Merge pull request #248 from navikt/add-algorithm-to-initialkeys

ybelMekk · web-flow · commit 7b9c4de12ad2 · 2022-05-09T15:46:10.000+02:00
feat: algorithm to initial keys
diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/token/KeyGenerator.kt b/src/main/kotlin/no/nav/security/mock/oauth2/token/KeyGenerator.kt
@@ -23,7 +23,7 @@ data class KeyGenerator(
         if (keyGenerator.algorithm != KeyType.RSA.value) {
             return keyGenerator.generateECKey(keyId, algorithm)
         }
-        return keyGenerator.generateRSAKey(keyId)
+        return keyGenerator.generateRSAKey(keyId, algorithm)
     }
 
     private fun KeyPairGenerator.generateECKey(keyId: String, algorithm: JWSAlgorithm): JWK =
@@ -33,6 +33,7 @@ data class KeyGenerator(
                     .privateKey(it.private as ECPrivateKey)
                     .keyUse(KeyUse.SIGNATURE)
                     .keyID(keyId)
+                    .algorithm(algorithm)
                     .build()
             }
 
@@ -44,13 +45,14 @@ data class KeyGenerator(
         }
     }
 
-    private fun KeyPairGenerator.generateRSAKey(keyId: String): JWK =
+    private fun KeyPairGenerator.generateRSAKey(keyId: String, algorithm: JWSAlgorithm): JWK =
         generateKeyPair()
             .let {
                 RSAKey.Builder(it.public as RSAPublicKey)
                     .privateKey(it.private as RSAPrivateKey)
                     .keyUse(KeyUse.SIGNATURE)
                     .keyID(keyId)
+                    .algorithm(algorithm)
                     .build()
             }
 
diff --git a/src/main/resources/mock-oauth2-server-keys-ec.json b/src/main/resources/mock-oauth2-server-keys-ec.json
@@ -7,7 +7,8 @@
       "crv": "P-256",
       "kid": "issuer0",
       "x": "umybCYzE-VX_UAIJaX3wc-GTOgB7WDp7A3JJAKW_hqU",
-      "y": "m_sCzuMjiBSQ7At9yNktMQvE1cCKq68jO7wnRczwKw8"
+      "y": "m_sCzuMjiBSQ7At9yNktMQvE1cCKq68jO7wnRczwKw8",
+      "alg":"ES256"
     },
     {
       "kty": "EC",
@@ -16,7 +17,8 @@
       "crv": "P-256",
       "kid": "issuer1",
       "x": "YLAxep2KtJzgr6JZmlVgwmhoH08QKwG_ojgymdtcOkM",
-      "y": "jpDJ7qE5g0iIBEBIrilQrOniOgbaKw0UjMky99j18G4"
+      "y": "jpDJ7qE5g0iIBEBIrilQrOniOgbaKw0UjMky99j18G4",
+      "alg":"ES256"
     }
   ]
 }
diff --git a/src/main/resources/mock-oauth2-server-keys.json b/src/main/resources/mock-oauth2-server-keys.json
@@ -10,6 +10,7 @@
       "kid": "initialkey-1",
       "qi": "HqUVnJoG53wI1I3a922NDUWmVYxBa4fAA0nketVgSDbF5XkZTQW3JsC1K0oPqD-HtSz8bQu0JuOaG3ya-DVEGjeC8lpY_WX9rqoyBe-1AtqXOciU98iQwDIs5gARlTVj6q-jr867keNUdF8f9-GCFWqXWo0QFOeyXnOIwNRNJBo",
       "dp": "V03XdUM3poP87odFTjV66Ltrzbun1x4WngakViZO8G3U2xPUuJWprRIDwXCj8Il5nOIoEloKpgWUaxcK3cKRcvZsCoEo6b_k-i800v9KkbuAftIxGzcyLIiUsh63uM80Vj-VzvkL83CsX8z243eUzNyJLgrJNNeQb0Guqv_xslM",
+      "alg": "RS256",
       "dq": "pKUijDDeWjHIjzvYcyDYIRpQ806yftbUuVbe2AUElnXFmfHjoKjC3p5oCZtEUuHAS3omIWJirp8W7LwMwYqv1M8aJUXyzCkC6VAraN-fyM6n7hGRH68z_QUka8rVmi0-C9cMrtbsNixU-K_hTD4XsC3VeJnniSiQ-k6MJQx6fk8",
       "n": "onZcB1ryWS1keTIcbgsLKJ1UBwL1Wbzse5P2HjkrNwbG3Jy2lefUEcTVJxN8bpLeW460Luz3ScZd3d9p8IoHjmhZ2cyO49E41aBRIlBRzWNpebK5xeC95rSKenYHpOPlLzPgybg2qxallzQUOcKCheiF0fsErlapaA9YmKwzP3DwvzYW4JqSrHhDGWPwUCcsR4dpetwKXP_9tRFso06ryr4um3qiq7giyZEyZVG3fHMplD-5e-2-RrzBiGFW_zvs-XVRGPIf9Y5YNjeQJRuS4vF82V8mNZxEZddtUY5plSz-vgX3GSvANLDH-LZJ76Zmx3a8dEZbI7VxgsBQAqcUlQ"
     },
@@ -23,6 +24,7 @@
       "kid": "initialkey-2",
       "qi": "5OHgZtRG6CecHV-2AUlRZtHraN_G3nftrMAGuczh97RdjlEUxia_LkQqc_OUJf8M_57I5WZ4z2H7u1JVzscM3D7nFKJLq2JoW5kc2zffYhZm83mcTWyvQSf6WPvmqxqX2TZr_JFBLn0_33DQUZwOj4tAmvpXjYFCqWXbNjZxEs4",
       "dp": "669a3fzXAU4IoCdgK5R5n35qGbNfex0zmYl9x2e01I7CoFEpFUT-vWDkUq5IPd2snz4LdjaUxzEvxFJJCkZvqCv1A7cfcX2AFy-cnGhNWzMOLPIUeah2O2uKNmxLkC_0YAaKiq4o7rPibzfR8WsNH2Ok_u1dF46ofrcJnXBMyks",
+      "alg": "RS256",
       "dq": "FhPBDu9THYqwJTIic1epGUWS7lus7e2SsgdrTXCAgegq7L2W6uKwLDxUlh3GCoIXyakm0ks1SROpfkv8u-E-_LvtuIzviFaCuxAMDrQNNYPkqdAkP-4KFchAVYVyYQr3pAyeQbbrpa06lAhj64XqmhEUgnsfINYgR6iN81m1Dmk",
       "n": "0PPC0byb9f-Kueq8B733sZnANXDHyy2M5qUr1vWW733l_lOf2dFKDu6csaGEALro_39EFjhoad1D7Ebw1srj5APElaX9QMQxjK4pEdJlNU9SygwBObgAqCxfWmBjNBQ4NBrG8wi61MG4aoYwi-5W-N0VLL6tOxe_V6JyA4P4e-EzrlRJm9_dHT6ev3c6KyaRcGVnOBuArj3uhOh15-tbjuux8P30kR6RytxRWRZzAQqpkekpBFYYvoFyP3N_WGU5ruOEUYF8KloDmFqANSpqXvUyI3kl-McTtqzH0BuZG6fG8bH3ZZdH1fM2BJ8z0fO7n24HhNn3lAIPo8q9OPlA2Q"
     },
@@ -35,6 +37,7 @@
       "use": "sig",
       "kid": "initialkey-3",
       "qi": "fLmBa9vAltNdT1Tdo9r24tStgsosNln8b0XQtNA-v5aSSZrGYQGUst5iC70J_qT0sLVALnJJoS0JeSkjBiC_PnnmtZbTOGkzgKsuimhNsIWUILrFiDgaR7ujEiNuDc-pucVPRQ2xLstvCmPR1ocSYpACR0dKZEgOfh3ghPL61zo",
+      "alg": "RS256",
       "dp": "Y7WiU8y-mD9N10vU1ekND41APuyMNWvaBiZQAighgkdhOnkP7F1ylSC0LSmeKgvx3ArfnWU9y8DFzrIQPBLZoKut0gHVHuILhfUVt4V1J53DW1XbKvCA27NkMgqOzj5IMGQ9iU7oFfpkDd9CSh8lPQfuyy1tbxb0bHU4kRvD6HU",
       "dq": "F3rf61hL1oR2Fg45OklKpH3WDzgEinAjt51SBPQydRg5oLdtX6mrn4A22TeDDoENRe0GNKTpzMwGhnOYLKLOw8ONg8_wzcNJaPLY_MPAKaAmTb16cFrrn-UYOsxCH_Qsbu6gpITxArqXQWtsE5cW1c_HPP7QiZpkwnZPVruh8NE",
       "n": "iVHZcbSmKmmCCJQ52WFtyB5w6nE-34Ykds-GZSg47JI52Gr4wLKnpAfQH_zob_SikXQ9B98ivrI8-QoAAMbsrOnGJIcXgxoxZ2cYUOsR7Ft_M_22VCvyqH1YP0ahA-mnjfYHg_VfKW1PTdBqYcYT2XaX4nD7qDzIvarzQUYOYXlMMNaNAUj4Whq4IV_qvDJU7sUYRyrPOFKvLiH5d-EHPeV9Nut01Gt6Ux2OSOQheE7UizKNQx5cvrTXlKur5zS0xxCbkLsIh81xINYAfkmwwqwKZ5R0NdrqPvsjt_k3IMRjkE2OZ3eeBermYwtAJvSDpyIZn1ntYgvOwQpKxo3yxQ"
@@ -48,6 +51,7 @@
       "use": "sig",
       "kid": "initialkey-4",
       "qi": "1vc5qZgIg3ptsg8WmyUHmpVCtY_PG8rnZSd0dIuC9u_c841FtRNMbUCNiTujthYmtlcaf6qIQiqmHBPWuEI00ywLcyUX-WDEzEkHUKqpuLGVM65MxlGV0LOO8hgdeGXfyrUYJ2ACG0yD5G6uj9I9Sl_aAyf0MQFfEaRTfE7CtLQ",
+      "alg": "RS256",
       "dp": "bukEbR0RtCjZTXE-y9_seCqcPDCNw6ZkjCgKiNNdl2WwryMJx-Cf5KLEktNluCMnZTeuwrFkEwATKBdpUXKFET6CQ7pIf220OM-xUBjsSnA3IZnUfMufJ99RcvN90WrfWXhk8qPk9FPumrOo0rcwiZVbWGw8E8P8azIyouyEhKE",
       "dq": "e9kNE_zLtCDiSpgLQB8I0q2Rp0xkUVtZdU5-wZhjY5C1bJkrzJdmglXLAjCsDAvrb9-3IYBUprJxfnPD55D1HvyBl92wyofNEwKZXXrVE5Gz_bm892ETsQTbs-X1sedOc4yvUJc8Kx39UGrsyoepXj9pcPKRWt53-u5BBRE_ohE",
       "n": "qjErptJgXjqW9K-27k2FrSGiQJVFYbzlovJJtayk-ANMNpoJbTV5pMA6_ArxN3r_unUB6R6Psl0_LpIhM9LCUyUExZybnY9d0uVbbDtwVC-mFOs0dXQqEV7_DjicpuWQ0ds3lB_zG5nesokwAFNzvk7tvMhvIilkvh14Q5nWTI78rmMY_rjYDsNp0nIL4eUBOoUscqJQ6Z4bDhB1sygS3dFwjxFxCUEsRPjmpm2Qbw5nhVcJWO1KawB_PYqr54LaRY_VX_P3RhWWaDqTuHb_b9jcpZxfL3jWJ79Yjjyw2IAjJVjGnHqN-Yu_7Vh6vB8pDv7Jb2iCVJVLRl3opxEcdQ"
@@ -61,6 +65,7 @@
       "use": "sig",
       "kid": "initialkey-5",
       "qi": "DY7KQvVnUgQJqIkTSObp6P4DMfHeiom_U4vgwKoFDNzYgMvLh_VvfPdhqzSS6IlPD0_Gyc7hwK5SpitLp-WmtNnsqfFKy0VQMFkiBfdJEPWIDMMUrZZ6nsl9KjV7MiDrkYonw71eSFNh2NEX30DWKTTk9KojpcU0HvM_912rH8o",
+      "alg": "RS256",
       "dp": "fmNWjKDTzUGh1HBgNUbCzPeFTINddquq9FNs-xul9MKZ2CRtqQZrsyBFQHK5qv2en2QVP_XTIt_kPN00IkEOGRLE72R8s__HL6a9g8YSWOPtoX3MaDrdGQpCiefQTN1vVg0a6SdPPsipVmcH-eaJ003vgM4Au-v26p9lp3rdD1k",
       "dq": "dOYRkWNZEJApnK1dz-OfC2kjYP_6tSI8PmXiXM19nWQfZfd5RRWu-f0Qc5NuQdhmv4bBsa-_F2OM6UOhRyutwrvQQRM679_924lI_eC4gGT7a32ZgcoT-MHxPgDx8hmG_bqwlKPYceORL2KLeQyinn264cjyev1H-BVky76InQs",
       "n": "sOqj_2Zc0AB3St_KkSwChpNbNfFTd76_-mtPCT_xP68O-YAB20n_7HWi6zMwRMStA7q3_R9FnhJ-AHVj92dUhZB5BmgPHrEadYwS0F1XyVCbC4zprz1QVgZwxSzkIiZRtB4VNlfGkSfYaaE3Iw2V5Ns9owCx0OMfkoqVO_wK8kBLfe7HMI43xUMaSuekNRxGkxruEMWPuqwOq7-0NciX4meykz_jHybl1UlAtHhRhlI25LgsumsDP0N-3FNDv8uwwGrcalYwAj1tScpdawUgiN2WjxnZn_WtTMRVy2XzbNEvTHoOqygRLCmsBxErCNJDtiU9N__3M7XqzSO-wQmReQ"
diff --git a/src/test/kotlin/no/nav/security/mock/oauth2/token/KeyGeneratorTest.kt b/src/test/kotlin/no/nav/security/mock/oauth2/token/KeyGeneratorTest.kt
@@ -11,6 +11,7 @@ import com.nimbusds.jwt.JWTClaimsSet
 import com.nimbusds.jwt.SignedJWT
 import com.nimbusds.oauth2.sdk.id.Issuer
 import io.kotest.assertions.throwables.shouldNotThrow
+import io.kotest.matchers.collections.shouldBeIn
 import io.kotest.matchers.shouldBe
 import no.nav.security.mock.oauth2.extensions.verifySignatureAndIssuer
 import no.nav.security.mock.oauth2.token.KeyGenerator.Companion.ecAlgorithmFamily
@@ -34,6 +35,7 @@ class KeyGeneratorTest {
             keys.keyID shouldBe keyId
             keys.keyType.toString() shouldBe KeyType.RSA.value
             keys.keyUse.toString() shouldBe "sig"
+            keys.algorithm shouldBeIn rsaAlgorithmFamily
 
             val issuer = Issuer("issuer$index")
             val jwt = jwtWith(issuer.value, keyId, JOSEObjectType.JWT.type, jwsAlgorithm)
@@ -61,6 +63,7 @@ class KeyGeneratorTest {
             keys.keyID shouldBe keyId
             keys.keyType.toString() shouldBe KeyType.EC.value
             keys.keyUse.toString() shouldBe "sig"
+            keys.algorithm shouldBeIn ecAlgorithmFamily
 
             val issuer = Issuer("issuer$index")
             val jwt = jwtWith(issuer.value, keyId, JOSEObjectType.JWT.type, jwsAlgorithm)

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ data class KeyGenerator(`
`23`	`23`	`if (keyGenerator.algorithm != KeyType.RSA.value) {`
`24`	`24`	`return keyGenerator.generateECKey(keyId, algorithm)`
`25`	`25`	`}`
`26`		`- return keyGenerator.generateRSAKey(keyId)`
	`26`	`+ return keyGenerator.generateRSAKey(keyId, algorithm)`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`private fun KeyPairGenerator.generateECKey(keyId: String, algorithm: JWSAlgorithm): JWK =`
`@@ -33,6 +33,7 @@ data class KeyGenerator(`
`33`	`33`	`.privateKey(it.private as ECPrivateKey)`
`34`	`34`	`.keyUse(KeyUse.SIGNATURE)`
`35`	`35`	`.keyID(keyId)`
	`36`	`+ .algorithm(algorithm)`
`36`	`37`	`.build()`
`37`	`38`	`}`
`38`	`39`
`@@ -44,13 +45,14 @@ data class KeyGenerator(`
`44`	`45`	`}`
`45`	`46`	`}`
`46`	`47`
`47`		`- private fun KeyPairGenerator.generateRSAKey(keyId: String): JWK =`
	`48`	`+ private fun KeyPairGenerator.generateRSAKey(keyId: String, algorithm: JWSAlgorithm): JWK =`
`48`	`49`	`generateKeyPair()`
`49`	`50`	`.let {`
`50`	`51`	`RSAKey.Builder(it.public as RSAPublicKey)`
`51`	`52`	`.privateKey(it.private as RSAPrivateKey)`
`52`	`53`	`.keyUse(KeyUse.SIGNATURE)`
`53`	`54`	`.keyID(keyId)`
	`55`	`+ .algorithm(algorithm)`
`54`	`56`	`.build()`
`55`	`57`	`}`
`56`	`58`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,8 @@`
`7`	`7`	`"crv": "P-256",`
`8`	`8`	`"kid": "issuer0",`
`9`	`9`	`"x": "umybCYzE-VX_UAIJaX3wc-GTOgB7WDp7A3JJAKW_hqU",`
`10`		`- "y": "m_sCzuMjiBSQ7At9yNktMQvE1cCKq68jO7wnRczwKw8"`
	`10`	`+ "y": "m_sCzuMjiBSQ7At9yNktMQvE1cCKq68jO7wnRczwKw8",`
	`11`	`+ "alg":"ES256"`
`11`	`12`	`},`
`12`	`13`	`{`
`13`	`14`	`"kty": "EC",`
`@@ -16,7 +17,8 @@`
`16`	`17`	`"crv": "P-256",`
`17`	`18`	`"kid": "issuer1",`
`18`	`19`	`"x": "YLAxep2KtJzgr6JZmlVgwmhoH08QKwG_ojgymdtcOkM",`
`19`		`- "y": "jpDJ7qE5g0iIBEBIrilQrOniOgbaKw0UjMky99j18G4"`
	`20`	`+ "y": "jpDJ7qE5g0iIBEBIrilQrOniOgbaKw0UjMky99j18G4",`
	`21`	`+ "alg":"ES256"`
`20`	`22`	`}`
`21`	`23`	`]`
`22`	`24`	`}`