From ae16ddcac75cb94ea1d699b19b0bd8ed37fd5030 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Fri, 1 Jul 2022 18:51:15 +0100
Subject: util.jwt: Add support/tests for ES256 via improved API and using
 util.crypto

In many cases code will be either signing or verifying. With asymmetric
algorithms it's clearer and more efficient to just state that once, instead of
passing keys (and possibly other parameters) with every sign/verify call.

This also allows earlier validation of the key used.

The previous (HS256-only) sign/verify methods continue to be exposed for
backwards-compatibility.
---
 spec/util_jwt_spec.lua | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

(limited to 'spec/util_jwt_spec.lua')

diff --git a/spec/util_jwt_spec.lua b/spec/util_jwt_spec.lua
index b391a870..854688bd 100644
--- a/spec/util_jwt_spec.lua
+++ b/spec/util_jwt_spec.lua
@@ -16,5 +16,55 @@ describe("util.jwt", function ()
 		local ok = jwt.verify(key, token);
 		assert.falsy(ok)
 	end);
+
+	it("validates ES256", function ()
+		local private_key = [[
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2
+OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
+1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G
+-----END PRIVATE KEY-----
+]];
+
+		local sign = jwt.new_signer("ES256", private_key);
+
+		local token = sign({
+			sub = "1234567890";
+			name = "John Doe";
+			admin = true;
+			iat = 1516239022;
+		});
+
+		local public_key = [[
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9
+q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==
+-----END PUBLIC KEY-----
+]];
+		local verify = jwt.new_verifier("ES256", public_key);
+
+		local result = {verify(token)};
+		assert.same({
+			true; -- success
+			{     -- payload
+				sub = "1234567890";
+				name = "John Doe";
+				admin = true;
+				iat = 1516239022;
+			};
+		}, result);
+
+		local result = {verify[[eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA]]};
+		assert.same({
+			true; -- success
+			{     -- payload
+				sub = "1234567890";
+				name = "John Doe";
+				admin = true;
+				iat = 1516239022;
+			};
+		}, result);
+	end);
+
 end);
 
-- 
cgit v1.2.3