Merge pull request #1390 from dmcgowan/token-server

Simple integration test token server
This commit is contained in:
Aaron Lehmann 2016-02-01 16:27:49 -08:00
commit db48ad4d0f
2 changed files with 11 additions and 10 deletions

View file

@ -52,11 +52,11 @@ type ClaimSet struct {
// Header describes the header section of a JSON Web Token. // Header describes the header section of a JSON Web Token.
type Header struct { type Header struct {
Type string `json:"typ"` Type string `json:"typ"`
SigningAlg string `json:"alg"` SigningAlg string `json:"alg"`
KeyID string `json:"kid,omitempty"` KeyID string `json:"kid,omitempty"`
X5c []string `json:"x5c,omitempty"` X5c []string `json:"x5c,omitempty"`
RawJWK json.RawMessage `json:"jwk,omitempty"` RawJWK *json.RawMessage `json:"jwk,omitempty"`
} }
// Token describes a JSON Web Token. // Token describes a JSON Web Token.
@ -193,7 +193,7 @@ func (t *Token) VerifySigningKey(verifyOpts VerifyOptions) (signingKey libtrust.
switch { switch {
case len(x5c) > 0: case len(x5c) > 0:
signingKey, err = parseAndVerifyCertChain(x5c, verifyOpts.Roots) signingKey, err = parseAndVerifyCertChain(x5c, verifyOpts.Roots)
case len(rawJWK) > 0: case rawJWK != nil:
signingKey, err = parseAndVerifyRawJWK(rawJWK, verifyOpts) signingKey, err = parseAndVerifyRawJWK(rawJWK, verifyOpts)
case len(keyID) > 0: case len(keyID) > 0:
signingKey = verifyOpts.TrustedKeys[keyID] signingKey = verifyOpts.TrustedKeys[keyID]
@ -266,8 +266,8 @@ func parseAndVerifyCertChain(x5c []string, roots *x509.CertPool) (leafKey libtru
return return
} }
func parseAndVerifyRawJWK(rawJWK json.RawMessage, verifyOpts VerifyOptions) (pubKey libtrust.PublicKey, err error) { func parseAndVerifyRawJWK(rawJWK *json.RawMessage, verifyOpts VerifyOptions) (pubKey libtrust.PublicKey, err error) {
pubKey, err = libtrust.UnmarshalPublicKeyJWK([]byte(rawJWK)) pubKey, err = libtrust.UnmarshalPublicKeyJWK([]byte(*rawJWK))
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to decode raw JWK value: %s", err) return nil, fmt.Errorf("unable to decode raw JWK value: %s", err)
} }

View file

@ -97,7 +97,8 @@ func makeTestToken(issuer, audience string, access []*ResourceActions, rootKey l
return nil, fmt.Errorf("unable to amke signing key with chain: %s", err) return nil, fmt.Errorf("unable to amke signing key with chain: %s", err)
} }
rawJWK, err := signingKey.PublicKey().MarshalJSON() var rawJWK json.RawMessage
rawJWK, err = signingKey.PublicKey().MarshalJSON()
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to marshal signing key to JSON: %s", err) return nil, fmt.Errorf("unable to marshal signing key to JSON: %s", err)
} }
@ -105,7 +106,7 @@ func makeTestToken(issuer, audience string, access []*ResourceActions, rootKey l
joseHeader := &Header{ joseHeader := &Header{
Type: "JWT", Type: "JWT",
SigningAlg: "ES256", SigningAlg: "ES256",
RawJWK: json.RawMessage(rawJWK), RawJWK: &rawJWK,
} }
now := time.Now() now := time.Now()