Fix unit tests for OBO

Signed-off-by: Peter Nied <petern@amazon.com>
opensearch-project · Oct 31, 2023 · 5cdaa04 · 5cdaa04
1 parent b2b4a72
commit 5cdaa04
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
@@ -86,6 +86,10 @@ public JwtParser run() {
     }
 
     private JwtParserBuilder initParserBuilder(final String signingKey) {
+        if (signingKey == null) {
+            throw new OpenSearchSecurityException("Unable to find on behalf of authenticator signing_key");
+        }
+
         final int signingKeyLengthBits = signingKey.length() * 8;
         if (signingKeyLengthBits < MINIMUM_SIGNING_KEY_BIT_LENGTH) {
             throw new OpenSearchSecurityException(
@@ -98,10 +102,6 @@ private JwtParserBuilder initParserBuilder(final String signingKey) {
         }
         JwtParserBuilder jwtParserBuilder = KeyUtils.createJwtParserBuilderFromSigningKey(signingKey, log);
 
-        if (jwtParserBuilder == null) {
-            throw new OpenSearchSecurityException("Unable to find on behalf of authenticator signing key");
-        }
-
         return jwtParserBuilder;
     }
 

diff --git a/src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java b/src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java
@@ -107,21 +107,24 @@ public void testNoKey() {
                 false
             )
         );
-        assertTrue(exception.getMessage().contains("Unable to find on behalf of authenticator signing key"));
+        assertThat(exception.getMessage(), equalTo("Unable to find on behalf of authenticator signing_key"));
     }
 
     @Test
     public void testEmptyKey() {
         Exception exception = assertThrows(
             RuntimeException.class,
             () -> extractCredentialsFromJwtHeader(
-                null,
+                "",
                 claimsEncryptionKey,
                 Jwts.builder().setIssuer(clusterName).setSubject("Leonard McCoy"),
                 false
             )
         );
-        assertTrue(exception.getMessage().contains("Unable to find on behalf of authenticator signing key"));
+        assertThat(
+            exception.getMessage(),
+            equalTo("Signing key size was 0 bits, which is not secure enough. Please use a signing_key with a size >= 512 bits.")
+        );
     }
 
     @Test
@@ -135,7 +138,10 @@ public void testBadKey() {
                 false
             )
         );
-        assertTrue(exception.getMessage().contains("The specified key byte array is 80 bits"));
+        assertThat(
+            exception.getMessage(),
+            equalTo("Signing key size was 128 bits, which is not secure enough. Please use a signing_key with a size >= 512 bits.")
+        );
     }
 
     @Test
@@ -145,7 +151,10 @@ public void testWeakKeyExceptionHandling() throws Exception {
             OnBehalfOfAuthenticator auth = new OnBehalfOfAuthenticator(settings, "testCluster");
             fail("Expected WeakKeyException");
         } catch (OpenSearchSecurityException e) {
-            assertTrue("Expected error message to contain WeakKeyException", e.getMessage().contains("WeakKeyException"));
+            assertThat(
+                e.getMessage(),
+                equalTo("Signing key size was 56 bits, which is not secure enough. Please use a signing_key with a size >= 512 bits.")
+            );
         }
     }