yogsototh/clj-jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from gbuisson/set-kid

Browse source 
Allow Signing the JWT setting the kid
This commit is contained in:
Yann Esposito 2020-01-31 16:36:39 +01:00 committed by GitHub
commit 58af18cc00
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 69 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/clj_jwt/core.clj
View file

@ -8,6 +8,8 @@
[clojure.string :as str])) [clojure.string :as str]))
(def ^:private DEFAULT_SIGNATURE_ALGORITHM :HS256) (def ^:private DEFAULT_SIGNATURE_ALGORITHM :HS256)
(def ^:private DEFAULT_KID nil)
(def ^:private map->encoded-json (comp url-safe-encode-str (def ^:private map->encoded-json (comp url-safe-encode-str
#(json/write-str % :key-fn write-key))) #(json/write-str % :key-fn write-key)))
(def ^:private encoded-json->map (comp #(json/read-str % :key-fn read-key) (def ^:private encoded-json->map (comp #(json/read-str % :key-fn read-key)
@ -48,18 +50,22 @@
(defprotocol JsonWebSignature (defprotocol JsonWebSignature
"Protocol for JonWebSignature" "Protocol for JonWebSignature"
(set-alg [this alg] "Set algorithm name to JWS Header Parameter") (set-alg [this alg] "Set algorithm name to JWS Header Parameter")
(sign [this key] [this alg key] "Set signature to this token") (set-kid [this kid] "Set Key ID to JWS Header Parameter")
(sign [this key] [this alg key] [this alg key kid] "Set signature to this token")
(verify [this] [this key] [this algorithm key] "Verify this token")) (verify [this] [this key] [this algorithm key] "Verify this token"))
(extend-protocol JsonWebSignature (extend-protocol JsonWebSignature
JWT JWT
(set-alg [this alg] (set-alg [this alg]
(assoc-in this [:header :alg] (name alg))) (assoc-in this [:header :alg] (name alg)))
(set-kid [this kid]
(assoc-in this [:header :kid] kid))
(sign (sign
([this key] (sign this DEFAULT_SIGNATURE_ALGORITHM key)) ([this key] (sign this DEFAULT_SIGNATURE_ALGORITHM key DEFAULT_KID))
([this alg key] ([this alg key] (sign this alg key DEFAULT_KID))
(let [this* (set-alg this alg) ([this alg key kid]
(let [this* (cond-> (set-alg this alg)
(some? kid) (set-kid kid))
sign-fn (get-signature-fn alg) sign-fn (get-signature-fn alg)
data (str (encoded-header this*) "." (encoded-claims this*))] data (str (encoded-header this*) "." (encoded-claims this*))]
(assoc this* :signature (sign-fn key data) :encoded-data data)))) (assoc this* :signature (sign-fn key data) :encoded-data data))))

113
test/clj_jwt/core_test.clj
View file

@ -28,73 +28,76 @@
(def ec-dmy-key (with-bc-provider-fn #(public-key "test/files/ec/dummy.key"))) (def ec-dmy-key (with-bc-provider-fn #(public-key "test/files/ec/dummy.key")))
(facts "JWT tokenize" (facts "JWT tokenize"
(fact "Plain JWT should be generated." (fact "Plain JWT should be generated."
(-> claim jwt to-str) (-> claim jwt to-str)
=> "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJmb28ifQ.") => "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJmb28ifQ.")
(fact "If unknown algorithm is specified, exception is throwed." (fact "If unknown algorithm is specified, exception is throwed."
(-> claim jwt (sign :DUMMY "foo")) => (throws Exception)) (-> claim jwt (sign :DUMMY "foo")) => (throws Exception))
(fact "HS256 signed JWT should be generated." (fact "HS256 signed JWT should be generated."
(-> claim jwt (sign "foo") to-str) (-> claim jwt (sign "foo") to-str)
=> (str "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.8yUIo-xkh537lD_CZycqS1zB" => (str "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.8yUIo-xkh537lD_CZycqS1zB"
"NhBNkIrcfzaFgwt8zdg") "NhBNkIrcfzaFgwt8zdg")
(-> claim jwt (sign :HS256 "foo") to-str) (-> claim jwt (sign :HS256 "foo") to-str)
=> (str "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.8yUIo-xkh537lD_CZycqS1zB" => (str "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.8yUIo-xkh537lD_CZycqS1zB"
"NhBNkIrcfzaFgwt8zdg")) "NhBNkIrcfzaFgwt8zdg"))
(fact "HS384 signed JWT should be generated." (fact "HS384 signed JWT should be generated."
(-> claim jwt (sign :HS384 "foo") to-str) (-> claim jwt (sign :HS384 "foo") to-str)
=> (str "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.34ZaTLCZGBAfcCryhYaFYy8Z" => (str "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.34ZaTLCZGBAfcCryhYaFYy8Z"
"-47do1cftq365YmvIcubonhGdRnvpgV8s_iG_lvd")) "-47do1cftq365YmvIcubonhGdRnvpgV8s_iG_lvd"))
(fact "HS512 signed JWT should be generated." (fact "HS512 signed JWT should be generated."
(-> claim jwt (sign :HS512 "foo") to-str) (-> claim jwt (sign :HS512 "foo") to-str)
=> (str "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.58Q4HxaxKAZIffEyDI2eRM_2" => (str "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.58Q4HxaxKAZIffEyDI2eRM_2"
"L7mK7NlNwOq8v96gbfZLMM7r2hxXKuwvMLez2XivUUCEyoaVB1Yz3vGtwAvSZQ")) "L7mK7NlNwOq8v96gbfZLMM7r2hxXKuwvMLez2XivUUCEyoaVB1Yz3vGtwAvSZQ"))
(fact "RS256 signed JWT should be generated." (fact "RS256 signed JWT should be generated."
(-> claim jwt (sign :RS256 rsa-prv-key) to-str) (-> claim jwt (sign :RS256 rsa-prv-key) to-str)
=> (str "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.ZIjAlGryslu1APkgY1eCmaK7" => (str "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.ZIjAlGryslu1APkgY1eCmaK7"
"GDINiGX-htlD1-33F4VXK8lUXbdm1n9F1fpHcOFksScniWMvC5f9520jdxyb5c-9CmXz21iDtFdFKWGG" "GDINiGX-htlD1-33F4VXK8lUXbdm1n9F1fpHcOFksScniWMvC5f9520jdxyb5c-9CmXz21iDtFdFKWGG"
"zlT_hPjZ0Ta_M8goReBO0L-nDM5hJHxzEqgSZQ7tkcJ18PCdxeMia5NMRV0shGMMUzU") "zlT_hPjZ0Ta_M8goReBO0L-nDM5hJHxzEqgSZQ7tkcJ18PCdxeMia5NMRV0shGMMUzU")
(-> claim jwt (sign :RS256 rsa-enc-prv-key) to-str) (-> claim jwt (sign :RS256 rsa-prv-key "foo") to-str)
=> (str "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.E20DLUOR5VeoTKtH5FjR71rm" => "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImZvbyJ9.eyJpc3MiOiJmb28ifQ.hYL0352XhNo0z5u6queNjnVBeKxFXwyB1ELLk1G009eTQN5srC2dDdG9k66Free0vNpreCTGq1im4cQUvBUi12Fsyls1p7VBVnIABuc6ZUjyyLD7fDtXF_MqGksPrCcffQlW4Qj2WA_CkRU9qJCwvU-H5c1HIn6QX29hdeu1kzY"
"_rZV2AdXYDQCxqHpMWyZSO6wO4g67phTD727izDxd_NjuNXd2m7Atth7tGABaMhqHLh9EUwba_0nTbw6"
"mc_4mWaK4KBq8LG4WErQnFAVhzGbo1aEK_J7iasuUCfnxN9fZeBBUGH_h5JgPogCPdA"))
(fact "RS384 signed JWT should be generated." (-> claim jwt (sign :RS256 rsa-enc-prv-key) to-str)
(-> claim jwt (sign :RS384 rsa-prv-key) to-str) => (str "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.E20DLUOR5VeoTKtH5FjR71rm"
=> (str "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.sWyMCwJhztfOcSoxRRiCAioB" "_rZV2AdXYDQCxqHpMWyZSO6wO4g67phTD727izDxd_NjuNXd2m7Atth7tGABaMhqHLh9EUwba_0nTbw6"
"H5F8WFJs5t8DxPV0D7JvB9JwaN8reIQ7kFKJiQWFbhrC7tnlT5UDX9z3fyLjdmNvLTSOII3J9UPpidE1" "mc_4mWaK4KBq8LG4WErQnFAVhzGbo1aEK_J7iasuUCfnxN9fZeBBUGH_h5JgPogCPdA"))
"4WvqnXk5DV8k4QxTdWHRufssDFZe7Bsq5yBRAGZos2e8U9hOuqxCib7EjGCe09PdDhg")
(-> claim jwt (sign :RS384 rsa-enc-prv-key) to-str) (fact "RS384 signed JWT should be generated."
=> (str "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.Uz3ZGXNuuKYsmoslBrNJnVKC" (-> claim jwt (sign :RS384 rsa-prv-key) to-str)
"GW-dptW-eOWPrTGVN1P54bgjS6QbhwE-PPL2HHGUIYlebVmHb2RKLLvmQ8y63NZ1QSXEk8QBz5-bwy6Y" => (str "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.sWyMCwJhztfOcSoxRRiCAioB"
"m_QCYh4tfvZYheH97zHcLF3GDLlfrodukO9gGc1xpiXJiZMtIso6sGACHmXNn4LA1bk")) "H5F8WFJs5t8DxPV0D7JvB9JwaN8reIQ7kFKJiQWFbhrC7tnlT5UDX9z3fyLjdmNvLTSOII3J9UPpidE1"
"4WvqnXk5DV8k4QxTdWHRufssDFZe7Bsq5yBRAGZos2e8U9hOuqxCib7EjGCe09PdDhg")
(fact "RS512 signed JWT should be generated." (-> claim jwt (sign :RS384 rsa-enc-prv-key) to-str)
(-> claim jwt (sign :RS512 rsa-prv-key) to-str) => (str "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.Uz3ZGXNuuKYsmoslBrNJnVKC"
=> (str "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.QKK5oOrVU5e0eG0nt7a_3Hzw" "GW-dptW-eOWPrTGVN1P54bgjS6QbhwE-PPL2HHGUIYlebVmHb2RKLLvmQ8y63NZ1QSXEk8QBz5-bwy6Y"
"v1YJIp1F3iSKVgbdjWyp6rhyS4O4HEql6UxUOVDvf_aTrO4NG81dIo_wzjI1LBNCVtwKhR-8KUFs4Yg3" "m_QCYh4tfvZYheH97zHcLF3GDLlfrodukO9gGc1xpiXJiZMtIso6sGACHmXNn4LA1bk"))
"1NLwBMazIzxX_IfkpIkUPuyDGrca7pksJ9dppte33mMK3MDv0RQQqgXiJpbLRGWSNrs")
(-> claim jwt (sign :RS512 rsa-enc-prv-key) to-str) (fact "RS512 signed JWT should be generated."
=> (str "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.P6ER78xL8AlV4BXrtTtBIcsc" (-> claim jwt (sign :RS512 rsa-prv-key) to-str)
"JOktKH03Uj12mqjiS6o1h4Cf7QHKXjWxe33hrEgkzcYBHDqw7wH915f6ZnB5mkvDtBkLinA9gK0M2rfB" => (str "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.QKK5oOrVU5e0eG0nt7a_3Hzw"
"7NqAbxXYMDXti2PhV9PgRzOp97zPCSD98bML0Cy89E8sPcnM7-07wWOK4yhuoTWyV_8")) "v1YJIp1F3iSKVgbdjWyp6rhyS4O4HEql6UxUOVDvf_aTrO4NG81dIo_wzjI1LBNCVtwKhR-8KUFs4Yg3"
"1NLwBMazIzxX_IfkpIkUPuyDGrca7pksJ9dppte33mMK3MDv0RQQqgXiJpbLRGWSNrs")
(fact "'exp', 'nbf', 'iat' claims should be converted as IntDate." (-> claim jwt (sign :RS512 rsa-enc-prv-key) to-str)
(let [d (date-time 2000 1 2 3 4 5) => (str "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmb28ifQ.P6ER78xL8AlV4BXrtTtBIcsc"
claim (merge claim {:exp (plus d (days 1)) :nbf d :iat d :dmy d}) "JOktKH03Uj12mqjiS6o1h4Cf7QHKXjWxe33hrEgkzcYBHDqw7wH915f6ZnB5mkvDtBkLinA9gK0M2rfB"
token (jwt claim)] "7NqAbxXYMDXti2PhV9PgRzOp97zPCSD98bML0Cy89E8sPcnM7-07wWOK4yhuoTWyV_8"))
(-> token :claims :exp) => 946868645
(-> token :claims :nbf) => 946782245 (fact "'exp', 'nbf', 'iat' claims should be converted as IntDate."
(-> token :claims :iat) => 946782245 (let [d (date-time 2000 1 2 3 4 5)
(-> token :claims :dmy) => d))) claim (merge claim {:exp (plus d (days 1)) :nbf d :iat d :dmy d})
token (jwt claim)]
(-> token :claims :exp) => 946868645
(-> token :claims :nbf) => 946782245
(-> token :claims :iat) => 946782245
(-> token :claims :dmy) => d)))
(facts "JWT verify" (facts "JWT verify"
(fact "Unknown signature algorithm should be thrown exception." (fact "Unknown signature algorithm should be thrown exception."