From 546eb357e2f919159dfbb16f4a5472985ed84884 Mon Sep 17 00:00:00 2001 From: Erki Aring Date: Sat, 14 Sep 2024 10:49:22 +0300 Subject: [PATCH] test: add ECDSA and Ed25519 authentication tests --- authorization_test.go | 80 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/authorization_test.go b/authorization_test.go index 0a0bfb3a..de5728b5 100644 --- a/authorization_test.go +++ b/authorization_test.go @@ -52,6 +52,64 @@ Utb8p35tfj97usdiEB0AN8ray4wZbVWj -----END CERTIFICATE----- ` +const publicKeyEcdsa = `-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOnSJ6Iht/FleVEz4s3ZFGcWQCM/I +rX2Ld/0veRv8vTAm3NU/fErGzL/raNhOxt+BcXqZ6IpQQ4aWOFZh3hDd+Q== +-----END PUBLIC KEY----- +` + +//nolint:gosec +const privateKeyEcdsa = `-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIDZCo0gXrI9bKtspq8mLSrQ7BrGRm4WQylp4V2tx4MewoAoGCCqGSM49 +AwEHoUQDQgAEOnSJ6Iht/FleVEz4s3ZFGcWQCM/IrX2Ld/0veRv8vTAm3NU/fErG +zL/raNhOxt+BcXqZ6IpQQ4aWOFZh3hDd+Q== +-----END EC PRIVATE KEY----- +` + +const certificateEcdsa = `-----BEGIN CERTIFICATE----- +MIICYjCCAgmgAwIBAgIUXRW9kusU+9K8dehUwIMiRYfJjC8wCgYIKoZIzj0EAwIw +gYUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1T +YW4gRnJhbmNpc2NvMRIwEAYDVQQKDAlBY21lLCBJbmMxFDASBgNVBAMMC2V4YW1w +bGUuY29tMR8wHQYJKoZIhvcNAQkBFhBhY21lQGV4YW1wbGUuY29tMCAXDTI0MDkx +NDA3MjEzM1oYDzMwMjAwODIzMDcyMTMzWjCBhTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoM +CUFjbWUsIEluYzEUMBIGA1UEAwwLZXhhbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEW +EGFjbWVAZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ6dIno +iG38WV5UTPizdkUZxZAIz8itfYt3/S95G/y9MCbc1T98SsbMv+to2E7G34Fxepno +ilBDhpY4VmHeEN35o1MwUTAdBgNVHQ4EFgQUfE5wC1hbiE60iRLKmevGqbeMSyww +HwYDVR0jBBgwFoAUfE5wC1hbiE60iRLKmevGqbeMSywwDwYDVR0TAQH/BAUwAwEB +/zAKBggqhkjOPQQDAgNHADBEAiB84zB7sZrNN8KzDO1JgeS8h2mtUeceAqnCnBwZ +krdhhAIgQg4ytVMOy0m51tnOJ+B9nq9keVwNlsJOf7rwGVpRlFQ= +-----END CERTIFICATE----- +` + +const publicKeyEd25519 = `-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAKdgAvlExrnPk8TYc9cNuk4fmruFOd88FYgg9M6SQKm4= +-----END PUBLIC KEY----- +` + +//nolint:gosec +const privateKeyEd25519 = `-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIEYj1RXJNLVFPWeuXZfpZJBW/s/Z+gTIsP0SGRCOEHKo +-----END PRIVATE KEY----- +` + +const certificateEd25519 = `-----BEGIN CERTIFICATE----- +MIICIzCCAdWgAwIBAgIUJ1OPv+s3BuDm6amXrQimaDEq9AowBQYDK2VwMIGFMQsw +CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZy +YW5jaXNjbzESMBAGA1UECgwJQWNtZSwgSW5jMRQwEgYDVQQDDAtleGFtcGxlLmNv +bTEfMB0GCSqGSIb3DQEJARYQYWNtZUBleGFtcGxlLmNvbTAgFw0yNDA5MTQwNjE2 +MjdaGA8zMDIwMDgyMzA2MTYyN1owgYUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD +YWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKDAlBY21l +LCBJbmMxFDASBgNVBAMMC2V4YW1wbGUuY29tMR8wHQYJKoZIhvcNAQkBFhBhY21l +QGV4YW1wbGUuY29tMCowBQYDK2VwAyEAKdgAvlExrnPk8TYc9cNuk4fmruFOd88F +Ygg9M6SQKm6jUzBRMB0GA1UdDgQWBBS75Y11AoWgeHyumy6sNTJCozENuDAfBgNV +HSMEGDAWgBS75Y11AoWgeHyumy6sNTJCozENuDAPBgNVHRMBAf8EBTADAQH/MAUG +AytlcANBANLnIRgPfKYAzigLMsUOgEoZ80tMFimhsZpgsJ2pmmzjXoX5+Zaah+kj +x3wF0MFr23e1kD/sOFatjV6h5sBZNQo= +-----END CERTIFICATE----- +` + type AuthorizationTestData struct { algorithm string privateKey string @@ -84,6 +142,28 @@ var AuthTestData = []AuthorizationTestData{ validForCert: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkxIbzlPMmNNUzBqbzRsQWwtRk11ayJ9.eyJodHRwczovL21lcmN1cmUucm9ja3MvIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX0sImlzcyI6Imh0dHBzOi8vbWVyY3VyZS10ZXN0LmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1ZmRjM2U4OGUzYjA0YjAwNzZhNTQxM2MiLCJhdWQiOlsiaHR0cHM6Ly9tZXJjdXJlLnJvY2tzL2FwaSIsImh0dHBzOi8vbWVyY3VyZS10ZXN0LmV1LmF1dGgwLmNvbS91c2VyaW5mbyJdLCJpYXQiOjE2MDgyNzAxMTQsImF6cCI6IjMwMWh6bUJBMnZ5ZzdnSlZiSEVMUlRDell0dUJrVU52Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCJ9.QAZKFSYpDJ39Cln-khjyjVzKJkiSCO4o9qIzw395fuP09rPfoLYcbdEoWg_pHN6GqO6oDNr9I2RR7p0FGhZAamXVtZzSd2V8Fv-BM0TfUBeJbb0sCMaSA2Nv3izs2dk_0zoQjGFH_LSNExGkJjwKLBj059GT6o_abtr2iz_77A8", validNamespaced: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL21lcmN1cmUucm9ja3MvIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX19.SmTVZkxlNbzHlaF4MfA3Fp5d1W2COmHlYPgc6SodAJOQtHh1Uxz0jkhA611w0OSwCaA8C5gqUd-GgekgHVPCBkIzV0qPmmhhJpTtotkeCX3N7oBOJOi58xXouNCNt0vnUH6xACqiZJq_FhNG9ZqP5saa4xNd1E-F1E9Vo1mFji4", }, + { + algorithm: "ES256", + privateKey: privateKeyEcdsa, + publicKey: publicKeyEcdsa, + certificate: certificateEcdsa, + validEmpty: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.e30.hINnU7MroT7vlOH_DHCesipKULonewy_jnc7pNBrqCD-C9I-FjFOK8dBwbb1zG9nppYvvMDt5filtIwvcVDZUw", + valid: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX19.5iVzGj4lm-MxaqKGOcBUdu3nAajsH1H0nq2mTyOdc9dvEyRqkKWShK-cK6KC5rkKv7vWNt8gRjR4-aV5ckvRzA", + validForCert: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL21lcmN1cmUucm9ja3MvIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX0sImlzcyI6Imh0dHBzOi8vbWVyY3VyZS10ZXN0LmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1ZmRjM2U4OGUzYjA0YjAwNzZhNTQxM2MiLCJhdWQiOlsiaHR0cHM6Ly9tZXJjdXJlLnJvY2tzL2FwaSIsImh0dHBzOi8vbWVyY3VyZS10ZXN0LmV1LmF1dGgwLmNvbS91c2VyaW5mbyJdLCJpYXQiOjE2MDgyNzAxMTQsImF6cCI6IjMwMWh6bUJBMnZ5ZzdnSlZiSEVMUlRDell0dUJrVU52Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCJ9.iyOpr6Dxgs5yBKuUKJFvbTTaFRo65r55eEHQfWgGt0H0iRzCx5D3kheDe29Da1aRClRfunrpoxhpr8EqeO7Pxg", + validNamespaced: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL21lcmN1cmUucm9ja3MvIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX19.MczmR4h4eS_cetXZ-cP8NwONOpYzDec-Wijl0u78n9GCnqYFmYbWczln250fFuYYqbnHAbtX_br84YxBdoQv3Q", + }, + { + algorithm: "EdDSA", + privateKey: privateKeyEd25519, + publicKey: publicKeyEd25519, + certificate: certificateEd25519, + validEmpty: "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.e30.p6y-JMVdkSrjtj1qChGi8Z5PQnAu8GiTJsq8_Txp7Yg_RATrJi6IgDlNaobyaxaHy_ypwS4G4RTmQ9mlPwFNDQ", + valid: "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX19.A2EbfgruNGekfK-VTPDX_MsrYlJdvZcAF4K5i9aKy4US2Syo4tmn9yT7aYBBdRZNBkRDqhF1sF1u26pvMLlNAw", + // jwt.ParseEdPublicKeyFromPEM() doesn't support certificates yet + // validForCert: "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJodHRwczovL21lcmN1cmUucm9ja3MvIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX0sImlzcyI6Imh0dHBzOi8vbWVyY3VyZS10ZXN0LmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1ZmRjM2U4OGUzYjA0YjAwNzZhNTQxM2MiLCJhdWQiOlsiaHR0cHM6Ly9tZXJjdXJlLnJvY2tzL2FwaSIsImh0dHBzOi8vbWVyY3VyZS10ZXN0LmV1LmF1dGgwLmNvbS91c2VyaW5mbyJdLCJpYXQiOjE2MDgyNzAxMTQsImF6cCI6IjMwMWh6bUJBMnZ5ZzdnSlZiSEVMUlRDell0dUJrVU52Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCJ9.FBWmpbdYpuU58d3p-e_RPu-Szzj_ZPbZtwvHbUD6nQJOe83RTrsBbVpVnI54ISG6D4N5c2mLeksC_I7OAw1KCA", + validForCert: "", + validNamespaced: "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJodHRwczovL21lcmN1cmUucm9ja3MvIjp7InB1Ymxpc2giOlsiZm9vIiwiYmFyIl0sInN1YnNjcmliZSI6WyJmb28iLCJiYXoiXX19.yBpIkxTSACRxEpFSiDOVhpSNRbhvhJy2ds90MycP9mK7oxiyRVyvZkRHRwbH26haa7PhR-HRzw828mGids2xDA", + }, } func TestAuthorizeMultipleAuthorizationHeader(t *testing.T) {