Add signing method parameter

This commit is contained in:
Melon 2024-07-27 19:25:56 +01:00
parent cd2d80cb09
commit 1fc34736a2
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
9 changed files with 30 additions and 17 deletions

View File

@ -2,6 +2,7 @@ package auth
import ( import (
"github.com/1f349/mjwt" "github.com/1f349/mjwt"
"github.com/golang-jwt/jwt/v4"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"testing" "testing"
) )
@ -14,7 +15,7 @@ func TestCreateAccessToken(t *testing.T) {
ps.Set("mjwt:test2") ps.Set("mjwt:test2")
kStore := mjwt.NewKeyStore() kStore := mjwt.NewKeyStore()
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore) s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
accessToken, err := CreateAccessToken(s, "1", "test", nil, ps) accessToken, err := CreateAccessToken(s, "1", "test", nil, ps)

View File

@ -2,6 +2,7 @@ package auth
import ( import (
"github.com/1f349/mjwt" "github.com/1f349/mjwt"
"github.com/golang-jwt/jwt/v4"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"testing" "testing"
) )
@ -14,7 +15,7 @@ func TestCreateTokenPair(t *testing.T) {
ps.Set("mjwt:test2") ps.Set("mjwt:test2")
kStore := mjwt.NewKeyStore() kStore := mjwt.NewKeyStore()
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", kStore) s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps) accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps)

View File

@ -2,6 +2,7 @@ package auth
import ( import (
"github.com/1f349/mjwt" "github.com/1f349/mjwt"
"github.com/golang-jwt/jwt/v4"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"testing" "testing"
) )
@ -10,7 +11,7 @@ func TestCreateRefreshToken(t *testing.T) {
t.Parallel() t.Parallel()
kStore := mjwt.NewKeyStore() kStore := mjwt.NewKeyStore()
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore) s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil) refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil)

View File

@ -2,6 +2,7 @@ package mjwt
import ( import (
"fmt" "fmt"
"github.com/golang-jwt/jwt/v4"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"testing" "testing"
"time" "time"
@ -35,7 +36,7 @@ func TestExtractClaims(t *testing.T) {
t.Run("TestNoKID", func(t *testing.T) { t.Run("TestNoKID", func(t *testing.T) {
t.Parallel() t.Parallel()
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore) s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"}) token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
assert.NoError(t, err) assert.NoError(t, err)
@ -48,9 +49,9 @@ func TestExtractClaims(t *testing.T) {
t.Run("TestKID", func(t *testing.T) { t.Run("TestKID", func(t *testing.T) {
t.Parallel() t.Parallel()
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore) s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", kStore) s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"}) token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
@ -72,7 +73,7 @@ func TestExtractClaimsFail(t *testing.T) {
t.Run("TestInvalidClaims", func(t *testing.T) { t.Run("TestInvalidClaims", func(t *testing.T) {
t.Parallel() t.Parallel()
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore) s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"}) token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
assert.NoError(t, err) assert.NoError(t, err)
@ -85,7 +86,7 @@ func TestExtractClaimsFail(t *testing.T) {
t.Run("TestKIDNonExist", func(t *testing.T) { t.Run("TestKIDNonExist", func(t *testing.T) {
t.Parallel() t.Parallel()
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore) s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"}) token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
assert.NoError(t, err) assert.NoError(t, err)

View File

@ -70,7 +70,7 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
kStore := mjwt.NewKeyStore() kStore := mjwt.NewKeyStore()
kStore.LoadPrivateKey(s.kID, key) kStore.LoadPrivateKey(s.kID, key)
issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, kStore) issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, jwt.SigningMethodRS512, kStore)
if err != nil { if err != nil {
panic("this should not fail") panic("this should not fail")
} }

1
go.mod
View File

@ -21,6 +21,7 @@ require (
github.com/kr/pretty v0.3.1 // indirect github.com/kr/pretty v0.3.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect
golang.org/x/crypto v0.25.0 // indirect
golang.org/x/text v0.16.0 // indirect golang.org/x/text v0.16.0 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
) )

6
go.sum
View File

@ -5,8 +5,12 @@ github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCist
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE= github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@ -28,6 +32,8 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=

View File

@ -10,15 +10,16 @@ import (
type Issuer struct { type Issuer struct {
issuer string issuer string
kid string kid string
signing jwt.SigningMethod
keystore *KeyStore keystore *KeyStore
} }
func NewIssuer(name, kid string) (*Issuer, error) { func NewIssuer(name, kid string, signing jwt.SigningMethod) (*Issuer, error) {
return NewIssuerWithKeyStore(name, kid, NewKeyStore()) return NewIssuerWithKeyStore(name, kid, signing, NewKeyStore())
} }
func NewIssuerWithKeyStore(name, kid string, keystore *KeyStore) (*Issuer, error) { func NewIssuerWithKeyStore(name, kid string, signing jwt.SigningMethod, keystore *KeyStore) (*Issuer, error) {
i := &Issuer{name, kid, keystore} i := &Issuer{name, kid, signing, keystore}
if i.keystore.HasPrivateKey(kid) { if i.keystore.HasPrivateKey(kid) {
return i, nil return i, nil
} }
@ -39,7 +40,7 @@ func (i *Issuer) SignJwt(wrapped jwt.Claims) (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
token := jwt.NewWithClaims(jwt.SigningMethodRS512, wrapped) token := jwt.NewWithClaims(i.signing, wrapped)
token.Header["kid"] = i.kid token.Header["kid"] = i.kid
return token.SignedString(key) return token.SignedString(key)
} }

View File

@ -4,6 +4,7 @@ import (
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"github.com/1f349/rsa-helper/rsaprivate" "github.com/1f349/rsa-helper/rsaprivate"
"github.com/golang-jwt/jwt/v4"
"github.com/spf13/afero" "github.com/spf13/afero"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"testing" "testing"
@ -14,7 +15,7 @@ func TestNewIssuer(t *testing.T) {
t.Run("generate missing key for issuer", func(t *testing.T) { t.Run("generate missing key for issuer", func(t *testing.T) {
t.Parallel() t.Parallel()
kStore := NewKeyStore() kStore := NewKeyStore()
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore) issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
assert.True(t, kStore.HasPrivateKey("test")) assert.True(t, kStore.HasPrivateKey("test"))
assert.True(t, kStore.HasPublicKey("test")) assert.True(t, kStore.HasPublicKey("test"))
@ -27,7 +28,7 @@ func TestNewIssuer(t *testing.T) {
key, err := rsa.GenerateKey(rand.Reader, 2048) key, err := rsa.GenerateKey(rand.Reader, 2048)
assert.NoError(t, err) assert.NoError(t, err)
kStore.LoadPrivateKey("test", key) kStore.LoadPrivateKey("test", key)
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore) issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
assert.True(t, kStore.HasPrivateKey("test")) assert.True(t, kStore.HasPrivateKey("test"))
assert.True(t, kStore.HasPublicKey("test")) assert.True(t, kStore.HasPublicKey("test"))
@ -41,7 +42,7 @@ func TestNewIssuer(t *testing.T) {
t.Parallel() t.Parallel()
dir := afero.NewMemMapFs() dir := afero.NewMemMapFs()
kStore := NewKeyStoreWithDir(dir) kStore := NewKeyStoreWithDir(dir)
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore) issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
assert.NoError(t, err) assert.NoError(t, err)
assert.True(t, kStore.HasPrivateKey("test")) assert.True(t, kStore.HasPrivateKey("test"))
assert.True(t, kStore.HasPublicKey("test")) assert.True(t, kStore.HasPublicKey("test"))