Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: algorithm to initial keys #248

Merged
merged 5 commits into from
May 9, 2022
Merged

feat: algorithm to initial keys #248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cc42b9b
feat: algorithm in initial keys
ybelMekk May 7, 2022
d090faf
add: algorithm to initial key files
ybelMekk May 7, 2022
a728cda
revert
ybelMekk May 7, 2022
090f697
fix: "alg": "RS256"
ybelMekk May 7, 2022
1033dd8
fix: "alg":"ES256"
ybelMekk May 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions src/main/kotlin/no/nav/security/mock/oauth2/token/KeyGenerator.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ data class KeyGenerator(
if (keyGenerator.algorithm != KeyType.RSA.value) {
return keyGenerator.generateECKey(keyId, algorithm)
}
return keyGenerator.generateRSAKey(keyId)
return keyGenerator.generateRSAKey(keyId, algorithm)
}

private fun KeyPairGenerator.generateECKey(keyId: String, algorithm: JWSAlgorithm): JWK =
Expand All @@ -33,6 +33,7 @@ data class KeyGenerator(
.privateKey(it.private as ECPrivateKey)
.keyUse(KeyUse.SIGNATURE)
.keyID(keyId)
.algorithm(algorithm)
.build()
}

Expand All @@ -44,13 +45,14 @@ data class KeyGenerator(
}
}

private fun KeyPairGenerator.generateRSAKey(keyId: String): JWK =
private fun KeyPairGenerator.generateRSAKey(keyId: String, algorithm: JWSAlgorithm): JWK =
generateKeyPair()
.let {
RSAKey.Builder(it.public as RSAPublicKey)
.privateKey(it.private as RSAPrivateKey)
.keyUse(KeyUse.SIGNATURE)
.keyID(keyId)
.algorithm(algorithm)
.build()
}

Expand Down
6 changes: 4 additions & 2 deletions src/main/resources/mock-oauth2-server-keys-ec.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
"crv": "P-256",
"kid": "issuer0",
"x": "umybCYzE-VX_UAIJaX3wc-GTOgB7WDp7A3JJAKW_hqU",
"y": "m_sCzuMjiBSQ7At9yNktMQvE1cCKq68jO7wnRczwKw8"
"y": "m_sCzuMjiBSQ7At9yNktMQvE1cCKq68jO7wnRczwKw8",
"alg":"ES256"
},
{
"kty": "EC",
Expand All @@ -16,7 +17,8 @@
"crv": "P-256",
"kid": "issuer1",
"x": "YLAxep2KtJzgr6JZmlVgwmhoH08QKwG_ojgymdtcOkM",
"y": "jpDJ7qE5g0iIBEBIrilQrOniOgbaKw0UjMky99j18G4"
"y": "jpDJ7qE5g0iIBEBIrilQrOniOgbaKw0UjMky99j18G4",
"alg":"ES256"
}
]
}
5 changes: 5 additions & 0 deletions src/main/resources/mock-oauth2-server-keys.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
"kid": "initialkey-1",
"qi": "HqUVnJoG53wI1I3a922NDUWmVYxBa4fAA0nketVgSDbF5XkZTQW3JsC1K0oPqD-HtSz8bQu0JuOaG3ya-DVEGjeC8lpY_WX9rqoyBe-1AtqXOciU98iQwDIs5gARlTVj6q-jr867keNUdF8f9-GCFWqXWo0QFOeyXnOIwNRNJBo",
"dp": "V03XdUM3poP87odFTjV66Ltrzbun1x4WngakViZO8G3U2xPUuJWprRIDwXCj8Il5nOIoEloKpgWUaxcK3cKRcvZsCoEo6b_k-i800v9KkbuAftIxGzcyLIiUsh63uM80Vj-VzvkL83CsX8z243eUzNyJLgrJNNeQb0Guqv_xslM",
"alg": "RS256",
"dq": "pKUijDDeWjHIjzvYcyDYIRpQ806yftbUuVbe2AUElnXFmfHjoKjC3p5oCZtEUuHAS3omIWJirp8W7LwMwYqv1M8aJUXyzCkC6VAraN-fyM6n7hGRH68z_QUka8rVmi0-C9cMrtbsNixU-K_hTD4XsC3VeJnniSiQ-k6MJQx6fk8",
"n": "onZcB1ryWS1keTIcbgsLKJ1UBwL1Wbzse5P2HjkrNwbG3Jy2lefUEcTVJxN8bpLeW460Luz3ScZd3d9p8IoHjmhZ2cyO49E41aBRIlBRzWNpebK5xeC95rSKenYHpOPlLzPgybg2qxallzQUOcKCheiF0fsErlapaA9YmKwzP3DwvzYW4JqSrHhDGWPwUCcsR4dpetwKXP_9tRFso06ryr4um3qiq7giyZEyZVG3fHMplD-5e-2-RrzBiGFW_zvs-XVRGPIf9Y5YNjeQJRuS4vF82V8mNZxEZddtUY5plSz-vgX3GSvANLDH-LZJ76Zmx3a8dEZbI7VxgsBQAqcUlQ"
},
Expand All @@ -23,6 +24,7 @@
"kid": "initialkey-2",
"qi": "5OHgZtRG6CecHV-2AUlRZtHraN_G3nftrMAGuczh97RdjlEUxia_LkQqc_OUJf8M_57I5WZ4z2H7u1JVzscM3D7nFKJLq2JoW5kc2zffYhZm83mcTWyvQSf6WPvmqxqX2TZr_JFBLn0_33DQUZwOj4tAmvpXjYFCqWXbNjZxEs4",
"dp": "669a3fzXAU4IoCdgK5R5n35qGbNfex0zmYl9x2e01I7CoFEpFUT-vWDkUq5IPd2snz4LdjaUxzEvxFJJCkZvqCv1A7cfcX2AFy-cnGhNWzMOLPIUeah2O2uKNmxLkC_0YAaKiq4o7rPibzfR8WsNH2Ok_u1dF46ofrcJnXBMyks",
"alg": "RS256",
"dq": "FhPBDu9THYqwJTIic1epGUWS7lus7e2SsgdrTXCAgegq7L2W6uKwLDxUlh3GCoIXyakm0ks1SROpfkv8u-E-_LvtuIzviFaCuxAMDrQNNYPkqdAkP-4KFchAVYVyYQr3pAyeQbbrpa06lAhj64XqmhEUgnsfINYgR6iN81m1Dmk",
"n": "0PPC0byb9f-Kueq8B733sZnANXDHyy2M5qUr1vWW733l_lOf2dFKDu6csaGEALro_39EFjhoad1D7Ebw1srj5APElaX9QMQxjK4pEdJlNU9SygwBObgAqCxfWmBjNBQ4NBrG8wi61MG4aoYwi-5W-N0VLL6tOxe_V6JyA4P4e-EzrlRJm9_dHT6ev3c6KyaRcGVnOBuArj3uhOh15-tbjuux8P30kR6RytxRWRZzAQqpkekpBFYYvoFyP3N_WGU5ruOEUYF8KloDmFqANSpqXvUyI3kl-McTtqzH0BuZG6fG8bH3ZZdH1fM2BJ8z0fO7n24HhNn3lAIPo8q9OPlA2Q"
},
Expand All @@ -35,6 +37,7 @@
"use": "sig",
"kid": "initialkey-3",
"qi": "fLmBa9vAltNdT1Tdo9r24tStgsosNln8b0XQtNA-v5aSSZrGYQGUst5iC70J_qT0sLVALnJJoS0JeSkjBiC_PnnmtZbTOGkzgKsuimhNsIWUILrFiDgaR7ujEiNuDc-pucVPRQ2xLstvCmPR1ocSYpACR0dKZEgOfh3ghPL61zo",
"alg": "RS256",
"dp": "Y7WiU8y-mD9N10vU1ekND41APuyMNWvaBiZQAighgkdhOnkP7F1ylSC0LSmeKgvx3ArfnWU9y8DFzrIQPBLZoKut0gHVHuILhfUVt4V1J53DW1XbKvCA27NkMgqOzj5IMGQ9iU7oFfpkDd9CSh8lPQfuyy1tbxb0bHU4kRvD6HU",
"dq": "F3rf61hL1oR2Fg45OklKpH3WDzgEinAjt51SBPQydRg5oLdtX6mrn4A22TeDDoENRe0GNKTpzMwGhnOYLKLOw8ONg8_wzcNJaPLY_MPAKaAmTb16cFrrn-UYOsxCH_Qsbu6gpITxArqXQWtsE5cW1c_HPP7QiZpkwnZPVruh8NE",
"n": "iVHZcbSmKmmCCJQ52WFtyB5w6nE-34Ykds-GZSg47JI52Gr4wLKnpAfQH_zob_SikXQ9B98ivrI8-QoAAMbsrOnGJIcXgxoxZ2cYUOsR7Ft_M_22VCvyqH1YP0ahA-mnjfYHg_VfKW1PTdBqYcYT2XaX4nD7qDzIvarzQUYOYXlMMNaNAUj4Whq4IV_qvDJU7sUYRyrPOFKvLiH5d-EHPeV9Nut01Gt6Ux2OSOQheE7UizKNQx5cvrTXlKur5zS0xxCbkLsIh81xINYAfkmwwqwKZ5R0NdrqPvsjt_k3IMRjkE2OZ3eeBermYwtAJvSDpyIZn1ntYgvOwQpKxo3yxQ"
Expand All @@ -48,6 +51,7 @@
"use": "sig",
"kid": "initialkey-4",
"qi": "1vc5qZgIg3ptsg8WmyUHmpVCtY_PG8rnZSd0dIuC9u_c841FtRNMbUCNiTujthYmtlcaf6qIQiqmHBPWuEI00ywLcyUX-WDEzEkHUKqpuLGVM65MxlGV0LOO8hgdeGXfyrUYJ2ACG0yD5G6uj9I9Sl_aAyf0MQFfEaRTfE7CtLQ",
"alg": "RS256",
"dp": "bukEbR0RtCjZTXE-y9_seCqcPDCNw6ZkjCgKiNNdl2WwryMJx-Cf5KLEktNluCMnZTeuwrFkEwATKBdpUXKFET6CQ7pIf220OM-xUBjsSnA3IZnUfMufJ99RcvN90WrfWXhk8qPk9FPumrOo0rcwiZVbWGw8E8P8azIyouyEhKE",
"dq": "e9kNE_zLtCDiSpgLQB8I0q2Rp0xkUVtZdU5-wZhjY5C1bJkrzJdmglXLAjCsDAvrb9-3IYBUprJxfnPD55D1HvyBl92wyofNEwKZXXrVE5Gz_bm892ETsQTbs-X1sedOc4yvUJc8Kx39UGrsyoepXj9pcPKRWt53-u5BBRE_ohE",
"n": "qjErptJgXjqW9K-27k2FrSGiQJVFYbzlovJJtayk-ANMNpoJbTV5pMA6_ArxN3r_unUB6R6Psl0_LpIhM9LCUyUExZybnY9d0uVbbDtwVC-mFOs0dXQqEV7_DjicpuWQ0ds3lB_zG5nesokwAFNzvk7tvMhvIilkvh14Q5nWTI78rmMY_rjYDsNp0nIL4eUBOoUscqJQ6Z4bDhB1sygS3dFwjxFxCUEsRPjmpm2Qbw5nhVcJWO1KawB_PYqr54LaRY_VX_P3RhWWaDqTuHb_b9jcpZxfL3jWJ79Yjjyw2IAjJVjGnHqN-Yu_7Vh6vB8pDv7Jb2iCVJVLRl3opxEcdQ"
Expand All @@ -61,6 +65,7 @@
"use": "sig",
"kid": "initialkey-5",
"qi": "DY7KQvVnUgQJqIkTSObp6P4DMfHeiom_U4vgwKoFDNzYgMvLh_VvfPdhqzSS6IlPD0_Gyc7hwK5SpitLp-WmtNnsqfFKy0VQMFkiBfdJEPWIDMMUrZZ6nsl9KjV7MiDrkYonw71eSFNh2NEX30DWKTTk9KojpcU0HvM_912rH8o",
"alg": "RS256",
"dp": "fmNWjKDTzUGh1HBgNUbCzPeFTINddquq9FNs-xul9MKZ2CRtqQZrsyBFQHK5qv2en2QVP_XTIt_kPN00IkEOGRLE72R8s__HL6a9g8YSWOPtoX3MaDrdGQpCiefQTN1vVg0a6SdPPsipVmcH-eaJ003vgM4Au-v26p9lp3rdD1k",
"dq": "dOYRkWNZEJApnK1dz-OfC2kjYP_6tSI8PmXiXM19nWQfZfd5RRWu-f0Qc5NuQdhmv4bBsa-_F2OM6UOhRyutwrvQQRM679_924lI_eC4gGT7a32ZgcoT-MHxPgDx8hmG_bqwlKPYceORL2KLeQyinn264cjyev1H-BVky76InQs",
"n": "sOqj_2Zc0AB3St_KkSwChpNbNfFTd76_-mtPCT_xP68O-YAB20n_7HWi6zMwRMStA7q3_R9FnhJ-AHVj92dUhZB5BmgPHrEadYwS0F1XyVCbC4zprz1QVgZwxSzkIiZRtB4VNlfGkSfYaaE3Iw2V5Ns9owCx0OMfkoqVO_wK8kBLfe7HMI43xUMaSuekNRxGkxruEMWPuqwOq7-0NciX4meykz_jHybl1UlAtHhRhlI25LgsumsDP0N-3FNDv8uwwGrcalYwAj1tScpdawUgiN2WjxnZn_WtTMRVy2XzbNEvTHoOqygRLCmsBxErCNJDtiU9N__3M7XqzSO-wQmReQ"
Expand Down
3 changes: 3 additions & 0 deletions src/test/kotlin/no/nav/security/mock/oauth2/token/KeyGeneratorTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import com.nimbusds.jwt.JWTClaimsSet
import com.nimbusds.jwt.SignedJWT
import com.nimbusds.oauth2.sdk.id.Issuer
import io.kotest.assertions.throwables.shouldNotThrow
import io.kotest.matchers.collections.shouldBeIn
import io.kotest.matchers.shouldBe
import no.nav.security.mock.oauth2.extensions.verifySignatureAndIssuer
import no.nav.security.mock.oauth2.token.KeyGenerator.Companion.ecAlgorithmFamily
Expand All @@ -34,6 +35,7 @@ class KeyGeneratorTest {
keys.keyID shouldBe keyId
keys.keyType.toString() shouldBe KeyType.RSA.value
keys.keyUse.toString() shouldBe "sig"
keys.algorithm shouldBeIn rsaAlgorithmFamily

val issuer = Issuer("issuer$index")
val jwt = jwtWith(issuer.value, keyId, JOSEObjectType.JWT.type, jwsAlgorithm)
Expand Down Expand Up @@ -61,6 +63,7 @@ class KeyGeneratorTest {
keys.keyID shouldBe keyId
keys.keyType.toString() shouldBe KeyType.EC.value
keys.keyUse.toString() shouldBe "sig"
keys.algorithm shouldBeIn ecAlgorithmFamily

val issuer = Issuer("issuer$index")
val jwt = jwtWith(issuer.value, keyId, JOSEObjectType.JWT.type, jwsAlgorithm)
Expand Down