From cac89baa522879ebadb03dfb81c60f9050a9cb0b Mon Sep 17 00:00:00 2001 From: Matheo Gracia Pegoraro Date: Tue, 21 May 2024 13:52:30 -0300 Subject: [PATCH 1/4] WIP tests --- lib/jose/jwk/kty.rb | 8 ++- lib/jose/jwk/kty_x509.rb | 92 ++++++++++++++++++++++++++++++++++ lib/jose/jwk/pem.rb | 29 ++++++++--- test/jose/jwk/kty_x509_test.rb | 64 +++++++++++++++++++++++ test/jose/jwk/pem_test.rb | 30 ++++++++++- 5 files changed, 211 insertions(+), 12 deletions(-) create mode 100644 lib/jose/jwk/kty_x509.rb create mode 100644 test/jose/jwk/kty_x509_test.rb diff --git a/lib/jose/jwk/kty.rb b/lib/jose/jwk/kty.rb index 5ca4b96..e84900c 100644 --- a/lib/jose/jwk/kty.rb +++ b/lib/jose/jwk/kty.rb @@ -2,11 +2,14 @@ module JOSE::JWK::KTY def self.from_key(object) object = object.__getobj__ if object.is_a?(JOSE::JWK::PKeyProxy) + case object + when OpenSSL::X509::Certificate + JOSE::JWK::KTY_X509.from_key(object) when OpenSSL::PKey::EC - return JOSE::JWK::KTY_EC.from_key(object) + JOSE::JWK::KTY_EC.from_key(object) when OpenSSL::PKey::RSA - return JOSE::JWK::KTY_RSA.from_key(object) + JOSE::JWK::KTY_RSA.from_key(object) else raise ArgumentError, "'object' is not a recognized key type: #{object.class.name}" end @@ -38,4 +41,5 @@ def self.key_encryptor(kty, fields, key) require 'jose/jwk/kty_okp_ed448ph' require 'jose/jwk/kty_okp_x25519' require 'jose/jwk/kty_okp_x448' +require 'jose/jwk/kty_x509' require 'jose/jwk/kty_rsa' diff --git a/lib/jose/jwk/kty_x509.rb b/lib/jose/jwk/kty_x509.rb new file mode 100644 index 0000000..f343be6 --- /dev/null +++ b/lib/jose/jwk/kty_x509.rb @@ -0,0 +1,92 @@ +class JOSE::JWK::KTY_X509 < Struct.new(:key) + + def self.from_key(object) + object = object.__getobj__ if object.is_a?(JOSE::JWK::PKeyProxy) + case object + when OpenSSL::X509::Certificate + JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(object.public_key)) + else + raise ArgumentError, "'object' is not a recognized key type: #{object.class.name}" + end + end + + def to_key + key.__getobj__ + end + + def to_map(fields) + { + 'kty' => 'RSA', + 'n' => JOSE.urlsafe_encode64(key.n.to_s(2)), + 'e' => JOSE.urlsafe_encode64(key.e.to_s(2)) + } + end + + def to_public_map(fields) + to_map(fields) + end + + def to_thumbprint_map(fields) + to_map(fields).slice('e', 'kty', 'n') + end + + def block_encryptor(fields = nil) + if fields && fields['use'] == 'enc' && !fields['alg'].nil? && !fields['enc'].nil? + JOSE::Map[ + 'alg' => fields['alg'], + 'enc' => fields['enc'] + ] + else + JOSE::Map[ + 'alg' => 'RSA-OAEP', + 'enc' => 'A128GCM' + ] + end + end + + def encrypt_public(plain_text, rsa_padding: :rsa_pkcs1_padding, rsa_oaep_md: nil) + case rsa_padding + when :rsa_pkcs1_padding + key.public_encrypt(plain_text, OpenSSL::PKey::RSA::PKCS1_PADDING) + when :rsa_pkcs1_oaep_padding + rsa_oaep_md ||= OpenSSL::Digest::SHA1 + key.public_encrypt(plain_text, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING) + else + raise ArgumentError, "unsupported RSA padding: #{rsa_padding.inspect}" + end + end + + def verify(message, digest_type, signature, padding: :rsa_pkcs1_padding) + case padding + when :rsa_pkcs1_padding + key.verify(digest_type.new, signature, message) + when :rsa_pkcs1_pss_padding + if key.respond_to?(:verify_pss) + digest_name = digest_type.new.name + key.verify_pss(digest_name, signature, message, salt_length: :digest, mgf1_hash: digest_name) + else + JOSE::JWA::PKCS1.rsassa_pss_verify(digest_type, message, signature, key) + end + else + raise ArgumentError, "unsupported RSA padding: #{padding.inspect}" + end + rescue OpenSSL::PKey::PKeyError + false + end + + def signer(fields = nil) + if fields && fields['use'] == 'sig' && !fields['alg'].nil? + JOSE::Map['alg' => fields['alg']] + else + JOSE::Map['alg' => 'RS256'] + end + end + + def verifier(fields) + if fields && fields['use'] == 'sig' && !fields['alg'].nil? + [fields['alg']] + else + ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512'] + end + end +end diff --git a/lib/jose/jwk/pem.rb b/lib/jose/jwk/pem.rb index a603d8a..2edc4b9 100644 --- a/lib/jose/jwk/pem.rb +++ b/lib/jose/jwk/pem.rb @@ -1,19 +1,32 @@ module JOSE::JWK::PEM - extend self def from_binary(object, password = nil) - pkey = OpenSSL::PKey.read(object, password) - return JOSE::JWK::KTY.from_key(pkey) + begin + pkey = OpenSSL::PKey.read(object, password) + return JOSE::JWK::KTY.from_key(pkey) + rescue OpenSSL::PKey::PKeyError + begin + cert = OpenSSL::X509::Certificate.new(object) + return JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(cert.public_key)) + rescue OpenSSL::X509::CertificateError => e + raise RuntimeError, "Unsupported key type or incorrect password: #{e.message}" + end + end end def to_binary(key, password = nil) - if password - cipher = OpenSSL::Cipher.new('DES-EDE3-CBC') - return key.to_pem(cipher, password) - else + if key.is_a?(OpenSSL::PKey::PKey) + if password + cipher = OpenSSL::Cipher.new('DES-EDE3-CBC') + return key.to_pem(cipher, password) + else + return key.to_pem + end + elsif key.is_a?(OpenSSL::X509::Certificate) return key.to_pem + else + raise ArgumentError, "Unsupported key type: #{key.class}" end end - end diff --git a/test/jose/jwk/kty_x509_test.rb b/test/jose/jwk/kty_x509_test.rb new file mode 100644 index 0000000..3e65322 --- /dev/null +++ b/test/jose/jwk/kty_x509_test.rb @@ -0,0 +1,64 @@ +require 'test_helper' + +class JOSE::JWK::KTY_X509Test < Minitest::Test + + CERTIFICATE_PEM = <<~PEM + -----BEGIN CERTIFICATE----- + MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV + BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD + VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 + MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG + QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 + 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu + l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 + QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 + vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR + wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD + VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 + jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB + AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik + R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu + 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 + cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 + Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e + W50qVg4iVjtjRuC2t8hXTDVb9BI= + -----END CERTIFICATE----- + PEM + + def test_from_binary_and_to_binary + x509_jwk = JOSE::JWK.from_binary(CERTIFICATE_PEM) + assert_equal CERTIFICATE_PEM, JOSE::JWK.to_binary(x509_jwk) + end + + def test_from_key_and_to_key + x509_jwk = JOSE::JWK.from_binary(CERTIFICATE_PEM) + public_key = JOSE::JWK.to_key(x509_jwk) + assert_equal x509_jwk, JOSE::JWK.from_key(public_key) + end + + def test_generate_key + # Geração de chave para X509 não é típica, mas pode-se testar a criação e conversão + jwk1 = JOSE::JWK.generate_key([:rsa, 2048]) + jwk2 = JOSE::JWK.generate_key(jwk1) + refute_equal JOSE::JWK.thumbprint(jwk1), JOSE::JWK.thumbprint(jwk2) + end + + def test_block_encryptor + # Semelhante ao RSA, mas com chaves X509 + RSAGenerator.cache do + plain_jwk = JOSE::JWK.from(CERTIFICATE_PEM) + assert_equal JOSE::Map['alg' => 'RSA-OAEP', 'enc' => 'A128GCM'], JOSE::JWK.block_encryptor(plain_jwk) + end + end + + def test_sfm_and_crt + # Adicionar teste para a funcionalidade de SFM e CRT com chaves X509 + RSAGenerator.cache do + jwk_crt = JOSE::JWK.from_binary(CERTIFICATE_PEM) + jwk_sfm = jwk_crt.to_map.except('dp', 'dq', 'p', 'q', 'qi') + assert_equal jwk_crt, JOSE::JWK.from(jwk_sfm) + end + end + +end diff --git a/test/jose/jwk/pem_test.rb b/test/jose/jwk/pem_test.rb index 979cafa..6df72f6 100644 --- a/test/jose/jwk/pem_test.rb +++ b/test/jose/jwk/pem_test.rb @@ -1,7 +1,6 @@ require 'test_helper' class JOSE::JWK::PEMTest < Minitest::Test - def test_from_pem_and_to_pem ec_pem_data = \ "-----BEGIN EC PRIVATE KEY-----\n" \ @@ -17,6 +16,7 @@ def test_from_pem_and_to_pem encrypted_ec_pem_data = JOSE::JWK.to_pem(ec_pem, ec_pem_password) refute_equal ec_pem_data, encrypted_ec_pem_data assert_equal ec_pem, JOSE::JWK.from_pem(encrypted_ec_pem_data, ec_pem_password) + rsa_pem_data = \ "-----BEGIN RSA PRIVATE KEY-----\n" \ "MIIEpAIBAAKCAQEAxnAUUvtW3ftv25jCB+hePVCnhROqH2PACVGoCybdtMYTl8qV\n" \ @@ -53,6 +53,32 @@ def test_from_pem_and_to_pem encrypted_rsa_pem_data = JOSE::JWK.to_pem(rsa_pem, rsa_pem_password) refute_equal rsa_pem_data, encrypted_rsa_pem_data assert_equal rsa_pem, JOSE::JWK.from_pem(encrypted_rsa_pem_data, rsa_pem_password) - end + x509_pem_data = \ + "-----BEGIN CERTIFICATE-----\n" \ + "MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" \ + "BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD\n" \ + "VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4\n" \ + "MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG\n" \ + "QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB\n" \ + "BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5\n" \ + "2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu\n" \ + "l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8\n" \ + "QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2\n" \ + "vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR\n" \ + "wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD\n" \ + "VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13\n" \ + "jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\n" \ + "AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik\n" \ + "R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu\n" \ + "6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3\n" \ + "cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4\n" \ + "Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e\n" \ + "W50qVg4iVjtjRuC2t8hXTDVb9BI=\n" \ + "-----END CERTIFICATE-----\n" + + x509_key = OpenSSL::X509::Certificate.new(x509_pem_data).public_key + x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) + assert_equal x509_key, x509_jwk.key.__getobj__ + end end From 88ee664474de4ac94ada15a358645f0077693e28 Mon Sep 17 00:00:00 2001 From: Matheo Gracia Pegoraro Date: Tue, 28 May 2024 01:31:05 -0300 Subject: [PATCH 2/4] WIP tests --- lib/jose/jwk/kty_x509.rb | 2 + lib/jose/jwk/pem.rb | 2 + test/jose/jwk/kty_x509_test.rb | 111 +++++++++++++++------------- test/jose/jwk/pem_test.rb | 131 +++++++++++++++++---------------- 4 files changed, 131 insertions(+), 115 deletions(-) diff --git a/lib/jose/jwk/kty_x509.rb b/lib/jose/jwk/kty_x509.rb index f343be6..c97501a 100644 --- a/lib/jose/jwk/kty_x509.rb +++ b/lib/jose/jwk/kty_x509.rb @@ -3,6 +3,8 @@ class JOSE::JWK::KTY_X509 < Struct.new(:key) def self.from_key(object) object = object.__getobj__ if object.is_a?(JOSE::JWK::PKeyProxy) case object + when OpenSSL::PKey::PKey + JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(object)) when OpenSSL::X509::Certificate JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(object.public_key)) else diff --git a/lib/jose/jwk/pem.rb b/lib/jose/jwk/pem.rb index 2edc4b9..f0b33dd 100644 --- a/lib/jose/jwk/pem.rb +++ b/lib/jose/jwk/pem.rb @@ -25,6 +25,8 @@ def to_binary(key, password = nil) end elsif key.is_a?(OpenSSL::X509::Certificate) return key.to_pem + elsif key.is_a?(JOSE::JWK::PKeyProxy) + return key.__getobj__.to_pem else raise ArgumentError, "Unsupported key type: #{key.class}" end diff --git a/test/jose/jwk/kty_x509_test.rb b/test/jose/jwk/kty_x509_test.rb index 3e65322..f0130aa 100644 --- a/test/jose/jwk/kty_x509_test.rb +++ b/test/jose/jwk/kty_x509_test.rb @@ -1,64 +1,69 @@ require 'test_helper' class JOSE::JWK::KTY_X509Test < Minitest::Test + def test_from_key_and_to_key + x509_pem_data = <<~PEM + -----BEGIN CERTIFICATE----- + MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV + BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD + VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 + MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG + QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 + 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu + l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 + QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 + vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR + wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD + VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 + jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB + AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik + R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu + 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 + cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 + Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e + W50qVg4iVjtjRuC2t8hXTDVb9BI= + -----END CERTIFICATE----- + PEM - CERTIFICATE_PEM = <<~PEM - -----BEGIN CERTIFICATE----- - MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV - BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD - VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 - MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG - QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB - BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 - 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu - l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 - QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 - vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR - wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD - VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 - jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB - AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik - R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu - 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 - cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 - Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e - W50qVg4iVjtjRuC2t8hXTDVb9BI= - -----END CERTIFICATE----- - PEM - - def test_from_binary_and_to_binary - x509_jwk = JOSE::JWK.from_binary(CERTIFICATE_PEM) - assert_equal CERTIFICATE_PEM, JOSE::JWK.to_binary(x509_jwk) + x509_cert = OpenSSL::X509::Certificate.new(x509_pem_data) + x509_key = x509_cert.public_key + x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) + assert_equal x509_key.to_pem.strip, x509_jwk.to_key.to_pem.strip end - def test_from_key_and_to_key - x509_jwk = JOSE::JWK.from_binary(CERTIFICATE_PEM) - public_key = JOSE::JWK.to_key(x509_jwk) - assert_equal x509_jwk, JOSE::JWK.from_key(public_key) - end + def test_from_binary_and_to_binary + x509_pem_data = <<~PEM + -----BEGIN CERTIFICATE----- + MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV + BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD + VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 + MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG + QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 + 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu + l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 + QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 + vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR + wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD + VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 + jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB + AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik + R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu + 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 + cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 + Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e + W50qVg4iVjtjRuC2t8hXTDVb9BI= + -----END CERTIFICATE----- + PEM - def test_generate_key - # Geração de chave para X509 não é típica, mas pode-se testar a criação e conversão - jwk1 = JOSE::JWK.generate_key([:rsa, 2048]) - jwk2 = JOSE::JWK.generate_key(jwk1) - refute_equal JOSE::JWK.thumbprint(jwk1), JOSE::JWK.thumbprint(jwk2) - end + x509_cert = OpenSSL::X509::Certificate.new(x509_pem_data) + x509_key = x509_cert.public_key + x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) - def test_block_encryptor - # Semelhante ao RSA, mas com chaves X509 - RSAGenerator.cache do - plain_jwk = JOSE::JWK.from(CERTIFICATE_PEM) - assert_equal JOSE::Map['alg' => 'RSA-OAEP', 'enc' => 'A128GCM'], JOSE::JWK.block_encryptor(plain_jwk) - end - end + binary_data = x509_pem_data.unpack1('m0') + from_binary_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(OpenSSL::X509::Certificate.new(binary_data).public_key)) - def test_sfm_and_crt - # Adicionar teste para a funcionalidade de SFM e CRT com chaves X509 - RSAGenerator.cache do - jwk_crt = JOSE::JWK.from_binary(CERTIFICATE_PEM) - jwk_sfm = jwk_crt.to_map.except('dp', 'dq', 'p', 'q', 'qi') - assert_equal jwk_crt, JOSE::JWK.from(jwk_sfm) - end + assert_equal x509_jwk.key.__getobj__.to_pem.strip, from_binary_jwk.key.__getobj__.to_pem.strip end - end diff --git a/test/jose/jwk/pem_test.rb b/test/jose/jwk/pem_test.rb index 6df72f6..20b1db4 100644 --- a/test/jose/jwk/pem_test.rb +++ b/test/jose/jwk/pem_test.rb @@ -2,83 +2,90 @@ class JOSE::JWK::PEMTest < Minitest::Test def test_from_pem_and_to_pem - ec_pem_data = \ - "-----BEGIN EC PRIVATE KEY-----\n" \ - "MHcCAQEEIFISMjkku2kVv9s4iHuyr0AJR8SVqGtv/4xXYuu1ae3woAoGCCqGSM49\n" \ - "AwEHoUQDQgAEDwZ8OJ8ZVGE8zhSXbsnL+1kJ+I6Sl92hBGTY7cTWS+ba3Mn3lwmY\n" \ - "7cnK6ZESgGXGDvO11wRXTd2qS31H4bIEDw==\n" \ - "-----END EC PRIVATE KEY-----\n" + ec_pem_data = <<~PEM.strip + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEIFISMjkku2kVv9s4iHuyr0AJR8SVqGtv/4xXYuu1ae3woAoGCCqGSM49 + AwEHoUQDQgAEDwZ8OJ8ZVGE8zhSXbsnL+1kJ+I6Sl92hBGTY7cTWS+ba3Mn3lwmY + 7cnK6ZESgGXGDvO11wRXTd2qS31H4bIEDw== + -----END EC PRIVATE KEY----- + PEM + ec_pem_json = "{\"crv\":\"P-256\",\"d\":\"UhIyOSS7aRW_2ziIe7KvQAlHxJWoa2__jFdi67Vp7fA\",\"kty\":\"EC\",\"x\":\"DwZ8OJ8ZVGE8zhSXbsnL-1kJ-I6Sl92hBGTY7cTWS-Y\",\"y\":\"2tzJ95cJmO3JyumREoBlxg7ztdcEV03dqkt9R-GyBA8\"}" ec_pem = JOSE::JWK.from(ec_pem_json) assert_equal ec_pem, JOSE::JWK.from_pem(ec_pem_data) - assert_equal ec_pem_data, JOSE::JWK.to_pem(ec_pem) + assert_equal OpenSSL::PKey::EC.new(ec_pem_data).to_pem.strip, JOSE::JWK.to_pem(ec_pem).strip + ec_pem_password = SecureRandom.urlsafe_base64(16) encrypted_ec_pem_data = JOSE::JWK.to_pem(ec_pem, ec_pem_password) - refute_equal ec_pem_data, encrypted_ec_pem_data + refute_equal OpenSSL::PKey::EC.new(ec_pem_data).to_pem.strip, encrypted_ec_pem_data.strip assert_equal ec_pem, JOSE::JWK.from_pem(encrypted_ec_pem_data, ec_pem_password) - rsa_pem_data = \ - "-----BEGIN RSA PRIVATE KEY-----\n" \ - "MIIEpAIBAAKCAQEAxnAUUvtW3ftv25jCB+hePVCnhROqH2PACVGoCybdtMYTl8qV\n" \ - "ABAR0d6T+BRzVhJzz0+UvBNFUQyVvKAFxtbQUZN2JgAm08UJrDQszqz5tTzodWex\n" \ - "ODdPuoCaWaWge/MZGhz5PwWd7Jc4bPAu0QzSVFpBP3CovSjv48Z2Eq0/LHXVjjX/\n" \ - "Az+WaUh94mXFyAxFI/oCygtT+il1+japS3cXJJh0WddT3VKEBRYHmxDJd/LYE+KX\n" \ - "Qt3aTDhq0vI9sG2ivtFj0dc3w/YBdr4hlcr42ujSP3wLTPpTjituwHQhYP4j+zqu\n" \ - "7J3FYaIxU4lkK9Y/DP27RxffFI9YDPJdwFkNJwIDAQABAoIBAANoByFJiTs0Rr5J\n" \ - "SANkvMFmsgl5xfDWAITobu8KEsI4qDtx0c73d6bXoEig6T3wASbs4cu8tPLoOWXM\n" \ - "hWzdYSQVWPDcDc6S0lCvcJl3pK20xvTE++jQIkE8Ven2CuQ1zxeAqdKoIQbfratJ\n" \ - "EDSseKvUBMy2/V6J5lxNmtdFPBFiSLPe9khRocSs3+mqukYu1AyutO54EMhIVZhs\n" \ - "a94AySwBkOcDmqeTWCC9rnyORWKh/km8v0JO9vfW/sOAdH5ervIrEfDpacDC1Zw/\n" \ - "qKjgTx/uubRPNocT1dEG0pss5oPYZVVYpyfNmEQZG3LvlxvV1zoVKiSe5Gn0K2JE\n" \ - "MegYhSkCgYEA5cMQg/4MrOnHI44xEs6Jyt/22DCvw3K+GY046Ls50vIf2KlRALHI\n" \ - "65SPKfVFo5hUuHkBuWnQV46tHJU0dlmfg4svPMm/581r59yXeI8W6G4FlsSiVyhF\n" \ - "O3P5Q5ubVs7MNaqhvaqqPqR14cVvHSqjwX5jGuGAVuLhnOhZGbtb7/UCgYEA3RlG\n" \ - "NrCRU+yV7TTikKJVJCIpe8vgLBkHQ61iuICd8AyHa4sXICgf2YBFgW8CAJOHKIp8\n" \ - "g/Nl94VYpqWvN1YVDB7sFUlRpJL2yXvTKxDzUwtM5pf/D1O6lGEMQBRY+buhZHmP\n" \ - "f5qG93LnsSqm5YOZGpZ6t6gHtYM9A6JOIgwsYysCgYBSx6DfrVxrwB6bVNOhbwB+\n" \ - "M4sAASqSRHjxQ8xJLYt70PhgW0Bv+53kIrYh69iXRH7hp9dTMih6I1GDhs5MBaZP\n" \ - "AoqWYCngHkbOVs/MA+HBBELHOzkyJbQr43DfRuUEtaUlgMCdUSvdPeuq2DNcUsyF\n" \ - "HkAeozhWFZArtBrGBpbtMQKBgQDK55b4ObIlQsmUlyQVd+SK9I79fWyNC6sPAN/I\n" \ - "UsCeu+DLYSon6KrSAFXJIwbDYKB5JB6BOa4qKcXhqcvTDLzkEry2DENQtU6mOWzh\n" \ - "6PxlCcnZFUSN3FkuMqH7bLD6/qZufuCiSj3yeREIFgx0NQEc1Vxpj1sDyR0FaL4r\n" \ - "oOBbYQKBgQCQblK162WzXz/V+9DHyvGFfYCKzReDSAsNSOkT/1Nhxv662rv0dUo5\n" \ - "D/Y8kbPT2FD+16qeFeGAYy5upqS2XpQ5ImvoHgmBwBjvJT7fgS5LGny4ouLH0FWw\n" \ - "XZymILgAOGMso/1zshDtfvN+zffr9F5vx+H0b/NF3AR+aoXLubbwuA==\n" \ - "-----END RSA PRIVATE KEY-----\n" + rsa_pem_data = <<~PEM.strip + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAxnAUUvtW3ftv25jCB+hePVCnhROqH2PACVGoCybdtMYTl8qV + ABAR0d6T+BRzVhJzz0+UvBNFUQyVvKAFxtbQUZN2JgAm08UJrDQszqz5tTzodWex + ODdPuoCaWaWge/MZGhz5PwWd7Jc4bPAu0QzSVFpBP3CovSjv48Z2Eq0/LHXVjjX/ + Az+WaUh94mXFyAxFI/oCygtT+il1+japS3cXJJh0WddT3VKEBRYHmxDJd/LYE+KX + Qt3aTDhq0vI9sG2ivtFj0dc3w/YBdr4hlcr42ujSP3wLTPpTjituwHQhYP4j+zqu + 7J3FYaIxU4lkK9Y/DP27RxffFI9YDPJdwFkNJwIDAQABAoIBAANoByFJiTs0Rr5J + SANkvMFmsgl5xfDWAITobu8KEsI4qDtx0c73d6bXoEig6T3wASbs4cu8tPLoOWXM + hWzdYSQVWPDcDc6S0lCvcJl3pK20xvTE++jQIkE8Ven2CuQ1zxeAqdKoIQbfratJ + EDSseKvUBMy2/V6J5lxNmtdFPBFiSLPe9khRocSs3+mqukYu1AyutO54EMhIVZhs + a94AySwBkOcDmqeTWCC9rnyORWKh/km8v0JO9vfW/sOAdH5ervIrEfDpacDC1Zw/ + qKjgTx/uubRPNocT1dEG0pss5oPYZVVYpyfNmEQZG3LvlxvV1zoVKiSe5Gn0K2JE + MegYhSkCgYEA5cMQg/4MrOnHI44xEs6Jyt/22DCvw3K+GY046Ls50vIf2KlRALHI + 65SPKfVFo5hUuHkBuWnQV46tHJU0dlmfg4svPMm/581r59yXeI8W6G4FlsSiVyhF + O3P5Q5ubVs7MNaqhvaqqPqR14cVvHSqjwX5jGuGAVuLhnOhZGbtb7/UCgYEA3RlG + NrCRU+yV7TTikKJVJCIpe8vgLBkHQ61iuICd8AyHa4sXICgf2YBFgW8CAJOHKIp8 + g/Nl94VYpqWvN1YVDB7sFUlRpJL2yXvTKxDzUwtM5pf/D1O6lGEMQBRY+buhZHmP + f5qG93LnsSqm5YOZGpZ6t6gHtYM9A6JOIgwsYysCgYBSx6DfrVxrwB6bVNOhbwB+ + M4sAASqSRHjxQ8xJLYt70PhgW0Bv+53kIrYh69iXRH7hp9dTMih6I1GDhs5MBaZP + AoqWYCngHkbOVs/MA+HBBELHOzkyJbQr43DfRuUEtaUlgMCdUSvdPeuq2DNcUsyF + HkAeozhWFZArtBrGBpbtMQKBgQDK55b4ObIlQsmUlyQVd+SK9I79fWyNC6sPAN/I + UsCeu+DLYSon6KrSAFXJIwbDYKB5JB6BOa4qKcXhqcvTDLzkEry2DENQtU6mOWzh + 6PxlCcnZFUSN3FkuMqH7bLD6/qZufuCiSj3yeREIFgx0NQEc1Vxpj1sDyR0FaL4r + oOBbYQKBgQCQblK162WzXz/V+9DHyvGFfYCKzReDSAsNSOkT/1Nhxv662rv0dUo5 + D/Y8kbPT2FD+16qeFeGAYy5upqS2XpQ5ImvoHgmBwBjvJT7fgS5LGny4ouLH0FWw + XZymILgAOGMso/1zshDtfvN+zffr9F5vx+H0b/NF3AR+aoXLubbwuA== + -----END RSA PRIVATE KEY----- + PEM + rsa_pem_json = "{\"d\":\"A2gHIUmJOzRGvklIA2S8wWayCXnF8NYAhOhu7woSwjioO3HRzvd3ptegSKDpPfABJuzhy7y08ug5ZcyFbN1hJBVY8NwNzpLSUK9wmXekrbTG9MT76NAiQTxV6fYK5DXPF4Cp0qghBt-tq0kQNKx4q9QEzLb9XonmXE2a10U8EWJIs972SFGhxKzf6aq6Ri7UDK607ngQyEhVmGxr3gDJLAGQ5wOap5NYIL2ufI5FYqH-Sby_Qk7299b-w4B0fl6u8isR8OlpwMLVnD-oqOBPH-65tE82hxPV0QbSmyzmg9hlVVinJ82YRBkbcu-XG9XXOhUqJJ7kafQrYkQx6BiFKQ\",\"dp\":\"Useg361ca8Aem1TToW8AfjOLAAEqkkR48UPMSS2Le9D4YFtAb_ud5CK2IevYl0R-4afXUzIoeiNRg4bOTAWmTwKKlmAp4B5GzlbPzAPhwQRCxzs5MiW0K-Nw30blBLWlJYDAnVEr3T3rqtgzXFLMhR5AHqM4VhWQK7QaxgaW7TE\",\"dq\":\"yueW-DmyJULJlJckFXfkivSO_X1sjQurDwDfyFLAnrvgy2EqJ-iq0gBVySMGw2CgeSQegTmuKinF4anL0wy85BK8tgxDULVOpjls4ej8ZQnJ2RVEjdxZLjKh-2yw-v6mbn7goko98nkRCBYMdDUBHNVcaY9bA8kdBWi-K6DgW2E\",\"e\":\"AQAB\",\"kty\":\"RSA\",\"n\":\"xnAUUvtW3ftv25jCB-hePVCnhROqH2PACVGoCybdtMYTl8qVABAR0d6T-BRzVhJzz0-UvBNFUQyVvKAFxtbQUZN2JgAm08UJrDQszqz5tTzodWexODdPuoCaWaWge_MZGhz5PwWd7Jc4bPAu0QzSVFpBP3CovSjv48Z2Eq0_LHXVjjX_Az-WaUh94mXFyAxFI_oCygtT-il1-japS3cXJJh0WddT3VKEBRYHmxDJd_LYE-KXQt3aTDhq0vI9sG2ivtFj0dc3w_YBdr4hlcr42ujSP3wLTPpTjituwHQhYP4j-zqu7J3FYaIxU4lkK9Y_DP27RxffFI9YDPJdwFkNJw\",\"p\":\"5cMQg_4MrOnHI44xEs6Jyt_22DCvw3K-GY046Ls50vIf2KlRALHI65SPKfVFo5hUuHkBuWnQV46tHJU0dlmfg4svPMm_581r59yXeI8W6G4FlsSiVyhFO3P5Q5ubVs7MNaqhvaqqPqR14cVvHSqjwX5jGuGAVuLhnOhZGbtb7_U\",\"q\":\"3RlGNrCRU-yV7TTikKJVJCIpe8vgLBkHQ61iuICd8AyHa4sXICgf2YBFgW8CAJOHKIp8g_Nl94VYpqWvN1YVDB7sFUlRpJL2yXvTKxDzUwtM5pf_D1O6lGEMQBRY-buhZHmPf5qG93LnsSqm5YOZGpZ6t6gHtYM9A6JOIgwsYys\",\"qi\":\"kG5Stetls18_1fvQx8rxhX2Ais0Xg0gLDUjpE_9TYcb-utq79HVKOQ_2PJGz09hQ_teqnhXhgGMubqaktl6UOSJr6B4JgcAY7yU-34EuSxp8uKLix9BVsF2cpiC4ADhjLKP9c7IQ7X7zfs336_Reb8fh9G_zRdwEfmqFy7m28Lg\"}" rsa_pem = JOSE::JWK.from(rsa_pem_json) assert_equal rsa_pem, JOSE::JWK.from_pem(rsa_pem_data) - assert_equal rsa_pem_data, JOSE::JWK.to_pem(rsa_pem) + assert_equal OpenSSL::PKey::RSA.new(rsa_pem_data).to_pem.strip, JOSE::JWK.to_pem(rsa_pem).strip + rsa_pem_password = SecureRandom.urlsafe_base64(16) encrypted_rsa_pem_data = JOSE::JWK.to_pem(rsa_pem, rsa_pem_password) - refute_equal rsa_pem_data, encrypted_rsa_pem_data + refute_equal OpenSSL::PKey::RSA.new(rsa_pem_data).to_pem.strip, encrypted_rsa_pem_data.strip assert_equal rsa_pem, JOSE::JWK.from_pem(encrypted_rsa_pem_data, rsa_pem_password) - x509_pem_data = \ - "-----BEGIN CERTIFICATE-----\n" \ - "MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" \ - "BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD\n" \ - "VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4\n" \ - "MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG\n" \ - "QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB\n" \ - "BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5\n" \ - "2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu\n" \ - "l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8\n" \ - "QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2\n" \ - "vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR\n" \ - "wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD\n" \ - "VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13\n" \ - "jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\n" \ - "AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik\n" \ - "R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu\n" \ - "6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3\n" \ - "cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4\n" \ - "Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e\n" \ - "W50qVg4iVjtjRuC2t8hXTDVb9BI=\n" \ - "-----END CERTIFICATE-----\n" + x509_pem_data = <<~PEM.strip + -----BEGIN CERTIFICATE----- + MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV + BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD + VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 + MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG + QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 + 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu + l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 + QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 + vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR + wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD + VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 + jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB + AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik + R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu + 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 + cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 + Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e + W50qVg4iVjtjRuC2t8hXTDVb9BI= + -----END CERTIFICATE----- + PEM - x509_key = OpenSSL::X509::Certificate.new(x509_pem_data).public_key + x509_key = OpenSSL::X509::Certificate.new(x509_pem_data.strip).public_key x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) - assert_equal x509_key, x509_jwk.key.__getobj__ + assert_equal x509_key.to_pem.strip, x509_jwk.key.__getobj__.to_pem.strip end end From 2b6b77c1daf803c4569933d2ab31590963b987f0 Mon Sep 17 00:00:00 2001 From: Matheo Gracia Pegoraro Date: Sat, 1 Jun 2024 00:55:13 -0300 Subject: [PATCH 3/4] Fix Failure --- lib/jose/jwk/pem.rb | 2 +- test/jose/jwk/pem_test.rb | 138 ++++++++++++++++++++------------------ 2 files changed, 73 insertions(+), 67 deletions(-) diff --git a/lib/jose/jwk/pem.rb b/lib/jose/jwk/pem.rb index f0b33dd..9343566 100644 --- a/lib/jose/jwk/pem.rb +++ b/lib/jose/jwk/pem.rb @@ -16,7 +16,7 @@ def from_binary(object, password = nil) end def to_binary(key, password = nil) - if key.is_a?(OpenSSL::PKey::PKey) + if key.is_a?(JOSE::JWK::PKeyProxy) if password cipher = OpenSSL::Cipher.new('DES-EDE3-CBC') return key.to_pem(cipher, password) diff --git a/test/jose/jwk/pem_test.rb b/test/jose/jwk/pem_test.rb index 20b1db4..d704e32 100644 --- a/test/jose/jwk/pem_test.rb +++ b/test/jose/jwk/pem_test.rb @@ -1,91 +1,97 @@ require 'test_helper' class JOSE::JWK::PEMTest < Minitest::Test - def test_from_pem_and_to_pem - ec_pem_data = <<~PEM.strip - -----BEGIN EC PRIVATE KEY----- - MHcCAQEEIFISMjkku2kVv9s4iHuyr0AJR8SVqGtv/4xXYuu1ae3woAoGCCqGSM49 - AwEHoUQDQgAEDwZ8OJ8ZVGE8zhSXbsnL+1kJ+I6Sl92hBGTY7cTWS+ba3Mn3lwmY - 7cnK6ZESgGXGDvO11wRXTd2qS31H4bIEDw== - -----END EC PRIVATE KEY----- - PEM + def normalize_pem(pem) + pem.strip.gsub("\r\n", "\n").gsub("\n", "\n") + end + def test_from_pem_and_to_pem + ec_pem_data = \ + "-----BEGIN EC PRIVATE KEY-----\n" \ + "MHcCAQEEIFISMjkku2kVv9s4iHuyr0AJR8SVqGtv/4xXYuu1ae3woAoGCCqGSM49\n" \ + "AwEHoUQDQgAEDwZ8OJ8ZVGE8zhSXbsnL+1kJ+I6Sl92hBGTY7cTWS+ba3Mn3lwmY\n" \ + "7cnK6ZESgGXGDvO11wRXTd2qS31H4bIEDw==\n" \ + "-----END EC PRIVATE KEY-----\n" ec_pem_json = "{\"crv\":\"P-256\",\"d\":\"UhIyOSS7aRW_2ziIe7KvQAlHxJWoa2__jFdi67Vp7fA\",\"kty\":\"EC\",\"x\":\"DwZ8OJ8ZVGE8zhSXbsnL-1kJ-I6Sl92hBGTY7cTWS-Y\",\"y\":\"2tzJ95cJmO3JyumREoBlxg7ztdcEV03dqkt9R-GyBA8\"}" ec_pem = JOSE::JWK.from(ec_pem_json) assert_equal ec_pem, JOSE::JWK.from_pem(ec_pem_data) - assert_equal OpenSSL::PKey::EC.new(ec_pem_data).to_pem.strip, JOSE::JWK.to_pem(ec_pem).strip - + assert_equal ec_pem_data, JOSE::JWK.to_pem(ec_pem) ec_pem_password = SecureRandom.urlsafe_base64(16) encrypted_ec_pem_data = JOSE::JWK.to_pem(ec_pem, ec_pem_password) - refute_equal OpenSSL::PKey::EC.new(ec_pem_data).to_pem.strip, encrypted_ec_pem_data.strip + refute_equal ec_pem_data, encrypted_ec_pem_data assert_equal ec_pem, JOSE::JWK.from_pem(encrypted_ec_pem_data, ec_pem_password) - - rsa_pem_data = <<~PEM.strip - -----BEGIN RSA PRIVATE KEY----- - MIIEpAIBAAKCAQEAxnAUUvtW3ftv25jCB+hePVCnhROqH2PACVGoCybdtMYTl8qV - ABAR0d6T+BRzVhJzz0+UvBNFUQyVvKAFxtbQUZN2JgAm08UJrDQszqz5tTzodWex - ODdPuoCaWaWge/MZGhz5PwWd7Jc4bPAu0QzSVFpBP3CovSjv48Z2Eq0/LHXVjjX/ - Az+WaUh94mXFyAxFI/oCygtT+il1+japS3cXJJh0WddT3VKEBRYHmxDJd/LYE+KX - Qt3aTDhq0vI9sG2ivtFj0dc3w/YBdr4hlcr42ujSP3wLTPpTjituwHQhYP4j+zqu - 7J3FYaIxU4lkK9Y/DP27RxffFI9YDPJdwFkNJwIDAQABAoIBAANoByFJiTs0Rr5J - SANkvMFmsgl5xfDWAITobu8KEsI4qDtx0c73d6bXoEig6T3wASbs4cu8tPLoOWXM - hWzdYSQVWPDcDc6S0lCvcJl3pK20xvTE++jQIkE8Ven2CuQ1zxeAqdKoIQbfratJ - EDSseKvUBMy2/V6J5lxNmtdFPBFiSLPe9khRocSs3+mqukYu1AyutO54EMhIVZhs - a94AySwBkOcDmqeTWCC9rnyORWKh/km8v0JO9vfW/sOAdH5ervIrEfDpacDC1Zw/ - qKjgTx/uubRPNocT1dEG0pss5oPYZVVYpyfNmEQZG3LvlxvV1zoVKiSe5Gn0K2JE - MegYhSkCgYEA5cMQg/4MrOnHI44xEs6Jyt/22DCvw3K+GY046Ls50vIf2KlRALHI - 65SPKfVFo5hUuHkBuWnQV46tHJU0dlmfg4svPMm/581r59yXeI8W6G4FlsSiVyhF - O3P5Q5ubVs7MNaqhvaqqPqR14cVvHSqjwX5jGuGAVuLhnOhZGbtb7/UCgYEA3RlG - NrCRU+yV7TTikKJVJCIpe8vgLBkHQ61iuICd8AyHa4sXICgf2YBFgW8CAJOHKIp8 - g/Nl94VYpqWvN1YVDB7sFUlRpJL2yXvTKxDzUwtM5pf/D1O6lGEMQBRY+buhZHmP - f5qG93LnsSqm5YOZGpZ6t6gHtYM9A6JOIgwsYysCgYBSx6DfrVxrwB6bVNOhbwB+ - M4sAASqSRHjxQ8xJLYt70PhgW0Bv+53kIrYh69iXRH7hp9dTMih6I1GDhs5MBaZP - AoqWYCngHkbOVs/MA+HBBELHOzkyJbQr43DfRuUEtaUlgMCdUSvdPeuq2DNcUsyF - HkAeozhWFZArtBrGBpbtMQKBgQDK55b4ObIlQsmUlyQVd+SK9I79fWyNC6sPAN/I - UsCeu+DLYSon6KrSAFXJIwbDYKB5JB6BOa4qKcXhqcvTDLzkEry2DENQtU6mOWzh - 6PxlCcnZFUSN3FkuMqH7bLD6/qZufuCiSj3yeREIFgx0NQEc1Vxpj1sDyR0FaL4r - oOBbYQKBgQCQblK162WzXz/V+9DHyvGFfYCKzReDSAsNSOkT/1Nhxv662rv0dUo5 - D/Y8kbPT2FD+16qeFeGAYy5upqS2XpQ5ImvoHgmBwBjvJT7fgS5LGny4ouLH0FWw - XZymILgAOGMso/1zshDtfvN+zffr9F5vx+H0b/NF3AR+aoXLubbwuA== - -----END RSA PRIVATE KEY----- - PEM - + rsa_pem_data = \ + "-----BEGIN RSA PRIVATE KEY-----\n" \ + "MIIEpAIBAAKCAQEAxnAUUvtW3ftv25jCB+hePVCnhROqH2PACVGoCybdtMYTl8qV\n" \ + "ABAR0d6T+BRzVhJzz0+UvBNFUQyVvKAFxtbQUZN2JgAm08UJrDQszqz5tTzodWex\n" \ + "ODdPuoCaWaWge/MZGhz5PwWd7Jc4bPAu0QzSVFpBP3CovSjv48Z2Eq0/LHXVjjX/\n" \ + "Az+WaUh94mXFyAxFI/oCygtT+il1+japS3cXJJh0WddT3VKEBRYHmxDJd/LYE+KX\n" \ + "Qt3aTDhq0vI9sG2ivtFj0dc3w/YBdr4hlcr42ujSP3wLTPpTjituwHQhYP4j+zqu\n" \ + "7J3FYaIxU4lkK9Y/DP27RxffFI9YDPJdwFkNJwIDAQABAoIBAANoByFJiTs0Rr5J\n" \ + "SANkvMFmsgl5xfDWAITobu8KEsI4qDtx0c73d6bXoEig6T3wASbs4cu8tPLoOWXM\n" \ + "hWzdYSQVWPDcDc6S0lCvcJl3pK20xvTE++jQIkE8Ven2CuQ1zxeAqdKoIQbfratJ\n" \ + "EDSseKvUBMy2/V6J5lxNmtdFPBFiSLPe9khRocSs3+mqukYu1AyutO54EMhIVZhs\n" \ + "a94AySwBkOcDmqeTWCC9rnyORWKh/km8v0JO9vfW/sOAdH5ervIrEfDpacDC1Zw/\n" \ + "qKjgTx/uubRPNocT1dEG0pss5oPYZVVYpyfNmEQZG3LvlxvV1zoVKiSe5Gn0K2JE\n" \ + "MegYhSkCgYEA5cMQg/4MrOnHI44xEs6Jyt/22DCvw3K+GY046Ls50vIf2KlRALHI\n" \ + "65SPKfVFo5hUuHkBuWnQV46tHJU0dlmfg4svPMm/581r59yXeI8W6G4FlsSiVyhF\n" \ + "O3P5Q5ubVs7MNaqhvaqqPqR14cVvHSqjwX5jGuGAVuLhnOhZGbtb7/UCgYEA3RlG\n" \ + "NrCRU+yV7TTikKJVJCIpe8vgLBkHQ61iuICd8AyHa4sXICgf2YBFgW8CAJOHKIp8\n" \ + "g/Nl94VYpqWvN1YVDB7sFUlRpJL2yXvTKxDzUwtM5pf/D1O6lGEMQBRY+buhZHmP\n" \ + "f5qG93LnsSqm5YOZGpZ6t6gHtYM9A6JOIgwsYysCgYBSx6DfrVxrwB6bVNOhbwB+\n" \ + "M4sAASqSRHjxQ8xJLYt70PhgW0Bv+53kIrYh69iXRH7hp9dTMih6I1GDhs5MBaZP\n" \ + "AoqWYCngHkbOVs/MA+HBBELHOzkyJbQr43DfRuUEtaUlgMCdUSvdPeuq2DNcUsyF\n" \ + "HkAeozhWFZArtBrGBpbtMQKBgQDK55b4ObIlQsmUlyQVd+SK9I79fWyNC6sPAN/I\n" \ + "UsCeu+DLYSon6KrSAFXJIwbDYKB5JB6BOa4qKcXhqcvTDLzkEry2DENQtU6mOWzh\n" \ + "6PxlCcnZFUSN3FkuMqH7bLD6/qZufuCiSj3yeREIFgx0NQEc1Vxpj1sDyR0FaL4r\n" \ + "oOBbYQKBgQCQblK162WzXz/V+9DHyvGFfYCKzReDSAsNSOkT/1Nhxv662rv0dUo5\n" \ + "D/Y8kbPT2FD+16qeFeGAYy5upqS2XpQ5ImvoHgmBwBjvJT7fgS5LGny4ouLH0FWw\n" \ + "XZymILgAOGMso/1zshDtfvN+zffr9F5vx+H0b/NF3AR+aoXLubbwuA==\n" \ + "-----END RSA PRIVATE KEY-----\n" rsa_pem_json = "{\"d\":\"A2gHIUmJOzRGvklIA2S8wWayCXnF8NYAhOhu7woSwjioO3HRzvd3ptegSKDpPfABJuzhy7y08ug5ZcyFbN1hJBVY8NwNzpLSUK9wmXekrbTG9MT76NAiQTxV6fYK5DXPF4Cp0qghBt-tq0kQNKx4q9QEzLb9XonmXE2a10U8EWJIs972SFGhxKzf6aq6Ri7UDK607ngQyEhVmGxr3gDJLAGQ5wOap5NYIL2ufI5FYqH-Sby_Qk7299b-w4B0fl6u8isR8OlpwMLVnD-oqOBPH-65tE82hxPV0QbSmyzmg9hlVVinJ82YRBkbcu-XG9XXOhUqJJ7kafQrYkQx6BiFKQ\",\"dp\":\"Useg361ca8Aem1TToW8AfjOLAAEqkkR48UPMSS2Le9D4YFtAb_ud5CK2IevYl0R-4afXUzIoeiNRg4bOTAWmTwKKlmAp4B5GzlbPzAPhwQRCxzs5MiW0K-Nw30blBLWlJYDAnVEr3T3rqtgzXFLMhR5AHqM4VhWQK7QaxgaW7TE\",\"dq\":\"yueW-DmyJULJlJckFXfkivSO_X1sjQurDwDfyFLAnrvgy2EqJ-iq0gBVySMGw2CgeSQegTmuKinF4anL0wy85BK8tgxDULVOpjls4ej8ZQnJ2RVEjdxZLjKh-2yw-v6mbn7goko98nkRCBYMdDUBHNVcaY9bA8kdBWi-K6DgW2E\",\"e\":\"AQAB\",\"kty\":\"RSA\",\"n\":\"xnAUUvtW3ftv25jCB-hePVCnhROqH2PACVGoCybdtMYTl8qVABAR0d6T-BRzVhJzz0-UvBNFUQyVvKAFxtbQUZN2JgAm08UJrDQszqz5tTzodWexODdPuoCaWaWge_MZGhz5PwWd7Jc4bPAu0QzSVFpBP3CovSjv48Z2Eq0_LHXVjjX_Az-WaUh94mXFyAxFI_oCygtT-il1-japS3cXJJh0WddT3VKEBRYHmxDJd_LYE-KXQt3aTDhq0vI9sG2ivtFj0dc3w_YBdr4hlcr42ujSP3wLTPpTjituwHQhYP4j-zqu7J3FYaIxU4lkK9Y_DP27RxffFI9YDPJdwFkNJw\",\"p\":\"5cMQg_4MrOnHI44xEs6Jyt_22DCvw3K-GY046Ls50vIf2KlRALHI65SPKfVFo5hUuHkBuWnQV46tHJU0dlmfg4svPMm_581r59yXeI8W6G4FlsSiVyhFO3P5Q5ubVs7MNaqhvaqqPqR14cVvHSqjwX5jGuGAVuLhnOhZGbtb7_U\",\"q\":\"3RlGNrCRU-yV7TTikKJVJCIpe8vgLBkHQ61iuICd8AyHa4sXICgf2YBFgW8CAJOHKIp8g_Nl94VYpqWvN1YVDB7sFUlRpJL2yXvTKxDzUwtM5pf_D1O6lGEMQBRY-buhZHmPf5qG93LnsSqm5YOZGpZ6t6gHtYM9A6JOIgwsYys\",\"qi\":\"kG5Stetls18_1fvQx8rxhX2Ais0Xg0gLDUjpE_9TYcb-utq79HVKOQ_2PJGz09hQ_teqnhXhgGMubqaktl6UOSJr6B4JgcAY7yU-34EuSxp8uKLix9BVsF2cpiC4ADhjLKP9c7IQ7X7zfs336_Reb8fh9G_zRdwEfmqFy7m28Lg\"}" rsa_pem = JOSE::JWK.from(rsa_pem_json) assert_equal rsa_pem, JOSE::JWK.from_pem(rsa_pem_data) - assert_equal OpenSSL::PKey::RSA.new(rsa_pem_data).to_pem.strip, JOSE::JWK.to_pem(rsa_pem).strip - + assert_equal rsa_pem_data, JOSE::JWK.to_pem(rsa_pem) rsa_pem_password = SecureRandom.urlsafe_base64(16) encrypted_rsa_pem_data = JOSE::JWK.to_pem(rsa_pem, rsa_pem_password) - refute_equal OpenSSL::PKey::RSA.new(rsa_pem_data).to_pem.strip, encrypted_rsa_pem_data.strip + refute_equal rsa_pem_data, encrypted_rsa_pem_data assert_equal rsa_pem, JOSE::JWK.from_pem(encrypted_rsa_pem_data, rsa_pem_password) + end + def test_from_pem_and_to_pem_x509 x509_pem_data = <<~PEM.strip -----BEGIN CERTIFICATE----- - MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV - BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD - VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 - MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG - QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB - BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 - 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu - l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 - QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 - vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR - wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD - VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 - jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB - AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik - R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu - 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 - cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 - Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e - W50qVg4iVjtjRuC2t8hXTDVb9BI= + MIIDxzCCAq+gAwIBAgIUXm1i9UarQZwGQ3MaNarRSUZbwVAwDQYJKoZIhvcNAQEL + BQAwczELMAkGA1UEBhMCQlIxCzAJBgNVBAgMAlJTMQwwCgYDVQQHDANQT0ExDTAL + BgNVBAoMBHRlc3QxDTALBgNVBAsMBHRlc3QxDTALBgNVBAMMBHRlc3QxHDAaBgkq + hkiG9w0BCQEWDXRlc3RAdGVzdC5jb20wHhcNMjQwNTMxMjIyNDI3WhcNMjUwNTMx + MjIyNDI3WjBzMQswCQYDVQQGEwJCUjELMAkGA1UECAwCUlMxDDAKBgNVBAcMA1BP + QTENMAsGA1UECgwEdGVzdDENMAsGA1UECwwEdGVzdDENMAsGA1UEAwwEdGVzdDEc + MBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBALsMvAFvOJtRO8rwF6QwJ/UfhhJ+JHtLdycfLrR/wCW0acHr + MqMeoTKJcRsyQTTQCjO7r1QScv+xaEQohBE6Vq8O8rD38xZn4lesCq3mSf2mUi3k + etZv1pFKU/lN7SceUG65/vVAMoj9HEFZ43WfpDkYFvFDw2dR+vkcSp5SWQW8JxrA + nuGSP+1E57cAsoPHcWPgYBe5y8ndOQREikpOkKUbCcDN5mrg0Y0kUHboXm18jKeW + dCejOj9z0DS1mFqpE8sG4Khv0aL7kAzwQb8vNVoMog3R+qqgv61e3U6BAKyU3k0w + Xet9tyAgofHscO4QEo6ThELTFPgHnvD9DaclKZ8CAwEAAaNTMFEwHQYDVR0OBBYE + FE8ld9J8T8FPZtudE6emFcwOL1MiMB8GA1UdIwQYMBaAFE8ld9J8T8FPZtudE6em + FcwOL1MiMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIhtTzS3 + yoUnKYhIqUIRs5Dp+iwXjAjx9J5kR1cjfBuNGOKvJIqPTkcL7wu9fEG0eR8wsuWD + kYbwNk07fc03Gx/44COH0jIwn8XsDffj3ITA0gU8p9Ee6I/f2jBUQ2SvyC+lr6lc + YJKY3aNi+osMhXOVOguOl6DsxvvmGCI26BMpZueu1WXBEcMNCH/lgFwzNC6HHVKu + kxvYEOrhcgodA5kiOFltgZdwqb1Q7EBFFn1rKPQFvc2XVlJrubyiOXalcwWJ/REa + o0bTj132BSdfkPF2l1rZBQM2pzPg0U7DiTvEa6yMaj4IN8Gv140ogF0niyDegElt + ls8R0jfIBZj2N0I= -----END CERTIFICATE----- PEM - x509_key = OpenSSL::X509::Certificate.new(x509_pem_data.strip).public_key + x509_cert = OpenSSL::X509::Certificate.new(x509_pem_data) + x509_key = x509_cert.public_key x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) - assert_equal x509_key.to_pem.strip, x509_jwk.key.__getobj__.to_pem.strip + + binary_data = x509_pem_data.unpack1('m0') + from_binary_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(OpenSSL::X509::Certificate.new(binary_data).public_key)) + + assert_equal x509_jwk.key.__getobj__.to_pem.strip, from_binary_jwk.key.__getobj__.to_pem.strip end end From 233b158fa86d87f9f45251d7c3b8835a3756c666 Mon Sep 17 00:00:00 2001 From: Matheo Gracia Pegoraro Date: Thu, 6 Jun 2024 15:23:05 -0300 Subject: [PATCH 4/4] Fix Tests --- test/jose/jwk/kty_x509_test.rb | 85 ++++++++++++++++++---------------- test/jose/jwk/pem_test.rb | 9 ++-- 2 files changed, 50 insertions(+), 44 deletions(-) diff --git a/test/jose/jwk/kty_x509_test.rb b/test/jose/jwk/kty_x509_test.rb index f0130aa..f78aa90 100644 --- a/test/jose/jwk/kty_x509_test.rb +++ b/test/jose/jwk/kty_x509_test.rb @@ -4,56 +4,60 @@ class JOSE::JWK::KTY_X509Test < Minitest::Test def test_from_key_and_to_key x509_pem_data = <<~PEM -----BEGIN CERTIFICATE----- - MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV - BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD - VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 - MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG - QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB - BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 - 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu - l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 - QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 - vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR - wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD - VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 - jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB - AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik - R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu - 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 - cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 - Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e - W50qVg4iVjtjRuC2t8hXTDVb9BI= + MIIDxzCCAq+gAwIBAgIUXm1i9UarQZwGQ3MaNarRSUZbwVAwDQYJKoZIhvcNAQEL + BQAwczELMAkGA1UEBhMCQlIxCzAJBgNVBAgMAlJTMQwwCgYDVQQHDANQT0ExDTAL + BgNVBAoMBHRlc3QxDTALBgNVBAsMBHRlc3QxDTALBgNVBAMMBHRlc3QxHDAaBgkq + hkiG9w0BCQEWDXRlc3RAdGVzdC5jb20wHhcNMjQwNTMxMjIyNDI3WhcNMjUwNTMx + MjIyNDI3WjBzMQswCQYDVQQGEwJCUjELMAkGA1UECAwCUlMxDDAKBgNVBAcMA1BP + QTENMAsGA1UECgwEdGVzdDENMAsGA1UECwwEdGVzdDENMAsGA1UEAwwEdGVzdDEc + MBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBALsMvAFvOJtRO8rwF6QwJ/UfhhJ+JHtLdycfLrR/wCW0acHr + MqMeoTKJcRsyQTTQCjO7r1QScv+xaEQohBE6Vq8O8rD38xZn4lesCq3mSf2mUi3k + etZv1pFKU/lN7SceUG65/vVAMoj9HEFZ43WfpDkYFvFDw2dR+vkcSp5SWQW8JxrA + nuGSP+1E57cAsoPHcWPgYBe5y8ndOQREikpOkKUbCcDN5mrg0Y0kUHboXm18jKeW + dCejOj9z0DS1mFqpE8sG4Khv0aL7kAzwQb8vNVoMog3R+qqgv61e3U6BAKyU3k0w + Xet9tyAgofHscO4QEo6ThELTFPgHnvD9DaclKZ8CAwEAAaNTMFEwHQYDVR0OBBYE + FE8ld9J8T8FPZtudE6emFcwOL1MiMB8GA1UdIwQYMBaAFE8ld9J8T8FPZtudE6em + FcwOL1MiMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIhtTzS3 + yoUnKYhIqUIRs5Dp+iwXjAjx9J5kR1cjfBuNGOKvJIqPTkcL7wu9fEG0eR8wsuWD + kYbwNk07fc03Gx/44COH0jIwn8XsDffj3ITA0gU8p9Ee6I/f2jBUQ2SvyC+lr6lc + YJKY3aNi+osMhXOVOguOl6DsxvvmGCI26BMpZueu1WXBEcMNCH/lgFwzNC6HHVKu + kxvYEOrhcgodA5kiOFltgZdwqb1Q7EBFFn1rKPQFvc2XVlJrubyiOXalcwWJ/REa + o0bTj132BSdfkPF2l1rZBQM2pzPg0U7DiTvEa6yMaj4IN8Gv140ogF0niyDegElt + ls8R0jfIBZj2N0I= -----END CERTIFICATE----- PEM x509_cert = OpenSSL::X509::Certificate.new(x509_pem_data) x509_key = x509_cert.public_key x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) - assert_equal x509_key.to_pem.strip, x509_jwk.to_key.to_pem.strip + assert_equal x509_key.to_pem.strip, x509_jwk.key.__getobj__.to_pem.strip end def test_from_binary_and_to_binary x509_pem_data = <<~PEM -----BEGIN CERTIFICATE----- - MIIDXTCCAkWgAwIBAgIJALnK/Zw01LzPMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV - BAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwGQmV0aGVzMRQwEgYD - VQQKDAtNeSBDb21wYW55IEx0ZDAeFw0xOTA2MjQxOTM4MjZaFw0yOTA2MjExOTM4 - MjZaMEUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNYXJ5bGFuZDEPMA0GA1UEBwwG - QmV0aGVzMRQwEgYDVQQKDAtNeSBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB - BQADggEPADCCAQoCggEBALnlHX/OAD3Z6iShpQmYebJfi5+AMYOhePPoWbE5T3c5 - 2e+BB1P1ZG3H0xRzKHr/O3zme6iFzbbm2peSGieAY3dZYZgEU1Irwaf74WZ1zUhu - l3bjlC2azqDDC/n9u5NZ3mZ2/XbYDwU2jqqmeZDPdCMehwG36H5HkBlRNHlx6bK8 - QWkQ6E9s4d5QgtF4cKJjyk4r1u9f2FE/oA2FptDZ0F1v3UOZnnAnXfrdqgMAx4w2 - vZkmNp7BG8e5Tsa4GF4YFbAQ+9mcXsBrHHtVpOYs80bDt4X8JzD5ZhBe0B9M00gR - wIZPHQlB9s8b5uCeAQklEgRJKt5DZgGg6FkjH8ZG7sTbEECAwEAAaNTMFEwHQYD - VR0OBBYEFMvdMOpE+E13jc5B5nH7W0rAVwQtMB8GA1UdIwQYMBaAFMvdMOpE+E13 - jc5B5nH7W0rAVwQtMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB - AAh34gP8UeRVUDFc2J9/7G4SHXjX7YBboEl7PZhsuwuSC8DfAzGGDFxuIkKpL6ik - R7o/tHHtdhHi9Uy6WcHKug9Y0by7ADzZbP07m3v4oSGWAKS+CXUVTHt7yXJblsVu - 6CmlPlmx9CG9hQfpO0JYa+v1gL5AMmbsbvby4GnVCg5McRZr1h6U4J83QLUVkSD3 - cQXQGdRHRwPNrK4aFcwhGcYrV0fUw0Rgubz1bkCEdiq3e5XH7mgdd7YUZpCbh6p4 - Rz2eTP4PBhMiZoERazCKK/evGmtM4n5BcdJkpGiMkPf2ke1Dr8cx/7OVGJROtG0e - W50qVg4iVjtjRuC2t8hXTDVb9BI= + MIIDxzCCAq+gAwIBAgIUXm1i9UarQZwGQ3MaNarRSUZbwVAwDQYJKoZIhvcNAQEL + BQAwczELMAkGA1UEBhMCQlIxCzAJBgNVBAgMAlJTMQwwCgYDVQQHDANQT0ExDTAL + BgNVBAoMBHRlc3QxDTALBgNVBAsMBHRlc3QxDTALBgNVBAMMBHRlc3QxHDAaBgkq + hkiG9w0BCQEWDXRlc3RAdGVzdC5jb20wHhcNMjQwNTMxMjIyNDI3WhcNMjUwNTMx + MjIyNDI3WjBzMQswCQYDVQQGEwJCUjELMAkGA1UECAwCUlMxDDAKBgNVBAcMA1BP + QTENMAsGA1UECgwEdGVzdDENMAsGA1UECwwEdGVzdDENMAsGA1UEAwwEdGVzdDEc + MBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBALsMvAFvOJtRO8rwF6QwJ/UfhhJ+JHtLdycfLrR/wCW0acHr + MqMeoTKJcRsyQTTQCjO7r1QScv+xaEQohBE6Vq8O8rD38xZn4lesCq3mSf2mUi3k + etZv1pFKU/lN7SceUG65/vVAMoj9HEFZ43WfpDkYFvFDw2dR+vkcSp5SWQW8JxrA + nuGSP+1E57cAsoPHcWPgYBe5y8ndOQREikpOkKUbCcDN5mrg0Y0kUHboXm18jKeW + dCejOj9z0DS1mFqpE8sG4Khv0aL7kAzwQb8vNVoMog3R+qqgv61e3U6BAKyU3k0w + Xet9tyAgofHscO4QEo6ThELTFPgHnvD9DaclKZ8CAwEAAaNTMFEwHQYDVR0OBBYE + FE8ld9J8T8FPZtudE6emFcwOL1MiMB8GA1UdIwQYMBaAFE8ld9J8T8FPZtudE6em + FcwOL1MiMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIhtTzS3 + yoUnKYhIqUIRs5Dp+iwXjAjx9J5kR1cjfBuNGOKvJIqPTkcL7wu9fEG0eR8wsuWD + kYbwNk07fc03Gx/44COH0jIwn8XsDffj3ITA0gU8p9Ee6I/f2jBUQ2SvyC+lr6lc + YJKY3aNi+osMhXOVOguOl6DsxvvmGCI26BMpZueu1WXBEcMNCH/lgFwzNC6HHVKu + kxvYEOrhcgodA5kiOFltgZdwqb1Q7EBFFn1rKPQFvc2XVlJrubyiOXalcwWJ/REa + o0bTj132BSdfkPF2l1rZBQM2pzPg0U7DiTvEa6yMaj4IN8Gv140ogF0niyDegElt + ls8R0jfIBZj2N0I= -----END CERTIFICATE----- PEM @@ -61,8 +65,7 @@ def test_from_binary_and_to_binary x509_key = x509_cert.public_key x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) - binary_data = x509_pem_data.unpack1('m0') - from_binary_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(OpenSSL::X509::Certificate.new(binary_data).public_key)) + from_binary_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(OpenSSL::X509::Certificate.new(x509_pem_data).public_key)) assert_equal x509_jwk.key.__getobj__.to_pem.strip, from_binary_jwk.key.__getobj__.to_pem.strip end diff --git a/test/jose/jwk/pem_test.rb b/test/jose/jwk/pem_test.rb index d704e32..c47154f 100644 --- a/test/jose/jwk/pem_test.rb +++ b/test/jose/jwk/pem_test.rb @@ -58,8 +58,12 @@ def test_from_pem_and_to_pem assert_equal rsa_pem, JOSE::JWK.from_pem(encrypted_rsa_pem_data, rsa_pem_password) end + def sanitize_pem(pem) + pem.gsub(/\s+/, '').gsub(/\n/, '') + end + def test_from_pem_and_to_pem_x509 - x509_pem_data = <<~PEM.strip + x509_pem_data = <<~PEM -----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIUXm1i9UarQZwGQ3MaNarRSUZbwVAwDQYJKoZIhvcNAQEL BQAwczELMAkGA1UEBhMCQlIxCzAJBgNVBAgMAlJTMQwwCgYDVQQHDANQT0ExDTAL @@ -89,8 +93,7 @@ def test_from_pem_and_to_pem_x509 x509_key = x509_cert.public_key x509_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(x509_key)) - binary_data = x509_pem_data.unpack1('m0') - from_binary_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(OpenSSL::X509::Certificate.new(binary_data).public_key)) + from_binary_jwk = JOSE::JWK::KTY_X509.new(JOSE::JWK::PKeyProxy.new(OpenSSL::X509::Certificate.new(x509_pem_data).public_key)) assert_equal x509_jwk.key.__getobj__.to_pem.strip, from_binary_jwk.key.__getobj__.to_pem.strip end