HADOOP-14799. Update nimbus-jose-jwt to 4.41.1. (rchiang)

This commit is contained in:
Ray Chiang 2017-09-12 10:19:34 -07:00
parent ad74691807
commit 556812c179
4 changed files with 16 additions and 23 deletions

View File

@ -28,6 +28,7 @@
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.util.CertificateUtil; import org.apache.hadoop.security.authentication.util.CertificateUtil;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -216,7 +217,8 @@ protected String getJWTFromCookie(HttpServletRequest req) {
* @param request for getting the original request URL * @param request for getting the original request URL
* @return url to use as login url for redirect * @return url to use as login url for redirect
*/ */
protected String constructLoginURL(HttpServletRequest request) { @VisibleForTesting
String constructLoginURL(HttpServletRequest request) {
String delimiter = "?"; String delimiter = "?";
if (authenticationProviderUrl.contains("?")) { if (authenticationProviderUrl.contains("?")) {
delimiter = "&"; delimiter = "&";

View File

@ -47,7 +47,7 @@
import com.nimbusds.jwt.SignedJWT; import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jose.crypto.RSASSASigner; import com.nimbusds.jose.crypto.RSASSASigner;
public class TestJWTRedirectAuthentictionHandler extends public class TestJWTRedirectAuthenticationHandler extends
KerberosSecurityTestcase { KerberosSecurityTestcase {
private static final String SERVICE_URL = "https://localhost:8888/resource"; private static final String SERVICE_URL = "https://localhost:8888/resource";
private static final String REDIRECT_LOCATION = private static final String REDIRECT_LOCATION =
@ -392,7 +392,7 @@ public void testOrigURLWithQueryString() throws Exception {
new StringBuffer(SERVICE_URL)); new StringBuffer(SERVICE_URL));
Mockito.when(request.getQueryString()).thenReturn("name=value"); Mockito.when(request.getQueryString()).thenReturn("name=value");
String loginURL = ((TestJWTRedirectAuthenticationHandler)handler).testConstructLoginURL(request); String loginURL = handler.constructLoginURL(request);
Assert.assertNotNull("loginURL should not be null.", loginURL); Assert.assertNotNull("loginURL should not be null.", loginURL);
Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL + "?name=value", loginURL); Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL + "?name=value", loginURL);
} }
@ -409,7 +409,7 @@ public void testOrigURLNoQueryString() throws Exception {
new StringBuffer(SERVICE_URL)); new StringBuffer(SERVICE_URL));
Mockito.when(request.getQueryString()).thenReturn(null); Mockito.when(request.getQueryString()).thenReturn(null);
String loginURL = ((TestJWTRedirectAuthenticationHandler)handler).testConstructLoginURL(request); String loginURL = handler.constructLoginURL(request);
Assert.assertNotNull("LoginURL should not be null.", loginURL); Assert.assertNotNull("LoginURL should not be null.", loginURL);
Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL, loginURL); Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL, loginURL);
} }
@ -425,7 +425,7 @@ public void setup() throws Exception, NoSuchAlgorithmException {
publicKey = (RSAPublicKey) kp.getPublic(); publicKey = (RSAPublicKey) kp.getPublic();
privateKey = (RSAPrivateKey) kp.getPrivate(); privateKey = (RSAPrivateKey) kp.getPrivate();
handler = new TestJWTRedirectAuthenticationHandler(); handler = new JWTRedirectAuthenticationHandler();
} }
protected void setupKerberosRequirements() throws Exception { protected void setupKerberosRequirements() throws Exception {
@ -453,15 +453,16 @@ protected Properties getProperties() {
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
throws Exception { throws Exception {
JWTClaimsSet claimsSet = new JWTClaimsSet(); JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
claimsSet.setSubject(sub); .subject(sub)
claimsSet.setIssueTime(new Date(new Date().getTime())); .issueTime(new Date(new Date().getTime()))
claimsSet.setIssuer("https://c2id.com"); .issuer("https://c2id.com")
claimsSet.setCustomClaim("scope", "openid"); .claim("scope", "openid")
claimsSet.setExpirationTime(expires); .audience("bar")
.expirationTime(expires)
.build();
List<String> aud = new ArrayList<String>(); List<String> aud = new ArrayList<String>();
aud.add("bar"); aud.add("bar");
claimsSet.setAudience("bar");
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
@ -472,10 +473,4 @@ protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
return signedJWT; return signedJWT;
} }
class TestJWTRedirectAuthenticationHandler extends JWTRedirectAuthenticationHandler {
public String testConstructLoginURL(HttpServletRequest req) {
return constructLoginURL(req);
}
};
} }

View File

@ -25,9 +25,7 @@
import org.apache.hadoop.fs.ChecksumException; import org.apache.hadoop.fs.ChecksumException;
import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.Path;
import org.apache.hadoop.mapred.MapOutputFile;
import org.apache.hadoop.mapreduce.MRJobConfig; import org.apache.hadoop.mapreduce.MRJobConfig;
import org.apache.hadoop.mapreduce.TaskID;
import org.junit.After; import org.junit.After;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
@ -66,8 +64,6 @@
import org.mockito.invocation.InvocationOnMock; import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer; import org.mockito.stubbing.Answer;
import com.nimbusds.jose.util.StringUtils;
/** /**
* Test that the Fetcher does what we expect it to. * Test that the Fetcher does what we expect it to.
*/ */

View File

@ -1200,7 +1200,7 @@
<dependency> <dependency>
<groupId>com.nimbusds</groupId> <groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId> <artifactId>nimbus-jose-jwt</artifactId>
<version>3.9</version> <version>4.41.1</version>
<scope>compile</scope> <scope>compile</scope>
<exclusions> <exclusions>
<exclusion> <exclusion>