Skip to content

Commit

Permalink
Merge pull request #40 from shogo82148/add-test-case-for-certificate
Browse files Browse the repository at this point in the history
add a test case for certificates
  • Loading branch information
shogo82148 authored Sep 22, 2021
2 parents 7b09449 + c652d6b commit f112d6e
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 1 deletion.
2 changes: 1 addition & 1 deletion provider/github-app-token/github/jwk/jwk.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ func (key *commonKey) PublicKey() interface{} {

func (key *commonKey) decode() error {
// decode the certificates
certs := make([]*x509.Certificate, len(key.X5c))
certs := make([]*x509.Certificate, 0, len(key.X5c))
for _, der := range key.X5c {
cert, err := x509.ParseCertificate(der)
if err != nil {
Expand Down
56 changes: 56 additions & 0 deletions provider/github-app-token/github/jwk/jwk_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -207,3 +207,59 @@ func TestKeyAppendixA(t *testing.T) {
}
})
}

func TestKeyAppendixB(t *testing.T) {
// RFC7517 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter
rawKey := ` {"kty":"RSA",` +
`"use":"sig",` +
`"kid":"1b94c",` +
`"n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08` +
`PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q` +
`u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a` +
`YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH` +
`MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv` +
`VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ",` +
`"e":"AQAB",` +
`"x5c":` +
`["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB` +
`gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD` +
`VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1` +
`wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg` +
`NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV` +
`QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w` +
`YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH` +
`YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66` +
`s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6` +
`SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn` +
`fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq` +
`PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk` +
`aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA` +
`QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL` +
`+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1` +
`zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL` +
`2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo` +
`4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq` +
`gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="]` +
`}`
key, err := ParseKey([]byte(rawKey))
if err != nil {
t.Fatal(err)
}
if key.KeyType() != "RSA" {
t.Errorf("unexpected key type: want %s, got %s", "RSA", key.KeyType())
}
if len(key.X509CertificateChain()) != 1 {
t.Errorf("unexpected certificate chain length: want 1, got %d", len(key.X509CertificateChain()))
}

keyPublicKey := key.PublicKey().(*rsa.PublicKey)
cert := key.X509CertificateChain()[0]
certPublicKey := cert.PublicKey.(*rsa.PublicKey)
if !keyPublicKey.Equal(certPublicKey) {
t.Error("public keys are missmatch")
}
issuer := "CN=Brian Campbell,O=Ping Identity Corp.,L=Denver,ST=CO,C=US"
if cert.Issuer.String() != issuer {
t.Errorf("unexpected issuer: want %q, got %q", issuer, cert.Issuer.String())
}
}

0 comments on commit f112d6e

Please sign in to comment.