1088469980

Committed 28 Nov 2023 09:52PM UTC coverage: 87.17%. First build

Build # 1088469980

Build Type

Pull #394

gitlab-ci

Committed by

merlin-northern

Commit Message

chore: private keys and key ids: tests

Changelog: Title
Ticket: MEN-6804
Signed-off-by: Peter Grzybowski <peter@northern.tech>

Pull Request Pull Request #394: Men 6804 key rotation support

Run Details

166 of 232 new or added lines in 9 files covered. (71.55%)

2874 of 3297 relevant lines covered (87.17%)

130.99 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

76.74

/jwt/jwt_ed25519.go

// Copyright 2023 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package jwt

import (
        "crypto/ed25519"
        "strconv"

        "github.com/golang-jwt/jwt/v4"
        "github.com/pkg/errors"

        "github.com/mendersoftware/useradm/common"
)

// JWTHandlerEd25519 is an Ed25519-specific JWTHandler
type JWTHandlerEd25519 struct {
        privKey      map[int]*ed25519.PrivateKey
        currentKeyId int
}

func NewJWTHandlerEd25519(privKey *ed25519.PrivateKey, keyId int) *JWTHandlerEd25519 {
        return &JWTHandlerEd25519{
                privKey:      map[int]*ed25519.PrivateKey{keyId: privKey},
                currentKeyId: keyId,
        }
}

func (j *JWTHandlerEd25519) ToJWT(token *Token) (string, error) {
        //generate
        jt := jwt.NewWithClaims(jwt.SigningMethodEdDSA, &token.Claims)
        jt.Header["kid"] = token.KeyId
        if _, exists := j.privKey[token.KeyId]; !exists {
                return "", common.ErrKeyIdNotFound
        }
        //sign
        data, err := jt.SignedString(j.privKey[token.KeyId])
        return data, err
}

func (j *JWTHandlerEd25519) FromJWT(tokstr string) (*Token, error) {
        jwttoken, err := jwt.ParseWithClaims(tokstr, &Claims{},
                func(token *jwt.Token) (interface{}, error) {
                        keyId := common.KeyIdZero
                        if _, ok := token.Header["kid"]; ok {
                                if _, isFloat := token.Header["kid"].(float64); isFloat {
                                        keyId = int(token.Header["kid"].(float64))
                                }
                                if _, isInt := token.Header["kid"].(int64); isInt {
                                        keyId = int(token.Header["kid"].(int64))
                                }
                                if _, isInt := token.Header["kid"].(int); isInt {
                                        keyId = token.Header["kid"].(int)
                                }
                        }
                        if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
                                return nil, errors.New("unexpected signing method: " + token.Method.Alg())
                        }
                        if _, exists := j.privKey[keyId]; !exists {
                                return nil, errors.New("cannot find the key with id " + strconv.Itoa(keyId))
                        }
                        return j.privKey[keyId].Public(), nil
                },
        )

        if err == nil {
                token := Token{}
                if claims, ok := jwttoken.Claims.(*Claims); ok && jwttoken.Valid {
                        token.Claims = *claims
                        return &token, nil
                }
        }

        return nil, ErrTokenInvalid
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package jwt
15
16	import (
17	"crypto/ed25519"
18	"strconv"
19
20	"github.com/golang-jwt/jwt/v4"
21	"github.com/pkg/errors"
22
23	"github.com/mendersoftware/useradm/common"
24	)
25
26	// JWTHandlerEd25519 is an Ed25519-specific JWTHandler
27	type JWTHandlerEd25519 struct {
28	privKey map[int]*ed25519.PrivateKey
29	currentKeyId int
30	}
31
32	func NewJWTHandlerEd25519(privKey ed25519.PrivateKey, keyId int) JWTHandlerEd25519 {	10✔
33	return &JWTHandlerEd25519{	10✔
34	privKey: map[int]*ed25519.PrivateKey{keyId: privKey},	10✔
35	currentKeyId: keyId,	10✔
36	}	10✔
37	}	10✔
38
39	func (j JWTHandlerEd25519) ToJWT(token Token) (string, error) {	2✔
40	//generate	2✔
41	jt := jwt.NewWithClaims(jwt.SigningMethodEdDSA, &token.Claims)	2✔
42	jt.Header["kid"] = token.KeyId	2✔
43	if _, exists := j.privKey[token.KeyId]; !exists {	2✔
NEW 44	return "", common.ErrKeyIdNotFound	×
NEW 45	}	×
46	//sign
47	data, err := jt.SignedString(j.privKey[token.KeyId])	2✔
48	return data, err	2✔
49	}
50
51	func (j JWTHandlerEd25519) FromJWT(tokstr string) (Token, error) {	6✔
52	jwttoken, err := jwt.ParseWithClaims(tokstr, &Claims{},	6✔
53	func(token *jwt.Token) (interface{}, error) {	11✔
54	keyId := common.KeyIdZero	5✔
55	if _, ok := token.Header["kid"]; ok {	6✔
56	if _, isFloat := token.Header["kid"].(float64); isFloat {	2✔
57	keyId = int(token.Header["kid"].(float64))	1✔
58	}	1✔
59	if _, isInt := token.Header["kid"].(int64); isInt {	1✔
NEW 60	keyId = int(token.Header["kid"].(int64))	×
NEW 61	}	×
62	if _, isInt := token.Header["kid"].(int); isInt {	1✔
NEW 63	keyId = token.Header["kid"].(int)	×
NEW 64	}	×
65	}
66	if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {	5✔
67	return nil, errors.New("unexpected signing method: " + token.Method.Alg())	×
68	}	×
69	if _, exists := j.privKey[keyId]; !exists {	5✔
NEW 70	return nil, errors.New("cannot find the key with id " + strconv.Itoa(keyId))	×
NEW 71	}	×
72	return j.privKey[keyId].Public(), nil	5✔
73	},
74	)
75
76	if err == nil {	9✔
77	token := Token{}	3✔
78	if claims, ok := jwttoken.Claims.(*Claims); ok && jwttoken.Valid {	6✔
79	token.Claims = *claims	3✔
80	return &token, nil	3✔
81	}	3✔
82	}
83
84	return nil, ErrTokenInvalid	3✔
85	}

mendersoftware / useradm / 1088469980

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous