diff options
| author | Matthew Wild <mwild1@gmail.com> | 2022-07-01 18:51:15 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2022-07-01 18:51:15 +0100 |
| commit | ae16ddcac75cb94ea1d699b19b0bd8ed37fd5030 (patch) | |
| tree | 03f4c64ca004dab7eb46d1932d5e286dcad4ed1e /spec | |
| parent | d9ce2d5e4e6ebc7a09d71a590b1243ca5f4d5f85 (diff) | |
| download | prosody-ae16ddcac75cb94ea1d699b19b0bd8ed37fd5030.tar.gz prosody-ae16ddcac75cb94ea1d699b19b0bd8ed37fd5030.zip | |
util.jwt: Add support/tests for ES256 via improved API and using util.crypto
In many cases code will be either signing or verifying. With asymmetric
algorithms it's clearer and more efficient to just state that once, instead of
passing keys (and possibly other parameters) with every sign/verify call.
This also allows earlier validation of the key used.
The previous (HS256-only) sign/verify methods continue to be exposed for
backwards-compatibility.
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/util_jwt_spec.lua | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/spec/util_jwt_spec.lua b/spec/util_jwt_spec.lua index b391a870..854688bd 100644 --- a/spec/util_jwt_spec.lua +++ b/spec/util_jwt_spec.lua @@ -16,5 +16,55 @@ describe("util.jwt", function () local ok = jwt.verify(key, token); assert.falsy(ok) end); + + it("validates ES256", function () + local private_key = [[ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2 +OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r +1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G +-----END PRIVATE KEY----- +]]; + + local sign = jwt.new_signer("ES256", private_key); + + local token = sign({ + sub = "1234567890"; + name = "John Doe"; + admin = true; + iat = 1516239022; + }); + + local public_key = [[ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9 +q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg== +-----END PUBLIC KEY----- +]]; + local verify = jwt.new_verifier("ES256", public_key); + + local result = {verify(token)}; + assert.same({ + true; -- success + { -- payload + sub = "1234567890"; + name = "John Doe"; + admin = true; + iat = 1516239022; + }; + }, result); + + local result = {verify[[eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA]]}; + assert.same({ + true; -- success + { -- payload + sub = "1234567890"; + name = "John Doe"; + admin = true; + iat = 1516239022; + }; + }, result); + end); + end); |