keypairs/keyfetch/fetch_test.go

104 lines
2.7 KiB
Go
Raw Normal View History

2019-02-21 00:10:42 +00:00
package keyfetch
2019-02-08 01:26:45 +00:00
import (
"testing"
2019-02-20 19:26:37 +00:00
"time"
2019-02-20 19:59:22 +00:00
2020-05-10 18:34:01 +00:00
"git.rootprojects.org/root/keypairs"
"git.rootprojects.org/root/keypairs/keyfetch/uncached"
2019-02-08 01:26:45 +00:00
)
var pubkey keypairs.PublicKeyTransitional
2019-03-15 23:52:53 +00:00
2019-02-19 23:50:46 +00:00
func TestCachesKey(t *testing.T) {
testCachesKey(t, "https://bigsquid.auth0.com/")
clear()
testCachesKey(t, "https://bigsquid.auth0.com")
2019-03-15 23:52:53 +00:00
// Get PEM
pubk3, err := PEM("https://bigsquid.auth0.com/pem")
2019-03-15 23:52:53 +00:00
if nil != err {
t.Fatal("Error fetching and caching key:", err)
}
thumb3 := keypairs.Thumbprint(pubk3)
thumb := keypairs.Thumbprint(pubkey)
if thumb3 != thumb {
t.Fatalf("Error got different thumbprint for different versions of the same key %q != %q: %v", thumb3, thumb, err)
2019-03-15 23:52:53 +00:00
}
2019-03-08 21:28:23 +00:00
clear()
testCachesKey(t, "https://big-squid.github.io/")
}
2019-02-20 19:26:37 +00:00
2019-03-25 23:48:39 +00:00
func TestKnownKID(t *testing.T) {
url := "https://kraken-dev.auth0.com"
kid := "RkVGNTM5NDc4NkM4NjA5OEMxMTNCMTNBQ0RGRDA0MEQ0RDNDMkM3Qw"
_, err := OIDCJWK(kid, url)
if nil != err {
t.Fatal(url, err)
}
}
func testCachesKey(t *testing.T, url string) {
2019-02-19 23:50:46 +00:00
// Raw fetch a key and get KID and Thumbprint
2019-02-21 00:10:42 +00:00
_, keys, err := uncached.OIDCJWKs(url)
2019-02-20 19:26:37 +00:00
if nil != err {
t.Fatal(url, err)
}
if 0 == len(keys) {
t.Fatal("Should discover 1 or more keys via", url)
}
var key keypairs.PublicKeyTransitional
2019-02-20 19:26:37 +00:00
for i := range keys {
key = keys[i].Key().(keypairs.PublicKeyTransitional)
2019-02-20 19:26:37 +00:00
break
}
thumb := keypairs.Thumbprint(key)
2019-02-20 19:26:37 +00:00
2019-02-19 23:50:46 +00:00
// Look in cache for each (and fail)
2019-02-21 00:10:42 +00:00
if pub := Get(thumb, ""); nil != pub {
2019-02-20 19:26:37 +00:00
t.Fatal("SANITY: Should not have any key cached by thumbprint")
}
2019-02-19 23:50:46 +00:00
// Get with caching
2019-03-15 23:52:53 +00:00
pubkey, err = OIDCJWK(thumb, url)
2019-02-20 19:26:37 +00:00
if nil != err {
t.Fatal("Error fetching and caching key:", err)
}
2019-02-19 23:50:46 +00:00
// Look in cache for each (and succeed)
2019-02-21 00:10:42 +00:00
if pub := Get(thumb, ""); nil == pub {
t.Fatal("key was not properly cached by thumbprint", thumb)
2019-02-20 19:26:37 +00:00
}
// TODO thumb / id mapping
thumb = keypairs.Thumbprint(pubkey)
if pub := Get(thumb, url); nil == pub {
t.Fatal("key was not properly cached by kid", pubkey)
2019-02-20 19:26:37 +00:00
} else {
t.Log("Key did not have an explicit KeyID")
}
2019-02-19 23:50:46 +00:00
// Get again (should be sub-ms instant)
2019-02-20 19:26:37 +00:00
now := time.Now()
2019-02-21 00:10:42 +00:00
_, err = OIDCJWK(thumb, url)
2019-02-20 19:26:37 +00:00
if nil != err {
t.Fatal("SANITY: Failed to get the key we just got...", err)
}
if time.Now().Sub(now) > time.Millisecond {
t.Fatal("Failed to cache key by thumbprint...", time.Now().Sub(now))
}
// Sanity check that the kid and thumb match
if !key.Equal(pubkey) || keypairs.Thumbprint(key) != keypairs.Thumbprint(pubkey) {
t.Fatalf("SANITY: [todo: KeyIDs or] Thumbprints do not match:\n%q != %q\n%q != %q",
keypairs.Thumbprint(key), keypairs.Thumbprint(pubkey),
keypairs.Thumbprint(key), keypairs.Thumbprint(pubkey))
2019-03-15 23:52:53 +00:00
}
// Get 404
_, err = PEM(url + "/will-not-be-found.xyz")
if nil == err {
t.Fatal("Should have an error when retrieving a 404 or index.html:", err)
2019-02-20 19:26:37 +00:00
}
2019-02-19 23:50:46 +00:00
}