github.com/weaviate/weaviate@v1.24.6/usecases/auth/authentication/oidc/oidc_server_for_test.go (about) 1 // _ _ 2 // __ _____ __ ___ ___ __ _| |_ ___ 3 // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \ 4 // \ V V / __/ (_| |\ V /| | (_| | || __/ 5 // \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___| 6 // 7 // Copyright © 2016 - 2024 Weaviate B.V. All rights reserved. 8 // 9 // CONTACT: hello@weaviate.io 10 // 11 12 package oidc 13 14 import ( 15 "encoding/json" 16 "fmt" 17 "net/http" 18 "net/http/httptest" 19 "testing" 20 21 jose "github.com/go-jose/go-jose/v3" 22 "github.com/golang-jwt/jwt/v4" 23 ) 24 25 func newOIDCServer(t *testing.T) *httptest.Server { 26 // we need to start up with an empty handler 27 s := httptest.NewServer(nil) 28 29 // so that we can configure it once we now the url, this is used to match the 30 // issue field 31 s.Config.Handler = oidcHandler(t, s.URL) 32 return s 33 } 34 35 type oidcDiscovery struct { 36 Issuer string `json:"issuer"` 37 JWKSUri string `json:"jwks_uri"` 38 } 39 40 type jwksResponse struct { 41 Keys []jose.JSONWebKey `json:"keys"` 42 } 43 44 func oidcHandler(t *testing.T, url string) http.Handler { 45 mux := http.NewServeMux() 46 47 publicKey, err := jwt.ParseRSAPublicKeyFromPEM([]byte(testingPublicKey)) 48 if err != nil { 49 t.Fatalf("test server: couldn't parse public key: %v", err) 50 } 51 52 mux.HandleFunc("/.well-known/openid-configuration", func(w http.ResponseWriter, req *http.Request) { 53 w.Header().Add("Content-Type", "application/json") 54 d := oidcDiscovery{ 55 Issuer: url, 56 JWKSUri: fmt.Sprintf("%v/.well-known/jwks", url), 57 } 58 json.NewEncoder(w).Encode(d) 59 }) 60 61 mux.HandleFunc("/.well-known/jwks", func(w http.ResponseWriter, req *http.Request) { 62 w.Header().Add("Content-Type", "application/json") 63 d := jwksResponse{ 64 Keys: []jose.JSONWebKey{ 65 { 66 Key: publicKey, 67 Use: "sig", 68 Algorithm: string(jose.RS256), 69 KeyID: "my-key", 70 }, 71 }, 72 } 73 if err := json.NewEncoder(w).Encode(d); err != nil { 74 t.Fatalf("encoding jwks in test server: %v", err) 75 } 76 }) 77 78 return mux 79 } 80 81 // those keys are intended to make it possible to sign our own tokens in tests. 82 // Never use these keys for anything outside a test scenario! 83 84 var testingPrivateKey = `-----BEGIN RSA PRIVATE KEY----- 85 MIICXAIBAAKBgQDFRV9sD1ULVV7q1w9OXCXPTFRcrTYAZAVZwg8X9V1QyBd8eyp5 86 OMI4YxuL7sk+Las+PTcS6AdrHitdDZNqUjWFYOo5EQLnVBghIlu3ZWlAnM2SCPo5 87 e2jFD8IgAVHtkAHbFUliQtP6a6OOLMRq9GMhIv2ZWf79KyXvh5DFuM7zbwIDAQAB 88 AoGAXptEhghcWtEYcjutZYEfyOjsVH3lNg7B2igNIQpVNFahnNtcpUIpMu2k2lks 89 Phuc0n59GR4Z4K9ZUIkgN48xhuqDtHevMQLfg6KQaqf0KRwxBw4dIOhUX0aLkvcJ 90 WTtUPE+3hYbOuAPuXVBDB6hBZAe5mbvLPYDM3yYyRotbN7ECQQD/S3Y+shEHOMg1 91 ve1eQ4tjN+5Fdmq8l2JIbOPpvH6ytiEQSV2Q55u8gL+1x5Tb9vh3rAdg2OJ0LFay 92 VTqmCmkDAkEAxdDgvDqk7JwMbM2jxozVEcECoN07eGrshVWlXtnEpJgU4vBN8wAj 93 sS94WZCWu4LZRzPHp36dVDiPFS0aqGlCJQJAMGKX/Zf4HDtJzs25YEVC9MIT+bxQ 94 zH+QlBN3OsSL6skUCScugZkz7g0kyIoUD4CGZQAIwfU5LjV9FP2MSQ3uCwJAZxS0 95 t4F7xcx/cQcry+BBe7HvU7JVNifJvqVlumqSXQ7e+28rv3AYKVHKTinZUjcaUE88 96 QBzrkSKz9N3/ITlQfQJBAL25aXdmooBdYQUvXmNu+n10wwDAqCKtoGW75cZBJvjX 97 WnBQsDVlzaBcs32lr08XZIAH318OibfmAs5HKHABoFk= 98 -----END RSA PRIVATE KEY-----` 99 100 var testingPublicKey = `-----BEGIN PUBLIC KEY----- 101 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFRV9sD1ULVV7q1w9OXCXPTFRc 102 rTYAZAVZwg8X9V1QyBd8eyp5OMI4YxuL7sk+Las+PTcS6AdrHitdDZNqUjWFYOo5 103 EQLnVBghIlu3ZWlAnM2SCPo5e2jFD8IgAVHtkAHbFUliQtP6a6OOLMRq9GMhIv2Z 104 Wf79KyXvh5DFuM7zbwIDAQAB 105 -----END PUBLIC KEY-----` 106 107 func signToken(claims jwt.Claims) (string, error) { 108 token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) 109 key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(testingPrivateKey)) 110 if err != nil { 111 return "", err 112 } 113 114 return token.SignedString(key) 115 }