Skip to content

Commit

Permalink
add keyUse to public jwks (#20)
Browse files Browse the repository at this point in the history
  • Loading branch information
tommytroen authored Nov 19, 2020
1 parent dfd52bc commit 5485b2a
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import com.nimbusds.jose.JWSAlgorithm
import com.nimbusds.jose.JWSHeader
import com.nimbusds.jose.crypto.RSASSASigner
import com.nimbusds.jose.jwk.JWKSet
import com.nimbusds.jose.jwk.KeyUse
import com.nimbusds.jose.jwk.RSAKey
import com.nimbusds.jwt.JWTClaimsSet
import com.nimbusds.jwt.SignedJWT
Expand Down Expand Up @@ -124,6 +125,7 @@ class OAuth2TokenProvider {
private fun createRSAKey(keyID: String, keyPair: KeyPair) =
RSAKey.Builder(keyPair.public as RSAPublicKey)
.privateKey(keyPair.private as RSAPrivateKey)
.keyUse(KeyUse.SIGNATURE)
.keyID(keyID)
.build()
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package no.nav.security.mock.oauth2.token

import com.nimbusds.jose.jwk.KeyType
import com.nimbusds.jose.jwk.KeyUse
import io.kotest.matchers.shouldBe
import io.kotest.matchers.shouldNotBe
import org.junit.jupiter.api.Test

internal class OAuth2TokenProviderTest {
private val jwkSet = OAuth2TokenProvider().publicJwkSet()

@Test
fun `public jwks returns public part of JWKs`() =
jwkSet.keys.any { it.isPrivate } shouldNotBe true

@Test
fun `all keys in public jwks should contain kty, use and kid`() {
jwkSet.keys.forEach {
it.keyID shouldNotBe null
it.keyType shouldBe KeyType.RSA
it.keyUse shouldBe KeyUse.SIGNATURE
}
}
}

0 comments on commit 5485b2a

Please sign in to comment.