Software /
code /
prosody
Comparison
spec/util_jwt_spec.lua @ 12696:27a72982e331
util.jwt: Add support/tests for ES256 via improved API and using util.crypto
In many cases code will be either signing or verifying. With asymmetric
algorithms it's clearer and more efficient to just state that once, instead of
passing keys (and possibly other parameters) with every sign/verify call.
This also allows earlier validation of the key used.
The previous (HS256-only) sign/verify methods continue to be exposed for
backwards-compatibility.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 01 Jul 2022 18:51:15 +0100 |
parent | 10661:4eee1aaa9405 |
child | 12699:b3d0c1457584 |
comparison
equal
deleted
inserted
replaced
12695:6aaa604fdfd5 | 12696:27a72982e331 |
---|---|
14 local token = jwt.sign("wrong", { payload = "this" }); | 14 local token = jwt.sign("wrong", { payload = "this" }); |
15 assert.string(token); | 15 assert.string(token); |
16 local ok = jwt.verify(key, token); | 16 local ok = jwt.verify(key, token); |
17 assert.falsy(ok) | 17 assert.falsy(ok) |
18 end); | 18 end); |
19 | |
20 it("validates ES256", function () | |
21 local private_key = [[ | |
22 -----BEGIN PRIVATE KEY----- | |
23 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2 | |
24 OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r | |
25 1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G | |
26 -----END PRIVATE KEY----- | |
27 ]]; | |
28 | |
29 local sign = jwt.new_signer("ES256", private_key); | |
30 | |
31 local token = sign({ | |
32 sub = "1234567890"; | |
33 name = "John Doe"; | |
34 admin = true; | |
35 iat = 1516239022; | |
36 }); | |
37 | |
38 local public_key = [[ | |
39 -----BEGIN PUBLIC KEY----- | |
40 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9 | |
41 q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg== | |
42 -----END PUBLIC KEY----- | |
43 ]]; | |
44 local verify = jwt.new_verifier("ES256", public_key); | |
45 | |
46 local result = {verify(token)}; | |
47 assert.same({ | |
48 true; -- success | |
49 { -- payload | |
50 sub = "1234567890"; | |
51 name = "John Doe"; | |
52 admin = true; | |
53 iat = 1516239022; | |
54 }; | |
55 }, result); | |
56 | |
57 local result = {verify[[eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA]]}; | |
58 assert.same({ | |
59 true; -- success | |
60 { -- payload | |
61 sub = "1234567890"; | |
62 name = "John Doe"; | |
63 admin = true; | |
64 iat = 1516239022; | |
65 }; | |
66 }, result); | |
67 end); | |
68 | |
19 end); | 69 end); |
20 | 70 |