub"), equalTo("admin")); assertThat(signedJWT.getJWTClaimsSet().getClaims().get("aud").toString(), equalTo("[audience_0]")); - assertThat(signedJWT.getJWTClaimsSet().getClaims().get("iat"), is(notNullValue())); - assertThat(signedJWT.getJWTClaimsSet().getClaims().get("exp"), is(notNullValue())); + //2023 oct 4, 10:00:00 AM GMT + assertThat(((Date) signedJWT.getJWTClaimsSet().getClaims().get("iat")).getTime(), is(1696413600000L)); + //2023 oct 4, 10:05:00 AM GMT + assertThat(((Date) signedJWT.getJWTClaimsSet().getClaims().get("exp")).getTime(), is(1696413900000L)); EncryptionDecryptionUtil encryptionUtil = new EncryptionDecryptionUtil(claimsEncryptionKey); assertThat(encryptionUtil.decrypt(signedJWT.getJWTClaimsSet().getClaims().get("er").toString()), equalTo(expectedRoles)); } @@ -96,7 +100,9 @@ public void testCreateJwtWithRoleSecurityMode() throws Exception { Settings settings = Settings.builder() .put("signing_key", "abc123") .put("encryption_key", claimsEncryptionKey) + // CS-SUPPRESS-SINGLE: RegexpSingleline get Extensions Settings .put(ConfigConstants.EXTENSIONS_BWC_PLUGIN_MODE, true) + // CS-ENFORCE-SINGLE .build(); final JwtVendor jwtVendor = new JwtVendor(settings, Optional.of(currentTime)); final String encodedJwt = jwtVendor.createJwt(issuer, subject, audience, expirySeconds, roles, backendRoles, false);