Merge pull request #1390 from dmcgowan/token-server
Simple integration test token server
This commit is contained in:
Aaron Lehmann
commit
db48ad4d0f
2 changed files with 11 additions and 10 deletions
|
|
@ -52,11 +52,11 @@ type ClaimSet struct {
|
||||||
|
|
||||||
// Header describes the header section of a JSON Web Token.
|
// Header describes the header section of a JSON Web Token.
|
||||||
type Header struct {
|
type Header struct {
|
||||||
Type string `json:"typ"`
|
Type string `json:"typ"`
|
||||||
SigningAlg string `json:"alg"`
|
SigningAlg string `json:"alg"`
|
||||||
KeyID string `json:"kid,omitempty"`
|
KeyID string `json:"kid,omitempty"`
|
||||||
X5c []string `json:"x5c,omitempty"`
|
X5c []string `json:"x5c,omitempty"`
|
||||||
RawJWK json.RawMessage `json:"jwk,omitempty"`
|
RawJWK *json.RawMessage `json:"jwk,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Token describes a JSON Web Token.
|
// Token describes a JSON Web Token.
|
||||||
|
|
@ -193,7 +193,7 @@ func (t *Token) VerifySigningKey(verifyOpts VerifyOptions) (signingKey libtrust.
|
||||||
switch {
|
switch {
|
||||||
case len(x5c) > 0:
|
case len(x5c) > 0:
|
||||||
signingKey, err = parseAndVerifyCertChain(x5c, verifyOpts.Roots)
|
signingKey, err = parseAndVerifyCertChain(x5c, verifyOpts.Roots)
|
||||||
case len(rawJWK) > 0:
|
case rawJWK != nil:
|
||||||
signingKey, err = parseAndVerifyRawJWK(rawJWK, verifyOpts)
|
signingKey, err = parseAndVerifyRawJWK(rawJWK, verifyOpts)
|
||||||
case len(keyID) > 0:
|
case len(keyID) > 0:
|
||||||
signingKey = verifyOpts.TrustedKeys[keyID]
|
signingKey = verifyOpts.TrustedKeys[keyID]
|
||||||
|
|
@ -266,8 +266,8 @@ func parseAndVerifyCertChain(x5c []string, roots *x509.CertPool) (leafKey libtru
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseAndVerifyRawJWK(rawJWK json.RawMessage, verifyOpts VerifyOptions) (pubKey libtrust.PublicKey, err error) {
|
func parseAndVerifyRawJWK(rawJWK *json.RawMessage, verifyOpts VerifyOptions) (pubKey libtrust.PublicKey, err error) {
|
||||||
pubKey, err = libtrust.UnmarshalPublicKeyJWK([]byte(rawJWK))
|
pubKey, err = libtrust.UnmarshalPublicKeyJWK([]byte(*rawJWK))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to decode raw JWK value: %s", err)
|
return nil, fmt.Errorf("unable to decode raw JWK value: %s", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -97,7 +97,8 @@ func makeTestToken(issuer, audience string, access []*ResourceActions, rootKey l
|
||||||
return nil, fmt.Errorf("unable to amke signing key with chain: %s", err)
|
return nil, fmt.Errorf("unable to amke signing key with chain: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
rawJWK, err := signingKey.PublicKey().MarshalJSON()
|
var rawJWK json.RawMessage
|
||||||
|
rawJWK, err = signingKey.PublicKey().MarshalJSON()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to marshal signing key to JSON: %s", err)
|
return nil, fmt.Errorf("unable to marshal signing key to JSON: %s", err)
|
||||||
}
|
}
|
||||||
|
|
@ -105,7 +106,7 @@ func makeTestToken(issuer, audience string, access []*ResourceActions, rootKey l
|
||||||
joseHeader := &Header{
|
joseHeader := &Header{
|
||||||
Type: "JWT",
|
Type: "JWT",
|
||||||
SigningAlg: "ES256",
|
SigningAlg: "ES256",
|
||||||
RawJWK: json.RawMessage(rawJWK),
|
RawJWK: &rawJWK,
|
||||||
}
|
}
|
||||||
|
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue