Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
01536c1f
Commit
01536c1f
authored
Dec 24, 2018
by
Sietse Ringers
Browse files
Support symmetric HMAC JWTs in session unit tests
parent
794b6a6a
Changes
3
Hide whitespace changes
Inline
Side-by-side
internal/sessiontest/server_test.go
View file @
01536c1f
...
...
@@ -68,6 +68,10 @@ var JwtServerConfiguration = &irmaserver.Configuration{
AuthenticationMethod
:
irmaserver
.
AuthenticationMethodToken
,
AuthenticationKey
:
"xa6=*&9?8jeUu5>.f-%rVg`f63pHim"
,
},
"requestor3"
:
{
AuthenticationMethod
:
irmaserver
.
AuthenticationMethodHmac
,
AuthenticationKey
:
"eGE2PSomOT84amVVdTU+LmYtJXJWZ2BmNjNwSGltCg=="
,
},
},
JwtPrivateKey
:
filepath
.
Join
(
testdata
,
"jwtkeys"
,
"sk.pem"
),
}
internal/sessiontest/session_test.go
View file @
01536c1f
package
sessiontest
import
(
"encoding/base64"
"encoding/json"
"io/ioutil"
"path/filepath"
...
...
@@ -119,12 +120,16 @@ func startSession(t *testing.T, request irma.SessionRequest, sessiontype string)
switch
TestType
{
case
"apiserver"
:
url
:=
"http://localhost:8088/irma_api_server/api/v2/"
+
sessiontype
err
=
irma
.
NewHTTPTransport
(
url
)
.
Post
(
""
,
&
qr
,
getJwt
(
t
,
request
,
sessiontype
,
fals
e
))
err
=
irma
.
NewHTTPTransport
(
url
)
.
Post
(
""
,
&
qr
,
getJwt
(
t
,
request
,
sessiontype
,
jwt
.
SigningMethodNon
e
))
token
=
qr
.
URL
qr
.
URL
=
url
+
"/"
+
qr
.
URL
case
"irmaserver-jwt"
:
url
:=
"http://localhost:48682"
err
=
irma
.
NewHTTPTransport
(
url
)
.
Post
(
"session"
,
&
qr
,
getJwt
(
t
,
request
,
sessiontype
,
true
))
err
=
irma
.
NewHTTPTransport
(
url
)
.
Post
(
"session"
,
&
qr
,
getJwt
(
t
,
request
,
sessiontype
,
jwt
.
SigningMethodRS256
))
token
=
tokenFromURL
(
qr
.
URL
)
case
"irmaserver-hmac-jwt"
:
url
:=
"http://localhost:48682"
err
=
irma
.
NewHTTPTransport
(
url
)
.
Post
(
"session"
,
&
qr
,
getJwt
(
t
,
request
,
sessiontype
,
jwt
.
SigningMethodHS256
))
token
=
tokenFromURL
(
qr
.
URL
)
case
"irmaserver"
:
url
:=
"http://localhost:48682"
...
...
@@ -146,7 +151,7 @@ func tokenFromURL(url string) string {
return
parts
[
len
(
parts
)
-
1
]
}
func
getJwt
(
t
*
testing
.
T
,
request
irma
.
SessionRequest
,
sessiontype
string
,
signed
bool
)
string
{
func
getJwt
(
t
*
testing
.
T
,
request
irma
.
SessionRequest
,
sessiontype
string
,
alg
jwt
.
SigningMethod
)
string
{
var
jwtcontents
irma
.
RequestorJwt
var
kid
string
switch
sessiontype
{
...
...
@@ -163,7 +168,9 @@ func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, signe
var
j
string
var
err
error
if
signed
{
switch
alg
{
case
jwt
.
SigningMethodRS256
:
skbts
,
err
:=
ioutil
.
ReadFile
(
filepath
.
Join
(
test
.
FindTestdataFolder
(
t
),
"jwtkeys"
,
"requestor1-sk.pem"
))
require
.
NoError
(
t
,
err
)
sk
,
err
:=
jwt
.
ParseRSAPrivateKeyFromPEM
(
skbts
)
...
...
@@ -171,7 +178,13 @@ func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, signe
tok
:=
jwt
.
NewWithClaims
(
jwt
.
SigningMethodRS256
,
jwtcontents
)
tok
.
Header
[
"kid"
]
=
"requestor1"
j
,
err
=
tok
.
SignedString
(
sk
)
}
else
{
case
jwt
.
SigningMethodHS256
:
tok
:=
jwt
.
NewWithClaims
(
jwt
.
SigningMethodHS256
,
jwtcontents
)
tok
.
Header
[
"kid"
]
=
"requestor3"
bts
,
err
:=
base64
.
StdEncoding
.
DecodeString
(
JwtServerConfiguration
.
Requestors
[
"requestor3"
]
.
AuthenticationKey
)
require
.
NoError
(
t
,
err
)
j
,
err
=
tok
.
SignedString
(
bts
)
case
jwt
.
SigningMethodNone
:
tok
:=
jwt
.
NewWithClaims
(
jwt
.
SigningMethodNone
,
jwtcontents
)
tok
.
Header
[
"kid"
]
=
kid
j
,
err
=
tok
.
SignedString
(
jwt
.
UnsafeAllowNoneSignatureType
)
...
...
@@ -187,7 +200,7 @@ func sessionHelper(t *testing.T, request irma.SessionRequest, sessiontype string
defer
test
.
ClearTestStorage
(
t
)
}
if
TestType
==
"irmaserver"
||
TestType
==
"irmaserver-jwt"
{
if
TestType
==
"irmaserver"
||
TestType
==
"irmaserver-jwt"
||
TestType
==
"irmaserver-hmac-jwt"
{
StartIrmaServer
(
JwtServerConfiguration
)
defer
StopIrmaServer
()
}
...
...
server/irmaserver/auth.go
View file @
01536c1f
...
...
@@ -83,12 +83,12 @@ func (hauth *HmacAuthenticator) Initialize(name string, requestor Requestor) err
if
requestor
.
AuthenticationKey
==
""
{
return
errors
.
Errorf
(
"Requestor %s had no authentication key"
)
}
var
bts
[]
byte
if
_
,
err
:=
base64
.
StdEncoding
.
Decode
(
bts
,
[]
byte
(
requestor
.
AuthenticationKey
));
err
!=
nil
{
if
bts
,
err
:=
base64
.
StdEncoding
.
DecodeString
(
requestor
.
AuthenticationKey
);
err
!=
nil
{
return
err
}
else
{
hauth
.
hmackeys
[
name
]
=
bts
return
nil
}
hauth
.
hmackeys
[
name
]
=
bts
return
nil
}
func
(
pkauth
*
PublicKeyAuthenticator
)
Authenticate
(
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment