dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix error in testcase

Browse Source
This commit is contained in:
Nanne Baars 2018-05-21 20:50:28 +02:00
parent 4a8fdcf887
commit e06d4642eb
3 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTFinalEndpoint.java
View File

@ -75,7 +75,6 @@ public class JWTFinalEndpoint extends AssignmentEndpoint {
final String kid = (String) header.get("kid"); final String kid = (String) header.get("kid");
try { try {
Connection connection = DatabaseUtilities.getConnection(webSession); Connection connection = DatabaseUtilities.getConnection(webSession);
System.out.println("SELECT key FROM jwt_keys WHERE id = '" + kid + "'");
ResultSet rs = connection.createStatement().executeQuery("SELECT key FROM jwt_keys WHERE id = '" + kid + "'"); ResultSet rs = connection.createStatement().executeQuery("SELECT key FROM jwt_keys WHERE id = '" + kid + "'");
while (rs.next()) { while (rs.next()) {
return TextCodec.BASE64.decode(rs.getString(1)); return TextCodec.BASE64.decode(rs.getString(1));

2
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/plugin/JWTFinalEndpointTest.java
View File

@ -23,7 +23,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class JWTFinalEndpointTest extends LessonTest { public class JWTFinalEndpointTest extends LessonTest {
private static final String TOKEN_JERRY = "eyJ0eXAiOiJKV1QiLCJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTMjU2In0.eyJpc3MiOiJXZWJHb2F0IFRva2VuIEJ1aWxkZXIiLCJpYXQiOjE1MjQyMTA5MDQsImV4cCI6MTYxODkwNTMwNCwiYXVkIjoid2ViZ29hdC5vcmciLCJzdWIiOiJqZXJyeUB3ZWJnb2F0LmNvbSIsInVzZXJuYW1lIjoiSmVycnkiLCJFbWFpbCI6ImplcnJ5QHdlYmdvYXQuY29tIiwiUm9sZSI6WyJDYXQiXX0.CgZ27DzgVW8gzc0n6izOU638uUCi6UhiOJKYzoEZGE8"; private static final String TOKEN_JERRY = "eyJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTNTEyIn0.eyJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImVtYWlsIjoiamVycnlAd2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IkplcnJ5In0.xBc5FFwaOcuxjdr_VJ16n8Jb7vScuaZulNTl66F2MWF1aBe47QsUosvbjWGORNcMPiPNwnMu1Yb0WZVNrp2ZXA";
@Before @Before
public void setup() { public void setup() {

37
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/plugin/TokenTest.java Normal file
View File

@ -0,0 +1,37 @@
package org.owasp.webgoat.plugin;
import com.google.common.base.Charsets;
import com.google.common.collect.Maps;
import io.jsonwebtoken.*;
import io.jsonwebtoken.impl.TextCodec;
import org.junit.Test;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.TimeUnit;
public class TokenTest {
@Test
public void test() {
String key = "qwertyqwerty1234";
Map<String, Object> claims = Maps.newHashMap();
claims.put("username", "Jerry");
claims.put("aud", "webgoat.org");
claims.put("email", "jerry@webgoat.com");
String token = Jwts.builder()
.setHeaderParam("kid", "webgoat_key")
.setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10)))
.setClaims(claims)
.signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, key).compact();
System.out.println(token);
Jwt jwt = Jwts.parser().setSigningKey("qwertyqwerty1234").parse(token);
jwt = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter(){
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
return TextCodec.BASE64.decode(key);
}
}).parse(token);
}
}