Add signing method parameter

2024-11-09 22:22:48 +00:00 · 2024-07-27 19:25:56 +01:00 · 2024-07-27 19:25:56 +01:00 · 1fc34736a2
commit 1fc34736a2
parent cd2d80cb09
9 changed files with 30 additions and 17 deletions
--- a/auth/access-token_test.go
+++ b/auth/access-token_test.go
@ -2,6 +2,7 @@ package auth
 import (
 	"github.com/1f349/mjwt"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@ -14,7 +15,7 @@ func TestCreateAccessToken(t *testing.T) {
 	ps.Set("mjwt:test2")
 	kStore := mjwt.NewKeyStore()
-	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 	assert.NoError(t, err)
 	accessToken, err := CreateAccessToken(s, "1", "test", nil, ps)
--- a/auth/pair_test.go
+++ b/auth/pair_test.go
@ -2,6 +2,7 @@ package auth
 import (
 	"github.com/1f349/mjwt"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@ -14,7 +15,7 @@ func TestCreateTokenPair(t *testing.T) {
 	ps.Set("mjwt:test2")
 	kStore := mjwt.NewKeyStore()
-	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
+	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
 	assert.NoError(t, err)
 	accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps)
--- a/auth/refresh-token_test.go
+++ b/auth/refresh-token_test.go
@ -2,6 +2,7 @@ package auth
 import (
 	"github.com/1f349/mjwt"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@ -10,7 +11,7 @@ func TestCreateRefreshToken(t *testing.T) {
 	t.Parallel()
 	kStore := mjwt.NewKeyStore()
-	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 	assert.NoError(t, err)
 	refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil)
--- a/claims_test.go
+++ b/claims_test.go
@ -2,6 +2,7 @@ package mjwt
 import (
 	"fmt"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 	"time"
@ -35,7 +36,7 @@ func TestExtractClaims(t *testing.T) {
 	t.Run("TestNoKID", func(t *testing.T) {
 		t.Parallel()
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
 		assert.NoError(t, err)
@ -48,9 +49,9 @@ func TestExtractClaims(t *testing.T) {
 	t.Run("TestKID", func(t *testing.T) {
 		t.Parallel()
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
-		s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", kStore)
+		s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
@ -72,7 +73,7 @@ func TestExtractClaimsFail(t *testing.T) {
 	t.Run("TestInvalidClaims", func(t *testing.T) {
 		t.Parallel()
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
 		assert.NoError(t, err)
@ -85,7 +86,7 @@ func TestExtractClaimsFail(t *testing.T) {
 	t.Run("TestKIDNonExist", func(t *testing.T) {
 		t.Parallel()
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
 		assert.NoError(t, err)
--- a/cmd/mjwt/access.go
+++ b/cmd/mjwt/access.go
@ -70,7 +70,7 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	kStore := mjwt.NewKeyStore()
 	kStore.LoadPrivateKey(s.kID, key)
-	issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, kStore)
+	issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, jwt.SigningMethodRS512, kStore)
 	if err != nil {
 		panic("this should not fail")
 	}
--- a/go.mod
+++ b/go.mod
@ -21,6 +21,7 @@ require (
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -5,8 +5,12 @@ github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCist
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
 github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
 github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@ -28,6 +32,8 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
--- a/issuer.go
+++ b/issuer.go
@ -10,15 +10,16 @@ import (
 type Issuer struct {
 	issuer   string
 	kid      string
 	signing  jwt.SigningMethod
 	keystore *KeyStore
 }
-func NewIssuer(name, kid string) (*Issuer, error) {
+func NewIssuer(name, kid string, signing jwt.SigningMethod) (*Issuer, error) {
-	return NewIssuerWithKeyStore(name, kid, NewKeyStore())
+	return NewIssuerWithKeyStore(name, kid, signing, NewKeyStore())
 }
-func NewIssuerWithKeyStore(name, kid string, keystore *KeyStore) (*Issuer, error) {
+func NewIssuerWithKeyStore(name, kid string, signing jwt.SigningMethod, keystore *KeyStore) (*Issuer, error) {
-	i := &Issuer{name, kid, keystore}
+	i := &Issuer{name, kid, signing, keystore}
 	if i.keystore.HasPrivateKey(kid) {
 		return i, nil
 	}
@ -39,7 +40,7 @@ func (i *Issuer) SignJwt(wrapped jwt.Claims) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	token := jwt.NewWithClaims(jwt.SigningMethodRS512, wrapped)
+	token := jwt.NewWithClaims(i.signing, wrapped)
 	token.Header["kid"] = i.kid
 	return token.SignedString(key)
 }
--- a/issuer_test.go
+++ b/issuer_test.go
@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"github.com/1f349/rsa-helper/rsaprivate"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"testing"
@ -14,7 +15,7 @@ func TestNewIssuer(t *testing.T) {
 	t.Run("generate missing key for issuer", func(t *testing.T) {
 		t.Parallel()
 		kStore := NewKeyStore()
-		issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
+		issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		assert.True(t, kStore.HasPrivateKey("test"))
 		assert.True(t, kStore.HasPublicKey("test"))
@ -27,7 +28,7 @@ func TestNewIssuer(t *testing.T) {
 		key, err := rsa.GenerateKey(rand.Reader, 2048)
 		assert.NoError(t, err)
 		kStore.LoadPrivateKey("test", key)
-		issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
+		issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		assert.True(t, kStore.HasPrivateKey("test"))
 		assert.True(t, kStore.HasPublicKey("test"))
@ -41,7 +42,7 @@ func TestNewIssuer(t *testing.T) {
 		t.Parallel()
 		dir := afero.NewMemMapFs()
 		kStore := NewKeyStoreWithDir(dir)
-		issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
+		issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		assert.True(t, kStore.HasPrivateKey("test"))
 		assert.True(t, kStore.HasPublicKey("test"))