remove dependency on openssl commands

author: Robert Newson <rnewson@apache.org> 2017-06-15 19:17:54 +0100
committer: Robert Newson <rnewson@apache.org> 2017-06-15 21:58:52 +0100
commit: 8100be3d61ebf028d89a063c92de9a19816c64f9 (patch)
tree: 2656bb3a72bb23fd20b055793faaeda3c1b1e06a
parent: f9c1f336974ae2d2b923065f92f35126ecb14313 (diff)
download: couchdb-8100be3d61ebf028d89a063c92de9a19816c64f9.tar.gz
2 files changed, 32 insertions, 83 deletions
diff --git a/src/jwtf.erl b/src/jwtf.erl
index bfecaccf4..809f3f391 100644
--- a/src/jwtf.erl
+++ b/src/jwtf.erl
@@ -305,6 +305,7 @@ prop(Prop, Props) ->
 
 -ifdef(TEST).
 -include_lib("eunit/include/eunit.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
 encode(Header0, Payload0) ->
     Header1 = b64url:encode(jiffy:encode(Header0)),
@@ -491,7 +492,7 @@ encode_decode_test_() ->
 encode_decode(Alg) ->
     {EncodeKey, DecodeKey} = case verification_algorithm(Alg) of
         {public_key, Algorithm} ->
-            jwtf_test_util:create_keypair();
+            create_keypair();
         {hmac, Algorithm} ->
             Key = <<"a-super-secret-key">>,
             {Key, Key}
@@ -518,4 +519,34 @@ claims() ->
         {<<"exp">>, EpochSeconds + 3600}
     ]}.
 
+create_keypair() ->
+    %% https://tools.ietf.org/html/rfc7517#appendix-C
+    N = decode(<<"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy"
+        "O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP"
+        "8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0"
+        "Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X"
+        "OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1"
+        "_I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q">>),
+    E = decode(<<"AQAB">>),
+    D = decode(<<"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS"
+        "NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U"
+        "vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu"
+        "ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu"
+        "rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a"
+        "hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ">>),
+    RSAPrivateKey = #'RSAPrivateKey'{
+        modulus = N,
+        publicExponent = E,
+        privateExponent = D
+    },
+    RSAPublicKey = #'RSAPublicKey'{
+        modulus = N,
+        publicExponent = E
+    },
+    {RSAPrivateKey, RSAPublicKey}.
+
+
+decode(Goop) ->
+    crypto:bytes_to_integer(b64url:decode(Goop)).
+
 -endif.
diff --git a/src/jwtf_test_util.erl b/src/jwtf_test_util.erl
deleted file mode 100644
index c32ea1cb9..000000000
--- a/src/jwtf_test_util.erl
+++ /dev/null
@@ -1,82 +0,0 @@
-% Licensed under the Apache License, Version 2.0 (the "License"); you may not
-% use this file except in compliance with the License. You may obtain a copy of
-% the License at
-%
-%   http://www.apache.org/licenses/LICENSE-2.0
-%
-% Unless required by applicable law or agreed to in writing, software
-% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-% License for the specific language governing permissions and limitations under
-% the License.
-
--module(jwtf_test_util).
-
--export([
-    create_private_key/0,
-    create_keypair/0,
-    to_public_key/1
-]).
-
--include_lib("public_key/include/public_key.hrl").
-
--spec create_private_key() ->
-    #'RSAPrivateKey'{} | no_return().
-create_private_key() ->
-    create_private_key("/tmp").
-
-
--spec create_keypair() ->
-    {#'RSAPrivateKey'{}, #'RSAPublicKey'{}} | no_return().
-create_keypair() ->
-    PrivateKey = create_private_key(),
-    {PrivateKey, to_public_key(PrivateKey)}.
-
-
--spec to_public_key(#'RSAPrivateKey'{}) ->
-    #'RSAPublicKey'{}.
-to_public_key(#'RSAPrivateKey'{} = PrivateKey) ->
-    #'RSAPublicKey'{
-        modulus = PrivateKey#'RSAPrivateKey'.modulus,
-        publicExponent = PrivateKey#'RSAPrivateKey'.publicExponent}.
-
-
-create_private_key(TmpDir) ->
-    ok = verify_openssl(),
-    Path = filename:join(TmpDir, timestamp() ++ "-rsa.key.der"),
-    Bin = create_rsa_key(Path),
-    public_key:der_decode('RSAPrivateKey', Bin).
-
-
-verify_openssl() ->
-    case os:cmd("openssl version") of
-        "OpenSSL 1." ++ _Rest ->
-            ok;
-        _ ->
-            throw({error, openssl_required})
-    end.
-
-
-timestamp() ->
-    lists:concat([integer_to_list(N) || N <- tuple_to_list(os:timestamp())]).
-
-
-create_rsa_key(Path) ->
-    Cmd = "openssl genpkey -algorithm RSA -outform DER -out " ++ Path,
-    Out = os:cmd(Cmd),
-    %% Since os:cmd doesn't indicate if the command fails, we go to
-    %% some length to ensure the output looks correct.
-    ok = validate_genpkey_output(Out),
-    {ok, Bin} = file:read_file(Path),
-    ok = file:delete(Path),
-    Bin.
-
-
-validate_genpkey_output(Out) when is_list(Out) ->
-    Length = length(Out),
-    case re:run(Out, "[.+\n]+") of % should only contain period, plus, or nl
-        {match, [{0, Length}]} ->
-            ok;
-        _ ->
-            throw({error, {openssl_genpkey_failed, Out}})
-    end.
author	Robert Newson <rnewson@apache.org>	2017-06-15 19:17:54 +0100
committer	Robert Newson <rnewson@apache.org>	2017-06-15 21:58:52 +0100
commit	8100be3d61ebf028d89a063c92de9a19816c64f9 (patch)
tree	2656bb3a72bb23fd20b055793faaeda3c1b1e06a
parent	f9c1f336974ae2d2b923065f92f35126ecb14313 (diff)
download	couchdb-8100be3d61ebf028d89a063c92de9a19816c64f9.tar.gz