398 lines
15 KiB
Go
398 lines
15 KiB
Go
package jose
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"encoding/json"
|
|
"fmt"
|
|
"math/big"
|
|
"testing"
|
|
)
|
|
|
|
// Base64 Tests
|
|
|
|
func TestB64Enc(t *testing.T) {
|
|
fmt.Println("--> TestB64Enc")
|
|
in := []byte{0x00, 0xff}
|
|
out := "AP8"
|
|
if x := b64enc(in); x != out {
|
|
t.Errorf("b64enc(%v) = %v, want %v", in, x, out)
|
|
}
|
|
}
|
|
|
|
func TestB64Dec(t *testing.T) {
|
|
fmt.Println("--> TestB64Dec")
|
|
in := "_wA"
|
|
out := []byte{0xFF, 0x00}
|
|
x, err := b64dec(in)
|
|
if (err != nil) || (bytes.Compare(x, out) != 0) {
|
|
t.Errorf("b64dec(%v) = %v, want %v", in, x, out)
|
|
}
|
|
}
|
|
|
|
// JWK Tests (from draft-ietf-jose-cookbook)
|
|
|
|
func TestRsaJwk(t *testing.T) {
|
|
fmt.Println("--> TestRsaJwk")
|
|
in := `{
|
|
"kty": "RSA",
|
|
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
|
|
"e": "AQAB"
|
|
}`
|
|
var out JsonWebKey
|
|
err := json.Unmarshal([]byte(in), &out)
|
|
if err != nil {
|
|
t.Errorf("JSON unmarshal error: %+v", err)
|
|
return
|
|
}
|
|
|
|
if out.KeyType != "RSA" {
|
|
t.Errorf("Incorrect key type %+v, expecting %+v", out.KeyType, "RSA")
|
|
return
|
|
}
|
|
|
|
if out.Rsa == nil {
|
|
t.Errorf("RSA key not present")
|
|
return
|
|
}
|
|
|
|
if out.Rsa.E != 0x010001 {
|
|
t.Errorf("Incorrect public exponent %+v, expecting %+v", out.Rsa.E, 0x010001)
|
|
return
|
|
}
|
|
|
|
nBytes := []byte{
|
|
0x9f, 0x81, 0x0f, 0xb4, 0x03, 0x82, 0x73, 0xd0, 0x25, 0x91, 0xe4, 0x07, 0x3f, 0x31, 0xd2, 0xb6,
|
|
0x00, 0x1b, 0x82, 0xce, 0xdb, 0x4d, 0x92, 0xf0, 0x50, 0x16, 0x5d, 0x47, 0xcf, 0xca, 0xb8, 0xa3,
|
|
0xc4, 0x1c, 0xb7, 0x78, 0xac, 0x75, 0x53, 0x79, 0x3f, 0x8e, 0xf9, 0x75, 0x76, 0x8d, 0x1a, 0x23,
|
|
0x74, 0xd8, 0x71, 0x25, 0x64, 0xc3, 0xbc, 0xd7, 0x7b, 0x9e, 0xa4, 0x34, 0x54, 0x48, 0x99, 0x40,
|
|
0x7c, 0xff, 0x00, 0x99, 0x92, 0x0a, 0x93, 0x1a, 0x24, 0xc4, 0x41, 0x48, 0x52, 0xab, 0x29, 0xbd,
|
|
0xb0, 0xa9, 0x5c, 0x06, 0x53, 0xf3, 0x6c, 0x60, 0xe6, 0x0b, 0xf9, 0x0b, 0x62, 0x58, 0xdd, 0xa5,
|
|
0x6f, 0x37, 0x04, 0x7b, 0xa5, 0xc2, 0xd1, 0xd0, 0x29, 0xaf, 0x9c, 0x9d, 0x40, 0xba, 0xc7, 0xaa,
|
|
0x41, 0xc7, 0x8a, 0x0d, 0xd1, 0x06, 0x8a, 0xdd, 0x69, 0x9e, 0x80, 0x8f, 0xea, 0x01, 0x1e, 0xa1,
|
|
0x44, 0x1d, 0x8a, 0x4f, 0x7b, 0xb4, 0xe9, 0x7b, 0xe3, 0x9f, 0x55, 0xf1, 0xdd, 0xd4, 0x4e, 0x9c,
|
|
0x4b, 0xa3, 0x35, 0x15, 0x97, 0x03, 0xd4, 0xd3, 0x4b, 0x60, 0x3e, 0x65, 0x14, 0x7a, 0x4f, 0x23,
|
|
0xd6, 0xd3, 0xc0, 0x99, 0x6c, 0x75, 0xed, 0xee, 0x84, 0x6a, 0x82, 0xd1, 0x90, 0xae, 0x10, 0x78,
|
|
0x3c, 0x96, 0x1c, 0xf0, 0x38, 0x7a, 0xed, 0x21, 0x06, 0xd2, 0xd0, 0x55, 0x5b, 0x6f, 0xd9, 0x37,
|
|
0xfa, 0xd5, 0x53, 0x53, 0x87, 0xe0, 0xff, 0x72, 0xff, 0xbe, 0x78, 0x94, 0x14, 0x02, 0xb0, 0xb8,
|
|
0x22, 0xea, 0x2a, 0x74, 0xb6, 0x05, 0x8c, 0x1d, 0xab, 0xf9, 0xb3, 0x4a, 0x76, 0xcb, 0x63, 0xb8,
|
|
0x7f, 0xaa, 0x2c, 0x68, 0x47, 0xb8, 0xe2, 0x83, 0x7f, 0xff, 0x91, 0x18, 0x6e, 0x6b, 0x1c, 0x14,
|
|
0x91, 0x1c, 0xf9, 0x89, 0xa8, 0x90, 0x92, 0xa8, 0x1c, 0xe6, 0x01, 0xdd, 0xac, 0xd3, 0xf9, 0xcf}
|
|
n := big.NewInt(0)
|
|
n.SetBytes(nBytes)
|
|
if out.Rsa.N.Cmp(n) != 0 {
|
|
t.Errorf("Incorrect modulus %+v, expecting %+v", out.Rsa.N, n)
|
|
return
|
|
}
|
|
}
|
|
|
|
func TestEcJwk(t *testing.T) {
|
|
fmt.Println("--> TestEcJwk")
|
|
in := `{
|
|
"kty": "EC",
|
|
"crv": "P-521",
|
|
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
|
|
"y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
|
|
}`
|
|
var out JsonWebKey
|
|
err := json.Unmarshal([]byte(in), &out)
|
|
if err != nil {
|
|
t.Errorf("JSON unmarshal error: %+v", err)
|
|
return
|
|
}
|
|
|
|
if out.KeyType != "EC" {
|
|
t.Errorf("Incorrect key type %+v, expecting %+v", out.KeyType, "RSA")
|
|
return
|
|
}
|
|
|
|
if out.Ec == nil {
|
|
t.Errorf("EC key not present")
|
|
return
|
|
}
|
|
|
|
if out.Ec.Curve.Params().BitSize != 521 {
|
|
t.Errorf("Incorrect curve size %+v, expecting %+v", out.Ec.Curve.Params().BitSize, 521)
|
|
return
|
|
}
|
|
|
|
xBytes := []byte{
|
|
0x00, 0x72, 0x99, 0x2c, 0xb3, 0xac, 0x08, 0xec, 0xf3, 0xe5, 0xc6,
|
|
0x3d, 0xed, 0xec, 0x0d, 0x51, 0xa8, 0xc1, 0xf7, 0x9e, 0xf2, 0xf8,
|
|
0x2f, 0x94, 0xf3, 0xc7, 0x37, 0xbf, 0x5d, 0xe7, 0x98, 0x66, 0x71,
|
|
0xea, 0xc6, 0x25, 0xfe, 0x82, 0x57, 0xbb, 0xd0, 0x39, 0x46, 0x44,
|
|
0xca, 0xaa, 0x3a, 0xaf, 0x8f, 0x27, 0xa4, 0x58, 0x5f, 0xbb, 0xca,
|
|
0xd0, 0xf2, 0x45, 0x76, 0x20, 0x08, 0x5e, 0x5c, 0x8f, 0x42, 0xad}
|
|
x := big.NewInt(0)
|
|
x.SetBytes(xBytes)
|
|
if out.Ec.X.Cmp(x) != 0 {
|
|
t.Errorf("Incorrect X-coordinate %+v, expecting %+v", out.Ec.X, x)
|
|
return
|
|
}
|
|
|
|
yBytes := []byte{
|
|
0x01, 0xdc, 0xa6, 0x94, 0x7b, 0xce, 0x88, 0xbc, 0x57, 0x90, 0x48,
|
|
0x5a, 0xc9, 0x74, 0x27, 0x34, 0x2b, 0xc3, 0x5f, 0x88, 0x7d, 0x86,
|
|
0xd6, 0x5a, 0x08, 0x93, 0x77, 0xe2, 0x47, 0xe6, 0x0b, 0xaa, 0x55,
|
|
0xe4, 0xe8, 0x50, 0x1e, 0x2a, 0xda, 0x57, 0x24, 0xac, 0x51, 0xd6,
|
|
0x90, 0x90, 0x08, 0x03, 0x3e, 0xbc, 0x10, 0xac, 0x99, 0x9b, 0x9d,
|
|
0x7f, 0x5c, 0xc2, 0x51, 0x9f, 0x3f, 0xe1, 0xea, 0x1d, 0x94, 0x75}
|
|
y := big.NewInt(0)
|
|
y.SetBytes(yBytes)
|
|
if out.Ec.Y.Cmp(y) != 0 {
|
|
t.Errorf("Incorrect X-coordinate %+v, expecting %+v", out.Ec.Y, y)
|
|
return
|
|
}
|
|
}
|
|
|
|
// JWS Tests (from draft-ietf-jose-cookbook)
|
|
|
|
func TestRsaJwsVerify(t *testing.T) {
|
|
fmt.Println("--> TestRsaJwsVerify")
|
|
in := `{
|
|
"header": {
|
|
"jwk": {
|
|
"kty": "RSA",
|
|
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
|
|
"e": "AQAB"
|
|
}
|
|
},
|
|
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4",
|
|
"protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
|
|
"signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
|
|
}`
|
|
|
|
var out JsonWebSignature
|
|
err := json.Unmarshal([]byte(in), &out)
|
|
if err != nil {
|
|
t.Errorf("JSON unmarshal error: %+v", err)
|
|
return
|
|
}
|
|
|
|
err = out.Verify()
|
|
if err != nil {
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func TestRsaPssJwsVerify(t *testing.T) {
|
|
fmt.Println("--> TestRsaPssJwsVerify")
|
|
in := `{
|
|
"header": {
|
|
"jwk": {
|
|
"kty": "RSA",
|
|
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
|
|
"e": "AQAB"
|
|
}
|
|
},
|
|
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4",
|
|
"protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
|
|
"signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
|
|
}`
|
|
|
|
var out JsonWebSignature
|
|
err := json.Unmarshal([]byte(in), &out)
|
|
if err != nil {
|
|
t.Errorf("JSON unmarshal error: %+v", err)
|
|
return
|
|
}
|
|
|
|
err = out.Verify()
|
|
if err != nil {
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func TestEcJwsVerify(t *testing.T) {
|
|
fmt.Println("--> TestEcJwsVerify")
|
|
in := `{
|
|
"header": {
|
|
"jwk": {
|
|
"kty": "EC",
|
|
"crv": "P-521",
|
|
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
|
|
"y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
|
|
}
|
|
},
|
|
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4",
|
|
"protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
|
|
"signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
|
|
}`
|
|
|
|
var out JsonWebSignature
|
|
err := json.Unmarshal([]byte(in), &out)
|
|
if err != nil {
|
|
t.Errorf("JSON unmarshal error: %+v", err)
|
|
return
|
|
}
|
|
|
|
err = out.Verify()
|
|
if err != nil {
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func bigIntFromB64(b64 string) *big.Int {
|
|
bytes, _ := b64dec(b64)
|
|
x := big.NewInt(0)
|
|
x.SetBytes(bytes)
|
|
return x
|
|
}
|
|
|
|
func intFromB64(b64 string) int {
|
|
return int(bigIntFromB64(b64).Int64())
|
|
}
|
|
|
|
func TestRsaJwsSign(t *testing.T) {
|
|
fmt.Println("--> TestRsaJwsSign")
|
|
n := bigIntFromB64("n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw")
|
|
e := intFromB64("AQAB")
|
|
d := bigIntFromB64("bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ")
|
|
p := bigIntFromB64("uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc")
|
|
q := bigIntFromB64("uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc")
|
|
priv := rsa.PrivateKey{
|
|
PublicKey: rsa.PublicKey{N: n, E: e},
|
|
D: d,
|
|
Primes: []*big.Int{p, q},
|
|
}
|
|
|
|
payload, _ := b64dec("It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.")
|
|
|
|
jws, err := Sign(RSAPKCS1WithSHA256, priv, payload)
|
|
if err != nil {
|
|
t.Errorf("Signature generation failed: %+v", err)
|
|
return
|
|
}
|
|
|
|
err = jws.Verify()
|
|
if err != nil {
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func TestRsaPssJwsSign(t *testing.T) {
|
|
fmt.Println("--> TestRsaPssJwsSign")
|
|
n := bigIntFromB64("n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw")
|
|
e := intFromB64("AQAB")
|
|
d := bigIntFromB64("bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ")
|
|
p := bigIntFromB64("uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc")
|
|
q := bigIntFromB64("uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc")
|
|
priv := rsa.PrivateKey{
|
|
PublicKey: rsa.PublicKey{N: n, E: e},
|
|
D: d,
|
|
Primes: []*big.Int{p, q},
|
|
}
|
|
|
|
payload, _ := b64dec("It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.")
|
|
|
|
jws, err := Sign(RSAPSSWithSHA256, priv, payload)
|
|
if err != nil {
|
|
t.Errorf("Signature generation failed: %+v", err)
|
|
return
|
|
}
|
|
|
|
err = jws.Verify()
|
|
if err != nil {
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func TestEcJwsSign(t *testing.T) {
|
|
fmt.Println("--> TestEcJwsSign")
|
|
x := bigIntFromB64("AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt")
|
|
y := bigIntFromB64("AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1")
|
|
d := bigIntFromB64("AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zbKipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt")
|
|
|
|
priv := ecdsa.PrivateKey{
|
|
PublicKey: ecdsa.PublicKey{Curve: elliptic.P521(), X: x, Y: y},
|
|
D: d,
|
|
}
|
|
|
|
payload, _ := b64dec("It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.")
|
|
|
|
jws, err := Sign(ECDSAWithSHA512, priv, payload)
|
|
if err != nil {
|
|
t.Errorf("Signature generation failed: %+v", err)
|
|
return
|
|
}
|
|
|
|
err = jws.Verify()
|
|
if err != nil {
|
|
// XXX: This sometimes failes, haven't debugged
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func TestJwsCompact(t *testing.T) {
|
|
fmt.Println("--> TestJwsCompact")
|
|
payload := []byte{0, 0, 0, 0}
|
|
|
|
priv, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
if err != nil {
|
|
fmt.Println(err)
|
|
}
|
|
|
|
jws, err := Sign(RSAPSSWithSHA256, *priv, payload)
|
|
if err != nil {
|
|
t.Errorf("Signature generation failed: %+v", err)
|
|
return
|
|
}
|
|
|
|
compact, err := jws.MarshalCompact()
|
|
if err != nil {
|
|
t.Errorf("Failed to marshal compact: %+v", err)
|
|
}
|
|
|
|
jws2, err := UnmarshalCompact(compact)
|
|
if err != nil {
|
|
t.Errorf("Failed to unmarshal compact: %+v", err)
|
|
}
|
|
|
|
err = jws2.Verify()
|
|
if err != nil {
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
|
|
}
|
|
|
|
// Testing node.js generated JWS
|
|
func TestRsaNodeJwsVerify(t *testing.T) {
|
|
fmt.Println("--> TestRsaNodeJwsVerify")
|
|
in := `{
|
|
"header": {
|
|
"alg": "RS256",
|
|
"jwk": {
|
|
"kty": "RSA",
|
|
"n": "q_X8f1LAnSxsB-_MQ64XaigtXEljPAZZlJlep5NJrOzSH4m55GEXMbzmATzi-_WFulAqajfK_LY33hByxoXdrQ",
|
|
"e": "AQAB"
|
|
}
|
|
},
|
|
"protected": "eyJub25jZSI6IlJVUEZVVVZWX1d0bW8ycTVrcXgwUlEifQ",
|
|
"payload": "aGVsbG8sIHdvcmxkIQ",
|
|
"signature": "aGK0GWcCgvXzOZKR0Wn4YiKYUgtFKWFlDHcXL5T5CA5x5oyZrPovnJEyfU1IDHtQp0ZD-EbT05tSVMoeY48qHQ"
|
|
}`
|
|
|
|
var out JsonWebSignature
|
|
err := json.Unmarshal([]byte(in), &out)
|
|
if err != nil {
|
|
t.Errorf("JSON unmarshal error: %+v", err)
|
|
return
|
|
}
|
|
|
|
err = out.Verify()
|
|
if err != nil {
|
|
t.Errorf("Signature failed verification: %+v", err)
|
|
return
|
|
}
|
|
}
|