This is an automated email from the ASF dual-hosted git repository. dblevins pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 9f1f46b61edb5710e6e93afc9ed09b912146f567 Author: David Blevins <dblev...@tomitribe.com> AuthorDate: Thu Sep 8 19:18:27 2022 -0700 Tests for public key resolution --- .../tomee/microprofile/jwt/CurveAsserts.java | 52 +++++++++++++++ .../apache/tomee/microprofile/jwt/KeyAsserts.java | 54 +++++++++++++++ .../jwt/config/PublicKeyResolverTest.java | 78 ++++++++++++++++++++++ 3 files changed, 184 insertions(+) diff --git a/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/CurveAsserts.java b/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/CurveAsserts.java new file mode 100644 index 0000000000..9de1e8734f --- /dev/null +++ b/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/CurveAsserts.java @@ -0,0 +1,52 @@ +/* + * Copyright 2021 Tomitribe and community + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.microprofile.jwt; + + +import io.churchkey.shade.util.Hex; + +import java.math.BigInteger; +import java.security.spec.ECFieldF2m; +import java.security.spec.ECFieldFp; +import java.security.spec.ECParameterSpec; + +import static org.junit.Assert.assertEquals; + +public class CurveAsserts { + + public static void assertParamSpec(final ECParameterSpec expected, final ECParameterSpec actual) { + assertEquals(expected.getCofactor(), actual.getCofactor()); + assertBigInt(expected.getOrder(), actual.getOrder()); + assertBigInt(expected.getCurve().getA(), actual.getCurve().getA()); + assertBigInt(expected.getCurve().getB(), actual.getCurve().getB()); + assertBigInt(expected.getGenerator().getAffineX(), actual.getGenerator().getAffineX()); + assertBigInt(expected.getGenerator().getAffineY(), actual.getGenerator().getAffineY()); + + if (expected.getCurve().getField() instanceof ECFieldFp) { + assertBigInt(((ECFieldFp) expected.getCurve().getField()).getP(), ((ECFieldFp) actual.getCurve().getField()).getP()); + } + if (expected.getCurve().getField() instanceof ECFieldF2m) { + assertBigInt(((ECFieldF2m) expected.getCurve().getField()).getReductionPolynomial(), ((ECFieldF2m) actual.getCurve().getField()).getReductionPolynomial()); + } + + } + + public static void assertBigInt(final BigInteger expected, final BigInteger actual) { + final String e1 = Hex.toString(expected.toByteArray()).replaceFirst("^00", ""); + final String a1 = Hex.toString(actual.toByteArray()).replaceFirst("^00", ""); + assertEquals(e1, a1); + } +} diff --git a/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/KeyAsserts.java b/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/KeyAsserts.java new file mode 100644 index 0000000000..5ff253a457 --- /dev/null +++ b/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/KeyAsserts.java @@ -0,0 +1,54 @@ +package org.apache.tomee.microprofile.jwt; + + +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; + +import static org.junit.Assert.assertEquals; + +public class KeyAsserts { + public static void assertRsaPrivateKey(final RSAPrivateCrtKey expected, final RSAPrivateCrtKey actual) { + assertEquals(expected.getPublicExponent(), actual.getPublicExponent()); + assertEquals(expected.getCrtCoefficient(), actual.getCrtCoefficient()); + assertEquals(expected.getPrimeExponentP(), actual.getPrimeExponentP()); + assertEquals(expected.getPrimeExponentQ(), actual.getPrimeExponentQ()); + assertEquals(expected.getPrimeP(), actual.getPrimeP()); + assertEquals(expected.getPrimeQ(), actual.getPrimeQ()); + assertEquals(expected.getPrivateExponent(), actual.getPrivateExponent()); + assertEquals(expected.getModulus(), actual.getModulus()); + } + + public static void assertRsaPublicKey(final RSAPublicKey expected, final RSAPublicKey actual) { + assertEquals(expected.getPublicExponent(), actual.getPublicExponent()); + assertEquals(expected.getModulus(), actual.getModulus()); + } + + public static void assertDsaPrivateKey(final DSAPrivateKey expected, final DSAPrivateKey actual) { + assertEquals(expected.getParams().getG(), actual.getParams().getG()); + assertEquals(expected.getParams().getQ(), actual.getParams().getQ()); + assertEquals(expected.getParams().getP(), actual.getParams().getP()); + assertEquals(expected.getX(), actual.getX()); + } + + public static void assertDsaPublicKey(final DSAPublicKey expected, final DSAPublicKey actual) { + assertEquals(expected.getParams().getG(), actual.getParams().getG()); + assertEquals(expected.getParams().getQ(), actual.getParams().getQ()); + assertEquals(expected.getParams().getP(), actual.getParams().getP()); + assertEquals(expected.getY(), actual.getY()); + } + + public static void assertEcPrivateKey(final ECPrivateKey expected, final ECPrivateKey actual) { + assertEquals("d", expected.getS(), actual.getS()); + CurveAsserts.assertParamSpec(expected.getParams(), actual.getParams()); + } + + public static void assertEcPublicKey(final ECPublicKey expected, final ECPublicKey actual) { + assertEquals("x", expected.getW().getAffineX(), actual.getW().getAffineX()); + assertEquals("y", expected.getW().getAffineY(), actual.getW().getAffineY()); + CurveAsserts.assertParamSpec(expected.getParams(), actual.getParams()); + } +} diff --git a/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/config/PublicKeyResolverTest.java b/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/config/PublicKeyResolverTest.java new file mode 100644 index 0000000000..e792870ee9 --- /dev/null +++ b/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt/config/PublicKeyResolverTest.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.microprofile.jwt.config; + +import io.churchkey.Key; +import io.churchkey.Keys; +import org.apache.openejb.loader.Files; +import org.apache.openejb.loader.IO; +import org.apache.tomee.microprofile.jwt.KeyAsserts; +import org.junit.Test; + +import java.io.File; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.RSAPublicKey; +import java.util.Map; +import java.util.Optional; + +import static org.junit.Assert.assertEquals; + +public class PublicKeyResolverTest { + + @Test + public void publicKeyPemFromFileUrl() throws Exception { + final File dir = Files.tmpdir(); + final Key privateKey = generate(Key.Algorithm.RSA); + final Key expected = privateKey.getPublicKey(); + + final File file = new File(dir, "publicKey.pem"); + IO.copy(expected.encode(Key.Format.PEM), file); + + final Map<String, java.security.Key> keys = new PublicKeyResolver().resolve( + Optional.empty(), + Optional.of(file.toURI().toASCIIString())).get(); + + assertEquals(1, keys.size()); + final java.security.Key actual = keys.values().iterator().next(); + + KeyAsserts.assertRsaPublicKey((RSAPublicKey) expected.getKey(), (RSAPublicKey) actual); + } + + @Test + public void publicKeyPemContents() throws Exception { + final Key privateKey = generate(Key.Algorithm.RSA); + final Key expected = privateKey.getPublicKey(); + + final Map<String, java.security.Key> keys = new PublicKeyResolver().resolve( + Optional.of(expected.toPem()), + Optional.empty()).get(); + + assertEquals(1, keys.size()); + final java.security.Key actual = keys.values().iterator().next(); + + KeyAsserts.assertRsaPublicKey((RSAPublicKey) expected.getKey(), (RSAPublicKey) actual); + } + + private Key generate(final Key.Algorithm algorithm) throws NoSuchAlgorithmException { + final KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm.name()); + final KeyPair pair = generator.generateKeyPair(); + return Keys.of(pair); + } + +}