|
@ -3,22 +3,41 @@ package mockid |
|
|
import ( |
|
|
import ( |
|
|
"crypto/ecdsa" |
|
|
"crypto/ecdsa" |
|
|
"crypto/elliptic" |
|
|
"crypto/elliptic" |
|
|
"crypto/rand" |
|
|
"crypto/rsa" |
|
|
"encoding/json" |
|
|
"encoding/json" |
|
|
|
|
|
"errors" |
|
|
"fmt" |
|
|
"fmt" |
|
|
"io/ioutil" |
|
|
"io/ioutil" |
|
|
|
|
|
"log" |
|
|
|
|
|
mathrand "math/rand" |
|
|
"net/http" |
|
|
"net/http" |
|
|
"net/http/httptest" |
|
|
"net/http/httptest" |
|
|
"net/url" |
|
|
"net/url" |
|
|
"os" |
|
|
"os" |
|
|
"testing" |
|
|
"testing" |
|
|
|
|
|
|
|
|
|
|
|
"git.rootprojects.org/root/keypairs" |
|
|
//keypairs "github.com/big-squid/go-keypairs"
|
|
|
//keypairs "github.com/big-squid/go-keypairs"
|
|
|
//"github.com/big-squid/go-keypairs/keyfetch/uncached"
|
|
|
//"github.com/big-squid/go-keypairs/keyfetch/uncached"
|
|
|
) |
|
|
) |
|
|
|
|
|
|
|
|
var srv *httptest.Server |
|
|
var srv *httptest.Server |
|
|
|
|
|
|
|
|
|
|
|
type TestReader struct{} |
|
|
|
|
|
|
|
|
|
|
|
func (TestReader) Read(p []byte) (n int, err error) { |
|
|
|
|
|
return mathrand.Read(p) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
var testrnd = TestReader{} |
|
|
|
|
|
|
|
|
|
|
|
func init() { |
|
|
|
|
|
rndsrc = testrnd |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
func TestMain(m *testing.M) { |
|
|
func TestMain(m *testing.M) { |
|
|
|
|
|
mathrand.Seed(0) // Predictable results
|
|
|
|
|
|
|
|
|
os.Setenv("SALT", "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") |
|
|
os.Setenv("SALT", "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") |
|
|
jwksPrefix := "public-jwks" |
|
|
jwksPrefix := "public-jwks" |
|
|
err := os.MkdirAll(jwksPrefix, 0755) |
|
|
err := os.MkdirAll(jwksPrefix, 0755) |
|
@ -27,7 +46,7 @@ func TestMain(m *testing.M) { |
|
|
os.Exit(1) |
|
|
os.Exit(1) |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
privkey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
|
|
privkey, _ := ecdsa.GenerateKey(elliptic.P256(), rndsrc) |
|
|
mux := Route(jwksPrefix, privkey) |
|
|
mux := Route(jwksPrefix, privkey) |
|
|
|
|
|
|
|
|
srv = httptest.NewServer(mux) |
|
|
srv = httptest.NewServer(mux) |
|
@ -38,7 +57,7 @@ func TestMain(m *testing.M) { |
|
|
os.Exit(m.Run()) |
|
|
os.Exit(m.Run()) |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
func TestTest(t *testing.T) { |
|
|
func TestGenerateJWK(t *testing.T) { |
|
|
client := srv.Client() |
|
|
client := srv.Client() |
|
|
urlstr, _ := url.Parse(srv.URL + "/private.jwk.json") |
|
|
urlstr, _ := url.Parse(srv.URL + "/private.jwk.json") |
|
|
//fmt.Println("URL:", srv.URL, urlstr)
|
|
|
//fmt.Println("URL:", srv.URL, urlstr)
|
|
@ -49,12 +68,14 @@ func TestTest(t *testing.T) { |
|
|
if nil != err { |
|
|
if nil != err { |
|
|
//t.Fatal(err)
|
|
|
//t.Fatal(err)
|
|
|
t.Error(err) |
|
|
t.Error(err) |
|
|
|
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
data, err := ioutil.ReadAll(res.Body) |
|
|
data, err := ioutil.ReadAll(res.Body) |
|
|
if nil != err { |
|
|
if nil != err { |
|
|
//t.Fatal(err)
|
|
|
//t.Fatal(err)
|
|
|
t.Error(err) |
|
|
t.Error(err) |
|
|
|
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
jwk := map[string]string{} |
|
|
jwk := map[string]string{} |
|
@ -62,10 +83,70 @@ func TestTest(t *testing.T) { |
|
|
if nil != err { |
|
|
if nil != err { |
|
|
//t.Fatal(err)
|
|
|
//t.Fatal(err)
|
|
|
t.Error(err) |
|
|
t.Error(err) |
|
|
|
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
if "" == jwk["d"] { |
|
|
if "" == jwk["d"] { |
|
|
t.Fatal("Missing key 'd' from supposed private key") |
|
|
t.Fatal("Missing key 'd' from supposed private key") |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
key, err := keypairs.ParsePrivateKey(data) |
|
|
|
|
|
if nil != err { |
|
|
|
|
|
t.Error(err) |
|
|
|
|
|
return |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
switch key.(type) { |
|
|
|
|
|
case *rsa.PrivateKey: |
|
|
|
|
|
// no-op
|
|
|
|
|
|
log.Println("is RSA") |
|
|
|
|
|
case *ecdsa.PrivateKey: |
|
|
|
|
|
// no-op
|
|
|
|
|
|
log.Println("is EC") |
|
|
|
|
|
default: |
|
|
|
|
|
t.Fatal(errors.New("impossible key type")) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
//fmt.Printf("%#v\n", jwk)
|
|
|
//fmt.Printf("%#v\n", jwk)
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func TestGeneratePEM(t *testing.T) { |
|
|
|
|
|
client := srv.Client() |
|
|
|
|
|
urlstr, _ := url.Parse(srv.URL + "/priv.pem") |
|
|
|
|
|
//fmt.Println("URL:", srv.URL, urlstr)
|
|
|
|
|
|
res, err := client.Do(&http.Request{ |
|
|
|
|
|
Method: "POST", |
|
|
|
|
|
URL: urlstr, |
|
|
|
|
|
}) |
|
|
|
|
|
if nil != err { |
|
|
|
|
|
//t.Fatal(err)
|
|
|
|
|
|
t.Error(err) |
|
|
|
|
|
return |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
data, err := ioutil.ReadAll(res.Body) |
|
|
|
|
|
if nil != err { |
|
|
|
|
|
//t.Fatal(err)
|
|
|
|
|
|
t.Error(err) |
|
|
|
|
|
return |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
key, err := ParsePEMPrivateKey(data) |
|
|
|
|
|
if nil != err { |
|
|
|
|
|
t.Error(err) |
|
|
|
|
|
return |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
switch key.(type) { |
|
|
|
|
|
case *rsa.PrivateKey: |
|
|
|
|
|
// no-op
|
|
|
|
|
|
log.Println("is RSA") |
|
|
|
|
|
case *ecdsa.PrivateKey: |
|
|
|
|
|
// no-op
|
|
|
|
|
|
log.Println("is EC") |
|
|
|
|
|
default: |
|
|
|
|
|
t.Fatal(errors.New("impossible key type")) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
//fmt.Printf("%#v\n", key)
|
|
|
|
|
|
} |
|
|