test: use keys for testing JWK (#283)

Author: bshaffer

tests/JWKTest.php

@@ -5,155 +5,98 @@
 
 class JWKTest extends TestCase
 {
-    /*
-     * For compatibility with PHPUnit 4.8 and PHP < 5.6
-     */
-    public function setExpectedException($exceptionName, $message = '', $code = NULL) {
-        if (method_exists($this, 'expectException')) {
-            $this->expectException($exceptionName);
-        } else {
-            parent::setExpectedException($exceptionName, $message, $code);
-        }
-    }
+    private static $keys;
+    private static $privKey1;
+    private static $privKey2;
 
-    public function testDecodeByJWKKeySetTokenExpired()
+    public function testMissingKty()
     {
-        $jsKey = array(
-            'kty' => 'RSA',
-            'e'   => 'AQAB',
-            'use' => 'sig',
-            'kid' => 's1',
-            'n'   => 'kWp2zRA23Z3vTL4uoe8kTFptxBVFunIoP4t_8TDYJrOb7D1iZNDXVeEsYKp6ppmrTZDAgd-cNOTKLd4M39WJc5FN0maTAVKJc7NxklDeKc4dMe1BGvTZNG4MpWBo-taKULlYUu0ltYJuLzOjIrTHfarucrGoRWqM0sl3z2-fv9k',
+        $this->setExpectedException(
+            'UnexpectedValueException',
+            'JWK must contain a "kty" parameter'
         );
 
-        $key = JWK::parseKeySet(array('keys' => array($jsKey)));
+        $badJwk = array('kid' => 'foo');
+        $keys = JWK::parseKeySet(array('keys' => array($badJwk)));
+    }
 
-        $header = array(
-            'kid' => 's1',
-            'alg' => 'RS256',
-        );
-        $payload = array (
-            'scp' => array ('openid', 'email', 'profile', 'aas'),
-            'sub' => 'tUCYtnfIBPWcrSJf4yBfvN1kww4KGcy3LIPk1GVzsE0',
-            'clm' => array ('!5v8H'),
-            'iss' => 'http://130.211.243.114:8080/c2id',
-            'exp' => 1441126539,
-            'uip' => array('groups' => array('admin', 'audit')),
-            'cid' => 'pk-oidc-01',
-        );
-        $signature = 'PvYrnf3k1Z0wgRwCgq0WXKaoIv1hHtzBFO5cGfCs6bl4suc6ilwCWmJqRxGYkU2fNTGyMOt3OUnnBEwl6v5qN6jv7zbkVAVKVvbQLxhHC2nXe3izvoCiVaMEH6hE7VTWwnPbX_qO72mCwTizHTJTZGLOsyXLYM6ctdOMf7sFPTI';
-        $msg = sprintf('%s.%s.%s',
-            JWT::urlsafeB64Encode(json_encode($header)),
-            JWT::urlsafeB64Encode(json_encode($payload)),
-            $signature
+    public function testInvalidAlgorithm()
+    {
+        $this->setExpectedException(
+            'UnexpectedValueException',
+            'No supported algorithms found in JWK Set'
         );
 
-        $this->setExpectedException('Firebase\JWT\ExpiredException');
-
-        JWT::decode($msg, $key, array('RS256'));
+        $badJwk = array('kty' => 'BADALG');
+        $keys = JWK::parseKeySet(array('keys' => array($badJwk)));
     }
 
-    public function testDecodeByJWKKeySet()
+    public function testParseJwkKeySet()
     {
-        $jsKey = array(
-            'kty' => 'RSA',
-            'e'   => 'AQAB',
-            'use' => 'sig',
-            'kid' => 's1',
-            'n'   => 'kWp2zRA23Z3vTL4uoe8kTFptxBVFunIoP4t_8TDYJrOb7D1iZNDXVeEsYKp6ppmrTZDAgd-cNOTKLd4M39WJc5FN0maTAVKJc7NxklDeKc4dMe1BGvTZNG4MpWBo-taKULlYUu0ltYJuLzOjIrTHfarucrGoRWqM0sl3z2-fv9k',
+        $jwkSet = json_decode(
+            file_get_contents(__DIR__ . '/rsa-jwkset.json'),
+            true
         );
+        $keys = JWK::parseKeySet($jwkSet);
+        $this->assertTrue(is_array($keys));
+        $this->assertArrayHasKey('jwk1', $keys);
+        self::$keys = $keys;
+    }
 
-        $key = JWK::parseKeySet(array('keys' => array($jsKey)));
-
-        $header = array(
-            'kid' => 's1',
-            'alg' => 'RS256',
-        );
-        $payload = array (
-            'scp' => array ('openid', 'email', 'profile', 'aas'),
-            'sub' => 'tUCYtnfIBPWcrSJf4yBfvN1kww4KGcy3LIPk1GVzsE0',
-            'clm' => array ('!5v8H'),
-            'iss' => 'http://130.211.243.114:8080/c2id',
-            'exp' => 1441126539,
-            'uip' => array('groups' => array('admin', 'audit')),
-            'cid' => 'pk-oidc-01',
-        );
-        $signature = 'PvYrnf3k1Z0wgRwCgq0WXKaoIv1hHtzBFO5cGfCs6bl4suc6ilwCWmJqRxGYkU2fNTGyMOt3OUnnBEwl6v5qN6jv7zbkVAVKVvbQLxhHC2nXe3izvoCiVaMEH6hE7VTWwnPbX_qO72mCwTizHTJTZGLOsyXLYM6ctdOMf7sFPTI';
-        $msg = sprintf('%s.%s.%s',
-            JWT::urlsafeB64Encode(json_encode($header)),
-            JWT::urlsafeB64Encode(json_encode($payload)),
-            $signature
-        );
+    /**
+     * @depends testParseJwkKeySet
+     */
+    public function testDecodeByJwkKeySetTokenExpired()
+    {
+        $privKey1 = file_get_contents(__DIR__ . '/rsa1-private.pem');
+        $payload = array('exp' => strtotime('-1 hour'));
+        $msg = JWT::encode($payload, $privKey1, 'RS256', 'jwk1');
 
         $this->setExpectedException('Firebase\JWT\ExpiredException');
 
-        $payload = JWT::decode($msg, $key, array('RS256'));
-
-        $this->assertEquals("tUCYtnfIBPWcrSJf4yBfvN1kww4KGcy3LIPk1GVzsE0", $payload->sub);
-        $this->assertEquals(1441126539, $payload->exp);
+        JWT::decode($msg, self::$keys, array('RS256'));
     }
 
-    public function testDecodeByMultiJWKKeySet()
+    /**
+     * @depends testParseJwkKeySet
+     */
+    public function testDecodeByJwkKeySet()
     {
-        $jsKey1 = array(
-            'kty' => 'RSA',
-            'e'   => 'AQAB',
-            'use' => 'sig',
-            'kid' => 'CXup',
-            'n'   => 'hrwD-lc-IwzwidCANmy4qsiZk11yp9kHykOuP0yOnwi36VomYTQVEzZXgh2sDJpGgAutdQudgwLoV8tVSsTG9SQHgJjH9Pd_9V4Ab6PANyZNG6DSeiq1QfiFlEP6Obt0JbRB3W7X2vkxOVaNoWrYskZodxU2V0ogeVL_LkcCGAyNu2jdx3j0DjJatNVk7ystNxb9RfHhJGgpiIkO5S3QiSIVhbBKaJHcZHPF1vq9g0JMGuUCI-OTSVg6XBkTLEGw1C_R73WD_oVEBfdXbXnLukoLHBS11p3OxU7f4rfxA_f_72_UwmWGJnsqS3iahbms3FkvqoL9x_Vj3GhuJSf97Q',
-        );
-        $jsKey2 = array(
-            'kty' => 'EC',
-            'use' => 'sig',
-            'crv' => 'P-256',
-            'kid' => 'yGvt',
-            'x'   => 'pvgdqM3RCshljmuCF1D2Ez1w5ei5k7-bpimWLPNeEHI',
-            'y'   => 'JSmUhbUTqiFclVLEdw6dz038F7Whw4URobjXbAReDuM',
-        );
-        $jsKey3 = array(
-            'kty' => 'EC',
-            'use' => 'sig',
-            'crv' => 'P-384',
-            'kid' => '9nHY',
-            'x'   => 'JPKhjhE0Bj579Mgj3Cn3ERGA8fKVYoGOaV9BPKhtnEobphf8w4GSeigMesL-038W',
-            'y'   => 'UbJa1QRX7fo9LxSlh7FOH5ABT5lEtiQeQUcX9BW0bpJFlEVGqwec80tYLdOIl59M',
-        );
-        $jsKey4 = array(
-            'kty' => 'EC',
-            'use' => 'sig',
-            'crv' => 'P-521',
-            'kid' => 'tVzS',
-            'x'   => 'AZgkRHlIyNQJlPIwTWdHqouw41k9dS3GJO04BDEnJnd_Dd1owlCn9SMXA-JuXINn4slwbG4wcECbctXb2cvdGtmn',
-            'y'   => 'AdBC6N9lpupzfzcIY3JLIuc8y8MnzV-ItmzHQcC5lYWMTbuM9NU_FlvINeVo8g6i4YZms2xFB-B0VVdaoF9kUswC',
-        );
+        $privKey1 = file_get_contents(__DIR__ . '/rsa1-private.pem');
+        $payload = array('sub' => 'foo', 'exp' => strtotime('+10 seconds'));
+        $msg = JWT::encode($payload, $privKey1, 'RS256', 'jwk1');
 
-        $key = JWK::parseKeySet(array('keys' => array($jsKey1, $jsKey2, $jsKey3, $jsKey4)));
+        $result = JWT::decode($msg, self::$keys, array('RS256'));
 
-        $header = array(
-            'kid' => 'CXup',
-            'alg' => 'RS256',
-        );
-        $payload = array(
-            'sub' => 'f8b67cc46030777efd8bce6c1bfe29c6c0f818ec',
-            'scp' => array('openid', 'name', 'profile', 'picture', 'email', 'rs-pk-main', 'rs-pk-so', 'rs-pk-issue', 'rs-pk-web'),
-            'clm' => array('!5v8H'),
-            'iss' => 'https://id.projectkit.net/authenticate',
-            'exp' => 1492228336,
-            'iat' => 1491364336,
-            'cid' => 'cid-pk-web',
-        );
-        $signature = 'KW1K-72bMtiNwvyYBgffG6VaG6I59cELGYQR8M2q7HA8dmzliu6QREJrqyPtwW_rDJZbsD3eylvkRinK9tlsMXCOfEJbxLdAC9b4LKOsnsbuXXwsJHWkFG0a7osdW0ZpXJDoMFlO1aosxRGMkaqhf1wIkvQ5PM_EB08LJv7oz64Antn5bYaoajwgvJRl7ChatRDn9Sx5UIElKD1BK4Uw5WdrZwBlWdWZVNCSFhy4F6SdZvi3OBlXzluDwq61RC-pl2iivilJNljYWVrthHDS1xdtaVz4oteHW13-IS7NNEz6PVnzo5nyoPWMAB4JlRnxcfOFTTUqOA2mX5Csg0UpdQ';
-        $msg = sprintf('%s.%s.%s',
-            JWT::urlsafeB64Encode(json_encode($header)),
-            JWT::urlsafeB64Encode(json_encode($payload)),
-            $signature
-        );
+        $this->assertEquals("foo", $result->sub);
+    }
 
-        $this->setExpectedException('Firebase\JWT\ExpiredException');
+    /**
+     * @depends testParseJwkKeySet
+     */
+    public function testDecodeByMultiJwkKeySet()
+    {
+        $privKey2 = file_get_contents(__DIR__ . '/rsa2-private.pem');
+        $payload = array('sub' => 'bar', 'exp' => strtotime('+10 seconds'));
+        $msg = JWT::encode($payload, $privKey2, 'RS256', 'jwk2');
 
-        $payload = JWT::decode($msg, $key, array('RS256'));
+        $result = JWT::decode($msg, self::$keys, array('RS256'));
 
-        $this->assertEquals("f8b67cc46030777efd8bce6c1bfe29c6c0f818ec", $payload->sub);
-        $this->assertEquals(1492228336, $payload->exp);
+        $this->assertEquals("bar", $result->sub);
+    }
+
+    /*
+     * For compatibility with PHPUnit 4.8 and PHP < 5.6
+     */
+    public function setExpectedException($exceptionName, $message = '', $code = NULL)
+    {
+        if (method_exists($this, 'expectException')) {
+            $this->expectException($exceptionName);
+            if ($message) {
+                $this->expectExceptionMessage($message);
+            }
+        } else {
+            parent::setExpectedException($exceptionName, $message, $code);
+        }
     }
 }

tests/rsa-jwkset.json

@@ -0,0 +1,17 @@
+{
+    "keys": [
+        {
+            "kty": "RSA",
+            "e": "AQAB",
+            "kid": "jwk1",
+            "n": "0Ttga33B1yX4w77NbpKyNYDNSVCo8j-RlZaZ9tI-KfkV1d-tfsvI9ZPAheP11FoN52ceBaY5ltelHW-IKwCfyT0orLdsxLgowaXki9woF1Azvcg2JVxQLv9aVjjAvy3CZFIG_EeN7J3nsyCXGnu1yMEbnvkWxA88__Q6HQ2K9wqfApkQ0LNlsK0YHz_sfjHNvRKxnbAJk7D5fUhZunPZXOPHXFgA5SvLvMaNIXduMKJh4OMfuoLdJowXJAR9j31Mqz_is4FMhm_9Mq7vZZ-uF09htRvIR8tRY28oJuW1gKWyg7cQQpnjHgFyG3XLXWAeXclWqyh_LfjyHQjrYhyeFw"
+
+        },
+        {
+            "kty": "RSA",
+            "e": "AQAB",
+            "kid": "jwk2",
+            "n": "pXi2o6AnNhwL30MaK_nuDHi2fxZHVen7Xwk0bjLGlHYpq3mSvXm2HBA-zR41vQCbHkYGsDpsyDhIXLBDTbSa7ue7D1ZqYdv5YLIS33zdX9GtUHfFHc6zYgXAU9ziWeyTzVn7icAbjxqcgT2xKNuGK7Zf2ZJ053rr-dxjAE-SjX4SG0WWUhwPjxlr1etF7mEurhHweuSdZYl36g39o9BtTBVfS87io2MwdIRsnL3w8ulgXRVRWjv-vvcuhMS_y6zGbzOC55Yr23sb4h2PSll32bgyglEIsGgHqjOdyjuUzl0t6jh86DHzbu9h-u1iihX8EI8t7CBbizbPPyHQygp-rQ"
+        }
+    ]
+}

tests/rsa1-private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0Ttga33B1yX4w77NbpKyNYDNSVCo8j+RlZaZ9tI+KfkV1d+t
+fsvI9ZPAheP11FoN52ceBaY5ltelHW+IKwCfyT0orLdsxLgowaXki9woF1Azvcg2
+JVxQLv9aVjjAvy3CZFIG/EeN7J3nsyCXGnu1yMEbnvkWxA88//Q6HQ2K9wqfApkQ
+0LNlsK0YHz/sfjHNvRKxnbAJk7D5fUhZunPZXOPHXFgA5SvLvMaNIXduMKJh4OMf
+uoLdJowXJAR9j31Mqz/is4FMhm/9Mq7vZZ+uF09htRvIR8tRY28oJuW1gKWyg7cQ
+QpnjHgFyG3XLXWAeXclWqyh/LfjyHQjrYhyeFwIDAQABAoIBAHMqdJsWAGEVNIVB
++792HYNXnydQr32PwemNmLeD59WglgU/9jZJoxaROjI4VLKK0wZg+uRvJ1nA3tCB
++Hh7Anh5Im9XExaAq2ZTkqXtC2AxtBktH6iW1EfaI/Y7jNRuMoaXo+Ku3A62p7cw
+JBvepiOXL0Xko0RNguz7mBUvxCLPhYhzn7qCbM8uXLcjsXq/YhWQwQmtMqv0sd3W
+Hy+8Jb2c18sqDeZIBne4dWD6qPClPEOsrq9gPTkl0DjbT27oVc2u1p4HMNm5BJIh
+u3rMSxnZHUd7Axj1FgyLIOHl63UhaiaA1aPe/fLiVIGOA1jBZrpbnjgqDy9Uxyn6
+eydbiwECgYEA9mtRydz22idyUOlBCDXk+vdGBvFAucNYaNNUAXUJ2wfPmdGgFCA7
+g5eQG8JC6J/FU+2AfIuz6LGr7SxMBYcsWGjFAzGqs/sJib+zzN1dPUSRn4uJNFit
+51yQzPgBqHS6S/XBi6YAODeZDl9jiPl3FxxucqLY5NstqZFXbE0SjIECgYEA2V3r
+7xnRAK1krY1+zkPof4kcBmjqOXjnl/oRxlXP65lEXmyNJwm/ulOIko9mElWRs8CG
+AxSWKaab9Gk6lc8MHjVRbuW52RGLGKq1mp6ENr4d3IBOfrNsTvD3gtNEN1JFLeF1
+jIbSsrbi2txr7VZ06Irac0C/ytro0QDOUoXkvpcCgYA8O0EzmToRWsD7e/g0XJAK
+s/Q+8CtE/LWYccc/z+7HxeH9lBqPsM07Pgmwb0xRdfQSrqPQTYl9ICiJAWHXnBG/
+zmQRgstZ0MulCuGU+qq2thLuL3oq/F4NhjeykhA9r8J1nK1hSAMXuqdDtxcqPOfa
+E03/4UQotFY181uuEiytgQKBgHQT+gjHqptH/XnJFCymiySAXdz2bg6fCF5aht95
+t/1C7gXWxlJQnHiuX0KVHZcw5wwtBePjPIWlmaceAtE5rmj7ZC9qsqK/AZ78mtql
+SEnLoTq9si1rN624dRUCKW25m4Py4MlYvm/9xovGJkSqZOhCLoJZ05JK8QWb/pKH
+Oi6lAoGBAOUN6ICpMQvzMGPgIbgS0H/gvRTnpAEs59vdgrkhlCII4tzfgvBQlVae
+hRcdM6GTMq5pekBPKu45eanIzwVc88P6coT4qiWYKk2jYoLBa0UV3xEAuqBMymrj
+X4nLcSbZtO0tcDGMfMpWF2JGYOEJQNetPozL/ICGVFyIO8yzXm8U
+-----END RSA PRIVATE KEY-----

tests/rsa2-private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEApXi2o6AnNhwL30MaK/nuDHi2fxZHVen7Xwk0bjLGlHYpq3mS
+vXm2HBA+zR41vQCbHkYGsDpsyDhIXLBDTbSa7ue7D1ZqYdv5YLIS33zdX9GtUHfF
+Hc6zYgXAU9ziWeyTzVn7icAbjxqcgT2xKNuGK7Zf2ZJ053rr+dxjAE+SjX4SG0WW
+UhwPjxlr1etF7mEurhHweuSdZYl36g39o9BtTBVfS87io2MwdIRsnL3w8ulgXRVR
+Wjv+vvcuhMS/y6zGbzOC55Yr23sb4h2PSll32bgyglEIsGgHqjOdyjuUzl0t6jh8
+6DHzbu9h+u1iihX8EI8t7CBbizbPPyHQygp+rQIDAQABAoIBACF25kj1LLjutx/x
+7CsUoqX3C8Fr+gVQCrxPmkDnF+4Sb570OU8EfGX0ix7kiy2sH7LhqpydVD6x00Cb
+jSD785F5YAVcDqu31xlNKi/0irjEKO7rKfw7P2AFlb3gIA7bn5CaMBrNtUUdtqUU
+mu2OZ/YTLhNMYUQnQe4IOiVn8lWW5D4Kje/RlLRRdGn8voXaD5BnOwZNXAxjdXqM
+RxyXRG74tLKyfe3W8xTL8uhlKCNHjsdtUg9IZdnKT7I3DJPobpqgC3fUuC/IbfGf
+MPK1aiu067/3DdgonC2ZWqFeKLJqtUa7z0pSQaZeDa1iiUuRivfqKYEBovFre6ni
+1qHkp8ECgYEA089VnKc74NRGVbIs0VtQGprNhkl47eBq6jhTlG3hfaFF4VuDiZiu
+wT8enlbhlbDb/gM0CDr9tkfDs7R4exNnhSVvn2PT8b1mhonOAeE466y/4YBA0d9x
+gj0wF2vjH/bsVNBe6MBrIx12R2tBKTZ7tbCzgJRszSZqkrK7sljTlaUCgYEAx/54
+G3Yd3ULqGIG/JA7w/QEYitgjwAUSJ+eLU+iqlIjo/njAJwJ/kixqaI3Jzcl+kYmp
+yNIXNNaJUz8c0M/QsuqvQjLnHkF0FOZUrdyVseU2mSbI6DhAGsPJEtAOep/61vyz
+uJSu0z34gQ6bNrKdqfkA7XIQRNJ1r0qQXrVLRmkCgYB2/UYaIDTaREZTBCp7XnHs
+0ERfiUz/TZCijgweGXCQ1BXe2TtXBEhAVcZMq4BFSLr9wyzq5sD7Muu1O9BnS+pe
++T3w6/L4Hi/HqwjpM253r2+ILjW78Wvh/5/RuJE6tsvjhb+bv+UwL+/vhUhw76Ol
+2WOt+zP4N/ms+e3J7m7G5QKBgQCmasN65nC3WyT8u4pX8O7rOOw5LN2ivRV8ixnO
++r5m1v46MjSCwXtyIO9yjPmt+csOQ+U6LEgPOa4PzWanAyaAmvS3OzBCZui3M2qn
+OfR+kWM7UaDAS35cRyqcMvC5bUIHf0P1hhNryBdvHL5fZ4X2mDMDYnTTL+WptXwo
+sucucQKBgAGHzi5+ZRwffhpZiYVR/lA6zvqyekAncJZwGe2UVDL0axTumX1NPdin
+2mOnVuvKVvJkisyKTIQzFk6ClQEyiArO4+t7zhUbg5Crh8q6nObRo2R2NcP8o0Iq
+BRIwPgaG/WlEvZ6zqlHQ0qH7WoL4HnRG5uyLOuzRIkjasYmZdfR8
+-----END RSA PRIVATE KEY-----