12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- #!/bin/sh -ex
- # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
- #
- # Copyright (c) 2016 Red Hat, Inc.
- # Author: Nathaniel McCallum <npmccallum@redhat.com>
- #
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation, either version 3 of the License, or
- # (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
- . helpers
- trap 'on_exit' EXIT
- export TMP=`mktemp -d`
- mkdir -p $TMP/db
- rec_startup () {
- # Generate the server keys
- tangd-keygen $TMP/db sig exc
- # Make sure keys generated by tangd-keygen have proper permissions.
- valid_key_perm "${TMP}/db/sig.jwk"
- valid_key_perm "${TMP}/db/exc.jwk"
- # Generate the client keys
- exc_kid=`jose jwk thp -i $TMP/db/exc.jwk`
- tmp=`jose fmt -j $TMP/db/exc.jwk -Od x -d y -d d -o-`
- jose jwk gen -i "$tmp" -o $TMP/exc.jwk
- jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
- }
- rec_second_phase () {
- # Make sure that GET fails
- curl -sf http://127.0.0.1:$PORT/rec && expected_fail
- curl -sf http://127.0.0.1:$PORT/rec/ && expected_fail
- # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
- good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
- test=`curl -sf -X POST \
- -H "Content-Type: application/jwk+json" \
- --data-binary @- \
- http://127.0.0.1:$PORT/rec/${exc_kid} < $TMP/exc.pub.jwk`
- [ "$good" = "$test" ]
- }
- rec_second_phase_endpoint () {
- # Make sure that GET fails
- curl -sf http://127.0.0.1:$PORT/$ENDPOINT/rec && expected_fail
- curl -sf http://127.0.0.1:$PORT/$ENDPOINT/rec/ && expected_fail
- # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
- good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
- test=`curl -sf -X POST \
- -H "Content-Type: application/jwk+json" \
- --data-binary @- \
- http://127.0.0.1:$PORT/$ENDPOINT/rec/${exc_kid} < $TMP/exc.pub.jwk`
- [ "$good" = "$test" ]
- }
|