Improvements for key handling in specs:

- Helper method for reading keys in tests
- Rename certs folter to keys
- Removed keys not used in test
- Read keys once from file into memory to speed up test execution

spec/jwk/ec_spec.rb

@@ -15,7 +15,7 @@
     end
 
     context 'when a keypair with only public key is given' do
-      let(:keypair) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-public.pem'))) }
+      let(:keypair) { test_pkey('ec256-public.pem') }
       it 'creates an instance of the class' do
         expect(subject).to be_a described_class
         expect(subject.private?).to eq false
@@ -49,7 +49,7 @@
     end
 
     context 'when keypair with public key is exported' do
-      let(:keypair) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-public.pem'))) }
+      let(:keypair) { test_pkey('ec256-public.pem') }
       it 'returns a hash with the public parts of the key' do
         expect(subject).to be_a Hash
         expect(subject).to include(:kty, :kid, :x, :y)
@@ -127,7 +127,7 @@
 
         context 'when keypair is public' do
           context 'returns a public key' do
-            let(:keypair) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-public.pem'))) }
+            let(:keypair) { test_pkey('ec256-public.pem') }
             let(:params) { exported_key }
 
             it 'returns a hash with the public parts of the key' do

spec/jwt_spec.rb

@@ -8,20 +8,20 @@
       :empty_token => 'e30K.e30K.e30K',
       :empty_token_2_segment => 'e30K.e30K.',
       :secret => 'My$ecretK3y',
-      :rsa_private => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-private.pem'))),
-      :rsa_public => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-public.pem'))),
-      :wrong_rsa_private => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))),
-      :wrong_rsa_public => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))),
-      'ES256_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-private.pem'))),
-      'ES256_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-public.pem'))),
-      'ES256_private_v2' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-private-v2.pem'))),
-      'ES256_public_v2' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-public-v2.pem'))),
-      'ES384_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec384-private.pem'))),
-      'ES384_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec384-public.pem'))),
-      'ES512_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec512-private.pem'))),
-      'ES512_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec512-public.pem'))),
-      'ES256K_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256k-private.pem'))),
-      'ES256K_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256k-public.pem'))),
+      :rsa_private => test_pkey('rsa-2048-private.pem'),
+      :rsa_public => test_pkey('rsa-2048-public.pem'),
+      :wrong_rsa_private => test_pkey('rsa-2048-wrong-public.pem'),
+      :wrong_rsa_public => test_pkey('rsa-2048-wrong-public.pem'),
+      'ES256_private' => test_pkey('ec256-private.pem'),
+      'ES256_public' => test_pkey('ec256-public.pem'),
+      'ES256_private_v2' => test_pkey('ec256-private-v2.pem'),
+      'ES256_public_v2' => test_pkey('ec256-public-v2.pem'),
+      'ES384_private' => test_pkey('ec384-private.pem'),
+      'ES384_public' => test_pkey('ec384-public.pem'),
+      'ES512_private' => test_pkey('ec512-private.pem'),
+      'ES512_public' => test_pkey('ec512-public.pem'),
+      'ES256K_private' => test_pkey('ec256k-private.pem'),
+      'ES256K_public' => test_pkey('ec256k-public.pem'),
       'NONE' => 'eyJhbGciOiJub25lIn0.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.',
       'HS256' => 'eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.kWOVtIOpWcG7JnyJG0qOkTDbOy636XrrQhMm_8JrRQ8',
       'HS512256' => 'eyJhbGciOiJIUzUxMjI1NiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.Ds_4ibvf7z4QOBoKntEjDfthy3WJ-3rKMspTEcHE2bA',
@@ -179,15 +179,15 @@
       end
 
       it 'wrong key should raise JWT::DecodeError' do
-        key = OpenSSL::PKey.read File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))
+        key = test_pkey('rsa-2048-wrong-public.pem')
 
         expect do
           JWT.decode data[alg], key, true, algorithm: alg
         end.to raise_error JWT::DecodeError
       end
 
       it 'wrong key and verify = false should not raise JWT::DecodeError' do
-        key = OpenSSL::PKey.read File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))
+        key = test_pkey('rsa-2048-wrong-public.pem')
 
         expect do
           JWT.decode data[alg], key, false
@@ -240,7 +240,7 @@
         data[alg] = JWT.encode(payload, data["#{alg}_private"], alg)
       end
 
-      let(:wrong_key) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-wrong-public.pem'))) }
+      let(:wrong_key) { test_pkey('ec256-wrong-public.pem') }
 
       it 'should generate a valid token' do
         jwt_payload, header = JWT.decode data[alg], data["#{alg}_public"], true, algorithm: alg

spec/spec_helper.rb

@@ -4,16 +4,17 @@
 require 'simplecov'
 require 'jwt'
 
+require_relative 'spec_support/test_keys'
+
 puts "OpenSSL::VERSION: #{OpenSSL::VERSION}"
 puts "OpenSSL::OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}"
 puts "OpenSSL::OPENSSL_LIBRARY_VERSION: #{OpenSSL::OPENSSL_LIBRARY_VERSION}\n\n"
 
-CERT_PATH = File.join(__dir__, 'fixtures', 'certs')
-
 RSpec.configure do |config|
   config.expect_with :rspec do |c|
     c.syntax = :expect
   end
+  config.include(SpecSupport::TestKeys)
   config.before(:example) { JWT.configuration.reset! }
   config.run_all_when_everything_filtered = true
   config.filter_run :focus

spec/spec_support/test_keys.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module SpecSupport
+  module TestKeys
+    KEY_FIXTURE_PATH = File.join(__dir__, '..', 'fixtures', 'keys')
+
+    def test_pkey(key)
+      TestKeys.keys[key] ||= read_pkey(key)
+    end
+
+    def read_pkey(key)
+      OpenSSL::PKey.read(File.read(File.join(KEY_FIXTURE_PATH, key)))
+    end
+
+    def self.keys
+      @keys ||= {}
+    end
+  end
+end

spec/x5c_key_finder_spec.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 describe JWT::X5cKeyFinder do
-  let(:root_key) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-private.pem'))) }
+  let(:root_key) { test_pkey('rsa-2048-private.pem') }
   let(:root_dn) { OpenSSL::X509::Name.parse('/DC=org/DC=fake-ca/CN=Fake CA') }
   let(:root_certificate) { generate_root_cert(root_dn, root_key) }
   let(:leaf_key) { generate_key }