1
0

rec 2.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. #!/bin/sh -ex
  2. # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
  3. #
  4. # Copyright (c) 2016 Red Hat, Inc.
  5. # Author: Nathaniel McCallum <npmccallum@redhat.com>
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License as published by
  9. # the Free Software Foundation, either version 3 of the License, or
  10. # (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. . helpers
  21. trap 'on_exit' EXIT
  22. export TMP=`mktemp -d`
  23. mkdir -p $TMP/db
  24. rec_startup () {
  25. # Generate the server keys
  26. tangd-keygen $TMP/db sig exc
  27. # Make sure keys generated by tangd-keygen have proper permissions.
  28. valid_key_perm "${TMP}/db/sig.jwk"
  29. valid_key_perm "${TMP}/db/exc.jwk"
  30. # Generate the client keys
  31. exc_kid=`jose jwk thp -i $TMP/db/exc.jwk`
  32. tmp=`jose fmt -j $TMP/db/exc.jwk -Od x -d y -d d -o-`
  33. jose jwk gen -i "$tmp" -o $TMP/exc.jwk
  34. jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
  35. }
  36. rec_second_phase () {
  37. # Make sure that GET fails
  38. curl -sf http://127.0.0.1:$PORT/rec && expected_fail
  39. curl -sf http://127.0.0.1:$PORT/rec/ && expected_fail
  40. # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
  41. good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
  42. test=`curl -sf -X POST \
  43. -H "Content-Type: application/jwk+json" \
  44. --data-binary @- \
  45. http://127.0.0.1:$PORT/rec/${exc_kid} < $TMP/exc.pub.jwk`
  46. [ "$good" = "$test" ]
  47. }
  48. rec_second_phase_endpoint () {
  49. # Make sure that GET fails
  50. curl -sf http://127.0.0.1:$PORT/$ENDPOINT/rec && expected_fail
  51. curl -sf http://127.0.0.1:$PORT/$ENDPOINT/rec/ && expected_fail
  52. # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
  53. good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
  54. test=`curl -sf -X POST \
  55. -H "Content-Type: application/jwk+json" \
  56. --data-binary @- \
  57. http://127.0.0.1:$PORT/$ENDPOINT/rec/${exc_kid} < $TMP/exc.pub.jwk`
  58. [ "$good" = "$test" ]
  59. }