aboutsummaryrefslogtreecommitdiffstats
path: root/spec
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-07-01 18:51:15 +0100
committerMatthew Wild <mwild1@gmail.com>2022-07-01 18:51:15 +0100
commitae16ddcac75cb94ea1d699b19b0bd8ed37fd5030 (patch)
tree03f4c64ca004dab7eb46d1932d5e286dcad4ed1e /spec
parentd9ce2d5e4e6ebc7a09d71a590b1243ca5f4d5f85 (diff)
downloadprosody-ae16ddcac75cb94ea1d699b19b0bd8ed37fd5030.tar.gz
prosody-ae16ddcac75cb94ea1d699b19b0bd8ed37fd5030.zip
util.jwt: Add support/tests for ES256 via improved API and using util.crypto
In many cases code will be either signing or verifying. With asymmetric algorithms it's clearer and more efficient to just state that once, instead of passing keys (and possibly other parameters) with every sign/verify call. This also allows earlier validation of the key used. The previous (HS256-only) sign/verify methods continue to be exposed for backwards-compatibility.
Diffstat (limited to 'spec')
-rw-r--r--spec/util_jwt_spec.lua50
1 files changed, 50 insertions, 0 deletions
diff --git a/spec/util_jwt_spec.lua b/spec/util_jwt_spec.lua
index b391a870..854688bd 100644
--- a/spec/util_jwt_spec.lua
+++ b/spec/util_jwt_spec.lua
@@ -16,5 +16,55 @@ describe("util.jwt", function ()
local ok = jwt.verify(key, token);
assert.falsy(ok)
end);
+
+ it("validates ES256", function ()
+ local private_key = [[
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2
+OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
+1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G
+-----END PRIVATE KEY-----
+]];
+
+ local sign = jwt.new_signer("ES256", private_key);
+
+ local token = sign({
+ sub = "1234567890";
+ name = "John Doe";
+ admin = true;
+ iat = 1516239022;
+ });
+
+ local public_key = [[
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9
+q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==
+-----END PUBLIC KEY-----
+]];
+ local verify = jwt.new_verifier("ES256", public_key);
+
+ local result = {verify(token)};
+ assert.same({
+ true; -- success
+ { -- payload
+ sub = "1234567890";
+ name = "John Doe";
+ admin = true;
+ iat = 1516239022;
+ };
+ }, result);
+
+ local result = {verify[[eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA]]};
+ assert.same({
+ true; -- success
+ { -- payload
+ sub = "1234567890";
+ name = "John Doe";
+ admin = true;
+ iat = 1516239022;
+ };
+ }, result);
+ end);
+
end);