diff --git a/modules/openid-federation-client/src/jvmTest/kotlin/com/sphereon/oid/fed/client/validation/MockJwtService.kt b/modules/openid-federation-client/src/jvmTest/kotlin/com/sphereon/oid/fed/client/validation/MockJwtService.kt new file mode 100644 index 00000000..4aac5382 --- /dev/null +++ b/modules/openid-federation-client/src/jvmTest/kotlin/com/sphereon/oid/fed/client/validation/MockJwtService.kt @@ -0,0 +1,57 @@ +package com.sphereon.oid.fed.client.validation + +import com.nimbusds.jose.JOSEObjectType +import com.nimbusds.jose.JWSAlgorithm +import com.nimbusds.jose.JWSHeader +import com.nimbusds.jose.JWSSigner +import com.nimbusds.jose.JWSVerifier +import com.nimbusds.jose.crypto.ECDSASigner +import com.nimbusds.jose.crypto.ECDSAVerifier +import com.nimbusds.jose.jwk.ECKey +import com.nimbusds.jwt.JWTClaimsSet +import com.nimbusds.jwt.SignedJWT +import com.sphereon.oid.fed.common.jwt.IJwtService +import com.sphereon.oid.fed.common.jwt.JwtSignInput +import com.sphereon.oid.fed.common.jwt.JwtVerifyInput +import com.sphereon.oid.fed.openapi.models.JWTHeader +import kotlinx.serialization.encodeToString +import kotlinx.serialization.json.Json +import kotlinx.serialization.json.JsonObject + +class MockJwtService : IJwtService { + + override suspend fun sign(input: JwtSignInput): String { + val jwkJsonString = Json.encodeToString(input.key) + val ecJWK = ECKey.parse(jwkJsonString) + val signer: JWSSigner = ECDSASigner(ecJWK) + val jwsHeader = input.header.toJWSHeader() + + val signedJWT = SignedJWT( + jwsHeader, JWTClaimsSet.parse(JsonObject(input.payload).toString()) + ) + + signedJWT.sign(signer) + return signedJWT.serialize() + } + + override suspend fun verify(input: JwtVerifyInput): Boolean { + try { + val jwkJsonString = Json.encodeToString(input.key) + val ecKey = ECKey.parse(jwkJsonString) + val verifier: JWSVerifier = ECDSAVerifier(ecKey) + val signedJWT = SignedJWT.parse(input.jwt) + val verified = signedJWT.verify(verifier) + return verified + } catch (e: Exception) { + throw Exception("Couldn't verify the JWT Signature: ${e.message}", e) + } + } + + private fun JWTHeader.toJWSHeader(): JWSHeader { + val type = typ + return JWSHeader.Builder(JWSAlgorithm.parse(alg)).apply { + type(JOSEObjectType(type)) + keyID(kid) + }.build() + } +} diff --git a/modules/openid-federation-client/src/jvmTest/kotlin/com/sphereon/oid/fed/client/validation/TrustChainValidationTest.kt b/modules/openid-federation-client/src/jvmTest/kotlin/com/sphereon/oid/fed/client/validation/TrustChainValidationTest.kt index 3a486ad0..a202a9c6 100644 --- a/modules/openid-federation-client/src/jvmTest/kotlin/com/sphereon/oid/fed/client/validation/TrustChainValidationTest.kt +++ b/modules/openid-federation-client/src/jvmTest/kotlin/com/sphereon/oid/fed/client/validation/TrustChainValidationTest.kt @@ -1,21 +1,9 @@ package com.sphereon.oid.fed.client.validation -import com.nimbusds.jose.JOSEObjectType -import com.nimbusds.jose.JWSAlgorithm -import com.nimbusds.jose.JWSHeader -import com.nimbusds.jose.JWSSigner -import com.nimbusds.jose.JWSVerifier -import com.nimbusds.jose.crypto.ECDSASigner -import com.nimbusds.jose.crypto.ECDSAVerifier import com.nimbusds.jose.jwk.Curve import com.nimbusds.jose.jwk.ECKey import com.nimbusds.jose.jwk.gen.ECKeyGenerator -import com.nimbusds.jwt.JWTClaimsSet -import com.nimbusds.jwt.SignedJWT -import com.sphereon.oid.fed.client.OidFederationClientService.TRUST_CHAIN_VALIDATION -import com.sphereon.oid.fed.common.jwt.IJwtService import com.sphereon.oid.fed.common.jwt.JwtSignInput -import com.sphereon.oid.fed.common.jwt.JwtVerifyInput import com.sphereon.oid.fed.openapi.models.* import io.ktor.client.engine.mock.* import io.ktor.client.engine.mock.MockEngine.Companion.invoke @@ -23,7 +11,6 @@ import io.ktor.http.* import junit.framework.TestCase.assertTrue import kotlinx.coroutines.runBlocking import kotlinx.coroutines.test.runTest -import kotlinx.serialization.encodeToString import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonArray import kotlinx.serialization.json.JsonObject @@ -34,48 +21,11 @@ import java.time.OffsetDateTime import kotlin.test.Test import kotlin.test.assertEquals -class JwtServiceImpl : IJwtService { - override suspend fun sign(input: JwtSignInput): String { - val jwkJsonString = Json.encodeToString(input.key) - val ecJWK = ECKey.parse(jwkJsonString) - val signer: JWSSigner = ECDSASigner(ecJWK) - val jwsHeader = input.header.toJWSHeader() - - val signedJWT = SignedJWT( - jwsHeader, JWTClaimsSet.parse(JsonObject(input.payload).toString()) - ) - - signedJWT.sign(signer) - return signedJWT.serialize() - } - - override suspend fun verify(input: JwtVerifyInput): Boolean { - try { - val jwkJsonString = Json.encodeToString(input.key) - val ecKey = ECKey.parse(jwkJsonString) - val verifier: JWSVerifier = ECDSAVerifier(ecKey) - val signedJWT = SignedJWT.parse(input.jwt) - val verified = signedJWT.verify(verifier) - return verified - } catch (e: Exception) { - throw Exception("Couldn't verify the JWT Signature: ${e.message}", e) - } - } - - private fun JWTHeader.toJWSHeader(): JWSHeader { - val type = typ - return JWSHeader.Builder(JWSAlgorithm.parse(alg)).apply { - type(JOSEObjectType(type)) - keyID(kid) - }.build() - } -} - class TrustChainValidationTest { companion object { - val jwtService = JwtServiceImpl() + val jwtService = MockJwtService() // key pairs val partyBKeyPair = ECKeyGenerator(Curve.P_256).generate()