Example #1
0
func (this *idToken) verifyTokenHash(tok string) (err error) {
	hGen := jwt.HashGenerator(this.alg)
	if !hGen.Available() {
		return erro.New("unsupported algorithm " + this.alg)
	}
	hVal := hash.Hashing(hGen.New(), []byte(tok))
	if !bytes.Equal(this.atHash, hVal[:len(hVal)/2]) {
		return erro.New("verification failed")
	}
	return nil
}
Example #2
0
func newTestTokenResponse(page *Page, idp idpdb.Element, clms map[string]interface{}) (status int, hader http.Header, body []byte, err error) {
	m := map[string]interface{}{
		"access_token": test_tok,
		"token_type":   "Bearer",
		"expires_in":   3600,
		"scope":        "openid email",
	}
	idTok := jwt.New()
	idTok.SetHeader("alg", test_idpSigAlg)
	idTok.SetClaim("iss", idp.Id())
	idTok.SetClaim("sub", test_acntId)
	idTok.SetClaim("aud", page.selfId)
	now := time.Now()
	idTok.SetClaim("exp", now.Add(time.Minute).Unix())
	idTok.SetClaim("iat", now.Unix())
	idTok.SetClaim("nonce", test_nonc)
	hGen := jwt.HashGenerator(test_idpSigAlg)
	if !hGen.Available() {
		return 0, nil, nil, erro.New("unsupported algorithm " + test_idpSigAlg)
	}
	idTok.SetClaim("at_hash", hashutil.Hashing(hGen.New(), []byte(test_tok)))
	for k, v := range clms {
		idTok.SetClaim(k, v)
	}
	if err := idTok.Sign(idp.Keys()); err != nil {
		return 0, nil, nil, erro.Wrap(err)
	}
	data, err := idTok.Encode()
	if err != nil {
		return 0, nil, nil, erro.Wrap(err)
	}
	m["id_token"] = string(data)

	body, err = json.Marshal(m)
	if err != nil {
		return 0, nil, nil, erro.Wrap(err)
	}

	return http.StatusOK, nil, body, nil
}
Example #3
0
func newCallbackRequestWithIdToken(page *Page, idp idpdb.Element, clms map[string]interface{}) (*http.Request, error) {
	q := url.Values{}
	q.Set("code", test_cod)
	q.Set("state", test_stat)
	idTok := jwt.New()
	idTok.SetHeader("alg", test_idpSigAlg)
	idTok.SetClaim("iss", idp.Id())
	idTok.SetClaim("sub", test_acntId)
	idTok.SetClaim("aud", page.selfId)
	now := time.Now()
	idTok.SetClaim("exp", now.Add(time.Minute).Unix())
	idTok.SetClaim("iat", now.Unix())
	idTok.SetClaim("nonce", test_nonc)
	hGen := jwt.HashGenerator(test_idpSigAlg)
	if !hGen.Available() {
		return nil, erro.New("unsupported algorithm " + test_idpSigAlg)
	}
	idTok.SetClaim("c_hash", hashutil.Hashing(hGen.New(), []byte(test_cod)))
	for k, v := range clms {
		idTok.SetClaim(k, v)
	}
	if err := idTok.Sign(idp.Keys()); err != nil {
		return nil, erro.Wrap(err)
	}
	data, err := idTok.Encode()
	if err != nil {
		return nil, erro.Wrap(err)
	}
	q.Set("id_token", string(data))
	r, err := http.NewRequest("GET", "http://localhost/callback?"+q.Encode(), nil)
	if err != nil {
		return nil, erro.Wrap(err)
	}
	r.AddCookie(&http.Cookie{
		Name:  page.sessLabel,
		Value: test_sessId,
	})
	return r, nil
}