From 5aed334e047f4f2d5edb421bdad4a7a426fb46bd Mon Sep 17 00:00:00 2001 From: Dave Grijalva Date: Sat, 5 Jul 2014 15:08:42 -0700 Subject: [PATCH 1/3] Added support for HS384 and HS512 signing methods Renamed type SigningMethodHS256 to SigningMethodHMAC Added contstants SigningMethodHS256, SigningMethodHS384, and SigningMethodHS512 to support each of these methods Added simple tests to support these new methods --- hmac.go | 65 ++++++++++++++++++++++++++++++++++ sha256_test.go => hmac_test.go | 43 ++++++++++++++-------- sha256.go | 41 --------------------- test/hmacTestKey | 1 + 4 files changed, 94 insertions(+), 56 deletions(-) create mode 100644 hmac.go rename sha256_test.go => hmac_test.go (56%) delete mode 100644 sha256.go create mode 100644 test/hmacTestKey diff --git a/hmac.go b/hmac.go new file mode 100644 index 0000000..b6c1b33 --- /dev/null +++ b/hmac.go @@ -0,0 +1,65 @@ +package jwt + +import ( + "bytes" + "crypto" + "crypto/hmac" + "errors" +) + +type SigningMethodHMAC struct { + Name string + Hash crypto.Hash +} + +var ( + SigningMethodHS256 *SigningMethodHMAC + SigningMethodHS384 *SigningMethodHMAC + SigningMethodHS512 *SigningMethodHMAC +) + +func init() { + // HS256 + SigningMethodHS256 = &SigningMethodHMAC{"HS256", crypto.SHA256} + RegisterSigningMethod(SigningMethodHS256.Alg(), func() SigningMethod { + return SigningMethodHS256 + }) + + // HS384 + SigningMethodHS384 = &SigningMethodHMAC{"HS384", crypto.SHA384} + RegisterSigningMethod(SigningMethodHS384.Alg(), func() SigningMethod { + return SigningMethodHS384 + }) + + // HS512 + SigningMethodHS512 = &SigningMethodHMAC{"HS512", crypto.SHA512} + RegisterSigningMethod(SigningMethodHS512.Alg(), func() SigningMethod { + return SigningMethodHS512 + }) +} + +func (m *SigningMethodHMAC) Alg() string { + return m.Name +} + +func (m *SigningMethodHMAC) Verify(signingString, signature string, key []byte) error { + // Key + var sig []byte + var err error + if sig, err = DecodeSegment(signature); err == nil { + hasher := hmac.New(m.Hash.New, key) + hasher.Write([]byte(signingString)) + + if !bytes.Equal(sig, hasher.Sum(nil)) { + err = errors.New("Signature is invalid") + } + } + return err +} + +func (m *SigningMethodHMAC) Sign(signingString string, key []byte) (string, error) { + hasher := hmac.New(m.Hash.New, key) + hasher.Write([]byte(signingString)) + + return EncodeSegment(hasher.Sum(nil)), nil +} diff --git a/sha256_test.go b/hmac_test.go similarity index 56% rename from sha256_test.go rename to hmac_test.go index 4dfbf84..64d319c 100644 --- a/sha256_test.go +++ b/hmac_test.go @@ -1,44 +1,57 @@ package jwt import ( + "io/ioutil" "strings" "testing" ) -var sha256TestData = []struct { +var hmacTestData = []struct { name string tokenString string + alg string claims map[string]interface{} valid bool }{ { "web sample", "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk", + "HS256", + map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, + true, + }, + { + "HS384", + "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.KWZEuOD5lbBxZ34g7F-SlVLAQ_r5KApWNWlZIIMyQVz5Zs58a7XdNzj5_0EcNoOy", + "HS384", + map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, + true, + }, + { + "HS512", + "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.CN7YijRX6Aw1n2jyI2Id1w90ja-DEMYiWixhYCyHnrZ1VfJRaFQz1bEbjjA5Fn4CLYaUG432dEYmSbS4Saokmw", + "HS512", map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, true, }, { "web sample: invalid", "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo", + "HS256", map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, false, }, } // Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1 -var sha256TestKey = []byte{ - 3, 35, 53, 75, 43, 15, 165, 188, 131, 126, 6, 101, 119, 123, 166, - 143, 90, 179, 40, 230, 240, 84, 201, 40, 169, 15, 132, 178, 210, 80, - 46, 191, 211, 251, 90, 146, 210, 6, 71, 239, 150, 138, 180, 195, 119, - 98, 61, 34, 61, 46, 33, 114, 5, 46, 79, 8, 192, 205, 154, 245, 103, - 208, 128, 163} +var hmacTestKey, _ = ioutil.ReadFile("test/hmacTestKey") -func TestHS256Verify(t *testing.T) { - for _, data := range sha256TestData { +func TestHMACVerify(t *testing.T) { + for _, data := range hmacTestData { parts := strings.Split(data.tokenString, ".") - method := GetSigningMethod("HS256") - err := method.Verify(strings.Join(parts[0:2], "."), parts[2], sha256TestKey) + method := GetSigningMethod(data.alg) + err := method.Verify(strings.Join(parts[0:2], "."), parts[2], hmacTestKey) if data.valid && err != nil { t.Errorf("[%v] Error while verifying key: %v", data.name, err) } @@ -48,12 +61,12 @@ func TestHS256Verify(t *testing.T) { } } -func TestHS256Sign(t *testing.T) { - for _, data := range sha256TestData { +func TestHMACSign(t *testing.T) { + for _, data := range hmacTestData { if data.valid { parts := strings.Split(data.tokenString, ".") - method := GetSigningMethod("HS256") - sig, err := method.Sign(strings.Join(parts[0:2], "."), sha256TestKey) + method := GetSigningMethod(data.alg) + sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey) if err != nil { t.Errorf("[%v] Error signing token: %v", data.name, err) } diff --git a/sha256.go b/sha256.go deleted file mode 100644 index 4868b0b..0000000 --- a/sha256.go +++ /dev/null @@ -1,41 +0,0 @@ -package jwt - -import ( - "bytes" - "crypto/hmac" - "crypto/sha256" - "errors" -) - -type SigningMethodHS256 struct{} - -func init() { - RegisterSigningMethod("HS256", func() SigningMethod { - return new(SigningMethodHS256) - }) -} - -func (m *SigningMethodHS256) Alg() string { - return "HS256" -} - -func (m *SigningMethodHS256) Verify(signingString, signature string, key []byte) (err error) { - // Key - var sig []byte - if sig, err = DecodeSegment(signature); err == nil { - hasher := hmac.New(sha256.New, key) - hasher.Write([]byte(signingString)) - - if !bytes.Equal(sig, hasher.Sum(nil)) { - err = errors.New("Signature is invalid") - } - } - return -} - -func (m *SigningMethodHS256) Sign(signingString string, key []byte) (string, error) { - hasher := hmac.New(sha256.New, key) - hasher.Write([]byte(signingString)) - - return EncodeSegment(hasher.Sum(nil)), nil -} diff --git a/test/hmacTestKey b/test/hmacTestKey new file mode 100644 index 0000000..435b8dd --- /dev/null +++ b/test/hmacTestKey @@ -0,0 +1 @@ +#5K+~ew{Z(T(P.ZGwb="=.!r.O͚gЀ \ No newline at end of file From 97430c0b8b45d93df00c07b6db2961dd1145a4a0 Mon Sep 17 00:00:00 2001 From: Dave Grijalva Date: Sat, 5 Jul 2014 15:25:29 -0700 Subject: [PATCH 2/3] cleaned up and flattened RS256 implementation --- rs256.go | 88 ------------------------ rsa.go | 125 +++++++++++++++++++++++++++++++++++ rs256_test.go => rsa_test.go | 13 ++-- 3 files changed, 133 insertions(+), 93 deletions(-) delete mode 100644 rs256.go create mode 100644 rsa.go rename rs256_test.go => rsa_test.go (91%) diff --git a/rs256.go b/rs256.go deleted file mode 100644 index 05f24c4..0000000 --- a/rs256.go +++ /dev/null @@ -1,88 +0,0 @@ -package jwt - -import ( - "crypto" - "crypto/rand" - "crypto/rsa" - "crypto/sha256" - "crypto/x509" - "encoding/pem" - "errors" -) - -type SigningMethodRS256 struct{} - -func init() { - RegisterSigningMethod("RS256", func() SigningMethod { - return new(SigningMethodRS256) - }) -} - -func (m *SigningMethodRS256) Alg() string { - return "RS256" -} - -func (m *SigningMethodRS256) Verify(signingString, signature string, key []byte) (err error) { - // Key - var sig []byte - if sig, err = DecodeSegment(signature); err == nil { - var block *pem.Block - if block, _ = pem.Decode(key); block != nil { - var parsedKey interface{} - if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil { - parsedKey, err = x509.ParseCertificate(block.Bytes) - } - if err == nil { - if rsaKey, ok := parsedKey.(*rsa.PublicKey); ok { - hasher := sha256.New() - hasher.Write([]byte(signingString)) - - err = rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, hasher.Sum(nil), sig) - } else if cert, ok := parsedKey.(*x509.Certificate); ok { - err = cert.CheckSignature(x509.SHA256WithRSA, []byte(signingString), sig) - } else { - err = errors.New("Key is not a valid RSA public key") - } - } - } else { - err = errors.New("Could not parse key data") - } - } - return -} - -// Implements the Sign method from SigningMethod -// For this signing method, must be PEM encoded PKCS1 or PKCS8 RSA private key -func (m *SigningMethodRS256) Sign(signingString string, key []byte) (sig string, err error) { - // Key - var rsaKey *rsa.PrivateKey - if rsaKey, err = m.parsePrivateKey(key); err == nil { - hasher := sha256.New() - hasher.Write([]byte(signingString)) - - var sigBytes []byte - if sigBytes, err = rsa.SignPKCS1v15(rand.Reader, rsaKey, crypto.SHA256, hasher.Sum(nil)); err == nil { - sig = EncodeSegment(sigBytes) - } - } - return -} - -func (m *SigningMethodRS256) parsePrivateKey(key []byte) (pkey *rsa.PrivateKey, err error) { - var block *pem.Block - if block, _ = pem.Decode(key); block != nil { - var parsedKey interface{} - if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { - if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { - return nil, err - } - } - var ok bool - if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok { - err = errors.New("Key is not a valid RSA private key") - } - } else { - err = errors.New("Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key") - } - return -} diff --git a/rsa.go b/rsa.go new file mode 100644 index 0000000..33b26cc --- /dev/null +++ b/rsa.go @@ -0,0 +1,125 @@ +package jwt + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "encoding/pem" + "errors" +) + +type SigningMethodRS256 struct{} + +func init() { + RegisterSigningMethod("RS256", func() SigningMethod { + return new(SigningMethodRS256) + }) +} + +func (m *SigningMethodRS256) Alg() string { + return "RS256" +} + +func (m *SigningMethodRS256) Verify(signingString, signature string, key []byte) error { + var err error + + // Decode the signature + var sig []byte + if sig, err = DecodeSegment(signature); err != nil { + return err + } + + // Parse public key + var rsaKey *rsa.PublicKey + if rsaKey, err = m.parsePublicKey(key); err != nil { + return err + } + + // Create hasher + hasher := sha256.New() + hasher.Write([]byte(signingString)) + + // Verify the signature + return rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, hasher.Sum(nil), sig) +} + +// Implements the Sign method from SigningMethod +// For this signing method, must be PEM encoded PKCS1 or PKCS8 RSA private key +func (m *SigningMethodRS256) Sign(signingString string, key []byte) (string, error) { + var err error + + // Key + var rsaKey *rsa.PrivateKey + if rsaKey, err = m.parsePrivateKey(key); err != nil { + return "", err + } + + // Create the hasher + hasher := sha256.New() + hasher.Write([]byte(signingString)) + + // Sign the string and return the encoded bytes + if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, crypto.SHA256, hasher.Sum(nil)); err == nil { + return EncodeSegment(sigBytes), nil + } else { + return "", err + } + +} + +// Parse PEM encoded PKCS1 or PKCS8 public key +func (m *SigningMethodRS256) parsePublicKey(key []byte) (*rsa.PublicKey, error) { + var err error + + // Parse PEM block + var block *pem.Block + if block, _ = pem.Decode(key); block == nil { + return nil, errors.New("Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key") + } + + // Parse the key + var parsedKey interface{} + if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil { + if cert, err := x509.ParseCertificate(block.Bytes); err == nil { + return nil, err + } else { + parsedKey = cert.PublicKey + } + } + + var pkey *rsa.PublicKey + var ok bool + if pkey, ok = parsedKey.(*rsa.PublicKey); !ok { + return nil, errors.New("Key is not a valid RSA public key") + } + + return pkey, nil +} + +// Parse PEM encoded PKCS1 or PKCS8 private key +func (m *SigningMethodRS256) parsePrivateKey(key []byte) (*rsa.PrivateKey, error) { + var err error + + // Parse PEM block + var block *pem.Block + if block, _ = pem.Decode(key); block == nil { + return nil, errors.New("Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key") + } + + var parsedKey interface{} + if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { + if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { + return nil, err + } + } + + var pkey *rsa.PrivateKey + var ok bool + if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok { + return nil, errors.New("Key is not a valid RSA private key") + } + + return pkey, nil +} diff --git a/rs256_test.go b/rsa_test.go similarity index 91% rename from rs256_test.go rename to rsa_test.go index e0404e3..c71c98f 100644 --- a/rs256_test.go +++ b/rsa_test.go @@ -9,30 +9,33 @@ import ( var rsaTestData = []struct { name string tokenString string + alg string claims map[string]interface{} valid bool }{ { "basic: foo => bar", "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.FhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg", + "RS256", map[string]interface{}{"foo": "bar"}, true, }, { "basic invalid: foo => bar", "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg", + "RS256", map[string]interface{}{"foo": "bar"}, false, }, } -func TestRS256Verify(t *testing.T) { +func TestRSAVerify(t *testing.T) { key, _ := ioutil.ReadFile("test/sample_key.pub") for _, data := range rsaTestData { parts := strings.Split(data.tokenString, ".") - method := GetSigningMethod("RS256") + method := GetSigningMethod(data.alg) err := method.Verify(strings.Join(parts[0:2], "."), parts[2], key) if data.valid && err != nil { t.Errorf("[%v] Error while verifying key: %v", data.name, err) @@ -43,13 +46,13 @@ func TestRS256Verify(t *testing.T) { } } -func TestRS256Sign(t *testing.T) { +func TestRSASign(t *testing.T) { key, _ := ioutil.ReadFile("test/sample_key") for _, data := range rsaTestData { if data.valid { parts := strings.Split(data.tokenString, ".") - method := GetSigningMethod("RS256") + method := GetSigningMethod(data.alg) sig, err := method.Sign(strings.Join(parts[0:2], "."), key) if err != nil { t.Errorf("[%v] Error signing token: %v", data.name, err) @@ -61,7 +64,7 @@ func TestRS256Sign(t *testing.T) { } } -func TestKeyParsing(t *testing.T) { +func TestRSAKeyParsing(t *testing.T) { key, _ := ioutil.ReadFile("test/sample_key") pubKey, _ := ioutil.ReadFile("test/sample_key.pub") badKey := []byte("All your base are belong to key") From 629af62465e3c5e2ab5c5e97d22d4e593ab0a9bc Mon Sep 17 00:00:00 2001 From: Dave Grijalva Date: Sat, 5 Jul 2014 15:34:31 -0700 Subject: [PATCH 3/3] Added support for RS384 and RS512 signing methods Renamed type SigningMethodRS256 to SigningMethodRSA Added contstants SigningMethodRS256, SigningMethodRS384, and SigningMethodRS512 to support each of these methods Added simple tests to support these new methods --- rsa.go | 52 +++++++++++++++++++++++++++++++++++++--------------- rsa_test.go | 18 ++++++++++++++++-- 2 files changed, 53 insertions(+), 17 deletions(-) diff --git a/rsa.go b/rsa.go index 33b26cc..f30c6c9 100644 --- a/rsa.go +++ b/rsa.go @@ -4,25 +4,47 @@ import ( "crypto" "crypto/rand" "crypto/rsa" - "crypto/sha256" "crypto/x509" "encoding/pem" "errors" ) -type SigningMethodRS256 struct{} +type SigningMethodRSA struct { + Name string + Hash crypto.Hash +} + +var ( + SigningMethodRS256 *SigningMethodRSA + SigningMethodRS384 *SigningMethodRSA + SigningMethodRS512 *SigningMethodRSA +) func init() { - RegisterSigningMethod("RS256", func() SigningMethod { - return new(SigningMethodRS256) + // RS256 + SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256} + RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod { + return SigningMethodRS256 + }) + + // RS384 + SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384} + RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod { + return SigningMethodRS384 + }) + + // RS512 + SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512} + RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod { + return SigningMethodRS512 }) } -func (m *SigningMethodRS256) Alg() string { - return "RS256" +func (m *SigningMethodRSA) Alg() string { + return m.Name } -func (m *SigningMethodRS256) Verify(signingString, signature string, key []byte) error { +func (m *SigningMethodRSA) Verify(signingString, signature string, key []byte) error { var err error // Decode the signature @@ -38,30 +60,30 @@ func (m *SigningMethodRS256) Verify(signingString, signature string, key []byte) } // Create hasher - hasher := sha256.New() + hasher := m.Hash.New() hasher.Write([]byte(signingString)) // Verify the signature - return rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, hasher.Sum(nil), sig) + return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig) } // Implements the Sign method from SigningMethod // For this signing method, must be PEM encoded PKCS1 or PKCS8 RSA private key -func (m *SigningMethodRS256) Sign(signingString string, key []byte) (string, error) { +func (m *SigningMethodRSA) Sign(signingString string, key []byte) (string, error) { var err error - // Key + // Parse private key var rsaKey *rsa.PrivateKey if rsaKey, err = m.parsePrivateKey(key); err != nil { return "", err } // Create the hasher - hasher := sha256.New() + hasher := m.Hash.New() hasher.Write([]byte(signingString)) // Sign the string and return the encoded bytes - if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, crypto.SHA256, hasher.Sum(nil)); err == nil { + if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil { return EncodeSegment(sigBytes), nil } else { return "", err @@ -70,7 +92,7 @@ func (m *SigningMethodRS256) Sign(signingString string, key []byte) (string, err } // Parse PEM encoded PKCS1 or PKCS8 public key -func (m *SigningMethodRS256) parsePublicKey(key []byte) (*rsa.PublicKey, error) { +func (m *SigningMethodRSA) parsePublicKey(key []byte) (*rsa.PublicKey, error) { var err error // Parse PEM block @@ -99,7 +121,7 @@ func (m *SigningMethodRS256) parsePublicKey(key []byte) (*rsa.PublicKey, error) } // Parse PEM encoded PKCS1 or PKCS8 private key -func (m *SigningMethodRS256) parsePrivateKey(key []byte) (*rsa.PrivateKey, error) { +func (m *SigningMethodRSA) parsePrivateKey(key []byte) (*rsa.PrivateKey, error) { var err error // Parse PEM block diff --git a/rsa_test.go b/rsa_test.go index c71c98f..158dcb9 100644 --- a/rsa_test.go +++ b/rsa_test.go @@ -14,12 +14,26 @@ var rsaTestData = []struct { valid bool }{ { - "basic: foo => bar", + "Basic RS256", "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.FhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg", "RS256", map[string]interface{}{"foo": "bar"}, true, }, + { + "Basic RS384", + "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.W-jEzRfBigtCWsinvVVuldiuilzVdU5ty0MvpLaSaqK9PlAWWlDQ1VIQ_qSKzwL5IXaZkvZFJXT3yL3n7OUVu7zCNJzdwznbC8Z-b0z2lYvcklJYi2VOFRcGbJtXUqgjk2oGsiqUMUMOLP70TTefkpsgqDxbRh9CDUfpOJgW-dU7cmgaoswe3wjUAUi6B6G2YEaiuXC0XScQYSYVKIzgKXJV8Zw-7AN_DBUI4GkTpsvQ9fVVjZM9csQiEXhYekyrKu1nu_POpQonGd8yqkIyXPECNmmqH5jH4sFiF67XhD7_JpkvLziBpI-uh86evBUadmHhb9Otqw3uV3NTaXLzJw", + "RS384", + map[string]interface{}{"foo": "bar"}, + true, + }, + { + "Basic RS512", + "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.zBlLlmRrUxx4SJPUbV37Q1joRcI9EW13grnKduK3wtYKmDXbgDpF1cZ6B-2Jsm5RB8REmMiLpGms-EjXhgnyh2TSHE-9W2gA_jvshegLWtwRVDX40ODSkTb7OVuaWgiy9y7llvcknFBTIg-FnVPVpXMmeV_pvwQyhaz1SSwSPrDyxEmksz1hq7YONXhXPpGaNbMMeDTNP_1oj8DZaqTIL9TwV8_1wb2Odt_Fy58Ke2RVFijsOLdnyEAjt2n9Mxihu9i3PhNBkkxa2GbnXBfq3kzvZ_xxGGopLdHhJjcGWXO-NiwI9_tiu14NRv4L2xC0ItD9Yz68v2ZIZEp_DuzwRQ", + "RS512", + map[string]interface{}{"foo": "bar"}, + true, + }, { "basic invalid: foo => bar", "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg", @@ -68,7 +82,7 @@ func TestRSAKeyParsing(t *testing.T) { key, _ := ioutil.ReadFile("test/sample_key") pubKey, _ := ioutil.ReadFile("test/sample_key.pub") badKey := []byte("All your base are belong to key") - method := GetSigningMethod("RS256").(*SigningMethodRS256) + method := GetSigningMethod("RS256").(*SigningMethodRSA) if _, e := method.parsePrivateKey(key); e != nil { t.Errorf("Failed to parse valid private key: %v", e)