mirror of
https://github.com/1f349/mjwt.git
synced 2024-12-22 07:24:05 +00:00
Add signing method parameter
This commit is contained in:
parent
cd2d80cb09
commit
1fc34736a2
@ -2,6 +2,7 @@ package auth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/1f349/mjwt"
|
"github.com/1f349/mjwt"
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
@ -14,7 +15,7 @@ func TestCreateAccessToken(t *testing.T) {
|
|||||||
ps.Set("mjwt:test2")
|
ps.Set("mjwt:test2")
|
||||||
|
|
||||||
kStore := mjwt.NewKeyStore()
|
kStore := mjwt.NewKeyStore()
|
||||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
accessToken, err := CreateAccessToken(s, "1", "test", nil, ps)
|
accessToken, err := CreateAccessToken(s, "1", "test", nil, ps)
|
||||||
|
@ -2,6 +2,7 @@ package auth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/1f349/mjwt"
|
"github.com/1f349/mjwt"
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
@ -14,7 +15,7 @@ func TestCreateTokenPair(t *testing.T) {
|
|||||||
ps.Set("mjwt:test2")
|
ps.Set("mjwt:test2")
|
||||||
|
|
||||||
kStore := mjwt.NewKeyStore()
|
kStore := mjwt.NewKeyStore()
|
||||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
|
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps)
|
accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps)
|
||||||
|
@ -2,6 +2,7 @@ package auth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/1f349/mjwt"
|
"github.com/1f349/mjwt"
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
@ -10,7 +11,7 @@ func TestCreateRefreshToken(t *testing.T) {
|
|||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
kStore := mjwt.NewKeyStore()
|
kStore := mjwt.NewKeyStore()
|
||||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil)
|
refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil)
|
||||||
|
@ -2,6 +2,7 @@ package mjwt
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
@ -35,7 +36,7 @@ func TestExtractClaims(t *testing.T) {
|
|||||||
|
|
||||||
t.Run("TestNoKID", func(t *testing.T) {
|
t.Run("TestNoKID", func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
|
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
@ -48,9 +49,9 @@ func TestExtractClaims(t *testing.T) {
|
|||||||
|
|
||||||
t.Run("TestKID", func(t *testing.T) {
|
t.Run("TestKID", func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
|
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", kStore)
|
s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
|
token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
|
||||||
@ -72,7 +73,7 @@ func TestExtractClaimsFail(t *testing.T) {
|
|||||||
|
|
||||||
t.Run("TestInvalidClaims", func(t *testing.T) {
|
t.Run("TestInvalidClaims", func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
|
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
@ -85,7 +86,7 @@ func TestExtractClaimsFail(t *testing.T) {
|
|||||||
t.Run("TestKIDNonExist", func(t *testing.T) {
|
t.Run("TestKIDNonExist", func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
|
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
|
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
@ -70,7 +70,7 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
|
|||||||
kStore := mjwt.NewKeyStore()
|
kStore := mjwt.NewKeyStore()
|
||||||
kStore.LoadPrivateKey(s.kID, key)
|
kStore.LoadPrivateKey(s.kID, key)
|
||||||
|
|
||||||
issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, kStore)
|
issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, jwt.SigningMethodRS512, kStore)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic("this should not fail")
|
panic("this should not fail")
|
||||||
}
|
}
|
||||||
|
1
go.mod
1
go.mod
@ -21,6 +21,7 @@ require (
|
|||||||
github.com/kr/pretty v0.3.1 // indirect
|
github.com/kr/pretty v0.3.1 // indirect
|
||||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||||
github.com/rogpeppe/go-internal v1.12.0 // indirect
|
github.com/rogpeppe/go-internal v1.12.0 // indirect
|
||||||
|
golang.org/x/crypto v0.25.0 // indirect
|
||||||
golang.org/x/text v0.16.0 // indirect
|
golang.org/x/text v0.16.0 // indirect
|
||||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
|
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
|
||||||
)
|
)
|
||||||
|
6
go.sum
6
go.sum
@ -5,8 +5,12 @@ github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCist
|
|||||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
|
||||||
|
github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
|
||||||
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
||||||
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||||
|
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||||
|
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||||
github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
|
github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
|
||||||
github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
|
github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
|
||||||
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||||
@ -28,6 +32,8 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
|
|||||||
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
|
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
|
||||||
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
|
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
|
||||||
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||||
|
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
|
||||||
|
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
|
||||||
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
|
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
|
||||||
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||||
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
|
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
|
||||||
|
11
issuer.go
11
issuer.go
@ -10,15 +10,16 @@ import (
|
|||||||
type Issuer struct {
|
type Issuer struct {
|
||||||
issuer string
|
issuer string
|
||||||
kid string
|
kid string
|
||||||
|
signing jwt.SigningMethod
|
||||||
keystore *KeyStore
|
keystore *KeyStore
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewIssuer(name, kid string) (*Issuer, error) {
|
func NewIssuer(name, kid string, signing jwt.SigningMethod) (*Issuer, error) {
|
||||||
return NewIssuerWithKeyStore(name, kid, NewKeyStore())
|
return NewIssuerWithKeyStore(name, kid, signing, NewKeyStore())
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewIssuerWithKeyStore(name, kid string, keystore *KeyStore) (*Issuer, error) {
|
func NewIssuerWithKeyStore(name, kid string, signing jwt.SigningMethod, keystore *KeyStore) (*Issuer, error) {
|
||||||
i := &Issuer{name, kid, keystore}
|
i := &Issuer{name, kid, signing, keystore}
|
||||||
if i.keystore.HasPrivateKey(kid) {
|
if i.keystore.HasPrivateKey(kid) {
|
||||||
return i, nil
|
return i, nil
|
||||||
}
|
}
|
||||||
@ -39,7 +40,7 @@ func (i *Issuer) SignJwt(wrapped jwt.Claims) (string, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodRS512, wrapped)
|
token := jwt.NewWithClaims(i.signing, wrapped)
|
||||||
token.Header["kid"] = i.kid
|
token.Header["kid"] = i.kid
|
||||||
return token.SignedString(key)
|
return token.SignedString(key)
|
||||||
}
|
}
|
||||||
|
@ -4,6 +4,7 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"github.com/1f349/rsa-helper/rsaprivate"
|
"github.com/1f349/rsa-helper/rsaprivate"
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
"github.com/spf13/afero"
|
"github.com/spf13/afero"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"testing"
|
"testing"
|
||||||
@ -14,7 +15,7 @@ func TestNewIssuer(t *testing.T) {
|
|||||||
t.Run("generate missing key for issuer", func(t *testing.T) {
|
t.Run("generate missing key for issuer", func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
kStore := NewKeyStore()
|
kStore := NewKeyStore()
|
||||||
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
|
issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.True(t, kStore.HasPrivateKey("test"))
|
assert.True(t, kStore.HasPrivateKey("test"))
|
||||||
assert.True(t, kStore.HasPublicKey("test"))
|
assert.True(t, kStore.HasPublicKey("test"))
|
||||||
@ -27,7 +28,7 @@ func TestNewIssuer(t *testing.T) {
|
|||||||
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
kStore.LoadPrivateKey("test", key)
|
kStore.LoadPrivateKey("test", key)
|
||||||
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
|
issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.True(t, kStore.HasPrivateKey("test"))
|
assert.True(t, kStore.HasPrivateKey("test"))
|
||||||
assert.True(t, kStore.HasPublicKey("test"))
|
assert.True(t, kStore.HasPublicKey("test"))
|
||||||
@ -41,7 +42,7 @@ func TestNewIssuer(t *testing.T) {
|
|||||||
t.Parallel()
|
t.Parallel()
|
||||||
dir := afero.NewMemMapFs()
|
dir := afero.NewMemMapFs()
|
||||||
kStore := NewKeyStoreWithDir(dir)
|
kStore := NewKeyStoreWithDir(dir)
|
||||||
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
|
issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.True(t, kStore.HasPrivateKey("test"))
|
assert.True(t, kStore.HasPrivateKey("test"))
|
||||||
assert.True(t, kStore.HasPublicKey("test"))
|
assert.True(t, kStore.HasPublicKey("test"))
|
||||||
|
Loading…
Reference in New Issue
Block a user