-
Notifications
You must be signed in to change notification settings - Fork 3
/
jwks_test.go
104 lines (95 loc) · 5.73 KB
/
jwks_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package sdk
import (
"context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rsa"
"encoding/base64"
"io"
"math/big"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/go-jose/go-jose/v3"
"github.com/stretchr/testify/assert"
)
func TestFetchJSONWebKeySet(t *testing.T) {
t.Parallel()
ctx, clearTimeout := context.WithTimeout(context.Background(), time.Second*10)
t.Cleanup(clearTimeout)
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
io.WriteString(w, `{
"keys": [
{
"use": "sig",
"kty": "RSA",
"kid": "40070f467899bbe8222a48464406962c25c5c423c87dc821bdc654905a8a9959",
"alg": "RS256",
"n": "zoVqWZ-fXV21psl8Yn5llUspwxrsrJuktWJHBaW-6QSrh1pGlI9dsmUOxJu_dZ6jPxI5VGb7PddvZ4YfHSOs3yC6WnKGJrOGM6TsvAYfYdeNxiCSW67FdhSdlIYZ7r_cLzwEszUJpavrbSeG4vMJnWcjOsUenHsHWmQmxAtTQe5XAFcAJEI597JF4iIpf7lUT-9HgLi6MjamUC8aE01CAfJNm-y3du7Xm3oIxeRzwH9ibTy-iZuDhKvCZ61OzPpBAxcMbGWEqXFxohITgbGQQ4ojichAOvxAZra2697GvceAdS6fhsuGnueN7WrV49ngSzB7VScJtUSg6AZB79Nrzw",
"e": "AQAB"
},
{
"kty": "OKP",
"kid": "pomerium/hpke",
"crv": "X25519",
"x": "o-NXwluf5sf33YOVBMrD4f3oQFrbEF4E_WiBOtEx71M"
}
]
}`)
}))
defer srv.Close()
jwks, err := FetchJSONWebKeySet(ctx, http.DefaultClient, srv.URL)
assert.NoError(t, err)
assert.Len(t, jwks.Keys, 1)
}
func TestEncodeJSONWebKeySetToPEM(t *testing.T) {
k1 := &ecdsa.PrivateKey{
PublicKey: ecdsa.PublicKey{
Curve: elliptic.P256(),
X: fromBase10("107742964041792821484023270928821954056583691735291412463107176305519907521496"),
Y: fromBase10("101178435593902162148001299526817823626416635718445296695261505038906145274036"),
},
D: fromBase10("114880445367525490654164018662903981382797124360114271237176707482272829688193"),
}
k2 := &ecdsa.PrivateKey{
PublicKey: ecdsa.PublicKey{
Curve: elliptic.P256(),
X: fromBase10("87895561345820013705144430718367050032124415695976198517307510290225078395331"),
Y: fromBase10("112143936898785656439730012378337904780977908002106726928690158883960674969081"),
},
D: fromBase10("113938966040159377943208671688064050691147332856091757410931127527686989606433"),
}
k3 := &rsa.PrivateKey{
PublicKey: rsa.PublicKey{
N: fromBase10("14314132931241006650998084889274020608918049032671858325988396851334124245188214251956198731333464217832226406088020736932173064754214329009979944037640912127943488972644697423190955557435910767690712778463524983667852819010259499695177313115447116110358524558307947613422897787329221478860907963827160223559690523660574329011927531289655711860504630573766609239332569210831325633840174683944553667352219670930408593321661375473885147973879086994006440025257225431977751512374815915392249179976902953721486040787792801849818254465486633791826766873076617116727073077821584676715609985777563958286637185868165868520557"),
E: 3,
},
D: fromBase10("9542755287494004433998723259516013739278699355114572217325597900889416163458809501304132487555642811888150937392013824621448709836142886006653296025093941418628992648429798282127303704957273845127141852309016655778568546006839666463451542076964744073572349705538631742281931858219480985907271975884773482372966847639853897890615456605598071088189838676728836833012254065983259638538107719766738032720239892094196108713378822882383694456030043492571063441943847195939549773271694647657549658603365629458610273821292232646334717612674519997533901052790334279661754176490593041941863932308687197618671528035670452762731"),
Primes: []*big.Int{
fromBase10("130903255182996722426771613606077755295583329135067340152947172868415809027537376306193179624298874215608270802054347609836776473930072411958753044562214537013874103802006369634761074377213995983876788718033850153719421695468704276694983032644416930879093914927146648402139231293035971427838068945045019075433"),
fromBase10("109348945610485453577574767652527472924289229538286649661240938988020367005475727988253438647560958573506159449538793540472829815903949343191091817779240101054552748665267574271163617694640513549693841337820602726596756351006149518830932261246698766355347898158548465400674856021497190430791824869615170301029"),
},
}
k3.Precompute()
jwks := &jose.JSONWebKeySet{
Keys: []jose.JSONWebKey{
{Key: k1.Public(), Use: "sig", Algorithm: string(jose.ES256)},
{Key: k2.Public(), Use: "sig", Algorithm: string(jose.ES256)},
{Key: k3.Public(), Use: "sig", Algorithm: string(jose.RS256)},
},
}
bs, err := EncodeJSONWebKeySetToPEM(jwks)
assert.NoError(t, err)
assert.Equal(t,
"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFN2pSYlNTdk9RM1NHS2FjUEh5ZjRrcTV1WnZ2TwpNaUlOUHd4WGl0d3pROWpmc1BjVU4rUjlZbWNBaGN5N0tXWXdOUURYN3NybTRQbi9NZHY5azk1NHRBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCi0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRXdsTWY3NTdSKyttbjhTa2NObE5LclpnNTZUL3gKQkIzYnNCZWNOcW95NGNQMzd6Z05FcUdZWjJzcWorMktjYUhzWm9saEd0OXNkTzNVTnpZYUtoSGwrUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQotLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLQpNSUlCSHpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVF3QU1JSUJCd0tDQVFCeFk4aENzaGtLaVhDVUt5ZGtydFF0ClFTUmtlMjh3NEpvdG9jRGlWcW91NGs1NURFREpha3ZXYlhYRGNha1Y0SEE4UjJ0T0dnYnh2VGpGbzhFSzQ3MHcKOU85aXBhcFBVU3JSUmFCc1NPbGthYUlzNk9ZaDRGTHdacHFNTkJWVkV0Z3VWVVIvQzM0WTJwUzlrUnJIczZxKwpjR2hEWm9sa1dUN25HeTVlU0V2UERIZzBFQnExMWh1NkhtUG1JM3IwQkluT05xSmcycmNLM1UrK3drMWxuYkQzCnlzQ1pzS09xUlVtczNuL0lXS2VUcVhYbXoyWEtKMnQwTlNYd2lEbUE5cTBHbSt3MGJYaDNsemh0VVA0TWx6UysKbG54OWhLNWJqelNiQ1VCNVJYd01ERy91Tk1RcUM0TW1BNEJQY2VTZk15QUlGamRSTEd5L0s3Z2JiMnZpT1lSdApBZ0VECi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=",
base64.StdEncoding.EncodeToString(bs),
)
}
func fromBase10(base10 string) *big.Int {
i, ok := big.NewInt(0).SetString(base10, 10)
if !ok {
panic("bad number: " + base10)
}
return i
}