Nelze vybrat více než 25 témat
Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
156 lines
5.5 KiB
156 lines
5.5 KiB
"use strict";
|
|
|
|
var keyfetch = require("./keyfetch.js");
|
|
var testIss = "https://example.auth0.com";
|
|
|
|
keyfetch.init({});
|
|
keyfetch
|
|
.oidcJwks(testIss)
|
|
.then(function (hits) {
|
|
keyfetch._clear();
|
|
//console.log(hits);
|
|
return keyfetch.oidcJwk(hits[0].thumbprint, testIss).then(function () {
|
|
return keyfetch.oidcJwk(hits[0].thumbprint, testIss).then(function (/*jwk*/) {
|
|
//console.log(jwk);
|
|
});
|
|
});
|
|
})
|
|
.then(function () {
|
|
console.log("Fetching PASSES");
|
|
})
|
|
.catch(function (err) {
|
|
console.error("NONE SHALL PASS!");
|
|
console.error(err);
|
|
process.exit(1);
|
|
});
|
|
|
|
/*global Promise*/
|
|
var keypairs = require("keypairs.js");
|
|
keypairs.generate().then(function (pair) {
|
|
return Promise.all([
|
|
keypairs
|
|
.signJwt({
|
|
jwk: pair.private,
|
|
iss: "https://example.com/",
|
|
sub: "mikey",
|
|
exp: "1h"
|
|
})
|
|
.then(function (jwt) {
|
|
return Promise.all([
|
|
keyfetch.jwt.verify(jwt, { jwk: pair.public }).then(function (verified) {
|
|
if (!(verified.claims && verified.claims.exp)) {
|
|
throw new Error("malformed decoded token");
|
|
}
|
|
}),
|
|
keyfetch.jwt.verify(keyfetch.jwt.decode(jwt), { jwk: pair.public }).then(function (verified) {
|
|
if (!(verified.claims && verified.claims.exp)) {
|
|
throw new Error("malformed decoded token");
|
|
}
|
|
}),
|
|
keyfetch.jwt.verify(jwt, { jwks: [pair.public] }),
|
|
keyfetch.jwt.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["https://example.com/"]
|
|
}),
|
|
keyfetch.jwt.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["https://example.com"]
|
|
}),
|
|
keyfetch.jwt.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["example.com"]
|
|
}),
|
|
keyfetch.jwt.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["example.com/"]
|
|
}),
|
|
keyfetch.jwt.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["*"]
|
|
}),
|
|
keyfetch.jwt
|
|
.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["http://example.com"]
|
|
})
|
|
.then(e("bad scheme"))
|
|
.catch(throwIfNotExpected),
|
|
keyfetch.jwt
|
|
.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["https://www.example.com"]
|
|
})
|
|
.then(e("bad prefix"))
|
|
.catch(throwIfNotExpected),
|
|
keyfetch.jwt
|
|
.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["https://wexample.com"]
|
|
})
|
|
.then(e("bad sld"))
|
|
.catch(throwIfNotExpected),
|
|
keyfetch.jwt
|
|
.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["https://example.comm"]
|
|
})
|
|
.then(e("bad tld"))
|
|
.catch(throwIfNotExpected),
|
|
keyfetch.jwt.verify(jwt, {
|
|
jwk: pair.public,
|
|
claims: { iss: "https://example.com/" }
|
|
}),
|
|
keyfetch.jwt
|
|
.verify(jwt, {
|
|
jwk: pair.public,
|
|
claims: { iss: "https://example.com" }
|
|
})
|
|
.then(e("inexact claim"))
|
|
.catch(throwIfNotExpected)
|
|
]);
|
|
}),
|
|
keypairs
|
|
.signJwt({
|
|
jwk: pair.private,
|
|
iss: false,
|
|
sub: "mikey",
|
|
exp: "1h"
|
|
})
|
|
.then(function (jwt) {
|
|
return Promise.all([
|
|
keyfetch.jwt.verify(jwt, { jwk: pair.public }),
|
|
keyfetch.jwt.verify(jwt).then(e("should have an issuer")).catch(throwIfNotExpected),
|
|
keyfetch.jwt
|
|
.verify(jwt, {
|
|
jwk: pair.public,
|
|
issuers: ["https://example.com/"]
|
|
})
|
|
.then(e("fail when issuer specified and doesn't exist"))
|
|
.catch(throwIfNotExpected)
|
|
]);
|
|
})
|
|
])
|
|
.then(function () {
|
|
console.log("JWT PASSES");
|
|
})
|
|
.catch(function (err) {
|
|
console.error("NONE SHALL PASS!");
|
|
console.error(err);
|
|
process.exit(1);
|
|
});
|
|
});
|
|
/*
|
|
var jwt = '...';
|
|
keyfetch.verify({ jwt: jwt }).catch(function (err) {
|
|
console.log(err);
|
|
});
|
|
*/
|
|
|
|
function e(msg) {
|
|
return new Error("ETEST: " + msg);
|
|
}
|
|
function throwIfNotExpected(err) {
|
|
if ("ETEST" === err.message.slice(0, 5)) {
|
|
throw err;
|
|
}
|
|
}
|
|
|