This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push: new 2a02969e5 jwt: plumb JWT into mini cluster 2a02969e5 is described below commit 2a02969e5c186b22f1bf89555f184680eaf31ca0 Author: Zoltan Chovan <zcho...@cloudera.com> AuthorDate: Thu Feb 2 12:57:01 2023 +0100 jwt: plumb JWT into mini cluster This patch adds options to ExternalMiniCluster to start a MiniOidc alongside the calling process. Co-authored-by: Andrew Wong <aw...@apache.org> Change-Id: Id0d3e53b60933ada0194afbe0ad4775be649b653 Reviewed-on: http://gerrit.cloudera.org:8080/18475 Tested-by: Kudu Jenkins Reviewed-by: Wenzhe Zhou <wz...@cloudera.com> Reviewed-by: Alexey Serbin <ale...@apache.org> --- src/kudu/integration-tests/security-itest.cc | 62 ++++ src/kudu/mini-cluster/CMakeLists.txt | 1 + src/kudu/mini-cluster/external_mini_cluster.cc | 23 +- src/kudu/mini-cluster/external_mini_cluster.h | 14 + src/kudu/rpc/negotiation.cc | 2 +- src/kudu/server/server_base.cc | 2 +- src/kudu/util/CMakeLists.txt | 2 +- src/kudu/util/jwt-util.cc | 4 +- .../util/{jwt_test_certs.h => jwt_test_certs.cc} | 83 +++-- src/kudu/util/jwt_test_certs.h | 342 +++------------------ src/kudu/util/mini_oidc.cc | 2 +- 11 files changed, 181 insertions(+), 356 deletions(-) diff --git a/src/kudu/integration-tests/security-itest.cc b/src/kudu/integration-tests/security-itest.cc index f8a253ae2..2d520e1b6 100644 --- a/src/kudu/integration-tests/security-itest.cc +++ b/src/kudu/integration-tests/security-itest.cc @@ -27,6 +27,8 @@ #include <string> #include <tuple> #include <type_traits> +#include <unordered_map> +#include <utility> #include <vector> #include <gflags/gflags_declare.h> @@ -64,6 +66,7 @@ #include "kudu/tserver/tserver_service.pb.h" #include "kudu/tserver/tserver_service.proxy.h" #include "kudu/util/env.h" +#include "kudu/util/mini_oidc.h" #include "kudu/util/monotime.h" #include "kudu/util/net/net_util.h" #include "kudu/util/net/sockaddr.h" @@ -509,6 +512,65 @@ void GetFullBinaryPath(string* binary) { (*binary) = JoinPathSegments(DirName(exe), *binary); } +TEST_F(SecurityITest, TestJwtMiniCluster) { + cluster_opts_.enable_kerberos = false; + cluster_opts_.num_tablet_servers = 0; + cluster_opts_.enable_client_jwt = true; + MiniOidcOptions oidc_opts; + const auto* const kValidAccount = "valid"; + const auto* const kInvalidAccount = "invalid"; + oidc_opts.account_ids = { + { kValidAccount, true }, + { kInvalidAccount, false }, + }; + + cluster_opts_.mini_oidc_options = std::move(oidc_opts); + ASSERT_OK(StartCluster()); + const auto* const kSubject = "kudu-user"; + const auto configure_builder_for = [&] (const string& account_id, KuduClientBuilder* b) { + client::AuthenticationCredentialsPB pb; + security::JwtRawPB jwt = security::JwtRawPB(); + *jwt.mutable_jwt_data() = MiniOidc::CreateJwt(account_id, kSubject, true); + *pb.mutable_jwt() = std::move(jwt); + string creds; + CHECK(pb.SerializeToString(&creds)); + + for (auto i = 0; i < cluster_->num_masters(); ++i) { + b->add_master_server_addr(cluster_->master(i)->bound_rpc_addr().ToString()); + } + b->import_authentication_credentials(creds); + b->require_authentication(true); + }; + + { + KuduClientBuilder valid_builder; + shared_ptr<KuduClient> client; + configure_builder_for(kValidAccount, &valid_builder); + ASSERT_OK(valid_builder.Build(&client)); + vector<string> tables; + ASSERT_OK(client->ListTables(&tables)); + } + { + KuduClientBuilder invalid_builder; + shared_ptr<KuduClient> client; + configure_builder_for(kInvalidAccount, &invalid_builder); + Status s = invalid_builder.Build(&client); + ASSERT_FALSE(s.ok()) << s.ToString(); + ASSERT_STR_CONTAINS(s.ToString(), "FATAL_INVALID_JWT"); + } + { + KuduClientBuilder no_jwt_builder; + shared_ptr<KuduClient> client; + for (auto i = 0; i < cluster_->num_masters(); ++i) { + no_jwt_builder.add_master_server_addr(cluster_->master(i)->bound_rpc_addr().ToString()); + } + no_jwt_builder.require_authentication(true); + Status s = no_jwt_builder.Build(&client); + ASSERT_FALSE(s.ok()) << s.ToString(); + ASSERT_STR_CONTAINS(s.ToString(), "Not authorized"); + } +} + TEST_F(SecurityITest, TestWorldReadableKeytab) { const string credentials_name = GetTestPath("insecure.keytab"); NO_FATALS(CreateWorldReadableFile(credentials_name)); diff --git a/src/kudu/mini-cluster/CMakeLists.txt b/src/kudu/mini-cluster/CMakeLists.txt index 479e83f44..f10497a0d 100644 --- a/src/kudu/mini-cluster/CMakeLists.txt +++ b/src/kudu/mini-cluster/CMakeLists.txt @@ -37,6 +37,7 @@ set(MINI_CLUSTER_LIBS master_proto mini_hms mini_kdc + mini_oidc mini_ranger mini_ranger_kms server_base_proto diff --git a/src/kudu/mini-cluster/external_mini_cluster.cc b/src/kudu/mini-cluster/external_mini_cluster.cc index 2cb5187dd..6db49b86e 100644 --- a/src/kudu/mini-cluster/external_mini_cluster.cc +++ b/src/kudu/mini-cluster/external_mini_cluster.cc @@ -72,6 +72,8 @@ #include "kudu/util/env.h" #include "kudu/util/env_util.h" #include "kudu/util/fault_injection.h" +#include "kudu/util/jwt-util.h" +#include "kudu/util/mini_oidc.h" #include "kudu/util/monotime.h" #include "kudu/util/net/sockaddr.h" #include "kudu/util/net/socket.h" @@ -140,14 +142,12 @@ ExternalMiniClusterOptions::ExternalMiniClusterOptions() enable_encryption(FLAGS_encrypt_data_at_rest), logtostderr(true), start_process_timeout(MonoDelta::FromSeconds(70)), - rpc_negotiation_timeout(MonoDelta::FromSeconds(3)) + rpc_negotiation_timeout(MonoDelta::FromSeconds(3)), #if !defined(NO_CHRONY) - , num_ntp_servers(1), - ntp_config_mode(BuiltinNtpConfigMode::ALL_SERVERS) + ntp_config_mode(BuiltinNtpConfigMode::ALL_SERVERS), #endif // #if !defined(NO_CHRONY) ... -{ -} + enable_client_jwt(false) {} ExternalMiniCluster::ExternalMiniCluster() : opts_(ExternalMiniClusterOptions()) { @@ -269,12 +269,20 @@ Status ExternalMiniCluster::Start() { gflags::FlagSaver saver; FLAGS_dns_addr_resolution_override = dns_overrides_; + std::shared_ptr<PerAccountKeyBasedJwtVerifier> jwt_verifier = nullptr; + if (opts_.enable_client_jwt) { + oidc_.reset(new MiniOidc(opts_.mini_oidc_options)); + RETURN_NOT_OK_PREPEND(oidc_->Start(), "Failed to start OIDC endpoints"); + jwt_verifier = std::make_shared<PerAccountKeyBasedJwtVerifier>(oidc_->url()); + } + RETURN_NOT_OK_PREPEND( rpc::MessengerBuilder("minicluster-messenger") .set_num_reactors(1) .set_max_negotiation_threads(1) .set_rpc_negotiation_timeout_ms(opts_.rpc_negotiation_timeout.ToMilliseconds()) .set_sasl_proto_name(opts_.principal) + .set_jwt_verifier(std::move(jwt_verifier)) .Build(&messenger_), "Failed to start Messenger for minicluster"); @@ -719,6 +727,11 @@ Status ExternalMiniCluster::CreateMaster(const vector<HostPort>& master_rpc_addr "ranger-client"))); flags.emplace_back("--trusted_user_acl=test-admin"); } + if (opts_.enable_client_jwt) { + flags.emplace_back("--enable_jwt_token_auth=true"); + flags.emplace_back(Substitute("--jwks_url=$0", oidc_->url())); + flags.emplace_back(Substitute("--jwks_discovery_endpoint_base=$0", oidc_->url())); + } if (!opts_.master_alias_prefix.empty()) { flags.emplace_back(Substitute("--host_for_tests=$0.$1", opts_.master_alias_prefix, idx)); diff --git a/src/kudu/mini-cluster/external_mini_cluster.h b/src/kudu/mini-cluster/external_mini_cluster.h index e1ab188b0..5cf7abe69 100644 --- a/src/kudu/mini-cluster/external_mini_cluster.h +++ b/src/kudu/mini-cluster/external_mini_cluster.h @@ -39,6 +39,7 @@ #include "kudu/gutil/ref_counted.h" #include "kudu/mini-cluster/mini_cluster.h" #include "kudu/security/test/mini_kdc.h" +#include "kudu/util/mini_oidc.h" #include "kudu/util/monotime.h" #include "kudu/util/net/net_util.h" #include "kudu/util/status.h" @@ -314,6 +315,14 @@ struct ExternalMiniClusterOptions { std::string master_alias_prefix; std::string tserver_alias_prefix; + + MiniOidcOptions mini_oidc_options; + + // When set to true, servers are configured to verify JWTs via the configured + // OIDC server. + // + // Default: false + bool enable_client_jwt; }; // A mini-cluster made up of subprocesses running each of the daemons @@ -440,6 +449,10 @@ class ExternalMiniCluster : public MiniCluster { return ranger_kms_.get(); } + MiniOidc* oidc() const { + return oidc_.get(); + } + const std::string& cluster_root() const { return opts_.cluster_root; } @@ -615,6 +628,7 @@ class ExternalMiniCluster : public MiniCluster { std::shared_ptr<ranger::MiniRanger> ranger_; std::unique_ptr<security::KeyProvider> key_provider_; std::unique_ptr<rangerkms::MiniRangerKMS> ranger_kms_; + std::unique_ptr<MiniOidc> oidc_; std::shared_ptr<rpc::Messenger> messenger_; diff --git a/src/kudu/rpc/negotiation.cc b/src/kudu/rpc/negotiation.cc index 8f5a0cf5d..07430c8d9 100644 --- a/src/kudu/rpc/negotiation.cc +++ b/src/kudu/rpc/negotiation.cc @@ -17,11 +17,11 @@ #include "kudu/rpc/negotiation.h" -#include <ctime> #include <poll.h> #include <sys/socket.h> #include <cerrno> +#include <ctime> #include <memory> #include <optional> #include <ostream> diff --git a/src/kudu/server/server_base.cc b/src/kudu/server/server_base.cc index 14db0f359..1fac55e71 100644 --- a/src/kudu/server/server_base.cc +++ b/src/kudu/server/server_base.cc @@ -706,7 +706,7 @@ Status ServerBase::Init() { std::shared_ptr<JwtVerifier> jwt_verifier; if (FLAGS_enable_jwt_token_auth) { if (!FLAGS_jwks_url.empty()) { - jwt_verifier = std::make_shared<KeyBasedJwtVerifier>(FLAGS_jwks_url, false); + jwt_verifier = std::make_shared<PerAccountKeyBasedJwtVerifier>(FLAGS_jwks_url); } else if (!FLAGS_jwks_file_path.empty()) { jwt_verifier = std::make_shared<KeyBasedJwtVerifier>(FLAGS_jwks_file_path, true); } else { diff --git a/src/kudu/util/CMakeLists.txt b/src/kudu/util/CMakeLists.txt index bf7d8a843..51ba95ef1 100644 --- a/src/kudu/util/CMakeLists.txt +++ b/src/kudu/util/CMakeLists.txt @@ -356,7 +356,7 @@ target_link_libraries(kudu_curl_util ####################################### # mini_oidc ####################################### -set (MINI_OIDC_SRCS mini_oidc.cc) +set (MINI_OIDC_SRCS mini_oidc.cc jwt_test_certs.cc) add_library(mini_oidc ${MINI_OIDC_SRCS}) target_link_libraries(mini_oidc server_process diff --git a/src/kudu/util/jwt-util.cc b/src/kudu/util/jwt-util.cc index cff633ad8..6ecd51cd5 100644 --- a/src/kudu/util/jwt-util.cc +++ b/src/kudu/util/jwt-util.cc @@ -1018,8 +1018,8 @@ Status PerAccountKeyBasedJwtVerifier::JWTHelperForToken(const JWTHelper::JWTDeco Status PerAccountKeyBasedJwtVerifier::Init() { for (auto& [account_id, verifier] : jwt_by_account_id_) { - verifier->Init(Substitute("$0?accountId=$1", oidc_uri_, account_id), - /*is_local_file*/false); + RETURN_NOT_OK(verifier->Init(Substitute("$0?accountId=$1", oidc_uri_, account_id), + /*is_local_file*/false)); } return Status::OK(); } diff --git a/src/kudu/util/jwt_test_certs.h b/src/kudu/util/jwt_test_certs.cc similarity index 87% copy from src/kudu/util/jwt_test_certs.h copy to src/kudu/util/jwt_test_certs.cc index e30d85461..3f1311d0d 100644 --- a/src/kudu/util/jwt_test_certs.h +++ b/src/kudu/util/jwt_test_certs.cc @@ -14,11 +14,9 @@ // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. -#pragma once +#include "kudu/util/jwt_test_certs.h" -#include <string> - -const std::string kRsaPrivKeyPem = R"(-----BEGIN PRIVATE KEY----- +const char* kRsaPrivKeyPem = R"(-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4ZtdaIrd1BPIJ tfnF0TjIK5inQAXZ3XlCrUlJdP+XHwIRxdv1FsN12XyMYO/6ymLmo9ryoQeIrsXB XYqlET3zfAY+diwCb0HEsVvhisthwMU4gZQu6TYW2s9LnXZB5rVtcBK69hcSlA2k @@ -46,7 +44,7 @@ RultUEe2C0jYMDQx+JYxbPmtcopvZQrFEur3WKVuLy5UAy7EBvwMnZwIG7OOohJb vkSpADK6VPn9lbqq7O8cTedEHttm6otmLt8ZyEl3hZMaL3hbuRj6ysjmoFKx6CrX rK0/Ikt5ybqUzKCMJZg2VKGTxg== -----END PRIVATE KEY-----)"; -const std::string kRsaPubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kRsaPubKeyPem = R"(-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbXWiK3dQTyCbX5xdE4 yCuYp0AF2d15Qq1JSXT/lx8CEcXb9RbDddl8jGDv+spi5qPa8qEHiK7FwV2KpRE9 83wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVs @@ -57,15 +55,15 @@ YwIDAQAB -----END PUBLIC KEY-----)"; // The public keys in JWK format were converted from PEM formatted crypto keys with // pem-to-jwk tool at https://hub.docker.com/r/danedmunds/pem-to-jwk/ -const std::string kRsaPubKeyJwkN = +const char* kRsaPubKeyJwkN = "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-sp" "i5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qe" "a1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTF" "IF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3F" "p8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902" "v9w-Iplu1WyoB2aPfitxEhRN0Yw"; -const std::string kRsaPubKeyJwkE = "AQAB"; -const std::string kRsaInvalidPubKeyJwkN = +const char* kRsaPubKeyJwkE = "AQAB"; +const char* kRsaInvalidPubKeyJwkN = "xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46" "rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd" "i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i" @@ -73,7 +71,7 @@ const std::string kRsaInvalidPubKeyJwkN = "CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X" "kiCcrkyS1cnghnllh-LCwQu1sYw"; -const std::string kRsa512PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- +const char* kRsa512PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw 33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW +jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB @@ -88,18 +86,18 @@ fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523 Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw== -----END RSA PRIVATE KEY-----)"; -const std::string kRsa512PubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kRsa512PubKeyPem = R"(-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D o2kQ+X5xK9cipRgEKwIDAQAB -----END PUBLIC KEY-----)"; -const std::string kRsa512PubKeyJwkN = +const char* kRsa512PubKeyJwkN = "3ZWrUY0Y6IKN1qI4BhxR2C7oHVFgGPYkd38uGq1jQNSqEvJFcN93CYm16_G78FA" "FKWqwsJb3Wx-nbxDn6LtP4AhULB1H0K0g7_jLklDAHvI8yhOKlvoyvsUFPWtNxl" "Jyh5JJXvkNKV_4Oo12e69f8QCuQ6NpEPl-cSvXIqUYBCs"; -const std::string kRsa512PubKeyJwkE = "AQAB"; -const std::string kRsa512InvalidPubKeyJwkN = +const char* kRsa512PubKeyJwkE = "AQAB"; +const char* kRsa512InvalidPubKeyJwkN = "xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46" "rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd" "i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i" @@ -107,7 +105,7 @@ const std::string kRsa512InvalidPubKeyJwkN = "CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X" "kiCcrkyS1cnghnllh-LCwQu1sYw"; -const std::string kRsa1024PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- +const char* kRsa1024PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDT+6sb2SvN69NB+6Zg78B7mdke0tC91CTfixzCSn7wS8JUvvZK AO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSNxouVdt/aT9+cw27kzVQE59NA PMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobwmsu5ZWRqYTwdXvFXIQIDAQAB @@ -122,19 +120,19 @@ oaBgAAiDH1UPpAvK6LfALl0P6E1pjLvWjvhOg/Z4xKvS21cJIJlF0ShGFSV2CTzx YQUiqLkHegkGxV353XRxVQJAZaW5O2BI5jKy2hK0EoAx3pSnp2X4CmkWrXsSeOgC Zz+jDkn8QzPbRwb8cyks/IHc2CBvaFStLFKO2VQj1THDhw== -----END RSA PRIVATE KEY-----)"; -const std::string kRsa1024PubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kRsa1024PubKeyPem = R"(-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT+6sb2SvN69NB+6Zg78B7mdke 0tC91CTfixzCSn7wS8JUvvZKAO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSN xouVdt/aT9+cw27kzVQE59NAPMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobw msu5ZWRqYTwdXvFXIQIDAQAB -----END PUBLIC KEY-----)"; -const std::string kRsa1024PubKeyJwkN = +const char* kRsa1024PubKeyJwkN = "0_urG9krzevTQfumYO_Ae5nZHtLQvdQk34scwkp-8EvCVL72SgDtbjIJ6wkHQ69" "kzXkWK-rq2sCDggwdWG89fnAUjcaLlXbf2k_fnMNu5M1UBOfTQDzKUMi7V2gDke" "qw_Mc8iIAFddkBZnNZBxZe0o6G8JrLuWVkamE8HV7xVyE"; -const std::string kRsa1024PubKeyJwkE = "AQAB"; +const char* kRsa1024PubKeyJwkE = "AQAB"; -const std::string kRsa2048PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- +const char* kRsa2048PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU+QYZ +T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBih zcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q/Yap+etvIj @@ -161,7 +159,7 @@ jOODBXkCgYEAhaD3gZUCWU+ZA6QmxPotfe9L0tzjmUjsLo0QUgIHJa2VaoHzdnWC ClvP3tFFkv2dlD6UW+g0JJFTVWcv+HEiC9WUnD/C6dXK/qA3fRvBhRKy8FTwvOis zSVeYds6mvDJwFe+2mk0KQiKnxlx22B4PcYbbN7mZ2ClBFTFrp0+Id4= -----END RSA PRIVATE KEY-----)"; -const std::string kRsa2048PubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kRsa2048PubKeyPem = R"(-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jCHomsNIaRYVlsemWg9 yBx3od1B9Fd9RUslk9IVE7IU+QYZ+T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWH iJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ON @@ -170,16 +168,16 @@ c7x8ZlLqogPczkXvW6T+YAkwA8XwginZw0xBzfpoOEnajqm4Yikck0gJ0HwdlYFI p72ih7uozne7PYLVGb9X97cL0H1XDiA/SXJiFKo1AKXihcOdIRiw49eo9rzsoWPy gQIDAQAB -----END PUBLIC KEY-----)"; -const std::string kRsa2048PubKeyJwkN = +const char* kRsa2048PubKeyJwkN = "0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU-QYZ-T4NvRVPAMjpzuu" "rvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP_52" "s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q_Yap-etvIjD1r2zQkQke53A" "n9LvVl7OKkM8KGOcE_0tJRmc7x8ZlLqogPczkXvW6T-YAkwA8XwginZw0xBzfpo" "OEnajqm4Yikck0gJ0HwdlYFIp72ih7uozne7PYLVGb9X97cL0H1XDiA_SXJiFKo" "1AKXihcOdIRiw49eo9rzsoWPygQ"; -const std::string kRsa2048PubKeyJwkE = "AQAB"; +const char* kRsa2048PubKeyJwkE = "AQAB"; -const std::string kRsa4096PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- +const char* kRsa4096PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAtxmYsvs6ZfhTCFKCHQBW/W3iRfh8wZN+/XPXaOiIx9SXYSFr b/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6q acP15couRwxbJx45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm5 @@ -230,7 +228,7 @@ rzo7tuC/a+Da3nd2UnMheqf8ajt7oXaXgrqYjzK9Fx/QJcUel12ny+Nx+NADx4UU K43Js4kcyWyYG9ms7S643u1leDDO+hpeB6EN15U2v7zXi8rMrLqvNKrBi9bCRFDu 3zsKSPS+qeqpNBsefGtx7oluHdiQocA6w20nQ1DzIW2mOo8Pn5nzt7fPPPA= -----END RSA PRIVATE KEY-----)"; -const std::string kRsa4096PubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kRsa4096PubKeyPem = R"(-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtxmYsvs6ZfhTCFKCHQBW /W3iRfh8wZN+/XPXaOiIx9SXYSFrb/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvt NuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx45ODQNyh5jNF4SdzqThNFT @@ -244,7 +242,7 @@ Vw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd1E+Jh7IKQJn8gydsQ0enlMmtwsJO/ tEvYBojFXbl4XecMWADTiExjXobX1y7u9ZTn0KRNkPpX9GTgY3oR0ei+rwOr4d+k 2CrUdkMTGfjnfcDHKjHh3LMCAwEAAQ== -----END PUBLIC KEY-----)"; -const std::string kRsa4096PubKeyJwkN = +const char* kRsa4096PubKeyJwkN = "txmYsvs6ZfhTCFKCHQBW_W3iRfh8wZN-_XPXaOiIx9SXYSFrb_WRaTn8UOvflYu" "RnPYMaRGr5gVTS6_WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx" "45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm58liMHxp9h9yTm" @@ -256,67 +254,67 @@ const std::string kRsa4096PubKeyJwkN = "C3-i9ZXxiJ1u8avYfGjH8RrJW8dvVw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd" "1E-Jh7IKQJn8gydsQ0enlMmtwsJO_tEvYBojFXbl4XecMWADTiExjXobX1y7u9Z" "Tn0KRNkPpX9GTgY3oR0ei-rwOr4d-k2CrUdkMTGfjnfcDHKjHh3LM"; -const std::string kRsa4096PubKeyJwkE = "AQAB"; +const char* kRsa4096PubKeyJwkE = "AQAB"; -const std::string kEcdsa521PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY----- +const char* kEcdsa521PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAuZxTZjLIZM5hxgZX+JRrqt5FKpAEg/meZ7m9aSE3XbRITqtfz1Uy h2Srn7o8+4j/jQpwHTTHZThy10u5jMjaR+mgBwYFK4EEACOhgYkDgYYABAFFah0k 6m4ddp/tUN/ObrKKwSCp4QUZdiAMaC9eY1HyNBPuuEsH5qCfeY5lmeJwSUpzCosn rgW8M2hQ4Kr5V9OXrgHLA5WVtH6//sSkUY2/xYuqc7/Ln8gI5ddtr1qG64Xtgs05 /CNajSjFZeLm76llakvYiBTTH/ii8hIfrwukW9IP7Q== -----END EC PRIVATE KEY-----)"; -const std::string kEcdsa521PubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kEcdsa521PubKeyPem = R"(-----BEGIN PUBLIC KEY----- MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBRWodJOpuHXaf7VDfzm6yisEgqeEF GXYgDGgvXmNR8jQT7rhLB+agn3mOZZnicElKcwqLJ64FvDNoUOCq+VfTl64BywOV lbR+v/7EpFGNv8WLqnO/y5/ICOXXba9ahuuF7YLNOfwjWo0oxWXi5u+pZWpL2IgU 0x/4ovISH68LpFvSD+0= -----END PUBLIC KEY-----)"; -const std::string kEcdsa521PubKeyJwkX = +const char* kEcdsa521PubKeyJwkX = "AUVqHSTqbh12n-1Q385usorBIKnhBRl2IAxoL15jUfI0E-64SwfmoJ95jmWZ4nB" "JSnMKiyeuBbwzaFDgqvlX05eu"; -const std::string kEcdsa521PubKeyJwkY = +const char* kEcdsa521PubKeyJwkY = "AcsDlZW0fr_-xKRRjb_Fi6pzv8ufyAjl122vWobrhe2CzTn8I1qNKMVl4ubvqWV" "qS9iIFNMf-KLyEh-vC6Rb0g_t"; -const std::string kEcdsa384PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY----- +const char* kEcdsa384PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCrPXJDgQDtNRpM0qNUW/zN1vrCvOVH1CsItVZ+1NeGB+w/2whnIXJQ K7U5C1ETPHagBwYFK4EEACKhZANiAAR0JjvVJXc3u1I/7vt5mxzPtAIi1VIqxCwN wgISZVySTYZQzyicW2GfhMlFCow28LzqTwH/eCymAvnTAmpK/P1hXhNcnxDBZNOU WMbMLFcQrg2wwpIb/k/IXobNwjNPRBo= -----END EC PRIVATE KEY-----)"; -const std::string kEcdsa384PubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kEcdsa384PubKeyPem = R"(-----BEGIN PUBLIC KEY----- MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdCY71SV3N7tSP+77eZscz7QCItVSKsQs DcICEmVckk2GUM8onFthn4TJRQqMNvC86k8B/3gspgL50wJqSvz9YV4TXJ8QwWTT lFjGzCxXEK4NsMKSG/5PyF6GzcIzT0Qa -----END PUBLIC KEY-----)"; -const std::string kEcdsa384PubKeyJwkX = +const char* kEcdsa384PubKeyJwkX = "dCY71SV3N7tSP-77eZscz7QCItVSKsQsDcICEmVckk2GUM8onFthn4TJRQqMNvC8"; -const std::string kEcdsa384PubKeyJwkY = +const char* kEcdsa384PubKeyJwkY = "6k8B_3gspgL50wJqSvz9YV4TXJ8QwWTTlFjGzCxXEK4NsMKSG_5PyF6GzcIzT0Qa"; -const std::string kEcdsa256PrivKeyPem = R"(-----BEGIN PRIVATE KEY----- +const char* kEcdsa256PrivKeyPem = R"(-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPGJGAm4X1fvBuC1z SpO/4Izx6PXfNMaiKaS5RUkFqEGhRANCAARCBvmeksd3QGTrVs2eMrrfa7CYF+sX sjyGg+Bo5mPKGH4Gs8M7oIvoP9pb/I85tdebtKlmiCZHAZE5w4DfJSV6 -----END PRIVATE KEY-----)"; -const std::string kEcdsa256PubKeyPem = R"(-----BEGIN PUBLIC KEY----- +const char* kEcdsa256PubKeyPem = R"(-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQgb5npLHd0Bk61bNnjK632uwmBfr F7I8hoPgaOZjyhh+BrPDO6CL6D/aW/yPObXXm7SpZogmRwGROcOA3yUleg== -----END PUBLIC KEY-----)"; -const std::string kEcdsa256PubKeyJwkX = "Qgb5npLHd0Bk61bNnjK632uwmBfrF7I8hoPgaOZjyhg"; -const std::string kEcdsa256PubKeyJwkY = "fgazwzugi-g_2lv8jzm115u0qWaIJkcBkTnDgN8lJXo"; +const char* kEcdsa256PubKeyJwkX = "Qgb5npLHd0Bk61bNnjK632uwmBfrF7I8hoPgaOZjyhg"; +const char* kEcdsa256PubKeyJwkY = "fgazwzugi-g_2lv8jzm115u0qWaIJkcBkTnDgN8lJXo"; -const std::string kKid1 = "public:c424b67b-fe28-45d7-b015-f79da50b5b21"; -const std::string kKid2 = "public:9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a"; +const char* kKid1 = "public:c424b67b-fe28-45d7-b015-f79da50b5b21"; +const char* kKid2 = "public:9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a"; -const std::string kJwksHsFileFormat = R"( +const char* kJwksHsFileFormat = R"( { "keys": [ { "kty": "oct", "kid": "$0", "alg": "$1", "k": "$2" } ] })"; -const std::string kJwksRsaFileFormat = R"( +const char* kJwksRsaFileFormat = R"( { "keys": [ { "kty": "RSA", "kid": "$0", "alg": "$1", "n": "$2", "e": "$3" }, @@ -324,9 +322,10 @@ const std::string kJwksRsaFileFormat = R"( ] })"; -const std::string kJwksEcFileFormat = R"( +const char* kJwksEcFileFormat = R"( { "keys": [ { "kty": "EC", "kid": "$0", "crv": "$1", "x": "$2", "y": "$3" } ] })"; + diff --git a/src/kudu/util/jwt_test_certs.h b/src/kudu/util/jwt_test_certs.h index e30d85461..1c59855f4 100644 --- a/src/kudu/util/jwt_test_certs.h +++ b/src/kudu/util/jwt_test_certs.h @@ -16,317 +16,53 @@ // under the License. #pragma once -#include <string> - -const std::string kRsaPrivKeyPem = R"(-----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4ZtdaIrd1BPIJ -tfnF0TjIK5inQAXZ3XlCrUlJdP+XHwIRxdv1FsN12XyMYO/6ymLmo9ryoQeIrsXB -XYqlET3zfAY+diwCb0HEsVvhisthwMU4gZQu6TYW2s9LnXZB5rVtcBK69hcSlA2k -ZudMZWxZcj0L7KMfO2rIvaHw/qaVOE9j0T257Z8Kp2CLF9MUgX0ObhIsdumFRLaL -DvDUmBPr2zuh/34j2XmWwn1yjN/WvGtdfhXW79Ki1S40HcWnygHgLV8sESFKUxxQ -mKvPUTwDOIwLFL5WtE8Mz7N++kgmDcmWMCHc8kcOIu73Ta/3D4imW7VbKgHZo9+K -3ESFE3RjAgMBAAECggEBAJTEIyjMqUT24G2FKiS1TiHvShBkTlQdoR5xvpZMlYbN -tVWxUmrAGqCQ/TIjYnfpnzCDMLhdwT48Ab6mQJw69MfiXwc1PvwX1e9hRscGul36 -ryGPKIVQEBsQG/zc4/L2tZe8ut+qeaK7XuYrPp8bk/X1e9qK5m7j+JpKosNSLgJj -NIbYsBkG2Mlq671irKYj2hVZeaBQmWmZxK4fw0Istz2WfN5nUKUeJhTwpR+JLUg4 -ELYYoB7EO0Cej9UBG30hbgu4RyXA+VbptJ+H042K5QJROUbtnLWuuWosZ5ATldwO -u03dIXL0SH0ao5NcWBzxU4F2sBXZRGP2x/jiSLHcqoECgYEA4qD7mXQpu1b8XO8U -6abpKloJCatSAHzjgdR2eRDRx5PMvloipfwqA77pnbjTUFajqWQgOXsDTCjcdQui -wf5XAaWu+TeAVTytLQbSiTsBhrnoqVrr3RoyDQmdnwHT8aCMouOgcC5thP9vQ8Us -rVdjvRRbnJpg3BeSNimH+u9AHgsCgYEA0EzcbOltCWPHRAY7B3Ge/AKBjBQr86Kv -TdpTlxePBDVIlH+BM6oct2gaSZZoHbqPjbq5v7yf0fKVcXE4bSVgqfDJ/sZQu9Lp -PTeV7wkk0OsAMKk7QukEpPno5q6tOTNnFecpUhVLLlqbfqkB2baYYwLJR3IRzboJ -FQbLY93E8gkCgYB+zlC5VlQbbNqcLXJoImqItgQkkuW5PCgYdwcrSov2ve5r/Acz -FNt1aRdSlx4176R3nXyibQA1Vw+ztiUFowiP9WLoM3PtPZwwe4bGHmwGNHPIfwVG -m+exf9XgKKespYbLhc45tuC08DATnXoYK7O1EnUINSFJRS8cezSI5eHcbQKBgQDC -PgqHXZ2aVftqCc1eAaxaIRQhRmY+CgUjumaczRFGwVFveP9I6Gdi+Kca3DE3F9Pq -PKgejo0SwP5vDT+rOGHN14bmGJUMsX9i4MTmZUZ5s8s3lXh3ysfT+GAhTd6nKrIE -kM3Nh6HWFhROptfc6BNusRh1kX/cspDplK5x8EpJ0QKBgQDWFg6S2je0KtbV5PYe -RultUEe2C0jYMDQx+JYxbPmtcopvZQrFEur3WKVuLy5UAy7EBvwMnZwIG7OOohJb -vkSpADK6VPn9lbqq7O8cTedEHttm6otmLt8ZyEl3hZMaL3hbuRj6ysjmoFKx6CrX -rK0/Ikt5ybqUzKCMJZg2VKGTxg== ------END PRIVATE KEY-----)"; -const std::string kRsaPubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbXWiK3dQTyCbX5xdE4 -yCuYp0AF2d15Qq1JSXT/lx8CEcXb9RbDddl8jGDv+spi5qPa8qEHiK7FwV2KpRE9 -83wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVs -WXI9C+yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT -69s7of9+I9l5lsJ9cozf1rxrXX4V1u/SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8 -AziMCxS+VrRPDM+zfvpIJg3JljAh3PJHDiLu902v9w+Iplu1WyoB2aPfitxEhRN0 -YwIDAQAB ------END PUBLIC KEY-----)"; +extern const char* kRsaPrivKeyPem; +extern const char* kRsaPubKeyPem; // The public keys in JWK format were converted from PEM formatted crypto keys with // pem-to-jwk tool at https://hub.docker.com/r/danedmunds/pem-to-jwk/ -const std::string kRsaPubKeyJwkN = - "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-sp" - "i5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qe" - "a1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTF" - "IF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3F" - "p8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902" - "v9w-Iplu1WyoB2aPfitxEhRN0Yw"; -const std::string kRsaPubKeyJwkE = "AQAB"; -const std::string kRsaInvalidPubKeyJwkN = - "xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46" - "rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd" - "i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i" - "wzhtKRXomBWTdhD5ykd_fACVTr4-KEY-IeLvubHVmLUhbE5NgWXxrRpGasDqzKh" - "CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X" - "kiCcrkyS1cnghnllh-LCwQu1sYw"; - -const std::string kRsa512PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw -33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW -+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB -AoGAD+onAtVye4ic7VR7V50DF9bOnwRwNXrARcDhq9LWNRrRGElESYYTQ6EbatXS -3MCyjjX2eMhu/aF5YhXBwkppwxg+EOmXeh+MzL7Zh284OuPbkglAaGhV9bb6/5Cp -uGb1esyPbYW+Ty2PC0GSZfIXkXs76jXAu9TOBvD0ybc2YlkCQQDywg2R/7t3Q2OE -2+yo382CLJdrlSLVROWKwb4tb2PjhY4XAwV8d1vy0RenxTB+K5Mu57uVSTHtrMK0 -GAtFr833AkEA6avx20OHo61Yela/4k5kQDtjEf1N0LfI+BcWZtxsS3jDM3i1Hp0K -Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY -6Z8KWrfYzJoI/Q9FuBo6rKwl4BFoToD7WIUS+hpkagwWiz+6zLoX1dbOZwJACmH5 -fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523 -Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP -FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw== ------END RSA PRIVATE KEY-----)"; -const std::string kRsa512PubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd -UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs -HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D -o2kQ+X5xK9cipRgEKwIDAQAB ------END PUBLIC KEY-----)"; -const std::string kRsa512PubKeyJwkN = - "3ZWrUY0Y6IKN1qI4BhxR2C7oHVFgGPYkd38uGq1jQNSqEvJFcN93CYm16_G78FA" - "FKWqwsJb3Wx-nbxDn6LtP4AhULB1H0K0g7_jLklDAHvI8yhOKlvoyvsUFPWtNxl" - "Jyh5JJXvkNKV_4Oo12e69f8QCuQ6NpEPl-cSvXIqUYBCs"; -const std::string kRsa512PubKeyJwkE = "AQAB"; -const std::string kRsa512InvalidPubKeyJwkN = - "xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46" - "rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd" - "i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i" - "wzhtKRXomBWTdhD5ykd_fACVTr4-KEY-IeLvubHVmLUhbE5NgWXxrRpGasDqzKh" - "CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X" - "kiCcrkyS1cnghnllh-LCwQu1sYw"; - -const std::string kRsa1024PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDT+6sb2SvN69NB+6Zg78B7mdke0tC91CTfixzCSn7wS8JUvvZK -AO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSNxouVdt/aT9+cw27kzVQE59NA -PMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobwmsu5ZWRqYTwdXvFXIQIDAQAB -AoGBAJKDLxBgWVZJ2AmS1LvK+U50VwxmyL9rENEwZQAkXPfYZMgN9EvRuEihbRl1 -c//kCde6CQjxpMDsrfgER4QH3odypQWT9A5uXKcdfu/z+xKNtB813rSrew3Q9pXe -wlOb0q7EcS7XHMrcPxj4gvn2yKqB40vF3TIY6oiSeZbFLUvBAkEA9NaTrGB1+FZj -+3lIAs7UtYbxNggX53OEcXlstDbqhG3O9SzAHiccMbGu2lDBcAAghmtg9poT0Uo6 -V3VCJcnfNwJBAN2lppZFVWAXOLD2k8OMCp4jc9pRHIUtPU6kWoflU8O6kuDNNamD -AeNMhdHX+Ed/Js3ig75eAGxsd9q+CFp/uGcCQQDFfGb0/YFqZFSVPMhm62oLWeMq -T/DoEfdciDK0Ui9rzh7HB+eW6rkFJGsDUWwV6SRTCD3X64PcpuDUNpK6ZFCVAkEA -oaBgAAiDH1UPpAvK6LfALl0P6E1pjLvWjvhOg/Z4xKvS21cJIJlF0ShGFSV2CTzx -YQUiqLkHegkGxV353XRxVQJAZaW5O2BI5jKy2hK0EoAx3pSnp2X4CmkWrXsSeOgC -Zz+jDkn8QzPbRwb8cyks/IHc2CBvaFStLFKO2VQj1THDhw== ------END RSA PRIVATE KEY-----)"; -const std::string kRsa1024PubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT+6sb2SvN69NB+6Zg78B7mdke -0tC91CTfixzCSn7wS8JUvvZKAO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSN -xouVdt/aT9+cw27kzVQE59NAPMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobw -msu5ZWRqYTwdXvFXIQIDAQAB ------END PUBLIC KEY-----)"; -const std::string kRsa1024PubKeyJwkN = - "0_urG9krzevTQfumYO_Ae5nZHtLQvdQk34scwkp-8EvCVL72SgDtbjIJ6wkHQ69" - "kzXkWK-rq2sCDggwdWG89fnAUjcaLlXbf2k_fnMNu5M1UBOfTQDzKUMi7V2gDke" - "qw_Mc8iIAFddkBZnNZBxZe0o6G8JrLuWVkamE8HV7xVyE"; -const std::string kRsa1024PubKeyJwkE = "AQAB"; +extern const char* kRsaPubKeyJwkN; +extern const char* kRsaPubKeyJwkE; +extern const char* kRsaInvalidPubKeyJwkN; -const std::string kRsa2048PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU+QYZ -+T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBih -zcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q/Yap+etvIj -D1r2zQkQke53An9LvVl7OKkM8KGOcE/0tJRmc7x8ZlLqogPczkXvW6T+YAkwA8Xw -ginZw0xBzfpoOEnajqm4Yikck0gJ0HwdlYFIp72ih7uozne7PYLVGb9X97cL0H1X -DiA/SXJiFKo1AKXihcOdIRiw49eo9rzsoWPygQIDAQABAoIBAADe2BT1XgojYNqc -s9P9UUeEof80Mst6WEe4RQknb9RozVBEX55Ut4sEAqjVbC3MnpBgtXhTfFmNem4W -BUCa7DyFzZ/fcjc8T9sh7mQB1h3FXraHN5ZUrH9auPsjBuvfBGW/rSjUfJlQefzS -psgu950Rwxtnt+PuDTrWc6QaKx0ylvESKPIaVoticc11Kcts5Fe/RQ2Az2epDDM7 -ptZamvtzptozPPq5YUIvpSnKCJfzOczAQT4omVewJV/7nbo/MdCALExrqHcIqXFp -2uMpHV1QhqZ160Bzf1O+iDRCxT3rd4OZ5Y68x/fYV8dRqrqPA5BFep6ukf17cnWM -svDqsaUCgYEA+Z5RbadUKteAM3v1Deu9RG7TucnxyoNSofpEuwMoVxo3+z+dS44v -UpC7/MJhx1FBf15yKSPIgtjt5o/LanApcJEZVyghucsNvqy11db027P63NkIL/ic -AgB04odLvxpgLHNv/qEWy7zHBLHhcazajzDHW+a/xBXrtJa3i2G+poUCgYEA15Ap -OJPafAx/BPMbrYthpd5pVX5AMExXTur7rMIPi4/wh0O0vqGtulwgX3FiS0X4bAzK -tNJ23/V2RR0F16IAIVZQqt16pIvmhx52iC55EPp3bZWkGhZ33/8Dxzkbe+rlwECa -wRK4dOyA9hwsnlRuEb8OHva6sr+EusOxmeN6Us0CgYEAg4O/QTe057GM0RNRJFl8 -6a4+jRdx9hHEmqTCS4m5WlLtBcoZdLJgCm9JLD25yIruKE45daVtwkrK5PwD33ti -yfUY1cvGIR5zim9yikzry0mDNZJ/ds7UW1WkP6mq5e/elezoJ871tLgsXzPdJMg+ -iszXbHshtA0cl5QE9kG0cgUCgYEAzZf3WLjbxzh75RKhMVIgnfyU5i91tRr6opBH -3atw/CEavUf8GV1GvtmjHqSbpUNk/ljs9K1PJ6eLV7uomNMv4JvccDqxAENWaUTK -tHPukBzyzxfL3f3T81XcGqUC65tL6aM0djUOrKXtEc4pWBEasd5Q74NO6bD0PNTs -jOODBXkCgYEAhaD3gZUCWU+ZA6QmxPotfe9L0tzjmUjsLo0QUgIHJa2VaoHzdnWC -ClvP3tFFkv2dlD6UW+g0JJFTVWcv+HEiC9WUnD/C6dXK/qA3fRvBhRKy8FTwvOis -zSVeYds6mvDJwFe+2mk0KQiKnxlx22B4PcYbbN7mZ2ClBFTFrp0+Id4= ------END RSA PRIVATE KEY-----)"; -const std::string kRsa2048PubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jCHomsNIaRYVlsemWg9 -yBx3od1B9Fd9RUslk9IVE7IU+QYZ+T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWH -iJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ON -R1SBD8qEMAxpiLMH1Q/Yap+etvIjD1r2zQkQke53An9LvVl7OKkM8KGOcE/0tJRm -c7x8ZlLqogPczkXvW6T+YAkwA8XwginZw0xBzfpoOEnajqm4Yikck0gJ0HwdlYFI -p72ih7uozne7PYLVGb9X97cL0H1XDiA/SXJiFKo1AKXihcOdIRiw49eo9rzsoWPy -gQIDAQAB ------END PUBLIC KEY-----)"; -const std::string kRsa2048PubKeyJwkN = - "0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU-QYZ-T4NvRVPAMjpzuu" - "rvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP_52" - "s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q_Yap-etvIjD1r2zQkQke53A" - "n9LvVl7OKkM8KGOcE_0tJRmc7x8ZlLqogPczkXvW6T-YAkwA8XwginZw0xBzfpo" - "OEnajqm4Yikck0gJ0HwdlYFIp72ih7uozne7PYLVGb9X97cL0H1XDiA_SXJiFKo" - "1AKXihcOdIRiw49eo9rzsoWPygQ"; -const std::string kRsa2048PubKeyJwkE = "AQAB"; +extern const char* kRsa512PrivKeyPem; +extern const char* kRsa512PubKeyPem; +extern const char* kRsa512PubKeyJwkN; +extern const char* kRsa512PubKeyJwkE; +extern const char* kRsa512InvalidPubKeyJwkN; -const std::string kRsa4096PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAtxmYsvs6ZfhTCFKCHQBW/W3iRfh8wZN+/XPXaOiIx9SXYSFr -b/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6q -acP15couRwxbJx45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm5 -8liMHxp9h9yTmqM4ZgiZkoF6Vy4KYrg9ChVqUZze4KMiyow8Xv6ESM7Eg2ncTbRe -vuedbtYv7OVlotyozt1geFkWm/8ZUA6Z68lftYMySq0/yjAmjql0DXP1+vPL9k5s -KGr5lpIUlB7a9JWbXdepNjvy1vslFuLjcM509d1E8e70C5VF61XthKlk3rRIBWK8 -0XupWR7o6clJsMYKxeF+ImBbzDbWrIkMxe0vTbikS6S4CLPVlYx4sMWAWu4UBpxZ -quw4cVxyiKoZ2j5yTMAD1xiHI/b2/psFzW3qXcgQWTY7dpIP1BInhepCzHlcLSEi -HtmMoCXNC3+i9ZXxiJ1u8avYfGjH8RrJW8dvVw7BS7zlH9s7rCn001VBJCJcXtkG -aykw9Zd1E+Jh7IKQJn8gydsQ0enlMmtwsJO/tEvYBojFXbl4XecMWADTiExjXobX -1y7u9ZTn0KRNkPpX9GTgY3oR0ei+rwOr4d+k2CrUdkMTGfjnfcDHKjHh3LMCAwEA -AQKCAgBmbM4ryTfY1Pn13NnmSUtgR3jddWysiMrwEz479GCXkIgCEMTeA3wNZh+M -UPZo3INfT5CPsg/8A5yd6UYT+rGPFXgnJFD72tky5GW69SX9AmYEvL89nR5QJjKP -Eg1nq5OMqinQmAEcyUcBJWZiVQpizBm/Hz59HmmsrjCqshjfU5TXv60yMXBo8dOp -Da4QQiAJi+QEvaNnY1zx7mhO3L3125AeD4Ql1B7tcOklJW1uqehQG4coub4qw2xZ -09VwLonL9rDBgeyQ5ToOu6xE5whALJ0Ugyf8/cSD560A3Y6LjJfbN/FvBrCKFzul -xEDts0cPTtXcfdqRgjo0PEXI0+U+tfjygf+ZrO1TUC/O0sJuiHD/V9j6aZX7IAui -ldzoagkZwIBTmTru44Fc4OT9Ajb0h3a7BEt7QBarSgyjzGZgjJmOabDNdH9VVN2w -iH7zkozXS16NZ2XpX6D3W8ZO3gN45L7K1yvcgy9ORhDSipStpb2loAEw2FepGiXz -5kxF4sr7Yuj/XdxmU9/WVEv2y0x+kFQJ4lkHUuAzhDaQkBFSqTVyWO+hob9M70sT -UJhMOLxUcJ08nKYc467yizPZ8VNIB9xZkZs2S5QeBs1femGJnTqJOqepq1YGlsRp -LanLlWgwTwJM37itZOpGaep5RqO0NrruVOSHRNlIx1xBqgN2EQKCAQEA3Vayxmzf -mVKilKjinVtyoHAmMWZzMxVXImt/596UvKTXExJZIlzb8eWnaxd9PLlGVQ5yifV9 -Ij1ndwcrCL2NDYmNhOaTtSNdzCsBk+rKvF6IoQC6hKg+oyo69OTQdkN34xZyO3fl -E9afM0VQWc6IxQpjE60seBGRBvoVm4x2oRuv3+iWfSSYg95/MrSNF0DMC+acWVap -MzfnWELe7Osgw1E8Km087DMpmdiCWUy2hpVmmWwPe1dOOBTx/lXmCQPYOhK2Kb+O -se6DRd6ZUfDZMrye36swKpveIpxnP29CrSKu3e08od7e0FMiSy4kXQvLdNUI2YoA -wtgUL2R6JfAMWwKCAQEA08XwJa9qoYy7UBMRfXcX8QQN3EpZUlvDNbkwlReFtZQw -ZHnZVXf453IaZ/TzDn41Jui9Gln49XUaLzmMbwTlzsL/3eUgmuW4OAsaFRO//1HP -awISoJkqi4cqcivkFcfg/3bpuV08dkVuLTsnNGIUVFgwpdFk+TAGVIzS7s4vzgZ7 -NIZRv+D2p8LyYks9CX9/J8ogjtnfxUFj4TCK0JPVq+WB+2AekOQxWarEeJXA2lpd -fNpg03fWJmpAOsh7lcd6CRhoTUfaiCArrj91YN9YoClv9n5w2b64Mbd8gz6B7Lvl -mD/KM8hpJOTVVaDLBzssL9IEZc7CPI6zAKaW1iXAiQKCAQEAg2XGt9lGXIUcE1i3 -P2dcgzZQ1h7V4MuYcMyUoBgZAGxzadUIqUerIs2NOBw3subig/gRsyjTYpJFa/oL -aCLvK8wvAWjI403djykwxJksRetw/POrxrkChma5nUyBHNQsxdk7c2ZXzhEpbYyG -iOn9c8wYyUOTFKyJBjVMwoz+l+IR5MD1JdGl4RMjO/zHjbhf6ei7hKXXyJo1csYw -BUIIryr4ps82zZoJ5lUL/Ot3qCnlQMtP3Y8U1mJIzw47g7qOkNsu3VXk5miL8dyV -9Hkg1+f2AR5ld8YUd0OWX6gzUwk1+nWt+wKOD+pqf2sjF0G7RN57ZHlyvjj8sq3Z -fdAl5QKCAQAmChwE6OmCc0ECNSqjGs1WIaBLvZ8lyA3cjJNJdJwz7ZZztd9wFsjC -6iAMJFe0dr8dahjtrtOlY498hB3Ro1OUPDqxpQKiUDky9+uLday7M/rKAelOp7SY -s4LQV0n1D54+xSFehnzh0b7kqQd1xVhZfi3e2yoECLhaX6FT+/1iSI/A84+jo8kq -gT4AofsoxZoVj50hi8lCKWjDfnCw3p0271bVzIIxDIxAywfXkS6/ChRY5PEXiyMQ -a212IaTxVo95KsUxfIKoiP7Pod53tCa7PjY6VKP4uOVlKMxY1tWHrIilPHAZtRoN -4nzfkK5nch2RyWu4zdbeAdPtff8CIG3hAoIBABqpu+L5lQiP3yrYAgmHbmY1iFXs -UtXpO6Qn2sEpQl7GbaGtv/lkQ6geA9JG/ka6sO7BoIFFt0ckm1NrhFTMgunPjevm -eVY6Sn7JZC9qyE+oCrJMg+0hzc5Gw8+/H+e0Jgca8+76WVu8gGcsLdT+NjYNQwXH -rzo7tuC/a+Da3nd2UnMheqf8ajt7oXaXgrqYjzK9Fx/QJcUel12ny+Nx+NADx4UU -K43Js4kcyWyYG9ms7S643u1leDDO+hpeB6EN15U2v7zXi8rMrLqvNKrBi9bCRFDu -3zsKSPS+qeqpNBsefGtx7oluHdiQocA6w20nQ1DzIW2mOo8Pn5nzt7fPPPA= ------END RSA PRIVATE KEY-----)"; -const std::string kRsa4096PubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtxmYsvs6ZfhTCFKCHQBW -/W3iRfh8wZN+/XPXaOiIx9SXYSFrb/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvt -NuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx45ODQNyh5jNF4SdzqThNFT -CFHtWakL1qrkGNSKdowIMaM59dm58liMHxp9h9yTmqM4ZgiZkoF6Vy4KYrg9ChVq -UZze4KMiyow8Xv6ESM7Eg2ncTbRevuedbtYv7OVlotyozt1geFkWm/8ZUA6Z68lf -tYMySq0/yjAmjql0DXP1+vPL9k5sKGr5lpIUlB7a9JWbXdepNjvy1vslFuLjcM50 -9d1E8e70C5VF61XthKlk3rRIBWK80XupWR7o6clJsMYKxeF+ImBbzDbWrIkMxe0v -TbikS6S4CLPVlYx4sMWAWu4UBpxZquw4cVxyiKoZ2j5yTMAD1xiHI/b2/psFzW3q -XcgQWTY7dpIP1BInhepCzHlcLSEiHtmMoCXNC3+i9ZXxiJ1u8avYfGjH8RrJW8dv -Vw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd1E+Jh7IKQJn8gydsQ0enlMmtwsJO/ -tEvYBojFXbl4XecMWADTiExjXobX1y7u9ZTn0KRNkPpX9GTgY3oR0ei+rwOr4d+k -2CrUdkMTGfjnfcDHKjHh3LMCAwEAAQ== ------END PUBLIC KEY-----)"; -const std::string kRsa4096PubKeyJwkN = - "txmYsvs6ZfhTCFKCHQBW_W3iRfh8wZN-_XPXaOiIx9SXYSFrb_WRaTn8UOvflYu" - "RnPYMaRGr5gVTS6_WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx" - "45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm58liMHxp9h9yTm" - "qM4ZgiZkoF6Vy4KYrg9ChVqUZze4KMiyow8Xv6ESM7Eg2ncTbRevuedbtYv7OVl" - "otyozt1geFkWm_8ZUA6Z68lftYMySq0_yjAmjql0DXP1-vPL9k5sKGr5lpIUlB7" - "a9JWbXdepNjvy1vslFuLjcM509d1E8e70C5VF61XthKlk3rRIBWK80XupWR7o6c" - "lJsMYKxeF-ImBbzDbWrIkMxe0vTbikS6S4CLPVlYx4sMWAWu4UBpxZquw4cVxyi" - "KoZ2j5yTMAD1xiHI_b2_psFzW3qXcgQWTY7dpIP1BInhepCzHlcLSEiHtmMoCXN" - "C3-i9ZXxiJ1u8avYfGjH8RrJW8dvVw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd" - "1E-Jh7IKQJn8gydsQ0enlMmtwsJO_tEvYBojFXbl4XecMWADTiExjXobX1y7u9Z" - "Tn0KRNkPpX9GTgY3oR0ei-rwOr4d-k2CrUdkMTGfjnfcDHKjHh3LM"; -const std::string kRsa4096PubKeyJwkE = "AQAB"; +extern const char* kRsa1024PrivKeyPem; +extern const char* kRsa1024PubKeyPem; +extern const char* kRsa1024PubKeyJwkN; +extern const char* kRsa1024PubKeyJwkE; -const std::string kEcdsa521PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIAuZxTZjLIZM5hxgZX+JRrqt5FKpAEg/meZ7m9aSE3XbRITqtfz1Uy -h2Srn7o8+4j/jQpwHTTHZThy10u5jMjaR+mgBwYFK4EEACOhgYkDgYYABAFFah0k -6m4ddp/tUN/ObrKKwSCp4QUZdiAMaC9eY1HyNBPuuEsH5qCfeY5lmeJwSUpzCosn -rgW8M2hQ4Kr5V9OXrgHLA5WVtH6//sSkUY2/xYuqc7/Ln8gI5ddtr1qG64Xtgs05 -/CNajSjFZeLm76llakvYiBTTH/ii8hIfrwukW9IP7Q== ------END EC PRIVATE KEY-----)"; -const std::string kEcdsa521PubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBRWodJOpuHXaf7VDfzm6yisEgqeEF -GXYgDGgvXmNR8jQT7rhLB+agn3mOZZnicElKcwqLJ64FvDNoUOCq+VfTl64BywOV -lbR+v/7EpFGNv8WLqnO/y5/ICOXXba9ahuuF7YLNOfwjWo0oxWXi5u+pZWpL2IgU -0x/4ovISH68LpFvSD+0= ------END PUBLIC KEY-----)"; -const std::string kEcdsa521PubKeyJwkX = - "AUVqHSTqbh12n-1Q385usorBIKnhBRl2IAxoL15jUfI0E-64SwfmoJ95jmWZ4nB" - "JSnMKiyeuBbwzaFDgqvlX05eu"; -const std::string kEcdsa521PubKeyJwkY = - "AcsDlZW0fr_-xKRRjb_Fi6pzv8ufyAjl122vWobrhe2CzTn8I1qNKMVl4ubvqWV" - "qS9iIFNMf-KLyEh-vC6Rb0g_t"; +extern const char* kRsa2048PrivKeyPem; +extern const char* kRsa2048PubKeyPem; +extern const char* kRsa2048PubKeyJwkN; +extern const char* kRsa2048PubKeyJwkE; -const std::string kEcdsa384PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDCrPXJDgQDtNRpM0qNUW/zN1vrCvOVH1CsItVZ+1NeGB+w/2whnIXJQ -K7U5C1ETPHagBwYFK4EEACKhZANiAAR0JjvVJXc3u1I/7vt5mxzPtAIi1VIqxCwN -wgISZVySTYZQzyicW2GfhMlFCow28LzqTwH/eCymAvnTAmpK/P1hXhNcnxDBZNOU -WMbMLFcQrg2wwpIb/k/IXobNwjNPRBo= ------END EC PRIVATE KEY-----)"; -const std::string kEcdsa384PubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdCY71SV3N7tSP+77eZscz7QCItVSKsQs -DcICEmVckk2GUM8onFthn4TJRQqMNvC86k8B/3gspgL50wJqSvz9YV4TXJ8QwWTT -lFjGzCxXEK4NsMKSG/5PyF6GzcIzT0Qa ------END PUBLIC KEY-----)"; -const std::string kEcdsa384PubKeyJwkX = - "dCY71SV3N7tSP-77eZscz7QCItVSKsQsDcICEmVckk2GUM8onFthn4TJRQqMNvC8"; -const std::string kEcdsa384PubKeyJwkY = - "6k8B_3gspgL50wJqSvz9YV4TXJ8QwWTTlFjGzCxXEK4NsMKSG_5PyF6GzcIzT0Qa"; +extern const char* kRsa4096PrivKeyPem; +extern const char* kRsa4096PubKeyPem; +extern const char* kRsa4096PubKeyJwkN; +extern const char* kRsa4096PubKeyJwkE; -const std::string kEcdsa256PrivKeyPem = R"(-----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPGJGAm4X1fvBuC1z -SpO/4Izx6PXfNMaiKaS5RUkFqEGhRANCAARCBvmeksd3QGTrVs2eMrrfa7CYF+sX -sjyGg+Bo5mPKGH4Gs8M7oIvoP9pb/I85tdebtKlmiCZHAZE5w4DfJSV6 ------END PRIVATE KEY-----)"; -const std::string kEcdsa256PubKeyPem = R"(-----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQgb5npLHd0Bk61bNnjK632uwmBfr -F7I8hoPgaOZjyhh+BrPDO6CL6D/aW/yPObXXm7SpZogmRwGROcOA3yUleg== ------END PUBLIC KEY-----)"; -const std::string kEcdsa256PubKeyJwkX = "Qgb5npLHd0Bk61bNnjK632uwmBfrF7I8hoPgaOZjyhg"; -const std::string kEcdsa256PubKeyJwkY = "fgazwzugi-g_2lv8jzm115u0qWaIJkcBkTnDgN8lJXo"; +extern const char* kEcdsa521PrivKeyPem; +extern const char* kEcdsa521PubKeyPem; +extern const char* kEcdsa521PubKeyJwkX; +extern const char* kEcdsa521PubKeyJwkY; -const std::string kKid1 = "public:c424b67b-fe28-45d7-b015-f79da50b5b21"; -const std::string kKid2 = "public:9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a"; +extern const char* kEcdsa384PrivKeyPem; +extern const char* kEcdsa384PubKeyPem; +extern const char* kEcdsa384PubKeyJwkX; +extern const char* kEcdsa384PubKeyJwkY; -const std::string kJwksHsFileFormat = R"( -{ - "keys": [ - { "kty": "oct", "kid": "$0", "alg": "$1", "k": "$2" } - ] -})"; +extern const char* kEcdsa256PrivKeyPem; +extern const char* kEcdsa256PubKeyPem; +extern const char* kEcdsa256PubKeyJwkX; +extern const char* kEcdsa256PubKeyJwkY; -const std::string kJwksRsaFileFormat = R"( -{ - "keys": [ - { "kty": "RSA", "kid": "$0", "alg": "$1", "n": "$2", "e": "$3" }, - { "kty": "RSA", "kid": "$4", "alg": "$5", "n": "$6", "e": "$7" } - ] -})"; +extern const char* kKid1; +extern const char* kKid2; -const std::string kJwksEcFileFormat = R"( -{ - "keys": [ - { "kty": "EC", "kid": "$0", "crv": "$1", "x": "$2", "y": "$3" } - ] -})"; +extern const char* kJwksHsFileFormat; +extern const char* kJwksRsaFileFormat; +extern const char* kJwksEcFileFormat; diff --git a/src/kudu/util/mini_oidc.cc b/src/kudu/util/mini_oidc.cc index 803ed1e14..d3e077722 100644 --- a/src/kudu/util/mini_oidc.cc +++ b/src/kudu/util/mini_oidc.cc @@ -119,7 +119,7 @@ Status MiniOidc::Start() { Sockaddr addr; RETURN_NOT_OK(jwks_server_->GetBoundAddresses(&bound_addrs)); RETURN_NOT_OK(addr.ParseString(bound_addrs[0].host(), bound_addrs[0].port())); - string const jwks_url = Substitute("http://$0/jwks", addr.ToString()); + const string jwks_url = Substitute("http://$0/jwks", addr.ToString()); // Now start the OIDC Discovery server that points to the JWKS endpoints. WebserverOptions oidc_opts;