operations_test.go 19.6 KB
Newer Older
1
package keysharecore
2
3
4

import (
	"crypto/rand"
5
	"crypto/rsa"
6
	"encoding/base64"
7
	"fmt"
8
9
10
11
12
	"os"
	"testing"
	"time"

	"github.com/dgrijalva/jwt-go"
13
	"github.com/privacybydesign/gabi/gabikeys"
14
15
16
17
18
19
20
21
22
23
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
	irma "github.com/privacybydesign/irmago"
)

func TestPinFunctionality(t *testing.T) {
	// Setup keys for test
24
	var key AESKey
25
	_, err := rand.Read(key[:])
26
	require.NoError(t, err)
27
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
28
29
30
31

	// generate test pin
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
32
	require.NoError(t, err)
33
34
35
	pin := string(bpin[:])

	// Generate package
36
	ep, err := c.NewUser(pin)
37
	require.NoError(t, err)
38
39

	// Test with correct pin
40
	j, err := c.ValidatePin(ep, pin, "testid")
41
	assert.NoError(t, err)
42
43
44
45
46
47
48
49
	var claims jwt.StandardClaims
	_, err = jwt.ParseWithClaims(j, &claims, func(_ *jwt.Token) (interface{}, error) {
		return &jwtTestKey.PublicKey, nil
	})
	assert.NoError(t, err)
	assert.Equal(t, "auth_tok", claims.Subject)
	assert.Equal(t, time.Now().Unix()+JWTPinExpiryDefault, claims.ExpiresAt)
	assert.Equal(t, JWTIssuerDefault, claims.Issuer)
50
51
52
53

	// test change pin
	var bnewpin [64]byte
	_, err = rand.Read(bnewpin[:])
54
	require.NoError(t, err)
55
	newpin := string(bnewpin[:])
56
	ep, err = c.ChangePin(ep, pin, newpin)
57
	require.NoError(t, err)
58
59

	// test correct pin
60
	_, err = c.ValidatePin(ep, newpin, "testid")
61
	assert.NoError(t, err)
62
63

	// Test incorrect pin
64
	_, err = c.ValidatePin(ep, pin, "testid")
65
	assert.Error(t, err)
66
67
68
69
}

func TestVerifyAccess(t *testing.T) {
	// Setup keys for test
70
	var key AESKey
71
	_, err := rand.Read(key[:])
72
	require.NoError(t, err)
73
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
74
75
76
77
78
79
80
81
82
83
84

	// Generate test pins
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
	require.NoError(t, err)
	pin1 := string(bpin[:])
	_, err = rand.Read(bpin[:])
	require.NoError(t, err)
	pin2 := string(bpin[:])

	// and test keyshare secrets
85
	ep1, err := c.NewUser(pin1)
86
	require.NoError(t, err)
87
	ep2, err := c.NewUser(pin2)
88
89
90
	require.NoError(t, err)

	// Test use jwt on wrong packet
91
	jwtt, err := c.ValidatePin(ep1, pin1, "testid")
92
	require.NoError(t, err)
93
	_, err = c.verifyAccess(ep2, jwtt)
94
95
96
	assert.Error(t, err)

	// Test incorrectly constructed jwts
97
	p, err := c.verifyAccess(ep1, jwtt)
98
	require.NoError(t, err)
99
	id := p.id()
100
	tokenID := base64.StdEncoding.EncodeToString(id[:])
101
102

	// incorrect exp
103
	token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
104
105
		"iat":      time.Now().Add(-6 * time.Minute).Unix(),
		"exp":      time.Now().Add(-3 * time.Minute).Unix(),
106
		"token_id": tokenID,
107
	})
108
	jwtt, err = token.SignedString(c.jwtPrivateKey)
109
	require.NoError(t, err)
110
	_, err = c.verifyAccess(ep1, jwtt)
111
112
113
	assert.Error(t, err)

	// missing exp
114
	token = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
115
		"iat":      time.Now().Unix(),
116
		"token_id": tokenID,
117
	})
118
	jwtt, err = token.SignedString(c.jwtPrivateKey)
119
	require.NoError(t, err)
120
	_, err = c.verifyAccess(ep1, jwtt)
121
122
123
	assert.Error(t, err)

	// Incorrectly typed exp
124
	token = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
125
126
		"iat":      time.Now().Unix(),
		"exp":      "test",
127
		"token_id": tokenID,
128
	})
129
	jwtt, err = token.SignedString(c.jwtPrivateKey)
130
	require.NoError(t, err)
131
	_, err = c.verifyAccess(ep1, jwtt)
132
133
	assert.Error(t, err)

134
	// missing token_id
135
	token = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
136
137
		"iat": time.Now().Unix(),
		"exp": time.Now().Add(3 * time.Minute).Unix(),
138
	})
139
	jwtt, err = token.SignedString(c.jwtPrivateKey)
140
	require.NoError(t, err)
141
	_, err = c.verifyAccess(ep1, jwtt)
142
143
	assert.Error(t, err)

144
	// mistyped token_id
145
	token = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
146
147
148
		"iat":      time.Now().Unix(),
		"exp":      time.Now().Add(3 * time.Minute).Unix(),
		"token_id": 7,
149
	})
150
	jwtt, err = token.SignedString(c.jwtPrivateKey)
151
	require.NoError(t, err)
152
	_, err = c.verifyAccess(ep1, jwtt)
153
154
155
156
	assert.Error(t, err)

	// Incorrect signing method
	token = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
157
158
		"iat":      time.Now().Unix(),
		"exp":      time.Now().Add(3 * time.Minute).Unix(),
159
		"token_id": tokenID,
160
161
162
	})
	jwtt, err = token.SignedString([]byte("bla"))
	require.NoError(t, err)
163
	_, err = c.verifyAccess(ep1, jwtt)
164
165
166
167
168
	assert.Error(t, err)
}

func TestProofFunctionality(t *testing.T) {
	// Setup keys for test
169
	var key AESKey
170
	_, err := rand.Read(key[:])
171
	require.NoError(t, err)
172
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
173
	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
174
175
176
177

	// generate test pin
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
178
	require.NoError(t, err)
179
180
181
	pin := string(bpin[:])

	// generate keyshare secret
182
	ep, err := c.NewUser(pin)
183
	require.NoError(t, err)
184
185

	// Validate pin
186
	jwtt, err := c.ValidatePin(ep, pin, "testid")
187
	require.NoError(t, err)
188
189

	// Get keyshare commitment
190
	W, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
191
	require.NoError(t, err)
192
193

	// Get keyshare response
194
	Rjwt, err := c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
195
	require.NoError(t, err)
196

197
198
199
200
201
202
203
	// Decode jwt
	claims := &struct {
		jwt.StandardClaims
		ProofP *gabi.ProofP
	}{}
	fmt.Println(Rjwt)
	_, err = jwt.ParseWithClaims(Rjwt, claims, func(tok *jwt.Token) (interface{}, error) {
204
		return &c.jwtPrivateKey.PublicKey, nil
205
206
207
	})
	require.NoError(t, err)

208
	// Validate protocol execution
209
	assert.Equal(t, 0, new(big.Int).Exp(testPubK1.R[0], claims.ProofP.SResponse, testPubK1.N).Cmp(
210
211
		new(big.Int).Mod(
			new(big.Int).Mul(
212
213
				W[0].Pcommit,
				new(big.Int).Exp(W[0].P, big.NewInt(12345), testPubK1.N)),
214
			testPubK1.N)), "Crypto result off")
215
216
217
218
}

func TestCorruptedPacket(t *testing.T) {
	// Setup keys for test
219
	var key AESKey
220
	_, err := rand.Read(key[:])
221
	require.NoError(t, err)
222
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
223
	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
224
225
226
227

	// Test parameters
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
228
	require.NoError(t, err)
229
230
231
	pin := string(bpin[:])

	// Generate packet
232
	ep, err := c.NewUser(pin)
233
	require.NoError(t, err)
234

235
	jwtt, err := c.ValidatePin(ep, pin, "testid")
236
237
	require.NoError(t, err)

238
	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
239
240
	require.NoError(t, err)

241
242
243
244
	// Corrupt packet
	ep[12] = ep[12] + 1

	// Verify pin
245
	_, err = c.ValidatePin(ep, pin, "testid")
246
	assert.Error(t, err, "ValidatePin accepts corrupted keyshare packet")
247
248

	// Change pin
249
	_, err = c.ChangePin(ep, pin, pin)
250
	assert.Error(t, err, "ChangePin accepts corrupted keyshare packet")
251

252
	// GenerateCommitments
253
	_, _, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
254
	assert.Error(t, err, "GenerateCommitments accepts corrupted keyshare packet")
255
256

	// GetResponse
257
	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
258
	assert.Error(t, err, "GenerateResponse accepts corrupted keyshare packet")
259
260
261
262
}

func TestIncorrectPin(t *testing.T) {
	// Setup keys for test
263
	var key AESKey
264
	_, err := rand.Read(key[:])
265
	require.NoError(t, err)
266
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
267
	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
268
269
270
271

	// Test parameters
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
272
	require.NoError(t, err)
273
274
275
	pin := string(bpin[:])

	// Generate packet
276
	ep, err := c.NewUser(pin)
277
	require.NoError(t, err)
278

279
	// validate pin
280
	jwtt, err := c.ValidatePin(ep, pin, "testid")
281
282
	require.NoError(t, err)

283
284
285
286
287
	// Corrupt pin
	bpin[12] = bpin[12] + 1
	pin = string(bpin[:])

	// Change pin
288
	_, err = c.ChangePin(ep, pin, pin)
289
	assert.Error(t, err, "ChangePin accepts incorrect pin")
290
291

	// GetResponse
292
	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
293
	require.NoError(t, err)
294
	_, err = c.GenerateResponse(ep, "pin", commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
295
	assert.Error(t, err, "GenerateResponse accepts incorrect pin")
296
297
298
299
}

func TestMissingKey(t *testing.T) {
	// Setup keys for test
300
	var key AESKey
301
	_, err := rand.Read(key[:])
302
	require.NoError(t, err)
303
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
304
	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
305
306
307
308

	// Test parameters
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
309
	require.NoError(t, err)
310
311
312
	pin := string(bpin[:])

	// Generate packet
313
	ep, err := c.NewUser(pin)
314
	require.NoError(t, err)
315

316
	// Generate jwt
317
	jwtt, err := c.ValidatePin(ep, pin, "testid")
318
319
	require.NoError(t, err)

320
	// GenerateCommitments
321
	_, _, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("DNE"), Counter: 1}})
322
	assert.Error(t, err, "Missing key not detected by generateCommitments")
323

324
	// GenerateResponse
325
	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
326
	require.NoError(t, err)
327
	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("DNE"), Counter: 1})
328
	assert.Error(t, err, "Missing key not detected by generateresponse")
329
330
331
332
}

func TestInvalidChallenge(t *testing.T) {
	// Setup keys for test
333
	var key AESKey
334
	_, err := rand.Read(key[:])
335
	require.NoError(t, err)
336
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
337
	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
338
339
340
341

	// Test parameters
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
342
	require.NoError(t, err)
343
344
345
	pin := string(bpin[:])

	// Generate packet
346
	ep, err := c.NewUser(pin)
347
	require.NoError(t, err)
348
349

	// Validate pin
350
	jwtt, err := c.ValidatePin(ep, pin, "testid")
351
352
353
	require.NoError(t, err)

	// Test negative challenge
354
	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
355
	require.NoError(t, err)
356
	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(-1), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
357
	assert.Error(t, err, "GenerateResponse incorrectly accepts negative challenge")
358
359

	// Test too large challenge
360
	_, commitID, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
361
	require.NoError(t, err)
362
	_, err = c.GenerateResponse(ep, jwtt, commitID, new(big.Int).Lsh(big.NewInt(1), 256), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
363
	assert.Error(t, err, "GenerateResponse accepts challenge that is too small")
364
365

	// Test just-right challenge
366
	_, commitID, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
367
	require.NoError(t, err)
368
	_, err = c.GenerateResponse(ep, jwtt, commitID, new(big.Int).Lsh(big.NewInt(1), 255), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
369
	assert.NoError(t, err, "GenerateResponse does not accept challenge of 256 bits")
370
371
372
373
}

func TestDoubleCommitUse(t *testing.T) {
	// Setup keys for test
374
	var key AESKey
375
	_, err := rand.Read(key[:])
376
	require.NoError(t, err)
377
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
378
	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
379
380
381
382

	// Test parameters
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
383
	require.NoError(t, err)
384
385
386
	pin := string(bpin[:])

	// Generate packet
387
	ep, err := c.NewUser(pin)
388
	require.NoError(t, err)
389
390

	// validate pin
391
	jwtt, err := c.ValidatePin(ep, pin, "testid")
392
393
394
	require.NoError(t, err)

	// Use commit double
395
	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
396
	require.NoError(t, err)
397
	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
398
	require.NoError(t, err)
399
	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12346), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
400
	assert.Error(t, err, "GenerateResponse incorrectly allows double use of commit")
401
402
403
404
}

func TestNonExistingCommit(t *testing.T) {
	// Setup keys for test
405
	var key AESKey
406
	_, err := rand.Read(key[:])
407
	require.NoError(t, err)
408
	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
409
	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
410
411
412
413

	// Test parameters
	var bpin [64]byte
	_, err = rand.Read(bpin[:])
414
	require.NoError(t, err)
415
416
417
	pin := string(bpin[:])

	// Generate packet
418
	ep, err := c.NewUser(pin)
419
	require.NoError(t, err)
420

421
	// Generate jwt
422
	jwtt, err := c.ValidatePin(ep, pin, "testid")
423
424
	require.NoError(t, err)

425
	// test
426
	_, err = c.GenerateResponse(ep, jwtt, 2364, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
427
	assert.Error(t, err, "GenerateResponse failed to detect non-existing commit")
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
}

// Test data
const xmlPubKey1 = `<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPublicKey xmlns="http://www.zurich.ibm.com/security/idemix">
   <Counter>0</Counter>
   <ExpiryDate>1700000000</ExpiryDate>
   <Elements>
      <n>164849270410462350104130325681247905590883554049096338805080434441472785625514686982133223499269392762578795730418568510961568211704176723141852210985181059718962898851826265731600544499072072429389241617421101776748772563983535569756524904424870652659455911012103327708213798899264261222168033763550010103177</n>
      <Z>85612209073231549357971504917706448448632620481242156140921956689865243071517333286408980597347754869291449755693386875207418733579434926868804114639149514414312088911027338251870409643059636340634892197874721564672349336579075665489514404442681614964231517891268285775435774878821304200809336437001672124945</Z>
      <S>95431387101397795194125116418957121488151703839429468857058760824105489778492929250965841783742048628875926892511288385484169300700205687919208898288594042075246841706909674758503593474606503299796011177189518412713004451163324915669592252022175131604797186534801966982736645522331999047305414834481507220892</S>
      <Bases num="6">
         <Base_0>15948796959221892486955992453179199515496923441128830967123361439118018661581037984810048354811434050038778558011395590650011565629310700360843433067202313291361609843998531962373969946197182940391414711398289105131565252299185121868561402842968555939684308560329951491463967030905495360286851791764439565922</Base_0>
         <Base_1>119523438901119086528333705353116973341573129722743063979885442255495816390473126070276442804547475203517104656193873407665058481273192071865721910619056848142740067272069428460724210705091048104466624895000063564223095487133194907203681789863578060886235105842841954519189942453426975057803871974937309502784</Base_1>
         <Base_2>21036812778930907905009726679774009067486097699134635274413938052367886222555608567065065339702690960558290977766511663461460906408225144877806673612081001465755091058944847078216758263034300782760502281865270151054157854728772298542643419836244547728225955304279190350362963560596454003412543292789187837679</Base_2>
         <Base_3>2507221674373339204944916721547102290807064604358409729371715856726643784893285066715992395214052930640947278288383410209092118436778149456628267900567208684458410552361708506911626161349456189054709967676518205745736652492505957876189855916223094854626710186459345996698113370306994139940441752005221653088</Base_3>
         <Base_4>43215325590379490852400435325847836613513274803460964568083232110934910151335113918829588414147781676586145312074043749201037447486205927144941119404243266454032858201713735324770837218773739346063812751896736791478531103409536739098007890723770126159814845238386299865793353073058783010002988453373168625327</Base_4>
         <Base_5>61146634020942775692657595021461289090915429142715194304483397998858712705680675945417056124974172620475325240482216550923967273908399017396442709297466408094303826941548068001214817725191465207971123378222070812822903173820970991987799984521470178624084174451047081964996323127069438975310975798326710264763</Base_5>
      </Bases>
   </Elements>
   <Features>
      <Epoch length="432000"></Epoch>
   </Features>
</IssuerPublicKey>`
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
const jwtTestKeyPem = `-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAupnB9rJjQ15cWWPJdOagkcii6kB2w7ojAoPidWQLR4dxhd4z
LeDAkPqgGiBAEL84bZwwv2pfLiTDd+ks20nS4gYC9UAVVKfP+mf99I3fyzCLmMvq
toFqJkH7Xm0UYuko1HaUdXpZMCbqUa/snmwzYHtUgxu7SPqW7Ywuai4jPgmDW0pX
Fqi4BRX8VNbmbd9Ck9OvnymA1VYsfTqublIvoQy7B70srKV8dl2w2pdL64dDSqwM
+wDuO/vnfzeGbtQ/VVfS8YoLHawtWV4Jwqa3CjjpuyFFoC/4pL/izpzEqNFK0Xs5
opr9FezghpxK6uQ18JfXTeJqAioLUtWmAMABuQIDAQABAoIBAQC4kg3BLoHwyQ0f
fgxujRCWIpbCjjDrONoYSstcwjBF+DrZ5wdIgd73iG+EaBH2fq4Z/TxamaS7x7Fw
kjvETClDWB7k5xYyPisBzIrtsseB++qYoFrxWuDcJre0lsBrdaTlQsVlzjcZ4eQ0
GIc7zFqlPFhDttJxRSy0msvuSuShHqdCpNFXyMvPCqesUt+sbdl6NXVQvb3I2IS3
1rKdWR7ta1ZjZmMpMgMZ6ovsI2gN1TfKfHVky2cZ2b4lvNaCugVLdn+0rjTpowa5
jupKiyruN1zbeqoYiZadxsnm+vvLarUWb18/DwomXLfWOhMxRZoFr+DtHB3Umasm
WDsiIrGBAoGBAOA5Ts9ybNbHpbFCHAxxPqeRIGnZ58/QhKe1/P7muh2cQJLl8B0Z
ak5R31sChRJMObWRGoBLQhV6lo9g7x3BXKeSIjopylRQaineK1VbCT6fR7khyL71
+jtr536HsDWpIsv3ziiaPBfGy8QyN37LV2G9b9Wq+PLVD/kSvRmEtKEtAoGBANUL
gO6uNXvboc4QEOVMyghSqr6G6Tx6GWckdYhmuOkUZUYuo/7M/qmHvLV7YRjKwSGN
AVvGdTgVRchW6vB3kSbTn3QGV+R0YuaWQE5iaYqD5EmkJw+DnroQs1WIJRFj7tE9
rsAIqWtelTkRYH68+eAxOLmFWjXOk6y1rC2ZyEI9AoGAXckaocJmq9+N+nqAaOPl
JQma2St/vnilQ9DnJWc0abY1fDwZFtLOmDu+hL6lEmY3rS4oO4k+9uTznL0axwNd
0elZz6IzMtj/zstSrL0LPNo6kcEDynvwUnJrvYzbs1Yva8kWvfzlLbzE9ida9vnu
br9hy6lbv5ZGvBOObOII+3ECgYEAwBWEJS87F7ZZ9+GyahvHGKP4QJqBFj78Qmuz
8My1Malq+lE5GZYYkh/JPFPGosTERwzMScPwkiVT6qK7Zx5W6Avr+39wpZFuTnrv
9fxzLilmniL7+NfyN86w8pAy47AXdd7IfWoR3rXDk1WgjAS0wrd+bn7WbCcaLKEM
YX0C+v0CgYAzlSjQztVCaKu1fghDEPk6C0frcDlqzhKYCEDs19sA34Clb1wCefnA
bZZZrudDjQx3an4epG7FCKkCcE4WMNOdhl0zDbcvbTV2pP21dcof3x4xmCjDCV6I
ZAS54R1mcyP67iBPxixiKeFqajUS+C4GFBrNSXbQTWf+jTyWkgfNSg==
-----END RSA PRIVATE KEY-----`

var jwtTestKey *rsa.PrivateKey
481
var testPubK1 *gabikeys.PublicKey
482
483
484

func setupParameters() error {
	var err error
485
	testPubK1, err = gabikeys.NewPublicKeyFromXML(xmlPubKey1)
486
487
488
	if err != nil {
		return err
	}
489
	jwtTestKey, err = jwt.ParseRSAPrivateKeyFromPEM([]byte(jwtTestKeyPem))
490
491
492
493
494
495
496
497
498
499
500
501
502
	if err != nil {
		return err
	}
	return nil
}

func TestMain(m *testing.M) {
	err := setupParameters()
	if err != nil {
		os.Exit(1)
	}
	os.Exit(m.Run())
}