|
7 | 7 | import java.io.File; |
8 | 8 | import java.io.IOException; |
9 | 9 | import java.security.GeneralSecurityException; |
10 | | - |
| 10 | +/* |
| 11 | + * This test will request an application ensuring that the header for the "Authorization" matches a valid JWT token. |
| 12 | + * A JWT token in the Authorization header will always start with "ey" which is always the start of the base64 |
| 13 | + * encoding of the JWT Header , so a valid header will look like this: |
| 14 | + * |
| 15 | + * <pre> |
| 16 | + * Authorization: Bearer ey{rest of the header}.{payload}.{signature} |
| 17 | + * </pre> |
| 18 | + * |
| 19 | + * Matched by the regular expression: |
| 20 | + * |
| 21 | + * <pre> |
| 22 | + * ^Bearer (?<JWTHeader>ey\S*)\.(?<JWTPayload>\S*)\.(?<JWTSignature>\S*)$ |
| 23 | + * </pre> |
| 24 | + * |
| 25 | + * Which is present in the wiremock matcher. Note that we need to use a matcher because the JWT token is encoded |
| 26 | + * with a private key and a random nonce, so it will never be the same (under normal conditions). For more |
| 27 | + * information on the format of a JWT token, see: https://jwt.io/introduction/ |
| 28 | + */ |
11 | 29 | public class JWTTokenProviderTest extends AbstractGitHubWireMockTest { |
12 | 30 |
|
13 | 31 | private static String TEST_APP_ID_2 = "83009"; |
14 | 32 | private static String PRIVATE_KEY_FILE_APP_2 = "/ghapi-test-app-2.private-key.pem"; |
15 | 33 |
|
16 | | - /** |
17 | | - * This test will request an application ensuring that the header for the "Authorization" matches a valid JWT token. |
18 | | - * A JWT token in the Authorization header will always start with "ey" which is always the start of the base64 |
19 | | - * encoding of the JWT Header , so a valid header will look like this: |
20 | | - * |
21 | | - * <pre> |
22 | | - * Authorization: Bearer ey{rest of the header}.{payload}.{signature} |
23 | | - * </pre> |
24 | | - * |
25 | | - * Matched by the regular expression: |
26 | | - * |
27 | | - * <pre> |
28 | | - * ^Bearer (?<JWTHeader>ey\S*)\.(?<JWTPayload>\S*)\.(?<JWTSignature>\S*)$ |
29 | | - * </pre> |
30 | | - * |
31 | | - * Which is present in the wiremock matcher. Note that we need to use a matcher because the JWT token is encoded |
32 | | - * with a private key and a random nonce, so it will never be the same (under normal conditions). For more |
33 | | - * information on the format of a JWT token, see: https://jwt.io/introduction/ |
34 | | - */ |
35 | 34 | @Test |
36 | 35 | public void testAuthorizationHeaderPattern() throws GeneralSecurityException, IOException { |
37 | 36 | JWTTokenProvider jwtTokenProvider = new JWTTokenProvider(TEST_APP_ID_2, |
|
0 commit comments