Fix unit tests for 2.15.0 (#1325)

* Fix for null value in verificationkey claim * Fix broken unit tests
SAP · Oct 23, 2023 · 1f94a59 · 1f94a59
1 parent da2b5f7
commit 1f94a59
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/...ity-it/src/test/java/com/sap/cloud/security/test/integration/ssrf/JavaSSRFAttackTest.java b/...ity-it/src/test/java/com/sap/cloud/security/test/integration/ssrf/JavaSSRFAttackTest.java
@@ -13,6 +13,7 @@
 import com.sap.cloud.security.token.validation.CombiningValidator;
 import com.sap.cloud.security.token.validation.ValidationResult;
 import com.sap.cloud.security.token.validation.validators.JwtValidatorBuilder;
+import org.apache.http.client.ResponseHandler;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
@@ -25,6 +26,7 @@
 import java.io.IOException;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.times;
 
 /**
@@ -72,7 +74,7 @@ public void maliciousPartOfJwksIsNotUsedToObtainToken(String jwksUrl, boolean is
 
 		assertThat(result.isValid()).isEqualTo(isValid);
 		ArgumentCaptor<HttpUriRequest> httpUriRequestCaptor = ArgumentCaptor.forClass(HttpUriRequest.class);
-		Mockito.verify(httpClient, times(1)).execute(httpUriRequestCaptor.capture());
+		Mockito.verify(httpClient, times(1)).execute(httpUriRequestCaptor.capture(), isA(ResponseHandler.class));
 		HttpUriRequest request = httpUriRequestCaptor.getValue();
 		assertThat(request.getURI().getHost()).isEqualTo("localhost"); // ensure request was sent to trusted host
 	}

diff --git a/...n/java/com/sap/cloud/security/token/validation/validators/XsuaaJwtSignatureValidator.java b/...n/java/com/sap/cloud/security/token/validation/validators/XsuaaJwtSignatureValidator.java
@@ -35,8 +35,8 @@ protected PublicKey getPublicKey(Token token, JwtSignatureAlgorithm algorithm) t
             }
         }
 
-        if (key == null && configuration.hasProperty(CFConstants.XSUAA.VERIFICATION_KEY)) {
-            String fallbackKey = configuration.getProperty(CFConstants.XSUAA.VERIFICATION_KEY);
+        String fallbackKey = configuration.hasProperty(CFConstants.XSUAA.VERIFICATION_KEY) ? configuration.getProperty(CFConstants.XSUAA.VERIFICATION_KEY) : null;
+        if (key == null && fallbackKey != null) {
             try {
                 key = JsonWebKeyImpl.createPublicKeyFromPemEncodedPublicKey(JwtSignatureAlgorithm.RS256, fallbackKey);
             } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {