mirror of https://github.com/ory/hydra
152 lines
4.9 KiB
Go
152 lines
4.9 KiB
Go
// Copyright © 2022 Ory Corp
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package jwk_test
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
hydra "github.com/ory/hydra-client-go/v2"
|
|
"github.com/ory/hydra/v2/driver/config"
|
|
"github.com/ory/hydra/v2/internal/testhelpers"
|
|
. "github.com/ory/hydra/v2/jwk"
|
|
"github.com/ory/hydra/v2/x"
|
|
"github.com/ory/x/prometheusx"
|
|
)
|
|
|
|
func TestJWKSDK(t *testing.T) {
|
|
t.Parallel()
|
|
ctx := context.Background()
|
|
reg := testhelpers.NewRegistryMemory(t)
|
|
|
|
metrics := prometheusx.NewMetricsManagerWithPrefix("hydra", prometheusx.HTTPMetrics, config.Version, config.Commit, config.Date)
|
|
router := x.NewRouterAdmin(metrics)
|
|
h := NewHandler(reg)
|
|
h.SetAdminRoutes(router)
|
|
server := httptest.NewServer(router)
|
|
reg.Config().MustSet(ctx, config.KeyAdminURL, server.URL)
|
|
|
|
sdk := hydra.NewAPIClient(hydra.NewConfiguration())
|
|
sdk.GetConfig().Servers = hydra.ServerConfigurations{{URL: server.URL}}
|
|
|
|
expectedKid := "key-bar"
|
|
t.Run("JSON Web Key", func(t *testing.T) {
|
|
t.Parallel()
|
|
t.Run("CreateJwkSetKey", func(t *testing.T) {
|
|
// Create a key called set-foo
|
|
resultKeys, _, err := sdk.JwkAPI.CreateJsonWebKeySet(context.Background(), "set-foo").CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
|
|
Alg: "RS256",
|
|
Kid: "key-bar",
|
|
Use: "sig",
|
|
}).Execute()
|
|
require.NoError(t, err)
|
|
require.Len(t, resultKeys.Keys, 1)
|
|
assert.Equal(t, "key-bar", resultKeys.Keys[0].Kid)
|
|
assert.Equal(t, "RS256", resultKeys.Keys[0].Alg)
|
|
assert.Equal(t, "sig", resultKeys.Keys[0].Use)
|
|
})
|
|
|
|
var resultKeys *hydra.JsonWebKeySet
|
|
t.Run("GetJwkSetKey after create", func(t *testing.T) {
|
|
result, _, err := sdk.JwkAPI.GetJsonWebKey(ctx, "set-foo", expectedKid).Execute()
|
|
require.NoError(t, err)
|
|
require.Len(t, result.Keys, 1)
|
|
require.Equal(t, expectedKid, result.Keys[0].Kid)
|
|
require.Equal(t, "RS256", result.Keys[0].Alg)
|
|
|
|
resultKeys = result
|
|
})
|
|
|
|
t.Run("UpdateJwkSetKey", func(t *testing.T) {
|
|
if reg.Config().HSMEnabled() {
|
|
t.Skip("Skipping test. Keys cannot be updated when Hardware Security Module is enabled")
|
|
}
|
|
require.Len(t, resultKeys.Keys, 1)
|
|
resultKeys.Keys[0].Alg = "ES256"
|
|
|
|
resultKey, _, err := sdk.JwkAPI.SetJsonWebKey(ctx, "set-foo", expectedKid).JsonWebKey(resultKeys.Keys[0]).Execute()
|
|
require.NoError(t, err)
|
|
assert.Equal(t, expectedKid, resultKey.Kid)
|
|
assert.Equal(t, "ES256", resultKey.Alg)
|
|
})
|
|
|
|
t.Run("DeleteJwkSetKey after delete", func(t *testing.T) {
|
|
_, err := sdk.JwkAPI.DeleteJsonWebKey(ctx, "set-foo", expectedKid).Execute()
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("GetJwkSetKey after delete", func(t *testing.T) {
|
|
_, res, err := sdk.JwkAPI.GetJsonWebKey(ctx, "set-foo", expectedKid).Execute()
|
|
require.Error(t, err)
|
|
assert.Equal(t, http.StatusNotFound, res.StatusCode)
|
|
})
|
|
|
|
})
|
|
|
|
t.Run("JWK Set", func(t *testing.T) {
|
|
t.Parallel()
|
|
t.Run("CreateJwkSetKey", func(t *testing.T) {
|
|
resultKeys, _, err := sdk.JwkAPI.CreateJsonWebKeySet(ctx, "set-foo2").CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
|
|
Alg: "RS256",
|
|
Kid: "key-bar",
|
|
Use: "sig",
|
|
}).Execute()
|
|
require.NoError(t, err)
|
|
require.Len(t, resultKeys.Keys, 1)
|
|
assert.Equal(t, expectedKid, resultKeys.Keys[0].Kid)
|
|
assert.Equal(t, "RS256", resultKeys.Keys[0].Alg)
|
|
})
|
|
|
|
resultKeys, _, err := sdk.JwkAPI.GetJsonWebKeySet(ctx, "set-foo2").Execute()
|
|
t.Run("GetJwkSet after create", func(t *testing.T) {
|
|
require.NoError(t, err)
|
|
if reg.Config().HSMEnabled() {
|
|
require.Len(t, resultKeys.Keys, 1)
|
|
assert.Equal(t, expectedKid, resultKeys.Keys[0].Kid)
|
|
assert.Equal(t, "RS256", resultKeys.Keys[0].Alg)
|
|
} else {
|
|
require.Len(t, resultKeys.Keys, 1)
|
|
assert.Equal(t, expectedKid, resultKeys.Keys[0].Kid)
|
|
assert.Equal(t, "RS256", resultKeys.Keys[0].Alg)
|
|
}
|
|
})
|
|
|
|
t.Run("UpdateJwkSet", func(t *testing.T) {
|
|
if reg.Config().HSMEnabled() {
|
|
t.Skip("Skipping test. Keys cannot be updated when Hardware Security Module is enabled")
|
|
}
|
|
require.Len(t, resultKeys.Keys, 1)
|
|
resultKeys.Keys[0].Alg = "ES256"
|
|
|
|
result, _, err := sdk.JwkAPI.SetJsonWebKeySet(ctx, "set-foo2").JsonWebKeySet(*resultKeys).Execute()
|
|
require.NoError(t, err)
|
|
require.Len(t, result.Keys, 1)
|
|
assert.Equal(t, expectedKid, result.Keys[0].Kid)
|
|
assert.Equal(t, "ES256", result.Keys[0].Alg)
|
|
})
|
|
|
|
t.Run("DeleteJwkSet", func(t *testing.T) {
|
|
_, err := sdk.JwkAPI.DeleteJsonWebKeySet(ctx, "set-foo2").Execute()
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("GetJwkSet after delete", func(t *testing.T) {
|
|
_, res, err := sdk.JwkAPI.GetJsonWebKeySet(ctx, "set-foo2").Execute()
|
|
require.Error(t, err)
|
|
assert.Equal(t, http.StatusNotFound, res.StatusCode)
|
|
})
|
|
|
|
t.Run("GetJwkSetKey after delete", func(t *testing.T) {
|
|
_, res, err := sdk.JwkAPI.GetJsonWebKey(ctx, "set-foo2", expectedKid).Execute()
|
|
require.Error(t, err)
|
|
assert.Equal(t, http.StatusNotFound, res.StatusCode)
|
|
})
|
|
})
|
|
}
|