|
|
@ -1,16 +1,20 @@ |
|
|
|
package mockid |
|
|
|
|
|
|
|
import ( |
|
|
|
"crypto/rand" |
|
|
|
"crypto/ecdsa" |
|
|
|
"crypto/elliptic" |
|
|
|
"crypto/rsa" |
|
|
|
"crypto/sha1" |
|
|
|
"crypto/sha256" |
|
|
|
"crypto/sha512" |
|
|
|
"encoding/base64" |
|
|
|
"encoding/json" |
|
|
|
"errors" |
|
|
|
"fmt" |
|
|
|
"io" |
|
|
|
"io/ioutil" |
|
|
|
"log" |
|
|
|
mathrand "math/rand" |
|
|
|
"net/http" |
|
|
|
"os" |
|
|
|
"path/filepath" |
|
|
@ -180,17 +184,100 @@ func Route(jwksPrefix string, privkey keypairs.PrivateKey) http.Handler { |
|
|
|
fmt.Fprintf(w, token) |
|
|
|
}) |
|
|
|
|
|
|
|
getKty := func(r *http.Request) (string, error) { |
|
|
|
tok := make(map[string]interface{}) |
|
|
|
decoder := json.NewDecoder(r.Body) |
|
|
|
err := decoder.Decode(&tok) |
|
|
|
if nil != err && io.EOF != err { |
|
|
|
log.Printf("json decode error: %s", err) |
|
|
|
return "", errors.New("Bad Request: invalid json body") |
|
|
|
} |
|
|
|
defer r.Body.Close() |
|
|
|
|
|
|
|
kty, _ := tok["kty"].(string) |
|
|
|
if "" == kty { |
|
|
|
if 0 == mathrand.Intn(2) { |
|
|
|
kty = "RSA" |
|
|
|
} else { |
|
|
|
kty = "EC" |
|
|
|
} |
|
|
|
} |
|
|
|
return kty, nil |
|
|
|
} |
|
|
|
|
|
|
|
http.HandleFunc("/private.jwk.json", func(w http.ResponseWriter, r *http.Request) { |
|
|
|
log.Printf("%s %s", r.Method, r.URL.Path) |
|
|
|
if "POST" != r.Method { |
|
|
|
http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
kty, err := getKty(r) |
|
|
|
if nil != err { |
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest) |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
var privkey keypairs.PrivateKey |
|
|
|
if "RSA" == kty { |
|
|
|
keylen := 2048 |
|
|
|
privkey, _ = rsa.GenerateKey(rndsrc, keylen) |
|
|
|
} else { |
|
|
|
privkey, _ = ecdsa.GenerateKey(elliptic.P256(), rndsrc) |
|
|
|
} |
|
|
|
|
|
|
|
jwk := MarshalJWKPrivateKey(privkey) |
|
|
|
w.Write(jwk) |
|
|
|
}) |
|
|
|
|
|
|
|
http.HandleFunc("/priv.der", func(w http.ResponseWriter, r *http.Request) { |
|
|
|
log.Printf("%s %s\n", r.Method, r.URL.Path) |
|
|
|
if "POST" != r.Method { |
|
|
|
http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
keylen := 2048 |
|
|
|
privkey, _ := rsa.GenerateKey(rand.Reader, keylen) |
|
|
|
jwk := string(MarshalJWKPrivateKey(privkey)) |
|
|
|
fmt.Fprintf(w, jwk) |
|
|
|
kty, err := getKty(r) |
|
|
|
if nil != err { |
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest) |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
var privkey keypairs.PrivateKey |
|
|
|
if "RSA" == kty { |
|
|
|
keylen := 2048 |
|
|
|
privkey, _ = rsa.GenerateKey(rndsrc, keylen) |
|
|
|
} else { |
|
|
|
privkey, _ = ecdsa.GenerateKey(elliptic.P256(), rndsrc) |
|
|
|
} |
|
|
|
|
|
|
|
der, _ := MarshalDERPrivateKey(privkey) |
|
|
|
w.Write(der) |
|
|
|
}) |
|
|
|
|
|
|
|
http.HandleFunc("/priv.pem", func(w http.ResponseWriter, r *http.Request) { |
|
|
|
log.Printf("%s %s\n", r.Method, r.URL.Path) |
|
|
|
if "POST" != r.Method { |
|
|
|
http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
kty, err := getKty(r) |
|
|
|
if nil != err { |
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest) |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
var privkey keypairs.PrivateKey |
|
|
|
if "RSA" == kty { |
|
|
|
keylen := 2048 |
|
|
|
privkey, _ = rsa.GenerateKey(rndsrc, keylen) |
|
|
|
} else { |
|
|
|
privkey, _ = ecdsa.GenerateKey(elliptic.P256(), rndsrc) |
|
|
|
} |
|
|
|
|
|
|
|
privpem, _ := MarshalPEMPrivateKey(privkey) |
|
|
|
w.Write(privpem) |
|
|
|
}) |
|
|
|
|
|
|
|
http.HandleFunc("/inspect_token", func(w http.ResponseWriter, r *http.Request) { |
|
|
|