bool *is_jwt_r, const char **error_r)
{
struct oauth2_settings set;
+
i_zero(&set);
set.scope = "mail";
set.key_dict = keys_dict;
req->pool = pool_datastack_create();
req->set = &set;
t_array_init(&req->fields, 8);
- return oauth2_try_parse_jwt(&set, token, &req->fields, is_jwt_r, error_r);
+ return oauth2_try_parse_jwt(&set, token, &req->fields, is_jwt_r,
+ error_r);
}
static void test_jwt_token(const char *token)
/* then see what the parser likes it */
struct oauth2_request req;
const char *error = NULL;
+
bool is_jwt;
test_assert(parse_jwt_token(&req, token, &is_jwt, &error) == 0);
test_assert(is_jwt == TRUE);
buffer_t *tokenbuf = t_buffer_create(64);
/* header */
- base64url_encode_str(t_strdup_printf(
- "{\"alg\":\"%s\",\"typ\":\"JWT\",\"kid\":\"%s\"}",
- algo, kid), tokenbuf);
+ base64url_encode_str(
+ t_strdup_printf(
+ "{\"alg\":\"%s\",\"typ\":\"JWT\",\"kid\":\"%s\"}",
+ algo, kid),
+ tokenbuf);
buffer_append(tokenbuf, ".", 1);
/* body */
- base64url_encode_str(t_strdup_printf("{\"sub\":\"testuser\","\
+ base64url_encode_str(
+ t_strdup_printf("{\"sub\":\"testuser\","\
"\"iat\":%"PRIdTIME_T","
"\"exp\":%"PRIdTIME_T"}",
- time(NULL),
- time(NULL)+600), tokenbuf);
+ time(NULL), time(NULL)+600),
+ tokenbuf);
return tokenbuf;
}
buffer_t *tokenbuf = t_buffer_create(64);
/* header */
- base64url_encode_str(t_strdup_printf(
- "{\"alg\":\"%s\",\"typ\":\"JWT\"}", algo), tokenbuf);
+ base64url_encode_str(
+ t_strdup_printf("{\"alg\":\"%s\",\"typ\":\"JWT\"}", algo),
+ tokenbuf);
buffer_append(tokenbuf, ".", 1);
/* body */
- base64url_encode_str(t_strdup_printf("{\"sub\":\"testuser\","\
+ base64url_encode_str(
+ t_strdup_printf("{\"sub\":\"testuser\","\
"\"iat\":%"PRIdTIME_T","
"\"exp\":%"PRIdTIME_T"}",
- time(NULL),
- time(NULL)+600), tokenbuf);
+ time(NULL), time(NULL)+600),
+ tokenbuf);
return tokenbuf;
}
-static void append_key_value(string_t *dest, const char *key, const char *value, bool str)
+static void
+append_key_value(string_t *dest, const char *key, const char *value, bool str)
{
str_append_c(dest, '"');
json_append_escaped(dest, key);
}
-static buffer_t *create_jwt_token_fields(const char *algo, time_t exp, time_t iat,
- time_t nbf, ARRAY_TYPE(oauth2_field) *fields)
+static buffer_t *
+create_jwt_token_fields(const char *algo, time_t exp, time_t iat, time_t nbf,
+ ARRAY_TYPE(oauth2_field) *fields)
{
const struct oauth2_field *field;
buffer_t *tokenbuf = t_buffer_create(64);
- base64url_encode_str(t_strdup_printf(
- "{\"alg\":\"%s\",\"typ\":\"JWT\"}", algo), tokenbuf);
+
+ base64url_encode_str(
+ t_strdup_printf("{\"alg\":\"%s\",\"typ\":\"JWT\"}", algo),
+ tokenbuf);
buffer_append(tokenbuf, ".", 1);
+
string_t *bodybuf = t_str_new(64);
str_append_c(bodybuf, '{');
if (exp > 0) {
static void save_key_to(const char *algo, const char *name, const char *keydata)
{
const char *error;
- struct dict_transaction_context *ctx = dict_transaction_begin(keys_dict);
- dict_set(ctx, t_strconcat(DICT_PATH_SHARED, "default/", algo, "/", name, NULL), keydata);
+ struct dict_transaction_context *ctx =
+ dict_transaction_begin(keys_dict);
+
+ dict_set(ctx, t_strconcat(DICT_PATH_SHARED, "default/", algo, "/",
+ name, NULL),
+ keydata);
if (dict_transaction_commit(&ctx, &error) < 0)
i_error("dict_set(%s) failed: %s", name, error);
}
struct oauth2_request req;
const char *error = NULL;
bool is_jwt;
- test_assert_idx(parse_jwt_token(&req, test_case->token, &is_jwt, &error) != 0, i);
+ test_assert_idx(parse_jwt_token(&req, test_case->token,
+ &is_jwt, &error) != 0, i);
test_assert_idx(test_case->is_jwt == is_jwt, i);
test_assert_idx(error != NULL, i);
} T_END;
.exp = now+500,
.iat = 0,
.nbf = 0,
- .key_values = { "sub", "testuser", "iat", "1.1.2019 16:00", NULL },
+ .key_values = { "sub", "testuser", "iat",
+ "1.1.2019 16:00", NULL },
.error = "Malformed 'iat' field"
},
{ /* expired token */
const struct test_cases *test_case = &test_cases[i];
const char *key = NULL;
ARRAY_TYPE(oauth2_field) fields;
+
t_array_init(&fields, 8);
- for (const char *const *value = test_case->key_values; *value != NULL; value++) {
+ for (const char *const *value = test_case->key_values;
+ *value != NULL; value++) {
if (key == NULL) {
key = *value;
} else {
}
buffer_t *tokenbuf =
- create_jwt_token_fields("HS256", test_case->exp, test_case->iat,
- test_case->nbf, &fields);
+ create_jwt_token_fields("HS256", test_case->exp,
+ test_case->iat, test_case->nbf,
+ &fields);
sign_jwt_token_hs256(tokenbuf, hs_sign_key);
+
struct oauth2_request req;
const char *error = NULL;
bool is_jwt;
- test_assert_idx(parse_jwt_token(&req, str_c(tokenbuf), &is_jwt, &error) != 0, i);
+
+ test_assert_idx(parse_jwt_token(&req, str_c(tokenbuf),
+ &is_jwt, &error) != 0, i);
test_assert_idx(is_jwt == TRUE, i);
if (test_case->error != NULL) {
test_assert_strcmp(test_case->error, error);
buffer_t *secret = t_buffer_create(32);
void *ptr = buffer_append_space_unsafe(secret, 32);
random_fill(ptr, 32);
- buffer_t *b64_key = t_base64_encode(0, SIZE_MAX, secret->data, secret->used);
+ buffer_t *b64_key = t_base64_encode(0, SIZE_MAX,
+ secret->data, secret->used);
save_key_to("HS256", "first", str_c(b64_key));
buffer_t *secret2 = t_buffer_create(32);
ptr = buffer_append_space_unsafe(secret2, 32);
buffer_t *secret = t_buffer_create(32);
void *ptr = buffer_append_space_unsafe(secret, 32);
random_fill(ptr, 32);
- buffer_t *b64_key = t_base64_encode(0, SIZE_MAX, secret->data, secret->used);
+ buffer_t *b64_key = t_base64_encode(0, SIZE_MAX,
+ secret->data, secret->used);
save_key_to("HS256", "hello%2eworld%2f%25", str_c(b64_key));
/* make a token */
buffer_t *tokenbuf = create_jwt_token_kid("HS256", "hello.world/%");
static void test_jwt_rs_token(void)
{
const char *error;
+
if (skip_dcrypt)
return;
save_key("RS256", rsa_public_key);
buffer_t *tokenbuf = create_jwt_token("RS256");
+
/* sign token */
buffer_t *sig = t_buffer_create(64);
struct dcrypt_private_key *key;
- if (!dcrypt_key_load_private(&key, rsa_private_key, NULL, NULL, &error) ||
+ if (!dcrypt_key_load_private(&key, rsa_private_key, NULL, NULL,
+ &error) ||
!dcrypt_sign(key, "sha256", DCRYPT_SIGNATURE_FORMAT_DSS,
tokenbuf->data, tokenbuf->used, sig,
DCRYPT_PADDING_RSA_PKCS1, &error)) {
exit(1);
}
dcrypt_key_unref_private(&key);
+
/* convert to base64 */
buffer_append(tokenbuf, ".", 1);
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
static void test_jwt_ps_token(void)
{
const char *error;
+
if (skip_dcrypt)
return;
save_key("PS256", rsa_public_key);
buffer_t *tokenbuf = create_jwt_token("PS256");
+
/* sign token */
buffer_t *sig = t_buffer_create(64);
struct dcrypt_private_key *key;
- if (!dcrypt_key_load_private(&key, rsa_private_key, NULL, NULL, &error) ||
+ if (!dcrypt_key_load_private(&key, rsa_private_key, NULL, NULL,
+ &error) ||
!dcrypt_sign(key, "sha256", DCRYPT_SIGNATURE_FORMAT_DSS,
tokenbuf->data, tokenbuf->used, sig,
DCRYPT_PADDING_RSA_PKCS1_PSS, &error)) {
exit(1);
}
dcrypt_key_unref_private(&key);
+
/* convert to base64 */
buffer_append(tokenbuf, ".", 1);
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
static void test_jwt_ec_token(void)
{
const char *error;
+
if (skip_dcrypt)
return;
}
/* export public key */
buffer_t *keybuf = t_buffer_create(256);
- if (!dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_PEM, keybuf, &error)) {
+ if (!dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_PEM, keybuf,
+ &error)) {
i_error("dcrypt key store failed: %s", error);
exit(1);
}
save_key("ES256", str_c(keybuf));
buffer_t *tokenbuf = create_jwt_token("ES256");
+
/* sign token */
buffer_t *sig = t_buffer_create(64);
if (!dcrypt_sign(pair.priv, "sha256", DCRYPT_SIGNATURE_FORMAT_X962,
exit(1);
}
dcrypt_keypair_unref(&pair);
+
/* convert to base64 */
buffer_append(tokenbuf, ".", 1);
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
.value_type = DICT_DATA_TYPE_STRING,
.base_dir = ".",
};
+
i_unlink_if_exists(".keys");
dict_driver_register(&dict_driver_file);
if (dict_init("file:.keys", &dict_set, &keys_dict, &error) < 0)
skip_dcrypt = TRUE;
}
key_cache = oauth2_validation_key_cache_init();
+
/* write HMAC secret */
hs_sign_key =buffer_create_dynamic(default_pool, 32);
void *ptr = buffer_append_space_unsafe(hs_sign_key, 32);
random_fill(ptr, 32);
buffer_t *b64_key = t_base64_encode(0, SIZE_MAX,
- hs_sign_key->data, hs_sign_key->used);
+ hs_sign_key->data,
+ hs_sign_key->used);
save_key("HS256", str_c(b64_key));
}
ret = test_run(test_functions);
return ret;
}
-
projects / thirdparty / dovecot / core.git / commitdiff
