Commit 01536c1f authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Support symmetric HMAC JWTs in session unit tests

parent 794b6a6a
......@@ -68,6 +68,10 @@ var JwtServerConfiguration = &irmaserver.Configuration{
AuthenticationMethod: irmaserver.AuthenticationMethodToken,
AuthenticationKey: "xa6=*&9?8jeUu5>.f-%rVg`f63pHim",
},
"requestor3": {
AuthenticationMethod: irmaserver.AuthenticationMethodHmac,
AuthenticationKey: "eGE2PSomOT84amVVdTU+LmYtJXJWZ2BmNjNwSGltCg==",
},
},
JwtPrivateKey: filepath.Join(testdata, "jwtkeys", "sk.pem"),
}
package sessiontest
import (
"encoding/base64"
"encoding/json"
"io/ioutil"
"path/filepath"
......@@ -119,12 +120,16 @@ func startSession(t *testing.T, request irma.SessionRequest, sessiontype string)
switch TestType {
case "apiserver":
url := "http://localhost:8088/irma_api_server/api/v2/" + sessiontype
err = irma.NewHTTPTransport(url).Post("", &qr, getJwt(t, request, sessiontype, false))
err = irma.NewHTTPTransport(url).Post("", &qr, getJwt(t, request, sessiontype, jwt.SigningMethodNone))
token = qr.URL
qr.URL = url + "/" + qr.URL
case "irmaserver-jwt":
url := "http://localhost:48682"
err = irma.NewHTTPTransport(url).Post("session", &qr, getJwt(t, request, sessiontype, true))
err = irma.NewHTTPTransport(url).Post("session", &qr, getJwt(t, request, sessiontype, jwt.SigningMethodRS256))
token = tokenFromURL(qr.URL)
case "irmaserver-hmac-jwt":
url := "http://localhost:48682"
err = irma.NewHTTPTransport(url).Post("session", &qr, getJwt(t, request, sessiontype, jwt.SigningMethodHS256))
token = tokenFromURL(qr.URL)
case "irmaserver":
url := "http://localhost:48682"
......@@ -146,7 +151,7 @@ func tokenFromURL(url string) string {
return parts[len(parts)-1]
}
func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, signed bool) string {
func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, alg jwt.SigningMethod) string {
var jwtcontents irma.RequestorJwt
var kid string
switch sessiontype {
......@@ -163,7 +168,9 @@ func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, signe
var j string
var err error
if signed {
switch alg {
case jwt.SigningMethodRS256:
skbts, err := ioutil.ReadFile(filepath.Join(test.FindTestdataFolder(t), "jwtkeys", "requestor1-sk.pem"))
require.NoError(t, err)
sk, err := jwt.ParseRSAPrivateKeyFromPEM(skbts)
......@@ -171,7 +178,13 @@ func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, signe
tok := jwt.NewWithClaims(jwt.SigningMethodRS256, jwtcontents)
tok.Header["kid"] = "requestor1"
j, err = tok.SignedString(sk)
} else {
case jwt.SigningMethodHS256:
tok := jwt.NewWithClaims(jwt.SigningMethodHS256, jwtcontents)
tok.Header["kid"] = "requestor3"
bts, err := base64.StdEncoding.DecodeString(JwtServerConfiguration.Requestors["requestor3"].AuthenticationKey)
require.NoError(t, err)
j, err = tok.SignedString(bts)
case jwt.SigningMethodNone:
tok := jwt.NewWithClaims(jwt.SigningMethodNone, jwtcontents)
tok.Header["kid"] = kid
j, err = tok.SignedString(jwt.UnsafeAllowNoneSignatureType)
......@@ -187,7 +200,7 @@ func sessionHelper(t *testing.T, request irma.SessionRequest, sessiontype string
defer test.ClearTestStorage(t)
}
if TestType == "irmaserver" || TestType == "irmaserver-jwt" {
if TestType == "irmaserver" || TestType == "irmaserver-jwt" || TestType == "irmaserver-hmac-jwt" {
StartIrmaServer(JwtServerConfiguration)
defer StopIrmaServer()
}
......
......@@ -83,12 +83,12 @@ func (hauth *HmacAuthenticator) Initialize(name string, requestor Requestor) err
if requestor.AuthenticationKey == "" {
return errors.Errorf("Requestor %s had no authentication key")
}
var bts []byte
if _, err := base64.StdEncoding.Decode(bts, []byte(requestor.AuthenticationKey)); err != nil {
if bts, err := base64.StdEncoding.DecodeString(requestor.AuthenticationKey); err != nil {
return err
}
} else {
hauth.hmackeys[name] = bts
return nil
}
}
func (pkauth *PublicKeyAuthenticator) Authenticate(
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment