2023-06-30 15:22:26 +01:00
|
|
|
package mjwt
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/x509"
|
2023-10-29 12:28:21 +00:00
|
|
|
"encoding/pem"
|
2024-06-09 18:40:43 +01:00
|
|
|
"github.com/1f349/rsa-helper/rsaprivate"
|
|
|
|
"github.com/1f349/rsa-helper/rsapublic"
|
2023-06-30 15:22:26 +01:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"os"
|
2024-06-09 18:40:43 +01:00
|
|
|
"path"
|
2023-06-30 15:22:26 +01:00
|
|
|
"testing"
|
|
|
|
)
|
|
|
|
|
2024-06-09 18:40:43 +01:00
|
|
|
const st_prvExt = "prv"
|
|
|
|
const st_pubExt = "pub"
|
|
|
|
|
2024-06-09 19:31:12 +01:00
|
|
|
func setupTestDirSigner(t *testing.T) (string, *rsa.PrivateKey, func(t *testing.T)) {
|
2024-06-09 18:40:43 +01:00
|
|
|
tempDir, err := os.MkdirTemp("", "this-is-a-test-dir")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
var key3 *rsa.PrivateKey = nil
|
2024-06-09 19:31:12 +01:00
|
|
|
key1, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
err = rsaprivate.Write(path.Join(tempDir, "key1.pem."+st_prvExt), key1)
|
|
|
|
assert.NoError(t, err)
|
2024-06-09 18:40:43 +01:00
|
|
|
|
2024-06-09 19:31:12 +01:00
|
|
|
key2, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
err = rsaprivate.Write(path.Join(tempDir, "key2.pem."+st_prvExt), key2)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
err = rsapublic.Write(path.Join(tempDir, "key2.pem."+st_pubExt), &key2.PublicKey)
|
|
|
|
assert.NoError(t, err)
|
2024-06-09 18:40:43 +01:00
|
|
|
|
2024-06-09 19:31:12 +01:00
|
|
|
key3, err = rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
err = rsapublic.Write(path.Join(tempDir, "key3.pem."+st_pubExt), &key3.PublicKey)
|
|
|
|
assert.NoError(t, err)
|
2024-06-09 18:40:43 +01:00
|
|
|
|
|
|
|
return tempDir, key3, func(t *testing.T) {
|
|
|
|
err := os.RemoveAll(tempDir)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-06-30 15:22:26 +01:00
|
|
|
func TestNewMJwtSigner(t *testing.T) {
|
2023-10-29 12:28:21 +00:00
|
|
|
t.Parallel()
|
2023-06-30 15:22:26 +01:00
|
|
|
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
NewMJwtSigner("Test", key)
|
|
|
|
}
|
|
|
|
|
2024-06-09 18:40:43 +01:00
|
|
|
func TestNewMJwtSignerWithKeyStore(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
kStore := NewMJwtKeyStore()
|
|
|
|
kStore.SetKey("test", key)
|
|
|
|
assert.Contains(t, kStore.ListKeys(), "test")
|
|
|
|
NewMJwtSignerWithKeyStore("Test", nil, kStore)
|
|
|
|
}
|
|
|
|
|
2023-06-30 15:22:26 +01:00
|
|
|
func TestNewMJwtSignerFromFile(t *testing.T) {
|
2023-10-29 12:28:21 +00:00
|
|
|
t.Parallel()
|
2023-06-30 15:22:26 +01:00
|
|
|
tempKey, err := os.CreateTemp("", "key-test-*.pem")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
2023-10-29 12:28:21 +00:00
|
|
|
b := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
|
|
|
|
_, err = tempKey.Write(b)
|
2023-06-30 15:22:26 +01:00
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.NoError(t, tempKey.Close())
|
|
|
|
signer, err := NewMJwtSignerFromFile("Test", tempKey.Name())
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.NoError(t, os.Remove(tempKey.Name()))
|
|
|
|
_, err = NewMJwtSignerFromFile("Test", tempKey.Name())
|
|
|
|
assert.Error(t, err)
|
|
|
|
assert.True(t, os.IsNotExist(err))
|
|
|
|
assert.True(t, signer.(*defaultMJwtSigner).key.Equal(key))
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestNewMJwtSignerFromFileOrCreate(t *testing.T) {
|
2023-10-29 12:28:21 +00:00
|
|
|
t.Parallel()
|
2023-06-30 15:22:26 +01:00
|
|
|
tempKey, err := os.CreateTemp("", "key-test-*.pem")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.NoError(t, tempKey.Close())
|
|
|
|
assert.NoError(t, os.Remove(tempKey.Name()))
|
|
|
|
signer, err := NewMJwtSignerFromFileOrCreate("Test", tempKey.Name(), rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
signer2, err := NewMJwtSignerFromFileOrCreate("Test", tempKey.Name(), rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
2023-10-29 12:28:21 +00:00
|
|
|
assert.True(t, signer.PrivateKey().Equal(signer2.PrivateKey()))
|
2023-06-30 15:22:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestReadOrCreatePrivateKey(t *testing.T) {
|
2023-10-29 12:28:21 +00:00
|
|
|
t.Parallel()
|
2023-06-30 15:22:26 +01:00
|
|
|
tempKey, err := os.CreateTemp("", "key-test-*.pem")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
2023-10-29 12:28:21 +00:00
|
|
|
b := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
|
|
|
|
_, err = tempKey.Write(b)
|
2023-06-30 15:22:26 +01:00
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.NoError(t, tempKey.Close())
|
|
|
|
key2, err := readOrCreatePrivateKey(tempKey.Name(), rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.True(t, key.Equal(key2))
|
|
|
|
assert.NoError(t, os.Remove(tempKey.Name()))
|
|
|
|
key3, err := readOrCreatePrivateKey(tempKey.Name(), rand.Reader, 2048)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.NoError(t, key3.Validate())
|
|
|
|
}
|
2024-06-09 18:40:43 +01:00
|
|
|
|
|
|
|
func TestNewMJwtSignerFromDirectory(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
2024-06-09 19:31:12 +01:00
|
|
|
tempDir, prvKey3, cleaner := setupTestDirSigner(t)
|
2024-06-09 18:40:43 +01:00
|
|
|
defer cleaner(t)
|
|
|
|
|
|
|
|
signer, err := NewMJwtSignerFromDirectory("Test", tempDir, st_prvExt, st_pubExt)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
assert.Len(t, signer.GetKeyStore().ListKeys(), 3)
|
|
|
|
kIDsToFind := []string{"key1", "key2", "key3"}
|
|
|
|
for _, k := range kIDsToFind {
|
|
|
|
assert.Contains(t, signer.GetKeyStore().ListKeys(), k)
|
|
|
|
}
|
|
|
|
assert.True(t, prvKey3.PublicKey.Equal(signer.GetKeyStore().GetKeyPublic("key3")))
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestNewMJwtSignerFromFileAndDirectory(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
2024-06-09 19:31:12 +01:00
|
|
|
tempDir, prvKey3, cleaner := setupTestDirSigner(t)
|
2024-06-09 18:40:43 +01:00
|
|
|
defer cleaner(t)
|
|
|
|
|
|
|
|
signer, err := NewMJwtSignerFromFileAndDirectory("Test", path.Join(tempDir, "key1.pem."+st_prvExt), tempDir, st_prvExt, st_pubExt)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
assert.Len(t, signer.GetKeyStore().ListKeys(), 3)
|
|
|
|
kIDsToFind := []string{"key1", "key2", "key3"}
|
|
|
|
for _, k := range kIDsToFind {
|
|
|
|
assert.Contains(t, signer.GetKeyStore().ListKeys(), k)
|
|
|
|
}
|
|
|
|
assert.True(t, prvKey3.PublicKey.Equal(signer.GetKeyStore().GetKeyPublic("key3")))
|
|
|
|
assert.True(t, signer.PrivateKey().Equal(signer.GetKeyStore().GetKey("key1")))
|
|
|
|
}
|