Skip to content

Commit 1f94a59

Browse files
authored
Fix unit tests for 2.15.0 (#1325)
* Fix for null value in verificationkey claim * Fix broken unit tests
1 parent da2b5f7 commit 1f94a59

File tree

2 files changed

+5
-3
lines changed

2 files changed

+5
-3
lines changed

java-security-it/src/test/java/com/sap/cloud/security/test/integration/ssrf/JavaSSRFAttackTest.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
import com.sap.cloud.security.token.validation.CombiningValidator;
1414
import com.sap.cloud.security.token.validation.ValidationResult;
1515
import com.sap.cloud.security.token.validation.validators.JwtValidatorBuilder;
16+
import org.apache.http.client.ResponseHandler;
1617
import org.apache.http.client.methods.HttpUriRequest;
1718
import org.apache.http.impl.client.CloseableHttpClient;
1819
import org.apache.http.impl.client.HttpClients;
@@ -25,6 +26,7 @@
2526
import java.io.IOException;
2627

2728
import static org.assertj.core.api.Assertions.assertThat;
29+
import static org.mockito.ArgumentMatchers.isA;
2830
import static org.mockito.Mockito.times;
2931

3032
/**
@@ -72,7 +74,7 @@ public void maliciousPartOfJwksIsNotUsedToObtainToken(String jwksUrl, boolean is
7274

7375
assertThat(result.isValid()).isEqualTo(isValid);
7476
ArgumentCaptor<HttpUriRequest> httpUriRequestCaptor = ArgumentCaptor.forClass(HttpUriRequest.class);
75-
Mockito.verify(httpClient, times(1)).execute(httpUriRequestCaptor.capture());
77+
Mockito.verify(httpClient, times(1)).execute(httpUriRequestCaptor.capture(), isA(ResponseHandler.class));
7678
HttpUriRequest request = httpUriRequestCaptor.getValue();
7779
assertThat(request.getURI().getHost()).isEqualTo("localhost"); // ensure request was sent to trusted host
7880
}

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/XsuaaJwtSignatureValidator.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,8 @@ protected PublicKey getPublicKey(Token token, JwtSignatureAlgorithm algorithm) t
3535
}
3636
}
3737

38-
if (key == null && configuration.hasProperty(CFConstants.XSUAA.VERIFICATION_KEY)) {
39-
String fallbackKey = configuration.getProperty(CFConstants.XSUAA.VERIFICATION_KEY);
38+
String fallbackKey = configuration.hasProperty(CFConstants.XSUAA.VERIFICATION_KEY) ? configuration.getProperty(CFConstants.XSUAA.VERIFICATION_KEY) : null;
39+
if (key == null && fallbackKey != null) {
4040
try {
4141
key = JsonWebKeyImpl.createPublicKeyFromPemEncodedPublicKey(JwtSignatureAlgorithm.RS256, fallbackKey);
4242
} catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {

0 commit comments

Comments
 (0)