-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathtoken_keys_test.go
127 lines (118 loc) · 7.22 KB
/
token_keys_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package uaa_test
import (
"net/http"
"net/http/httptest"
"testing"
uaa "github.com/cloudfoundry-community/go-uaa"
. "github.com/onsi/gomega"
"github.com/sclevine/spec"
)
func testTokenKeys(t *testing.T, when spec.G, it spec.S) {
var (
s *httptest.Server
handler http.Handler
called int
a *uaa.API
tokenKeysJSON string
)
it.Before(func() {
RegisterTestingT(t)
tokenKeysJSON = `{
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "sha2-2017-01-20-key",
"alg": "RS256",
"value": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH6kYCP29faDAUPKtei3\nV/Zh8eCHyHRDHrD0iosvgHuaakK1AFHjD19ojuPiTQm8r8nEeQtHb6mDi1LvZ03e\nEWxpvWwFfFVtCyBqWr5wn6IkY+ZFXfERLn2NCn6sMVxcFV12sUtuqD+jrW8MnTG7\nhofQqxmVVKKsZiXCvUSzfiKxDgoiRuD3MJSoZ0nQTHVmYxlFHuhTEETuTqSPmOXd\n/xJBVRi5WYCjt1aKRRZEz04zVEBVhVkr2H84qcVJHcfXFu4JM6dg0nmTjgd5cZUN\ncwA1KhK2/Qru9N0xlk9FGD2cvrVCCPWFPvZ1W7U7PBWOSBBH6GergA+dk2vQr7Ho\nlQIDAQAB\n-----END PUBLIC KEY-----",
"n": "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL4B7mmpCtQBR4w9faI7j4k0JvK_JxHkLR2-pg4tS72dN3hFsab1sBXxVbQsgalq-cJ-iJGPmRV3xES59jQp-rDFcXBVddrFLbqg_o61vDJ0xu4aH0KsZlVSirGYlwr1Es34isQ4KIkbg9zCUqGdJ0Ex1ZmMZRR7oUxBE7k6kj5jl3f8SQVUYuVmAo7dWikUWRM9OM1RAVYVZK9h_OKnFSR3H1xbuCTOnYNJ5k44HeXGVDXMANSoStv0K7vTdMZZPRRg9nL61Qgj1hT72dVu1OzwVjkgQR-hnq4APnZNr0K-x6JU"
},
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "legacy-token-key",
"alg": "RS256",
"value": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/aXmEImpdwWHJlYc4G8\n3BgZVmyhCdy7SCL0kM7wV5xCvRKK0k4nKjH0QW2E+0GIKzIj4JQhYU+MeZHrArfC\nrfthIXcio/Ll6NvoTPY77XA7U6vBGCiLdGYSGrN8y064cF2uM8d3AEgTT0RzLK3E\n688Ltq38GxnoXOUuLZmXS2HeHNd2bW/k6Eyd9Z3ymmdpVZXMyLwepNxU38WQS2bJ\nPYXYvRkzoZ1ru/deExwbecI18NCeO/GKp3f8bwKuC2j3LKFJIAwW3zFoDrcAxpC/\nJDG2RSTj//CRvhtd7JkeQLVKGyIHNtACaPT3tFT6scvVXHGPB5fRTLB8Lr+mK4RI\nBwIDAQAB\n-----END PUBLIC KEY-----",
"n": "APP2l5hCJqXcFhyZWHOBvNwYGVZsoQncu0gi9JDO8FecQr0SitJOJyox9EFthPtBiCsyI-CUIWFPjHmR6wK3wq37YSF3IqPy5ejb6Ez2O-1wO1OrwRgoi3RmEhqzfMtOuHBdrjPHdwBIE09EcyytxOvPC7at_BsZ6FzlLi2Zl0th3hzXdm1v5OhMnfWd8ppnaVWVzMi8HqTcVN_FkEtmyT2F2L0ZM6Gda7v3XhMcG3nCNfDQnjvxiqd3_G8Crgto9yyhSSAMFt8xaA63AMaQvyQxtkUk4__wkb4bXeyZHkC1ShsiBzbQAmj097RU-rHL1VxxjweX0UywfC6_piuESAc"
}
]
}`
called = 0
s = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
called = called + 1
Expect(handler).NotTo(BeNil())
handler.ServeHTTP(w, req)
}))
a, _ = uaa.New(s.URL, uaa.WithNoAuthentication())
})
it.After(func() {
if s != nil {
s.Close()
}
})
it("calls the /token_keys endpoint", func() {
handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
Expect(req.Header.Get("Accept")).To(Equal("application/json"))
Expect(req.URL.Path).To(Equal("/token_keys"))
w.WriteHeader(http.StatusOK)
_, err := w.Write([]byte(tokenKeysJSON))
Expect(err).NotTo(HaveOccurred())
})
keys, _ := a.TokenKeys()
Expect(called).To(Equal(1))
Expect(keys[0].Kty).To(Equal("RSA"))
Expect(keys[0].E).To(Equal("AQAB"))
Expect(keys[0].Use).To(Equal("sig"))
Expect(keys[0].Kid).To(Equal("sha2-2017-01-20-key"))
Expect(keys[0].Alg).To(Equal("RS256"))
Expect(keys[0].Value).To(Equal("-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH6kYCP29faDAUPKtei3\nV/Zh8eCHyHRDHrD0iosvgHuaakK1AFHjD19ojuPiTQm8r8nEeQtHb6mDi1LvZ03e\nEWxpvWwFfFVtCyBqWr5wn6IkY+ZFXfERLn2NCn6sMVxcFV12sUtuqD+jrW8MnTG7\nhofQqxmVVKKsZiXCvUSzfiKxDgoiRuD3MJSoZ0nQTHVmYxlFHuhTEETuTqSPmOXd\n/xJBVRi5WYCjt1aKRRZEz04zVEBVhVkr2H84qcVJHcfXFu4JM6dg0nmTjgd5cZUN\ncwA1KhK2/Qru9N0xlk9FGD2cvrVCCPWFPvZ1W7U7PBWOSBBH6GergA+dk2vQr7Ho\nlQIDAQAB\n-----END PUBLIC KEY-----"))
Expect(keys[0].N).To(Equal("AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL4B7mmpCtQBR4w9faI7j4k0JvK_JxHkLR2-pg4tS72dN3hFsab1sBXxVbQsgalq-cJ-iJGPmRV3xES59jQp-rDFcXBVddrFLbqg_o61vDJ0xu4aH0KsZlVSirGYlwr1Es34isQ4KIkbg9zCUqGdJ0Ex1ZmMZRR7oUxBE7k6kj5jl3f8SQVUYuVmAo7dWikUWRM9OM1RAVYVZK9h_OKnFSR3H1xbuCTOnYNJ5k44HeXGVDXMANSoStv0K7vTdMZZPRRg9nL61Qgj1hT72dVu1OzwVjkgQR-hnq4APnZNr0K-x6JU"))
Expect(keys[1].Kid).To(Equal("legacy-token-key"))
})
it("returns a helpful error when response cannot be parsed", func() {
handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
Expect(req.Header.Get("Accept")).To(Equal("application/json"))
w.WriteHeader(http.StatusOK)
_, err := w.Write([]byte("{unparsable}"))
Expect(err).NotTo(HaveOccurred())
})
_, err := a.TokenKeys()
Expect(err).NotTo(BeNil())
Expect(err.Error()).To(ContainSubstring("An unknown error occurred while parsing response from"))
})
when("the server is an older UAA that is missing the /token_keys endpoint", func() {
var tokenKeyJSON string = `{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "sha2-2017-01-20-key",
"alg": "RS256",
"value": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH6kYCP29faDAUPKtei3\nV/Zh8eCHyHRDHrD0iosvgHuaakK1AFHjD19ojuPiTQm8r8nEeQtHb6mDi1LvZ03e\nEWxpvWwFfFVtCyBqWr5wn6IkY+ZFXfERLn2NCn6sMVxcFV12sUtuqD+jrW8MnTG7\nhofQqxmVVKKsZiXCvUSzfiKxDgoiRuD3MJSoZ0nQTHVmYxlFHuhTEETuTqSPmOXd\n/xJBVRi5WYCjt1aKRRZEz04zVEBVhVkr2H84qcVJHcfXFu4JM6dg0nmTjgd5cZUN\ncwA1KhK2/Qru9N0xlk9FGD2cvrVCCPWFPvZ1W7U7PBWOSBBH6GergA+dk2vQr7Ho\nlQIDAQAB\n-----END PUBLIC KEY-----",
"n": "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL4B7mmpCtQBR4w9faI7j4k0JvK_JxHkLR2-pg4tS72dN3hFsab1sBXxVbQsgalq-cJ-iJGPmRV3xES59jQp-rDFcXBVddrFLbqg_o61vDJ0xu4aH0KsZlVSirGYlwr1Es34isQ4KIkbg9zCUqGdJ0Ex1ZmMZRR7oUxBE7k6kj5jl3f8SQVUYuVmAo7dWikUWRM9OM1RAVYVZK9h_OKnFSR3H1xbuCTOnYNJ5k44HeXGVDXMANSoStv0K7vTdMZZPRRg9nL61Qgj1hT72dVu1OzwVjkgQR-hnq4APnZNr0K-x6JU"
}`
it("falls back to /token_key endpoint", func() {
handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
Expect(req.Header.Get("Accept")).To(Equal("application/json"))
if req.URL.Path == "/token_keys" {
w.WriteHeader(http.StatusNotFound)
} else {
w.WriteHeader(http.StatusOK)
_, err := w.Write([]byte(tokenKeyJSON))
Expect(err).NotTo(HaveOccurred())
}
})
keys, _ := a.TokenKeys()
Expect(called).To(Equal(2))
Expect(keys).To(HaveLen(1))
Expect(keys[0].Kty).To(Equal("RSA"))
Expect(keys[0].E).To(Equal("AQAB"))
Expect(keys[0].Use).To(Equal("sig"))
Expect(keys[0].Kid).To(Equal("sha2-2017-01-20-key"))
Expect(keys[0].Alg).To(Equal("RS256"))
Expect(keys[0].Value).To(Equal("-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH6kYCP29faDAUPKtei3\nV/Zh8eCHyHRDHrD0iosvgHuaakK1AFHjD19ojuPiTQm8r8nEeQtHb6mDi1LvZ03e\nEWxpvWwFfFVtCyBqWr5wn6IkY+ZFXfERLn2NCn6sMVxcFV12sUtuqD+jrW8MnTG7\nhofQqxmVVKKsZiXCvUSzfiKxDgoiRuD3MJSoZ0nQTHVmYxlFHuhTEETuTqSPmOXd\n/xJBVRi5WYCjt1aKRRZEz04zVEBVhVkr2H84qcVJHcfXFu4JM6dg0nmTjgd5cZUN\ncwA1KhK2/Qru9N0xlk9FGD2cvrVCCPWFPvZ1W7U7PBWOSBBH6GergA+dk2vQr7Ho\nlQIDAQAB\n-----END PUBLIC KEY-----"))
Expect(keys[0].N).To(Equal("AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL4B7mmpCtQBR4w9faI7j4k0JvK_JxHkLR2-pg4tS72dN3hFsab1sBXxVbQsgalq-cJ-iJGPmRV3xES59jQp-rDFcXBVddrFLbqg_o61vDJ0xu4aH0KsZlVSirGYlwr1Es34isQ4KIkbg9zCUqGdJ0Ex1ZmMZRR7oUxBE7k6kj5jl3f8SQVUYuVmAo7dWikUWRM9OM1RAVYVZK9h_OKnFSR3H1xbuCTOnYNJ5k44HeXGVDXMANSoStv0K7vTdMZZPRRg9nL61Qgj1hT72dVu1OzwVjkgQR-hnq4APnZNr0K-x6JU"))
})
})
}