2019-02-21 00:10:42 +00:00
|
|
|
package keyfetch
|
2019-02-08 01:26:45 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
2019-02-20 19:26:37 +00:00
|
|
|
"time"
|
2019-02-20 19:59:22 +00:00
|
|
|
|
2020-05-10 18:34:01 +00:00
|
|
|
"git.rootprojects.org/root/keypairs"
|
|
|
|
"git.rootprojects.org/root/keypairs/keyfetch/uncached"
|
2019-02-08 01:26:45 +00:00
|
|
|
)
|
|
|
|
|
2019-03-15 23:52:53 +00:00
|
|
|
var pubkey keypairs.PublicKey
|
|
|
|
|
2019-02-19 23:50:46 +00:00
|
|
|
func TestCachesKey(t *testing.T) {
|
2019-02-22 21:40:46 +00:00
|
|
|
testCachesKey(t, "https://bigsquid.auth0.com/")
|
|
|
|
clear()
|
|
|
|
testCachesKey(t, "https://bigsquid.auth0.com")
|
2019-03-15 23:52:53 +00:00
|
|
|
// Get PEM
|
|
|
|
k3, err := PEM("https://bigsquid.auth0.com/pem")
|
|
|
|
if nil != err {
|
|
|
|
t.Fatal("Error fetching and caching key:", err)
|
|
|
|
}
|
|
|
|
if k3.Thumbprint() != pubkey.Thumbprint() {
|
|
|
|
t.Fatal("Error got different thumbprint for different versions of the same key:", err)
|
|
|
|
}
|
2019-03-08 21:28:23 +00:00
|
|
|
clear()
|
|
|
|
testCachesKey(t, "https://big-squid.github.io/")
|
2019-02-22 21:40:46 +00:00
|
|
|
}
|
2019-02-20 19:26:37 +00:00
|
|
|
|
2019-03-25 23:48:39 +00:00
|
|
|
func TestKnownKID(t *testing.T) {
|
|
|
|
url := "https://kraken-dev.auth0.com"
|
|
|
|
kid := "RkVGNTM5NDc4NkM4NjA5OEMxMTNCMTNBQ0RGRDA0MEQ0RDNDMkM3Qw"
|
|
|
|
_, err := OIDCJWK(kid, url)
|
|
|
|
if nil != err {
|
|
|
|
t.Fatal(url, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-22 21:40:46 +00:00
|
|
|
func testCachesKey(t *testing.T, url string) {
|
2019-02-19 23:50:46 +00:00
|
|
|
// Raw fetch a key and get KID and Thumbprint
|
2019-02-21 00:10:42 +00:00
|
|
|
_, keys, err := uncached.OIDCJWKs(url)
|
2019-02-20 19:26:37 +00:00
|
|
|
if nil != err {
|
|
|
|
t.Fatal(url, err)
|
|
|
|
}
|
|
|
|
if 0 == len(keys) {
|
|
|
|
t.Fatal("Should discover 1 or more keys via", url)
|
|
|
|
}
|
|
|
|
|
2019-02-20 19:59:22 +00:00
|
|
|
var key keypairs.PublicKey
|
2019-02-20 19:26:37 +00:00
|
|
|
for i := range keys {
|
|
|
|
key = keys[i]
|
|
|
|
break
|
|
|
|
}
|
|
|
|
thumb := key.Thumbprint()
|
|
|
|
|
2019-02-19 23:50:46 +00:00
|
|
|
// Look in cache for each (and fail)
|
2019-02-21 00:10:42 +00:00
|
|
|
if pub := Get(thumb, ""); nil != pub {
|
2019-02-20 19:26:37 +00:00
|
|
|
t.Fatal("SANITY: Should not have any key cached by thumbprint")
|
|
|
|
}
|
|
|
|
|
2019-02-19 23:50:46 +00:00
|
|
|
// Get with caching
|
2019-03-15 23:52:53 +00:00
|
|
|
pubkey, err = OIDCJWK(thumb, url)
|
2019-02-20 19:26:37 +00:00
|
|
|
if nil != err {
|
|
|
|
t.Fatal("Error fetching and caching key:", err)
|
|
|
|
}
|
|
|
|
|
2019-02-19 23:50:46 +00:00
|
|
|
// Look in cache for each (and succeed)
|
2019-02-21 00:10:42 +00:00
|
|
|
if pub := Get(thumb, ""); nil == pub {
|
|
|
|
t.Fatal("key was not properly cached by thumbprint", thumb)
|
2019-02-20 19:26:37 +00:00
|
|
|
}
|
2019-03-15 23:52:53 +00:00
|
|
|
if "" != pubkey.KeyID() {
|
|
|
|
if pub := Get(pubkey.KeyID(), url); nil == pub {
|
|
|
|
t.Fatal("key was not properly cached by kid", pubkey.KeyID())
|
2019-02-20 19:26:37 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
t.Log("Key did not have an explicit KeyID")
|
|
|
|
}
|
|
|
|
|
2019-02-19 23:50:46 +00:00
|
|
|
// Get again (should be sub-ms instant)
|
2019-02-20 19:26:37 +00:00
|
|
|
now := time.Now()
|
2019-02-21 00:10:42 +00:00
|
|
|
_, err = OIDCJWK(thumb, url)
|
2019-02-20 19:26:37 +00:00
|
|
|
if nil != err {
|
|
|
|
t.Fatal("SANITY: Failed to get the key we just got...", err)
|
|
|
|
}
|
|
|
|
if time.Now().Sub(now) > time.Millisecond {
|
|
|
|
t.Fatal("Failed to cache key by thumbprint...", time.Now().Sub(now))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Sanity check that the kid and thumb match
|
2019-03-15 23:52:53 +00:00
|
|
|
if key.KeyID() != pubkey.KeyID() || key.Thumbprint() != pubkey.Thumbprint() {
|
|
|
|
t.Fatal("SANITY: KeyIDs or Thumbprints do not match:", key.KeyID(), pubkey.KeyID(), key.Thumbprint(), pubkey.Thumbprint())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get 404
|
|
|
|
_, err = PEM(url + "/will-not-be-found.xyz")
|
|
|
|
if nil == err {
|
|
|
|
t.Fatal("Should have an error when retrieving a 404 or index.html:", err)
|
2019-02-20 19:26:37 +00:00
|
|
|
}
|
2019-02-19 23:50:46 +00:00
|
|
|
}
|