OAuth2AccessTokenMatchers.java example

Explorer
uaa-master
package org.cloudfoundry.identity.uaa.oauth.token.matchers;

import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants;
import org.hamcrest.Description;
import org.hamcrest.Factory;
import org.hamcrest.Matcher;
import org.springframework.security.oauth2.common.OAuth2AccessToken;

import java.util.Map;

import static org.junit.Assert.assertTrue;

public class OAuth2AccessTokenMatchers extends AbstractOAuth2AccessTokenMatchers<OAuth2AccessToken> {

    private String key;

    public OAuth2AccessTokenMatchers(String key, Matcher<?> value) {
        super(value);
        this.key = key;
    }

    @Override
    protected boolean matchesSafely(OAuth2AccessToken accessToken) {
        Map<String, Object> claims = getClaims(accessToken);
        return value.matches(claims.get(key));
    }

    @Override
    public void describeTo(Description description) {
        description.appendText("Access token attribute " + key + " should return ").appendValue(value);
    }

    @Override
    protected void describeMismatchSafely(OAuth2AccessToken accessToken, Description mismatchDescription) {
        if (accessToken != null) {
            Map<String, Object> claims = getClaims(accessToken);
            mismatchDescription.appendText(" was ").appendValue(claims.get(key));
        }
    }

    @Factory
    public static Matcher<OAuth2AccessToken> issuerUri(Matcher<Object> issuerUri) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.ISS, issuerUri);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> clientId(Matcher<Object> clientId) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.CLIENT_ID, clientId);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> userId(Matcher<Object> userId) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.USER_ID, userId);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> subject(Matcher<Object> clientId) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.SUB, clientId);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> cid(Matcher<Object> clientId) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.CID, clientId);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> scope(Matcher<Object> scopes) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.SCOPE, scopes);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> audience(Matcher<Object> resourceIds) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.AUD, resourceIds);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> jwtId(Matcher<String> jti) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.JTI, jti);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> issuedAt(Matcher<Integer> iat) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.IAT, iat);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> expiry(Matcher<Integer> expiry) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.EXP, expiry);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> username(Matcher<Object> username) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.USER_NAME, username);
    }

    @Factory
    public static <T> Matcher<OAuth2AccessToken> zoneId(Matcher<Object> zoneId) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.ZONE_ID, zoneId);
    }

    @Factory
    public static <T> Matcher<OAuth2AccessToken> origin(Matcher<Object> origin) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.ORIGIN, origin);
    }

    @Factory
    public static <T> Matcher<OAuth2AccessToken> revocationSignature(Matcher<Object> signature) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.REVOCATION_SIGNATURE, signature);
    }

    @Factory
    public static <T> Matcher<OAuth2AccessToken> email(Matcher<Object> email) {
        return new OAuth2AccessTokenMatchers(ClaimConstants.EMAIL, email);
    }

    @Factory
    public static Matcher<OAuth2AccessToken> validFor(Matcher<?> validFor) {
        return new AbstractOAuth2AccessTokenMatchers<OAuth2AccessToken>(validFor) {

            @Override
            protected boolean matchesSafely(OAuth2AccessToken token) {
                Map<String, Object> claims = getClaims(token);
                assertTrue(((Integer) claims.get(ClaimConstants.IAT)) > 0);
                assertTrue(((Integer) claims.get(ClaimConstants.EXP)) > 0);
                return value.matches(((Integer) claims.get(ClaimConstants.EXP)) - ((Integer) claims.get(ClaimConstants.IAT)));
            }

            @Override
            public void describeTo(Description description) {
                description.appendText("should be valid for ").appendValue(value);
            }

            @Override
            protected void describeMismatchSafely(OAuth2AccessToken accessToken, Description mismatchDescription) {
                if (accessToken != null) {
                    Map<String, Object> claims = getClaims(accessToken);
                    mismatchDescription.appendText(" but was ").appendValue(((Integer) claims.get(ClaimConstants.EXP)) - ((Integer) claims.get(ClaimConstants.IAT)));
                }
            }
        };
    }
}