diff options
Diffstat (limited to 'src/service/identity/test_plugin_rest_identity_signature.sh')
-rwxr-xr-x | src/service/identity/test_plugin_rest_identity_signature.sh | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/src/service/identity/test_plugin_rest_identity_signature.sh b/src/service/identity/test_plugin_rest_identity_signature.sh new file mode 100755 index 000000000..a4d5fa5d7 --- /dev/null +++ b/src/service/identity/test_plugin_rest_identity_signature.sh | |||
@@ -0,0 +1,81 @@ | |||
1 | #!/usr/bin/bash | ||
2 | |||
3 | # https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3 | ||
4 | |||
5 | header='{"alg":"EdDSA"}' | ||
6 | payload='Example of Ed25519 signing' | ||
7 | key='{ "kty":"OKP", | ||
8 | "crv":"Ed25519", | ||
9 | "d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A", | ||
10 | "x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" | ||
11 | }' | ||
12 | |||
13 | header_payload_test="eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc" | ||
14 | signature_test="hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg" | ||
15 | |||
16 | base64url_add_padding() { | ||
17 | for i in $( seq 1 $(( 4 - ${#1} % 4 )) ); do padding+="="; done | ||
18 | echo "$1""$padding" | ||
19 | } | ||
20 | |||
21 | base64url_encode () { | ||
22 | echo -n -e "$1" | base64 -w0 | tr '+/' '-_' | tr -d '=' | ||
23 | } | ||
24 | |||
25 | base64url_decode () { | ||
26 | padded_input=$(base64url_add_padding "$1") | ||
27 | echo -n "$padded_input" | basenc --base64url -d | ||
28 | } | ||
29 | |||
30 | base32crockford_encode () { | ||
31 | echo -n -e "$1" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' | ||
32 | } | ||
33 | |||
34 | echo -n "jwk: " | ||
35 | echo $key | jq | ||
36 | |||
37 | # Create Header | ||
38 | # 65556 (decimal) | ||
39 | # = 00000000-00000001-00000000-00010100 (binary little endian) | ||
40 | # = 00-01-00-14 (hex little endian) | ||
41 | header_hex=("00" "01" "00" "14") | ||
42 | |||
43 | # Convert secret JWK to HEX array | ||
44 | key_hex=( $( base64url_decode $( echo -n "$key" | jq -r '.d' ) | xxd -p | tr -d '\n' | fold -w 2 | tr '\n' ' ' ) ) | ||
45 | |||
46 | # Concat header and key | ||
47 | header_key_hex=(${header_hex[@]} ${key_hex[@]}) | ||
48 | |||
49 | # Encode with Base32Crogford | ||
50 | key_gnunet=$(echo -n "${header_key_hex[*]}" | tr -d " " | xxd -p -r | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' | tr -d "=") | ||
51 | echo "gnunet skey: $key_gnunet" | ||
52 | |||
53 | # Create ego | ||
54 | gnunet-identity -C ego9696595726 -X -P "$key_gnunet" | ||
55 | |||
56 | # Test base64url encoding and header.payload generation | ||
57 | header_payload_enc="$(base64url_encode "$header").$(base64url_encode "$payload")" | ||
58 | if [ $header_payload_enc != $header_payload_test ] ; | ||
59 | then | ||
60 | exit 1 | ||
61 | fi | ||
62 | echo "header.payload: $header_payload_enc" | ||
63 | |||
64 | # Sign JWT | ||
65 | signature_enc=$(curl -s "localhost:7776/sign?user=ego9696595726&data=$header_payload_enc" | jq -r '.signature') | ||
66 | jwt="$header_payload_enc.$signature_enc" | ||
67 | echo "header.payload.signature: $jwt" | ||
68 | |||
69 | gnunet-identity -D ego9696595726 | ||
70 | |||
71 | if [ $signature_enc != $signature_test ] | ||
72 | then | ||
73 | echo "Signature does not check out:" | ||
74 | echo "$signature_enc" | ||
75 | echo "$signature_test" | ||
76 | exit 1 | ||
77 | else | ||
78 | echo "Signature does check out!" | ||
79 | exit 1 | ||
80 | fi | ||
81 | |||