Skip to content

Commit

Permalink
修复密钥解密错误
Browse files Browse the repository at this point in the history
  • Loading branch information
@DeyiXu
DeyiXu committed May 22, 2020
1 parent 9fb1c4f commit 6456224
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 50 deletions.
6 changes: 5 additions & 1 deletion internal/controller/oauth2/oauth2.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,18 +132,22 @@ func Init() {
return
}
oauth2Server.VerifyIntrospectionToken = func(token, clientID string, tokenTypeHint ...string) (resp *oauth2.IntrospectionResponse, err error) {
logger.Debugf("oauth2Server.VerifyIntrospectionToken....")
var tokenClaims *oauth2.JwtClaims
tokenClaims, err = oauth2.ParseJwtClaimsToken(token, global.JwtPrivateKey)
tokenClaims, err = oauth2.ParseJwtClaimsToken(token, global.JwtPrivateKey.Public())
if err != nil {
logger.Errorf("oauth2.ParseJwtClaimsToken: %s", err)
err = oauth2.ErrServerError
return
}
if !tokenClaims.VerifyAudience([]string{clientID}, false) {
logger.Debugf("tokenClaims.VerifyAudience.....false")
err = oauth2.ErrInvalidClient
}
resp = new(oauth2.IntrospectionResponse)
resp.Active = true
if verr := tokenClaims.Valid(); verr != nil {
logger.Debugf("tokenClaims.Valid: %s", verr)
resp.Active = false
return
}
Expand Down
87 changes: 44 additions & 43 deletions internal/controller/oidc/openid_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,24 +143,25 @@ Pk78NMGbTCMJ65lA96vscXaSk0hF9Y83YY9Jjiju+uwWdnx74khb
tok, err := jose.ParseSigned(privateRaw)
fmt.Println("======================")
certPEM := `-----BEGIN CERTIFICATE-----
MIIDSjCCAjICCQDWXqh/wC9VZjANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJD
MIIDZjCCAk4CCQDPAI6eEEcsfDANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJD
TjERMA8GA1UECAwIU2hhbmRvbmcxDjAMBgNVBAcMBUppbmFuMQ8wDQYDVQQKDAZk
ZXZvcHMxDzANBgNVBAsMBmRldm9wczETMBEGA1UEAwwKbmlsb3JnLmNvbTAeFw0y
MDA1MTYxMjA5MjNaFw0yMTA1MTYxMjA5MjNaMGcxCzAJBgNVBAYTAkNOMREwDwYD
VQQIDAhTaGFuZG9uZzEOMAwGA1UEBwwFSmluYW4xDzANBgNVBAoMBmRldm9wczEP
MA0GA1UECwwGZGV2b3BzMRMwEQYDVQQDDApuaWxvcmcuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20St6pqB4LQvqT1Aq2jZPbrkpSiwFeQwiu6A
A2eBz3oYveYASCDzl/jXfPsY36b8VahDWmhgB/ie5Ku+R6yXiZcY9SYDiu8sMONw
dkhlIL4nP1oC97CffWf4vkt4mH7i5/rJWCd/MMLzjSmrMPdUOh9Jd2awNjUZ9QiV
TBogZeMo8b5inVBRfRcKAQDZYlo5/VkpaRBTqahh+RoIReX1MHy/LuPMJywPaqHp
Ih3dlwOvnY6QuFrPo3cF4B7mi/ofTeRX7xzm6z+uxVZGkUHAxgm4VMAYmiP0dLSz
yagA5IHUaPHVex8luTSR6DcbINm0bw9skUzI8zYPIGzI/rchSQIDAQABMA0GCSqG
SIb3DQEBBQUAA4IBAQAxCCdWsJjI0BNja2VhW4UjN+E2NiE5YQU0wZWtoPtc//lt
RziOGrZP82W6uh6BreonBu9JdNOJ0z+FYO957OrCrk6YBoFHe3l38KkQa13Vc4yG
2I4s1QPwor9rPRLcRQv4rB/ZS42IXXQBaCEHg+RfQ6oOX8E8YVpmRI8i3fBL4Zcf
KPiaI5i2Ey9p7ncV+7LhZ9+rZvMeA10v1jdXhl0rRphJjN+EyC+pHCu01NAaQKAo
Cj3vnvAfK8f8dEsZ9hUHLw1olVz0PbdsoUwdvULvVU5weVNyIGFfFMQeoZESrhxr
B36K98eWEdm2Wc3IY6OL2xj+DaYm8Tuyh9KzL9hU
ZXZvcHMxDzANBgNVBAsMBmRldm9wczEgMB4GA1UEAwwXYWNjb3VudHMuZGlhbmZl
bmc1OC5jb20wIBcNMjAwNTE3MTIxODQxWhgPMzAxOTA5MTgxMjE4NDFaMHQxCzAJ
BgNVBAYTAkNOMREwDwYDVQQIDAhTaGFuZG9uZzEOMAwGA1UEBwwFSmluYW4xDzAN
BgNVBAoMBmRldm9wczEPMA0GA1UECwwGZGV2b3BzMSAwHgYDVQQDDBdhY2NvdW50
cy5kaWFuZmVuZzU4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKc8v+6nheA3aQB3Cl6eHbdOT+kzRVDmmh+mKO0PPWkoyXKP+2clRpSf6itqOg7H
pJVeE6xaQfdXAZsvIRf970C/bjre0m5zknlUqWLdFB0jH7XbmfYX88j22NF2wEJs
BiMDAxkKr3Vhb/7lVjw3o1PNMcaH8eUExWRP9fc7dwbMFiIw+8DTiUdXrgfcRqSD
pr+cyLCucNdFzRFYranDXaCNrVIgFuBBRoG/whi5/qqEAhJ4dtOqDSlZEJzbkLYR
ufTjXX15T6w8HtyRV5r7PZXemTv55n2xm7UmMpzQKvEp0TW4ZageZ92oyPDOApux
CuJuoe4++L0u1qm/WDZpyDUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAK2IE2mBd
Y+JNzzdPqSPMHUuA8SYrgW3pm04rPzOM3KKTwc9hPuQoUeZBg2YAkH5GOi5CPHT/
qT7VJ3o0svN4a12Sd8muqPEbCR3LMbjst6rW192rvwo90+8wPc2eicFCK7vzCqIN
NRwZV784rMz9qMKzXxI36t6OGawsXn8BWKajh2ewxLr5WLSdrdYAl+7BqQLYV3yu
pcMtcIOnwg610vBBr4CsYl/lj5JnNwgLb2J23iK9zPF86iHmk+HzQy2SyqX/u1It
H402+bAq3Pp163qUjQYlfNG9ttB8xfkK53hU9SRgCQanNbCY8s9P/p604ysypkcG
UAmLvAHgYEWfSg==
-----END CERTIFICATE-----`
block, _ := pem.Decode([]byte(certPEM))
if block == nil {
Expand Down Expand Up @@ -200,31 +201,31 @@ B36K98eWEdm2Wc3IY6OL2xj+DaYm8Tuyh9KzL9hU

func TestOAuth2Token(t *testing.T) {
rsaPrivateKeyPEM := []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA20St6pqB4LQvqT1Aq2jZPbrkpSiwFeQwiu6AA2eBz3oYveYA
SCDzl/jXfPsY36b8VahDWmhgB/ie5Ku+R6yXiZcY9SYDiu8sMONwdkhlIL4nP1oC
97CffWf4vkt4mH7i5/rJWCd/MMLzjSmrMPdUOh9Jd2awNjUZ9QiVTBogZeMo8b5i
nVBRfRcKAQDZYlo5/VkpaRBTqahh+RoIReX1MHy/LuPMJywPaqHpIh3dlwOvnY6Q
uFrPo3cF4B7mi/ofTeRX7xzm6z+uxVZGkUHAxgm4VMAYmiP0dLSzyagA5IHUaPHV
ex8luTSR6DcbINm0bw9skUzI8zYPIGzI/rchSQIDAQABAoIBAQDazaAXOfNcvbHJ
2jvMUKZn+TXssbt1PO5L1U+dFg7tcVN7PCcP0wIBpumx6AecNtAa0fvUHc+mZKx6
V/9bGpllTYg0KajjXWPlrTAueHOhxt73UuUfMfsVc0k+66T917Cp+RIui8taZ1AO
j4QrKsO79Dilk61HipnKcLQ66t9liv4Uf/oxOjfvjaw0+mRDgD2eulTNE+pSIw6L
uZXduUcpZkYenXCIS+YfRjKMJGHdCiy0bj8887vg0JiqF+mPxGo1UrOMrkWtC4am
Fht7IMUO5KnfBveL1rMB3ed8LRie9B5EOopRoBZ7PhZ31sqlimYargHGnZwYH8BH
HzazCGwBAoGBAO8N14JcbqEcs0VpGqyuuBffheu3+6waGt90MhYEMVJsL07qLkIw
8P4zvPDthXMncrLBC7VJzKkZ7hmww3/qZX5xYjeSVggxG149I1Kncqn9l9BW/Qes
IEmTUfDE8Js6mQfJVxf7qKDsN9E5N90Oj2j4XZK2ECfaLKbwWfDv3IBBAoGBAOrP
x/jm9s6Y6KBzxBkXK0jtx2PGM1KxwJFcH9TKgz1A5yue0I1gVdU5Yf3HQowkUGJK
lT2sUHh1JXUWd2gSrZ5ba6Fc7yITIRUYjAJaW4JKvGtk59QsdRUsHiKsMxmM1GJl
/uDuZem+EiSA4R9ZZZSHAIfQY2VJD3MLDWVMvt8JAoGAJDebo/NvC1e2zVhMI0dh
OrSxrHG2Xm+iDKKlB/LgqhUb4b/W/E4/5LNf97x0kGq0lOJsbK3epOv5x8ihBds0
P0DcWYEBKcKO2+s1U8tsstZpzrWvJh9s0NjR/EFKFqp9DtHxMP/+n0rKdhdOIF6Z
WZTvUE/nCLKkOzKE3dzpMkECgYAYkkmwyCqHkAS31aVtorkK1qcIz9LLEoK+M0+5
ar+1BzepnuLgCHay62BPuCxEkgA/aOKZI5EAKfITgJhaMaotag+nQRxdCndpx7nO
/TmaNsvkyRhhYY2W+5jjs/Vc9Rm8ekPjsc7EWPl5DGuCZk507nOlwq7ECJMvTLbI
JPHMUQKBgF9O0xzJu7NwR1njqeU1MWdo8nzmb9F2itsYRXmOtC+rjTs3uqWBqlu3
TE+L0j3o3S6navSHhzzcZLwozW6otHfDcmfFBQG48zbH7YgBVuTnSQyegEpSUHRa
Pk78NMGbTCMJ65lA96vscXaSk0hF9Y83YY9Jjiju+uwWdnx74khb
MIIEogIBAAKCAQEApzy/7qeF4DdpAHcKXp4dt05P6TNFUOaaH6Yo7Q89aSjJco/7
ZyVGlJ/qK2o6DseklV4TrFpB91cBmy8hF/3vQL9uOt7SbnOSeVSpYt0UHSMftduZ
9hfzyPbY0XbAQmwGIwMDGQqvdWFv/uVWPDejU80xxofx5QTFZE/19zt3BswWIjD7
wNOJR1euB9xGpIOmv5zIsK5w10XNEVitqcNdoI2tUiAW4EFGgb/CGLn+qoQCEnh2
06oNKVkQnNuQthG59ONdfXlPrDwe3JFXmvs9ld6ZO/nmfbGbtSYynNAq8SnRNbhl
qB5n3ajI8M4Cm7EK4m6h7j74vS7Wqb9YNmnINQIDAQABAoIBAFYP3z2znCN8oF6K
5B05BVXVyS3bIqq1YU80NQ95rkK1qKV6DwhPmHjXqqxY6DO+7aWoWjtx30yny73O
jRtJpJwPZ2yISoZol1I1DU5BMx6jeqgdsKeCQASFc6Knl90WtjnCTQ/P/edME1R7
NNucTkLL7/eY8hTHVcV/mLZ4NZKbEybuZ5KxuoubqXqkUnL4RrZCbA/Q3+N6UvFN
w4aUd9zoPfATMwU7VL5pI4madJpQjqukcV3cna59fBiFenskoEOj7UrTtcZv8h/P
jQ3Hsg5c9L7PovUlBnmltxSoPBM0e066afG3sgkKpRGTNN8sj8mYQhd8M+2wLEdv
CEd1UUECgYEA1I3btTrhJBaqcQcwXKlYks1SAUGVnxnK+bTqTxZ1iEldEalunjmb
1jmVPD0Z2wRGa/Usis7O0B+XCNVDgpGbL2C89SIs/hIbqHPmBShQg/O+zpryXZvs
Kmtvxwpptjwwmnw9Q+Pzm5I7ruK8nYX4ogZPQsVGvT9bPM0eh5zMOUkCgYEAyWui
wZ50XfQpuxR0QGXPeig8w66y7PEvaub7+RoVHPhWT8f1M4sDi/1PBM/3agnhhTN7
pNUJLhtMat35Z4ojWmBhfFROowxCzE5FinyW9eML3Yvo1xL9HWBkTLxxKxE9ilFq
jIjPwinHkMUez8Zy15rzD241bp9caffeUOCPY40CgYAIf1NVP3FYu/88XYk1ax+7
XrH0kuakYaeXq//iAYfZVvV9i0R81tjAC7VHnzm1Y8pc7oRFWFc0Qs8K71uvkJqf
nkJvmloqHhc0+M0tT5tIayopoFAoJd+fIoRpdKUdP/LBek4ItMg8Y/A24aGguoZi
E9Z/WNunHS1MlPavfTk84QKBgHGWD3ycvQbW0Em96Sj/wRckZc/8Ts6r3I+unt4F
RW7G5PWsz6w3ctKZENyn4uCbneAd/lYgBUNJBbkmYKVxEyq+O3t/l7D/ExRf93t3
czJKzcAsTCwteyv71dQoWLFu0YOVEj8aT/8wzGfpocyOHulTakqDXgJ6QAVKUMbP
PE1pAoGAJvplll85jDa4TbH6kR/iCEyPHH4x19cUdf/50iS20gP8kK1rXz3R2Y6o
l/7rd1IUFq+7PvSm2y/quRbNDx/GduoTUjxwWJrDt6/x5KnD5l6B+iwJ0kMMfkCx
TG7xfFjm50rCcibX7oQEhlZgavYHvnhTCqb1cYKfOtvd6Gv87qY=
-----END RSA PRIVATE KEY-----`)
rsaPrivatePEMBlock, _ := pem.Decode(rsaPrivateKeyPEM)
if rsaPrivatePEMBlock == nil {
Expand All @@ -239,7 +240,7 @@ Pk78NMGbTCMJ65lA96vscXaSk0hF9Y83YY9Jjiju+uwWdnx74khb
Subject: "subject",
Issuer: "http://localhost:8080",
NotBefore: time.Now().Unix(),
Audience: []string{"naas-oidc-test"},
Audience: []string{"1001"},
ExpiresAt: time.Now().Add(24 * time.Hour).Unix(),
},
}
Expand Down
13 changes: 7 additions & 6 deletions internal/pkg/token/jwt.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package token

import (
"crypto/rsa"
"strings"
"time"

Expand All @@ -10,7 +11,7 @@ import (
)

// NewGenerateAccessToken 创建默认生成AccessToken方法
func NewGenerateAccessToken(key interface{}, idTokenEnabled bool) oauth2.GenerateAccessTokenFunc {
func NewGenerateAccessToken(key *rsa.PrivateKey, idTokenEnabled bool) oauth2.GenerateAccessTokenFunc {
return func(issuer, clientID, scope, openID string, codeVlue *oauth2.CodeValue) (token *oauth2.TokenResponse, err error) {
scopeSplit := sdkStrings.Split(scope, " ")
idTokenFlag := false
Expand Down Expand Up @@ -86,10 +87,10 @@ func NewGenerateAccessToken(key interface{}, idTokenEnabled bool) oauth2.Generat
}

// NewRefreshAccessToken 创建默认刷新AccessToken方法
func NewRefreshAccessToken(key interface{}) oauth2.RefreshAccessTokenFunc {
func NewRefreshAccessToken(key *rsa.PrivateKey) oauth2.RefreshAccessTokenFunc {
return func(clientID, refreshToken string) (token *oauth2.TokenResponse, err error) {
refreshTokenClaims := &oauth2.JwtClaims{}
refreshTokenClaims, err = oauth2.ParseJwtClaimsToken(refreshToken, key)
refreshTokenClaims, err = oauth2.ParseJwtClaimsToken(refreshToken, key.Public())
if err != nil {
return
}
Expand All @@ -104,7 +105,7 @@ func NewRefreshAccessToken(key interface{}) oauth2.RefreshAccessTokenFunc {
refreshTokenClaims.ExpiresAt = time.Now().Add(oauth2.AccessTokenExpire).Unix()

var tokenClaims *oauth2.JwtClaims
tokenClaims, err = oauth2.ParseJwtClaimsToken(refreshTokenClaims.ID, key)
tokenClaims, err = oauth2.ParseJwtClaimsToken(refreshTokenClaims.ID, key.Public())
if err != nil {
return
}
Expand Down Expand Up @@ -133,8 +134,8 @@ func NewRefreshAccessToken(key interface{}) oauth2.RefreshAccessTokenFunc {
}

// NewParseAccessToken 创建默认解析AccessToken方法
func NewParseAccessToken(key interface{}) oauth2.ParseAccessTokenFunc {
func NewParseAccessToken(key *rsa.PrivateKey) oauth2.ParseAccessTokenFunc {
return func(accessToken string) (claims *oauth2.JwtClaims, err error) {
return oauth2.ParseJwtClaimsToken(accessToken, key)
return oauth2.ParseJwtClaimsToken(accessToken, key.Public())
}
}
49 changes: 49 additions & 0 deletions internal/pkg/token/jwt_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
package token

import (
"os"
"testing"

"github.com/nilorg/naas/internal/module/global"
"github.com/nilorg/oauth2"
"github.com/nilorg/pkg/logger"
"github.com/spf13/viper"
)

func TestMain(m *testing.M) {
logger.Init()
viper.SetConfigType("yaml") // or viper.SetConfigType("YAML")
configFilename := "configs/config.yaml"
if v := os.Getenv("NAAS_CONFIG"); v != "" {
configFilename = v
}
viper.SetConfigFile(configFilename)
err := viper.ReadInConfig() // Find and read the config file
if err != nil { // Handle errors reading the config file
logger.Fatalf("Fatal error config file: %s ", err)
}
global.Init()
m.Run()
}

func TestJwtToken(t *testing.T) {
logger.Debugln("TestJwtToken....")
var (
err error
tokenResponse *oauth2.TokenResponse
claims *oauth2.JwtClaims
)
gat := NewGenerateAccessToken(global.JwtPrivateKey, true)
tokenResponse, err = gat("naas", "1001", "openid profile", "1111", nil)
if err != nil {
t.Error(err)
return
}
pat := NewParseAccessToken(global.JwtPrivateKey)
claims, err = pat(tokenResponse.AccessToken)
if err != nil {
t.Error(err)
return
}
t.Log(claims)
}

0 comments on commit 6456224

Please sign in to comment.