Software / code / prosody
Diff
spec/util_jwt_spec.lua @ 12696:27a72982e331
util.jwt: Add support/tests for ES256 via improved API and using util.crypto
In many cases code will be either signing or verifying. With asymmetric
algorithms it's clearer and more efficient to just state that once, instead of
passing keys (and possibly other parameters) with every sign/verify call.
This also allows earlier validation of the key used.
The previous (HS256-only) sign/verify methods continue to be exposed for
backwards-compatibility.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 01 Jul 2022 18:51:15 +0100 |
| parent | 10661:4eee1aaa9405 |
| child | 12699:b3d0c1457584 |
line wrap: on
line diff
--- a/spec/util_jwt_spec.lua Thu Jun 30 15:38:22 2022 +0200 +++ b/spec/util_jwt_spec.lua Fri Jul 01 18:51:15 2022 +0100 @@ -16,5 +16,55 @@ local ok = jwt.verify(key, token); assert.falsy(ok) end); + + it("validates ES256", function () + local private_key = [[ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2 +OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r +1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G +-----END PRIVATE KEY----- +]]; + + local sign = jwt.new_signer("ES256", private_key); + + local token = sign({ + sub = "1234567890"; + name = "John Doe"; + admin = true; + iat = 1516239022; + }); + + local public_key = [[ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9 +q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg== +-----END PUBLIC KEY----- +]]; + local verify = jwt.new_verifier("ES256", public_key); + + local result = {verify(token)}; + assert.same({ + true; -- success + { -- payload + sub = "1234567890"; + name = "John Doe"; + admin = true; + iat = 1516239022; + }; + }, result); + + local result = {verify[[eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA]]}; + assert.same({ + true; -- success + { -- payload + sub = "1234567890"; + name = "John Doe"; + admin = true; + iat = 1516239022; + }; + }, result); + end); + end);
