|
|
@ -3,6 +3,7 @@ package acme
|
|
|
|
import (
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"context"
|
|
|
|
"crypto"
|
|
|
|
"crypto"
|
|
|
|
|
|
|
|
"crypto/ed25519"
|
|
|
|
"encoding/base64"
|
|
|
|
"encoding/base64"
|
|
|
|
"encoding/json"
|
|
|
|
"encoding/json"
|
|
|
|
"encoding/pem"
|
|
|
|
"encoding/pem"
|
|
|
@ -248,12 +249,14 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
jose.Claims
|
|
|
|
jose.Claims
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Challenge: "token",
|
|
|
|
Challenge: "token",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
})
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
@ -382,12 +385,14 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
jose.Claims
|
|
|
|
jose.Claims
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Challenge: "token",
|
|
|
|
Challenge: "token",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
})
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
@ -449,7 +454,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
Wire: &wireprovisioner.Options{
|
|
|
|
Wire: &wireprovisioner.Options{
|
|
|
|
OIDC: &wireprovisioner.OIDCOptions{
|
|
|
|
OIDC: &wireprovisioner.OIDCOptions{
|
|
|
|
Provider: &wireprovisioner.Provider{
|
|
|
|
Provider: &wireprovisioner.Provider{
|
|
|
|
IssuerURL: "http://issuerexample.com",
|
|
|
|
IssuerURL: "http://issuer.example.com",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Config: &wireprovisioner.Config{
|
|
|
|
Config: &wireprovisioner.Config{
|
|
|
|
ClientID: "test",
|
|
|
|
ClientID: "test",
|
|
|
@ -524,12 +529,14 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
jose.Claims
|
|
|
|
jose.Claims
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Challenge: "token",
|
|
|
|
Challenge: "token",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
})
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
@ -666,12 +673,14 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
jose.Claims
|
|
|
|
jose.Claims
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Challenge: "token",
|
|
|
|
Challenge: "token",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
})
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
@ -815,12 +824,14 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
jose.Claims
|
|
|
|
jose.Claims
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Claims: jose.Claims{
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Challenge: "token",
|
|
|
|
Challenge: "token",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
})
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
@ -1920,12 +1931,16 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func Test_parseAndVerifyWireAccessToken(t *testing.T) {
|
|
|
|
func Test_parseAndVerifyWireAccessToken(t *testing.T) {
|
|
|
|
|
|
|
|
t.Skip("skip this until capturing a new e2e flow with proper values")
|
|
|
|
key := `
|
|
|
|
key := `
|
|
|
|
-----BEGIN PUBLIC KEY-----
|
|
|
|
-----BEGIN PUBLIC KEY-----
|
|
|
|
MCowBQYDK2VwAyEAB2IYqBWXAouDt3WcCZgCM3t9gumMEKMlgMsGenSu+fA=
|
|
|
|
MCowBQYDK2VwAyEAB2IYqBWXAouDt3WcCZgCM3t9gumMEKMlgMsGenSu+fA=
|
|
|
|
-----END PUBLIC KEY-----`
|
|
|
|
-----END PUBLIC KEY-----`
|
|
|
|
publicKey, err := pemutil.Parse([]byte(key))
|
|
|
|
publicKey, err := pemutil.Parse([]byte(key))
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
pk, ok := publicKey.(ed25519.PublicKey)
|
|
|
|
|
|
|
|
require.True(t, ok)
|
|
|
|
|
|
|
|
|
|
|
|
issuer := "http://wire.com:19983/clients/7a41cf5b79683410/access-token"
|
|
|
|
issuer := "http://wire.com:19983/clients/7a41cf5b79683410/access-token"
|
|
|
|
wireID := wire.ID{
|
|
|
|
wireID := wire.ID{
|
|
|
|
ClientID: "wireapp://guVX5xeFS3eTatmXBIyA4A!7a41cf5b79683410@wire.com",
|
|
|
|
ClientID: "wireapp://guVX5xeFS3eTatmXBIyA4A!7a41cf5b79683410@wire.com",
|
|
|
@ -1951,7 +1966,7 @@ MCowBQYDK2VwAyEAB2IYqBWXAouDt3WcCZgCM3t9gumMEKMlgMsGenSu+fA=
|
|
|
|
|
|
|
|
|
|
|
|
at, dpop, err := parseAndVerifyWireAccessToken(wireVerifyParams{
|
|
|
|
at, dpop, err := parseAndVerifyWireAccessToken(wireVerifyParams{
|
|
|
|
token: token,
|
|
|
|
token: token,
|
|
|
|
tokenKey: publicKey,
|
|
|
|
tokenKey: pk,
|
|
|
|
dpopKey: accountJWK.Public(),
|
|
|
|
dpopKey: accountJWK.Public(),
|
|
|
|
dpopKeyID: accountJWK.KeyID,
|
|
|
|
dpopKeyID: accountJWK.KeyID,
|
|
|
|
issuer: issuer,
|
|
|
|
issuer: issuer,
|
|
|
@ -1959,6 +1974,7 @@ MCowBQYDK2VwAyEAB2IYqBWXAouDt3WcCZgCM3t9gumMEKMlgMsGenSu+fA=
|
|
|
|
chToken: ch.Token,
|
|
|
|
chToken: ch.Token,
|
|
|
|
t: issuedAt.Add(1 * time.Minute), // set validation time to be one minute after issuance
|
|
|
|
t: issuedAt.Add(1 * time.Minute), // set validation time to be one minute after issuance
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
if assert.NoError(t, err) {
|
|
|
|
if assert.NoError(t, err) {
|
|
|
|
// token assertions
|
|
|
|
// token assertions
|
|
|
|
assert.Equal(t, "42c46d4c-e510-4175-9fb5-d055e125a49d", at.ID)
|
|
|
|
assert.Equal(t, "42c46d4c-e510-4175-9fb5-d055e125a49d", at.ID)
|
|
|
|