mirror of
https://github.com/1f349/mjwt.git
synced 2024-12-22 07:24:05 +00:00
Add signing method parameter
This commit is contained in:
parent
cd2d80cb09
commit
1fc34736a2
@ -2,6 +2,7 @@ package auth
|
||||
|
||||
import (
|
||||
"github.com/1f349/mjwt"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"testing"
|
||||
)
|
||||
@ -14,7 +15,7 @@ func TestCreateAccessToken(t *testing.T) {
|
||||
ps.Set("mjwt:test2")
|
||||
|
||||
kStore := mjwt.NewKeyStore()
|
||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
|
||||
accessToken, err := CreateAccessToken(s, "1", "test", nil, ps)
|
||||
|
@ -2,6 +2,7 @@ package auth
|
||||
|
||||
import (
|
||||
"github.com/1f349/mjwt"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"testing"
|
||||
)
|
||||
@ -14,7 +15,7 @@ func TestCreateTokenPair(t *testing.T) {
|
||||
ps.Set("mjwt:test2")
|
||||
|
||||
kStore := mjwt.NewKeyStore()
|
||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
|
||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
|
||||
accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps)
|
||||
|
@ -2,6 +2,7 @@ package auth
|
||||
|
||||
import (
|
||||
"github.com/1f349/mjwt"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"testing"
|
||||
)
|
||||
@ -10,7 +11,7 @@ func TestCreateRefreshToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
kStore := mjwt.NewKeyStore()
|
||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
||||
s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
|
||||
refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil)
|
||||
|
@ -2,6 +2,7 @@ package mjwt
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"testing"
|
||||
"time"
|
||||
@ -35,7 +36,7 @@ func TestExtractClaims(t *testing.T) {
|
||||
|
||||
t.Run("TestNoKID", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
|
||||
assert.NoError(t, err)
|
||||
@ -48,9 +49,9 @@ func TestExtractClaims(t *testing.T) {
|
||||
|
||||
t.Run("TestKID", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", kStore)
|
||||
s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
|
||||
token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
|
||||
@ -72,7 +73,7 @@ func TestExtractClaimsFail(t *testing.T) {
|
||||
|
||||
t.Run("TestInvalidClaims", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
|
||||
assert.NoError(t, err)
|
||||
@ -85,7 +86,7 @@ func TestExtractClaimsFail(t *testing.T) {
|
||||
t.Run("TestKIDNonExist", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
|
||||
s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
|
||||
assert.NoError(t, err)
|
||||
|
@ -70,7 +70,7 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
|
||||
kStore := mjwt.NewKeyStore()
|
||||
kStore.LoadPrivateKey(s.kID, key)
|
||||
|
||||
issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, kStore)
|
||||
issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, jwt.SigningMethodRS512, kStore)
|
||||
if err != nil {
|
||||
panic("this should not fail")
|
||||
}
|
||||
|
1
go.mod
1
go.mod
@ -21,6 +21,7 @@ require (
|
||||
github.com/kr/pretty v0.3.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/rogpeppe/go-internal v1.12.0 // indirect
|
||||
golang.org/x/crypto v0.25.0 // indirect
|
||||
golang.org/x/text v0.16.0 // indirect
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
|
||||
)
|
||||
|
6
go.sum
6
go.sum
@ -5,8 +5,12 @@ github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCist
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
|
||||
github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
|
||||
github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
|
||||
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
@ -28,6 +32,8 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
|
||||
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
|
||||
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
|
||||
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
|
||||
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
|
||||
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
|
||||
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
|
||||
|
11
issuer.go
11
issuer.go
@ -10,15 +10,16 @@ import (
|
||||
type Issuer struct {
|
||||
issuer string
|
||||
kid string
|
||||
signing jwt.SigningMethod
|
||||
keystore *KeyStore
|
||||
}
|
||||
|
||||
func NewIssuer(name, kid string) (*Issuer, error) {
|
||||
return NewIssuerWithKeyStore(name, kid, NewKeyStore())
|
||||
func NewIssuer(name, kid string, signing jwt.SigningMethod) (*Issuer, error) {
|
||||
return NewIssuerWithKeyStore(name, kid, signing, NewKeyStore())
|
||||
}
|
||||
|
||||
func NewIssuerWithKeyStore(name, kid string, keystore *KeyStore) (*Issuer, error) {
|
||||
i := &Issuer{name, kid, keystore}
|
||||
func NewIssuerWithKeyStore(name, kid string, signing jwt.SigningMethod, keystore *KeyStore) (*Issuer, error) {
|
||||
i := &Issuer{name, kid, signing, keystore}
|
||||
if i.keystore.HasPrivateKey(kid) {
|
||||
return i, nil
|
||||
}
|
||||
@ -39,7 +40,7 @@ func (i *Issuer) SignJwt(wrapped jwt.Claims) (string, error) {
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodRS512, wrapped)
|
||||
token := jwt.NewWithClaims(i.signing, wrapped)
|
||||
token.Header["kid"] = i.kid
|
||||
return token.SignedString(key)
|
||||
}
|
||||
|
@ -4,6 +4,7 @@ import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"github.com/1f349/rsa-helper/rsaprivate"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/spf13/afero"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"testing"
|
||||
@ -14,7 +15,7 @@ func TestNewIssuer(t *testing.T) {
|
||||
t.Run("generate missing key for issuer", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
kStore := NewKeyStore()
|
||||
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
|
||||
issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, kStore.HasPrivateKey("test"))
|
||||
assert.True(t, kStore.HasPublicKey("test"))
|
||||
@ -27,7 +28,7 @@ func TestNewIssuer(t *testing.T) {
|
||||
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
assert.NoError(t, err)
|
||||
kStore.LoadPrivateKey("test", key)
|
||||
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
|
||||
issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, kStore.HasPrivateKey("test"))
|
||||
assert.True(t, kStore.HasPublicKey("test"))
|
||||
@ -41,7 +42,7 @@ func TestNewIssuer(t *testing.T) {
|
||||
t.Parallel()
|
||||
dir := afero.NewMemMapFs()
|
||||
kStore := NewKeyStoreWithDir(dir)
|
||||
issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
|
||||
issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, kStore.HasPrivateKey("test"))
|
||||
assert.True(t, kStore.HasPublicKey("test"))
|
||||
|
Loading…
Reference in New Issue
Block a user