forked from GoogleCloudPlatform/java-docs-samples
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathBuildAndVerifyIapRequestIT.java
More file actions
87 lines (78 loc) · 3.5 KB
/
BuildAndVerifyIapRequestIT.java
File metadata and controls
87 lines (78 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/*
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.example.iap;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import org.apache.http.HttpStatus;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
@RunWith(JUnit4.class)
//CHECKSTYLE OFF: AbbreviationAsWordInName
public class BuildAndVerifyIapRequestIT {
//CHECKSTYLE ON: AbbreviationAsWordInName
// Update these fields to reflect your IAP protected App Engine credentials
private static Long IAP_PROJECT_NUMBER = 320431926067L;
private static String IAP_PROJECT_ID = "gcp-devrel-iap-reflect";
private static String IAP_PROTECTED_URL = "https://gcp-devrel-iap-reflect.appspot.com";
private static String IAP_CLIENT_ID =
"320431926067-ldm6839p8l2sei41nlsfc632l4d0v2u1.apps.googleusercontent.com";
private HttpTransport httpTransport = new NetHttpTransport();
private VerifyIapRequestHeader verifyIapRequestHeader = new VerifyIapRequestHeader();
// Access an IAP protected url without signed jwt authorization header
@Test
public void accessIapProtectedResourceFailsWithoutJwtHeader() throws Exception {
HttpRequest request =
httpTransport.createRequestFactory().buildGetRequest(new GenericUrl(IAP_PROTECTED_URL));
try {
request.execute();
} catch (HttpResponseException e) {
assertEquals(e.getStatusCode(), HttpStatus.SC_UNAUTHORIZED);
}
}
// Access an IAP protected url with a signed jwt authorization header, verify jwt token
@Test
public void testGenerateAndVerifyIapRequestIsSuccessful() throws Exception {
HttpRequest request =
httpTransport.createRequestFactory().buildGetRequest(new GenericUrl(IAP_PROTECTED_URL));
HttpRequest iapRequest = BuildIapRequest.buildIapRequest(request, IAP_CLIENT_ID);
HttpResponse response = iapRequest.execute();
assertEquals(response.getStatusCode(), HttpStatus.SC_OK);
String headerWithtoken = response.parseAsString();
String[] split = headerWithtoken.split(":");
assertNotNull(split);
assertEquals(2, split.length);
assertEquals("x-goog-authenticated-user-jwt", split[0].trim());
String jwtToken = split[1].trim();
HttpRequest verifyJwtRequest =
httpTransport
.createRequestFactory()
.buildGetRequest(new GenericUrl(IAP_PROTECTED_URL))
.setHeaders(new HttpHeaders().set("x-goog-iap-jwt-assertion", jwtToken));
boolean verified =
verifyIapRequestHeader.verifyJwtForAppEngine(
verifyJwtRequest, IAP_PROJECT_NUMBER, IAP_PROJECT_ID);
assertTrue(verified);
}
}