OAuth2 / JWT / OpenID Connect for mocking auth... which isn't that different from doing it for real, actually.
https://mock.pocketid.app
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
152 lines
2.6 KiB
152 lines
2.6 KiB
package mockid
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rsa"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
mathrand "math/rand"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"os"
|
|
"testing"
|
|
|
|
"git.rootprojects.org/root/keypairs"
|
|
//keypairs "github.com/big-squid/go-keypairs"
|
|
//"github.com/big-squid/go-keypairs/keyfetch/uncached"
|
|
)
|
|
|
|
var srv *httptest.Server
|
|
|
|
type TestReader struct{}
|
|
|
|
func (TestReader) Read(p []byte) (n int, err error) {
|
|
return mathrand.Read(p)
|
|
}
|
|
|
|
var testrnd = TestReader{}
|
|
|
|
func init() {
|
|
rndsrc = testrnd
|
|
}
|
|
|
|
func TestMain(m *testing.M) {
|
|
mathrand.Seed(0) // Predictable results
|
|
|
|
os.Setenv("SALT", "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")
|
|
jwksPrefix := "public-jwks"
|
|
err := os.MkdirAll(jwksPrefix, 0755)
|
|
if nil != err {
|
|
fmt.Fprintf(os.Stderr, "couldn't write %q: %s", jwksPrefix, err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
privkey, _ := ecdsa.GenerateKey(elliptic.P256(), rndsrc)
|
|
mux := Route(jwksPrefix, privkey)
|
|
|
|
srv = httptest.NewServer(mux)
|
|
|
|
//fs := http.FileServer(http.Dir("public"))
|
|
//http.Handle("/", fs)
|
|
|
|
os.Exit(m.Run())
|
|
}
|
|
|
|
func TestGenerateJWK(t *testing.T) {
|
|
client := srv.Client()
|
|
urlstr, _ := url.Parse(srv.URL + "/private.jwk.json")
|
|
//fmt.Println("URL:", srv.URL, urlstr)
|
|
res, err := client.Do(&http.Request{
|
|
Method: "POST",
|
|
URL: urlstr,
|
|
})
|
|
if nil != err {
|
|
//t.Fatal(err)
|
|
t.Error(err)
|
|
return
|
|
}
|
|
|
|
data, err := ioutil.ReadAll(res.Body)
|
|
if nil != err {
|
|
//t.Fatal(err)
|
|
t.Error(err)
|
|
return
|
|
}
|
|
|
|
jwk := map[string]string{}
|
|
err = json.Unmarshal(data, &jwk)
|
|
if nil != err {
|
|
//t.Fatal(err)
|
|
t.Error(err)
|
|
return
|
|
}
|
|
|
|
if "" == jwk["d"] {
|
|
t.Fatal("Missing key 'd' from supposed private key")
|
|
}
|
|
|
|
key, err := keypairs.ParsePrivateKey(data)
|
|
if nil != err {
|
|
t.Error(err)
|
|
return
|
|
}
|
|
|
|
switch key.(type) {
|
|
case *rsa.PrivateKey:
|
|
// no-op
|
|
log.Println("is RSA")
|
|
case *ecdsa.PrivateKey:
|
|
// no-op
|
|
log.Println("is EC")
|
|
default:
|
|
t.Fatal(errors.New("impossible key type"))
|
|
}
|
|
|
|
//fmt.Printf("%#v\n", jwk)
|
|
}
|
|
|
|
func TestGeneratePEM(t *testing.T) {
|
|
client := srv.Client()
|
|
urlstr, _ := url.Parse(srv.URL + "/priv.pem")
|
|
//fmt.Println("URL:", srv.URL, urlstr)
|
|
res, err := client.Do(&http.Request{
|
|
Method: "POST",
|
|
URL: urlstr,
|
|
})
|
|
if nil != err {
|
|
//t.Fatal(err)
|
|
t.Error(err)
|
|
return
|
|
}
|
|
|
|
data, err := ioutil.ReadAll(res.Body)
|
|
if nil != err {
|
|
//t.Fatal(err)
|
|
t.Error(err)
|
|
return
|
|
}
|
|
|
|
key, err := ParsePEMPrivateKey(data)
|
|
if nil != err {
|
|
t.Error(err)
|
|
return
|
|
}
|
|
|
|
switch key.(type) {
|
|
case *rsa.PrivateKey:
|
|
// no-op
|
|
log.Println("is RSA")
|
|
case *ecdsa.PrivateKey:
|
|
// no-op
|
|
log.Println("is EC")
|
|
default:
|
|
t.Fatal(errors.New("impossible key type"))
|
|
}
|
|
|
|
//fmt.Printf("%#v\n", key)
|
|
}
|
|
|