test: add EC384 test keys and tokens

config/README.md

@@ -9,9 +9,11 @@
 
 curve name: prime256v1 (secp256r1, secp384r1)
 
-> openssl ecparam -genkey -noout -name prime256v1 | openssl pkcs8 -topk8 -nocrypt -out ec-private.pem
+> openssl ecparam -genkey -noout -name prime256v1 | openssl pkcs8 -topk8 -nocrypt -out ec-private1.pem
+> openssl ecparam -genkey -noout -name secp384r1 | openssl pkcs8 -topk8 -nocrypt -out ec384-private1.pem
 
-> openssl ec -in ec-private.pem -pubout -out ec-public-key.pem
+> openssl ec -in ec-private1.pem -pubout -out ec-public1.pem
+> openssl ec -in ec384-private1.pem -pubout -out ec384-public1.pem
 
 ## EdDSA - Edwards-curve Digital Signature Algorithm
 

config/ec384-private1.pem

@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCEPIELj6Yh/C7YPArh
+GlU1Hnv85nYTrRKozX4qONvS9RgDHDXalK9yFgUDh7jkIi+hZANiAAQTrPmB0t7h
+qDNsoQsDdI6Vx9f07PV3QcKNxbn6/Rs4HcRE3rERUFqinPBdUqTyJ+W/HFbjTkDU
+9JnNRU68B7KVzCMKL/yw+bavLja+a8pBjH+MHVTR+cslxDlD2svexSA=
+-----END PRIVATE KEY-----

config/ec384-public1.pem

@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEE6z5gdLe4agzbKELA3SOlcfX9Oz1d0HC
+jcW5+v0bOB3ERN6xEVBaopzwXVKk8iflvxxW405A1PSZzUVOvAeylcwjCi/8sPm2
+ry42vmvKQYx/jB1U0fnLJcQ5Q9rL3sUg
+-----END PUBLIC KEY-----

demo-server/src/oidc_provider/mod.rs

@@ -50,20 +50,27 @@ async fn jwks() -> Json<Value> {
     pk.set_key_use("sig");
     kset.keys.push(pk);
 
-    let keypair = EcKeyPair::from_pem(include_bytes!("../../../config/ecdsa-private1.pem"), Some(EcCurve::P256)).unwrap();
+    let keypair = EcKeyPair::from_pem(include_bytes!("../../../config/ec256-private1.pem"), Some(EcCurve::P256)).unwrap();
     let mut pk = keypair.to_jwk_public_key();
     pk.set_key_id("ec01");
     pk.set_algorithm("ES256");
     pk.set_key_use("sig");
     kset.keys.push(pk);
 
-    let keypair = EcKeyPair::from_pem(include_bytes!("../../../config/ecdsa-private2.pem"), Some(EcCurve::P256)).unwrap();
+    let keypair = EcKeyPair::from_pem(include_bytes!("../../../config/ec256-private2.pem"), Some(EcCurve::P256)).unwrap();
     let mut pk = keypair.to_jwk_public_key();
     pk.set_key_id("ec02");
     pk.set_algorithm("ES256");
     pk.set_key_use("sig");
     kset.keys.push(pk);
 
+    let keypair = EcKeyPair::from_pem(include_bytes!("../../../config/ec384-private1.pem"), Some(EcCurve::P384)).unwrap();
+    let mut pk = keypair.to_jwk_public_key();
+    pk.set_key_id("ec01-es384");
+    pk.set_algorithm("ES384");
+    pk.set_key_use("sig");
+    kset.keys.push(pk);
+
     let keypair = EdKeyPair::from_pem(include_bytes!("../../../config/ed25519-private1.pem")).unwrap();
     let mut pk = keypair.to_jwk_public_key();
     pk.set_key_id("ed01");
@@ -127,8 +134,9 @@ pub async fn tokens() -> Json<Value> {
 
     let rsa1_key = EncodingKey::from_rsa_pem(include_bytes!("../../../config/rsa-private1.pem")).unwrap();
     let rsa2_key = EncodingKey::from_rsa_pem(include_bytes!("../../../config/rsa-private2.pem")).unwrap();
-    let ec1_key = EncodingKey::from_ec_pem(include_bytes!("../../../config/ecdsa-private1.pem")).unwrap();
-    let ec2_key = EncodingKey::from_ec_pem(include_bytes!("../../../config/ecdsa-private2.pem")).unwrap();
+    let ec1_key = EncodingKey::from_ec_pem(include_bytes!("../../../config/ec256-private1.pem")).unwrap();
+    let ec2_key = EncodingKey::from_ec_pem(include_bytes!("../../../config/ec256-private2.pem")).unwrap();
+    let ec1_es384_key = EncodingKey::from_ec_pem(include_bytes!("../../../config/ec384-private1.pem")).unwrap();
     let ed1_key = EncodingKey::from_ed_pem(include_bytes!("../../../config/ed25519-private1.pem")).unwrap();
     let ed2_key = EncodingKey::from_ed_pem(include_bytes!("../../../config/ed25519-private2.pem")).unwrap();
 
@@ -138,6 +146,7 @@ pub async fn tokens() -> Json<Value> {
     let ec1_token_aud = encode(&build_header(Algorithm::ES256, "ec01"), &claims_with_aud, &ec1_key).unwrap();
     let ec1_token = encode(&build_header(Algorithm::ES256, "ec01"), &claims, &ec1_key).unwrap();
     let ec2_token = encode(&build_header(Algorithm::ES256, "ec02"), &claims, &ec2_key).unwrap();
+    let ec1_es384_token = encode(&build_header(Algorithm::ES384, "ec01-es384"), &claims, &ec1_es384_key).unwrap();
     let ed1_token = encode(&build_header(Algorithm::EdDSA, "ed01"), &claims, &ed1_key).unwrap();
     let ed2_token = encode(&build_header(Algorithm::EdDSA, "ed02"), &claims, &ed2_key).unwrap();
 
@@ -148,6 +157,7 @@ pub async fn tokens() -> Json<Value> {
         "ec01": ec1_token,
         "ec01_aud": ec1_token_aud,
         "ec02": ec2_token,
+        "ec01_es384": ec1_es384_token,
         "ed01": ed1_token,
         "ed02": ed2_token,
     }))

jwt-authorizer/tests/common/mod.rs

@@ -35,12 +35,24 @@ lazy_static! {
           "use": "sig"
         }]
     });
+    pub static ref JWKS_EC1_ES384: Value = json!({
+        "keys": [{
+          "kty": "EC",
+          "crv": "P-384",
+          "x": "E6z5gdLe4agzbKELA3SOlcfX9Oz1d0HCjcW5-v0bOB3ERN6xEVBaopzwXVKk8ifl",
+          "y": "vxxW405A1PSZzUVOvAeylcwjCi_8sPm2ry42vmvKQYx_jB1U0fnLJcQ5Q9rL3sUg",
+          "kid": "ec01-es384",
+          "alg": "ES384",
+          "use": "sig"
+        }]
+    });
 }
 
 pub const JWT_RSA1_OK: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6InJzYTAxIn0.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJiQGIuY29tIiwiZXhwIjoyMDAwMDAwMDAwLCJuYmYiOjE1MTYyMzkwMjJ9.pmm8Kdk-SvycXIGpWb1R0DuP5nlB7w4QQS7trhN_OjOpbk0A8F_lC4BdClz3rol2Pgo61lcFckJgjNBj34DQGeTGOtvxdiUXNgi1aKiXH4AyPzZeZx30PgFxa1fxhuZhBAj6xIZKBSBQvVyjeVQzAScINRCBX8zfCaXSU1ZCUkJl5vbD7zT-cYIFU76we9HcIYKRXwTiAyoNn3Lixa1H3_t5sbx3om2WlIB2x-sGpoDFDjorcuJT1yQx3grTRTBzHyRBRjZ3e8wrMbiacy-m3WoEFdkssQgYi_dSQH0hvxgacvGWayK0UqD7O5UL6EzTA2feXbgA_68o5gfvSnM8CUsPut5gZr-gwVbQKPbBdCQtl_wXIMot7UNKYEiFV38x5EmUr-ShzQcditW6fciguuY1Qav502UE1UMXvt5p8-kYxw2AaaVd6iTgQBzkBrtvywMYWzIwzGNA70RvUhI2rlgcn8GEU_51Tv_NMHjp6CjDbAxQVKa0PlcRE4pd6yk_IJSR4Nska_8BQZdPbsFn--z_XHEDoRZQ1C1M6m77xVndg3zX0sNQPXfWsttCbBmaHvMKTOp0cH9rlWB9r9nTo9fn8jcfqlak2O2IAzfzsOdVfUrES6T1UWkWobs9usGgqJuIkZHbDd4tmXyPRT4wrU7hxEyE9cuvuZPAi8GYt80";
 pub const JWT_RSA1_AUD1_OK: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6InJzYTAxIn0.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJiQGIuY29tIiwiYXVkIjpbImF1ZDEiLCJhdWQyIl0sImV4cCI6MjAwMDAwMDAwMCwibmJmIjoxNTE2MjM5MDIyfQ.Wzf2NZWdngKEGGkSP42sWxD9zw8rjarslbjtflQ1UQ4TsbhDgasoLUhL6D483xmt30vRQIjzLeTWlsERva1rhyeZuif0sr9wqsQge5VEBDEt5CUwwi2KVpNhC75leChCN1VcA9IKJ3LodICaCw4ks6wrAM_29AbbH8jxlyZc25d0uAGdbc99c6-aQhfRmW68GMN7dryGTXfAoIsl70AHrMOt-1Csn8qoMsBUE1uKOFsnA6c8rGzVeeHx5N6dvCpXEsE7_rP6GClGa0qBkb2v8llgSPpPZlIklf2NnZYr3WW_hy__-VGitJXiniUfhzWqqDv-K773aQ0532V8SdBHZ9r6Ib7gtRCUqRX7VcK-HdMM9SPyGCXb1qSwOD_XuqGJ58IInzb-B7zde4d18Fy6jVmf27FXRZYAMX4YMVeEZgXnurGtghRqboxGy9nFznOK_uK9XSJmDjsHrLSIKqat158OhDvPj0tDCz_a7fn3fk2Yd8-QPSJIFQanInHahlBMlSLS4F2p5QM48ynoIl56bjam7XOO8A6hQipBQDHkQ5IWJaKtckRIf7wzhfp9ptOsB2MYqVO9mX0IcOQB7ydpxuj0AWacp7Z5JjdrZDekKJIEoBEEIzoxGqnJsg9fu8jkx287jy8WxaJ13uMm7ql1zqDLWXQb_PCVwW9t-99hDyM";
 pub const JWT_RSA2_OK: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6InJzYTAyIn0.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJiQGIuY29tIiwiZXhwIjoyMDAwMDAwMDAwLCJuYmYiOjE1MTYyMzkwMjJ9.tWyA4ve2CY6GruBch_qIf8f1PgCEhqmrZ1J5XBuwO_v-P-PSLe3MWpkPAMdIDE5QE19ItUcGdJblhiyPb0tJJtrDHVYER7q8X4fOjQjY_NlFK6Bd1GtZS2DCA5EPxIX8l7Jpn8fPvbyamagLwnB_waQaYBteTGnOkLmz3F3sqC8KdO9lyu5v7BknC1f56ZOvr_DiInkTiAsTWqX4nS2KYRjcz4HcxcPO7O0CFXqcOTF_e3ntmq4rQV9LHCaEnuXj2WZtnX423CMkcG0uYzsnmWAMPB6IlDKejPnAJThMjjuJhze1gGbP1U8c53UbEhfHEZgJ2N634YEXMfsojZ5VzQ";
 pub const JWT_EC1_OK: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImVjMDEifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJiQGIuY29tIiwiZXhwIjoyMDAwMDAwMDAwLCJuYmYiOjE1MTYyMzkwMjJ9.MvZm3Cxf78OQYpPkVGPAHaNf7GasHcvlF7ONJRxKVAntXbTru_dIdTRH0gz4xMIDg3a7HyfHWRLRhdxSNPjMPQ";
+pub const JWT_EC1_ES384_OK: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzM4NCIsImtpZCI6ImVjMDEtZXMzODQifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJiQGIuY29tIiwiZXhwIjoyMDAwMDAwMDAwLCJuYmYiOjE1MTYyMzkwMjJ9.IsGT5Zw4V_igQOGnk5KqyHDIUnEaqNU-1TEWFG0GDXf-vqkUqHg9iX0OJpt6iCJoio8srzNHivJ-JXoYG33olE71uv7AITPYEHS8yMMs53uIKP7LT-oq13-eHSmA9lIV";
 pub const JWT_EC1_AUD1_OK: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImVjMDEifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJiQGIuY29tIiwiYXVkIjpbImF1ZDEiLCJhdWQyIl0sImV4cCI6MjAwMDAwMDAwMCwibmJmIjoxNTE2MjM5MDIyfQ.mFveRLl0SiceOPmv2UKZwaUUqVO-q7NcDkjcEUU4aoBz_YR2UuHtKnYw_TsYIkCz5uCCuwGgGRUeC9_-14GrWQ";
 pub const JWT_EC2_OK: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImVjMDIifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJiQGIuY29tIiwiZXhwIjoyMDAwMDAwMDAwLCJuYmYiOjE1MTYyMzkwMjJ9.IRW3iOr-pwlDW-rFH_WRAwXZlk4qbxRRqrdJfm0XsGYmvp1Beqnj8L8jsMHtsJzs9PDsCEbwYXiU_u5vnOsIJA";
 pub const JWT_EC1_EXP_KO: &str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImVjMDEifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJzdWIiOiJib2IiLCJleHAiOjE1MTYyMzkwMjIsIm5iZiI6MTUxNjIzOTAyMn0.MNmY66S3NgSAbWwZP0hfC5pme3SM7B3yvFhBFLQH-cU3enP0G8bBzDOhpjmli9uKQitkIQxffwu2Au9wTUraTQ";

jwt-authorizer/tests/tests.rs

@@ -386,6 +386,14 @@ mod tests {
         .await;
         assert_eq!(response.status(), StatusCode::OK);
 
+        let response = make_proteced_request(
+            JwtAuthorizer::from_ec_pem("../config/ec384-public1.pem")
+                .validation(Validation::new().algs(vec![Algorithm::ES256, Algorithm::ES384])),
+            common::JWT_EC1_ES384_OK,
+        )
+        .await;
+        assert_eq!(response.status(), StatusCode::OK);
+
         // NOK - Invalid Alg
         let response = make_proteced_request(
             JwtAuthorizer::from_rsa_pem("../config/rsa-public1.pem")
@@ -393,7 +401,7 @@ mod tests {
             common::JWT_RSA1_OK,
         )
         .await;
-        assert_eq!(response.status(), StatusCode::OK);
+        assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
     }
 
     // --------------------