diff options
author | Robert Newson <rnewson@apache.org> | 2017-06-15 19:17:54 +0100 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2017-06-15 21:58:52 +0100 |
commit | 8100be3d61ebf028d89a063c92de9a19816c64f9 (patch) | |
tree | 2656bb3a72bb23fd20b055793faaeda3c1b1e06a | |
parent | f9c1f336974ae2d2b923065f92f35126ecb14313 (diff) | |
download | couchdb-8100be3d61ebf028d89a063c92de9a19816c64f9.tar.gz |
remove dependency on openssl commands
-rw-r--r-- | src/jwtf.erl | 33 | ||||
-rw-r--r-- | src/jwtf_test_util.erl | 82 |
2 files changed, 32 insertions, 83 deletions
diff --git a/src/jwtf.erl b/src/jwtf.erl index bfecaccf4..809f3f391 100644 --- a/src/jwtf.erl +++ b/src/jwtf.erl @@ -305,6 +305,7 @@ prop(Prop, Props) -> -ifdef(TEST). -include_lib("eunit/include/eunit.hrl"). +-include_lib("public_key/include/public_key.hrl"). encode(Header0, Payload0) -> Header1 = b64url:encode(jiffy:encode(Header0)), @@ -491,7 +492,7 @@ encode_decode_test_() -> encode_decode(Alg) -> {EncodeKey, DecodeKey} = case verification_algorithm(Alg) of {public_key, Algorithm} -> - jwtf_test_util:create_keypair(); + create_keypair(); {hmac, Algorithm} -> Key = <<"a-super-secret-key">>, {Key, Key} @@ -518,4 +519,34 @@ claims() -> {<<"exp">>, EpochSeconds + 3600} ]}. +create_keypair() -> + %% https://tools.ietf.org/html/rfc7517#appendix-C + N = decode(<<"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy" + "O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP" + "8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0" + "Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X" + "OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1" + "_I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q">>), + E = decode(<<"AQAB">>), + D = decode(<<"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS" + "NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U" + "vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu" + "ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu" + "rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a" + "hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ">>), + RSAPrivateKey = #'RSAPrivateKey'{ + modulus = N, + publicExponent = E, + privateExponent = D + }, + RSAPublicKey = #'RSAPublicKey'{ + modulus = N, + publicExponent = E + }, + {RSAPrivateKey, RSAPublicKey}. + + +decode(Goop) -> + crypto:bytes_to_integer(b64url:decode(Goop)). + -endif. diff --git a/src/jwtf_test_util.erl b/src/jwtf_test_util.erl deleted file mode 100644 index c32ea1cb9..000000000 --- a/src/jwtf_test_util.erl +++ /dev/null @@ -1,82 +0,0 @@ -% Licensed under the Apache License, Version 2.0 (the "License"); you may not -% use this file except in compliance with the License. You may obtain a copy of -% the License at -% -% http://www.apache.org/licenses/LICENSE-2.0 -% -% Unless required by applicable law or agreed to in writing, software -% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -% License for the specific language governing permissions and limitations under -% the License. - --module(jwtf_test_util). - --export([ - create_private_key/0, - create_keypair/0, - to_public_key/1 -]). - --include_lib("public_key/include/public_key.hrl"). - --spec create_private_key() -> - #'RSAPrivateKey'{} | no_return(). -create_private_key() -> - create_private_key("/tmp"). - - --spec create_keypair() -> - {#'RSAPrivateKey'{}, #'RSAPublicKey'{}} | no_return(). -create_keypair() -> - PrivateKey = create_private_key(), - {PrivateKey, to_public_key(PrivateKey)}. - - --spec to_public_key(#'RSAPrivateKey'{}) -> - #'RSAPublicKey'{}. -to_public_key(#'RSAPrivateKey'{} = PrivateKey) -> - #'RSAPublicKey'{ - modulus = PrivateKey#'RSAPrivateKey'.modulus, - publicExponent = PrivateKey#'RSAPrivateKey'.publicExponent}. - - -create_private_key(TmpDir) -> - ok = verify_openssl(), - Path = filename:join(TmpDir, timestamp() ++ "-rsa.key.der"), - Bin = create_rsa_key(Path), - public_key:der_decode('RSAPrivateKey', Bin). - - -verify_openssl() -> - case os:cmd("openssl version") of - "OpenSSL 1." ++ _Rest -> - ok; - _ -> - throw({error, openssl_required}) - end. - - -timestamp() -> - lists:concat([integer_to_list(N) || N <- tuple_to_list(os:timestamp())]). - - -create_rsa_key(Path) -> - Cmd = "openssl genpkey -algorithm RSA -outform DER -out " ++ Path, - Out = os:cmd(Cmd), - %% Since os:cmd doesn't indicate if the command fails, we go to - %% some length to ensure the output looks correct. - ok = validate_genpkey_output(Out), - {ok, Bin} = file:read_file(Path), - ok = file:delete(Path), - Bin. - - -validate_genpkey_output(Out) when is_list(Out) -> - Length = length(Out), - case re:run(Out, "[.+\n]+") of % should only contain period, plus, or nl - {match, [{0, Length}]} -> - ok; - _ -> - throw({error, {openssl_genpkey_failed, Out}}) - end. |