From 1fc34736a2a0fa4e52ca23564ff2fb4f404668fc Mon Sep 17 00:00:00 2001 From: MrMelon54 Date: Sat, 27 Jul 2024 19:25:56 +0100 Subject: [PATCH] Add signing method parameter --- auth/access-token_test.go | 3 ++- auth/pair_test.go | 3 ++- auth/refresh-token_test.go | 3 ++- claims_test.go | 11 ++++++----- cmd/mjwt/access.go | 2 +- go.mod | 1 + go.sum | 6 ++++++ issuer.go | 11 ++++++----- issuer_test.go | 7 ++++--- 9 files changed, 30 insertions(+), 17 deletions(-) diff --git a/auth/access-token_test.go b/auth/access-token_test.go index 15a5c94..c86de6c 100644 --- a/auth/access-token_test.go +++ b/auth/access-token_test.go @@ -2,6 +2,7 @@ package auth import ( "github.com/1f349/mjwt" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" "testing" ) @@ -14,7 +15,7 @@ func TestCreateAccessToken(t *testing.T) { ps.Set("mjwt:test2") kStore := mjwt.NewKeyStore() - s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore) + s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) accessToken, err := CreateAccessToken(s, "1", "test", nil, ps) diff --git a/auth/pair_test.go b/auth/pair_test.go index aa69704..e62d22c 100644 --- a/auth/pair_test.go +++ b/auth/pair_test.go @@ -2,6 +2,7 @@ package auth import ( "github.com/1f349/mjwt" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" "testing" ) @@ -14,7 +15,7 @@ func TestCreateTokenPair(t *testing.T) { ps.Set("mjwt:test2") kStore := mjwt.NewKeyStore() - s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", kStore) + s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps) diff --git a/auth/refresh-token_test.go b/auth/refresh-token_test.go index c932921..ec5a0bd 100644 --- a/auth/refresh-token_test.go +++ b/auth/refresh-token_test.go @@ -2,6 +2,7 @@ package auth import ( "github.com/1f349/mjwt" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" "testing" ) @@ -10,7 +11,7 @@ func TestCreateRefreshToken(t *testing.T) { t.Parallel() kStore := mjwt.NewKeyStore() - s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore) + s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil) diff --git a/claims_test.go b/claims_test.go index f35610d..6c37d81 100644 --- a/claims_test.go +++ b/claims_test.go @@ -2,6 +2,7 @@ package mjwt import ( "fmt" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" "testing" "time" @@ -35,7 +36,7 @@ func TestExtractClaims(t *testing.T) { t.Run("TestNoKID", func(t *testing.T) { t.Parallel() - s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore) + s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"}) assert.NoError(t, err) @@ -48,9 +49,9 @@ func TestExtractClaims(t *testing.T) { t.Run("TestKID", func(t *testing.T) { t.Parallel() - s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore) + s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) - s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", kStore) + s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"}) @@ -72,7 +73,7 @@ func TestExtractClaimsFail(t *testing.T) { t.Run("TestInvalidClaims", func(t *testing.T) { t.Parallel() - s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore) + s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"}) assert.NoError(t, err) @@ -85,7 +86,7 @@ func TestExtractClaimsFail(t *testing.T) { t.Run("TestKIDNonExist", func(t *testing.T) { t.Parallel() - s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore) + s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"}) assert.NoError(t, err) diff --git a/cmd/mjwt/access.go b/cmd/mjwt/access.go index 0f0efcb..0a6b5ce 100644 --- a/cmd/mjwt/access.go +++ b/cmd/mjwt/access.go @@ -70,7 +70,7 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} kStore := mjwt.NewKeyStore() kStore.LoadPrivateKey(s.kID, key) - issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, kStore) + issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, jwt.SigningMethodRS512, kStore) if err != nil { panic("this should not fail") } diff --git a/go.mod b/go.mod index b012c9e..e82e0b1 100644 --- a/go.mod +++ b/go.mod @@ -21,6 +21,7 @@ require ( github.com/kr/pretty v0.3.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect + golang.org/x/crypto v0.25.0 // indirect golang.org/x/text v0.16.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect ) diff --git a/go.sum b/go.sum index 19e7eff..dc71b13 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,12 @@ github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCist github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -28,6 +32,8 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= diff --git a/issuer.go b/issuer.go index 02a1ee4..953f3b6 100644 --- a/issuer.go +++ b/issuer.go @@ -10,15 +10,16 @@ import ( type Issuer struct { issuer string kid string + signing jwt.SigningMethod keystore *KeyStore } -func NewIssuer(name, kid string) (*Issuer, error) { - return NewIssuerWithKeyStore(name, kid, NewKeyStore()) +func NewIssuer(name, kid string, signing jwt.SigningMethod) (*Issuer, error) { + return NewIssuerWithKeyStore(name, kid, signing, NewKeyStore()) } -func NewIssuerWithKeyStore(name, kid string, keystore *KeyStore) (*Issuer, error) { - i := &Issuer{name, kid, keystore} +func NewIssuerWithKeyStore(name, kid string, signing jwt.SigningMethod, keystore *KeyStore) (*Issuer, error) { + i := &Issuer{name, kid, signing, keystore} if i.keystore.HasPrivateKey(kid) { return i, nil } @@ -39,7 +40,7 @@ func (i *Issuer) SignJwt(wrapped jwt.Claims) (string, error) { if err != nil { return "", err } - token := jwt.NewWithClaims(jwt.SigningMethodRS512, wrapped) + token := jwt.NewWithClaims(i.signing, wrapped) token.Header["kid"] = i.kid return token.SignedString(key) } diff --git a/issuer_test.go b/issuer_test.go index 7d89a44..d772a90 100644 --- a/issuer_test.go +++ b/issuer_test.go @@ -4,6 +4,7 @@ import ( "crypto/rand" "crypto/rsa" "github.com/1f349/rsa-helper/rsaprivate" + "github.com/golang-jwt/jwt/v4" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "testing" @@ -14,7 +15,7 @@ func TestNewIssuer(t *testing.T) { t.Run("generate missing key for issuer", func(t *testing.T) { t.Parallel() kStore := NewKeyStore() - issuer, err := NewIssuerWithKeyStore("Test", "test", kStore) + issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) assert.True(t, kStore.HasPrivateKey("test")) assert.True(t, kStore.HasPublicKey("test")) @@ -27,7 +28,7 @@ func TestNewIssuer(t *testing.T) { key, err := rsa.GenerateKey(rand.Reader, 2048) assert.NoError(t, err) kStore.LoadPrivateKey("test", key) - issuer, err := NewIssuerWithKeyStore("Test", "test", kStore) + issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) assert.True(t, kStore.HasPrivateKey("test")) assert.True(t, kStore.HasPublicKey("test")) @@ -41,7 +42,7 @@ func TestNewIssuer(t *testing.T) { t.Parallel() dir := afero.NewMemMapFs() kStore := NewKeyStoreWithDir(dir) - issuer, err := NewIssuerWithKeyStore("Test", "test", kStore) + issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore) assert.NoError(t, err) assert.True(t, kStore.HasPrivateKey("test")) assert.True(t, kStore.HasPublicKey("test"))