From 69842584047621142e75e1d25dab4652c8c96bf3 Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 17:27:54 +1000 Subject: [PATCH 1/9] Update JWTVerify.mjs Enable verification of RSASHA256 and 512 tokens --- src/core/operations/JWTVerify.mjs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs index 996ac2e3..9cc42c30 100644 --- a/src/core/operations/JWTVerify.mjs +++ b/src/core/operations/JWTVerify.mjs @@ -47,6 +47,8 @@ class JWTVerify extends Operation { "HS256", "HS384", "HS512", + "RS256", + "RS512", "none" ]}); From 139d25dff9df86a47c2e96f9a60aaec68b0b5e59 Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 17:40:04 +1000 Subject: [PATCH 2/9] Update JWTVerify.mjs Update RSASHA256 test with the public key derived from the pre-existing private key, and expect a working testcase. --- tests/operations/tests/JWTVerify.mjs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/operations/tests/JWTVerify.mjs b/tests/operations/tests/JWTVerify.mjs index f9944f6b..42c0681e 100644 --- a/tests/operations/tests/JWTVerify.mjs +++ b/tests/operations/tests/JWTVerify.mjs @@ -32,6 +32,12 @@ fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523 Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw== -----END RSA PRIVATE KEY-----`; +const rsPub = `-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd +UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs +HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D +o2kQ+X5xK9cipRgEKwIDAQAB +-----END PUBLIC KEY-----`; const esKey = `-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2 OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r @@ -53,11 +59,11 @@ TestRegister.addTests([ { name: "JWT Verify: RS", input: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.MjEJhtZk2nXzigi24piMzANmrj3mILHJcDl0xOjl5a8EgdKVL1oaMEjTkMQp5RA8YrqeRBFaX-BGGCKOXn5zPY1DJwWsBUyN9C-wGR2Qye0eogH_3b4M9EW00TPCUPXm2rx8URFj7Wg9VlsmrGzLV2oKkPgkVxuFSxnpO3yjn1Y", - expectedOutput: invalidAlgorithm, + expectedOutput: outputObject, recipeConfig: [ { op: "JWT Verify", - args: [rsKey], + args: [rsPub], } ], }, From 4bbeb6caa38ca286f7652ce2c53fd473ca7276fe Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 17:42:42 +1000 Subject: [PATCH 3/9] Update JWTVerify.mjs Add expectation for working RSASHA256 test, and comment out unused privatekey. --- tests/operations/tests/JWTVerify.mjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/operations/tests/JWTVerify.mjs b/tests/operations/tests/JWTVerify.mjs index 42c0681e..cb41112e 100644 --- a/tests/operations/tests/JWTVerify.mjs +++ b/tests/operations/tests/JWTVerify.mjs @@ -17,7 +17,7 @@ const outputObject = JSON.stringify({ const invalidAlgorithm = "JsonWebTokenError: invalid algorithm"; const hsKey = "secret_cat"; -const rsKey = `-----BEGIN RSA PRIVATE KEY----- +/*const rsKey = `-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw 33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW +jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB @@ -31,7 +31,7 @@ Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523 Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw== ------END RSA PRIVATE KEY-----`; +-----END RSA PRIVATE KEY-----`;*/ const rsPub = `-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs From e228b197f974aecb4440c844e7c9d6a825fbc4b4 Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 17:45:42 +1000 Subject: [PATCH 4/9] Update JWTVerify.mjs --- tests/operations/tests/JWTVerify.mjs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/operations/tests/JWTVerify.mjs b/tests/operations/tests/JWTVerify.mjs index cb41112e..f4cf75b4 100644 --- a/tests/operations/tests/JWTVerify.mjs +++ b/tests/operations/tests/JWTVerify.mjs @@ -17,7 +17,8 @@ const outputObject = JSON.stringify({ const invalidAlgorithm = "JsonWebTokenError: invalid algorithm"; const hsKey = "secret_cat"; -/*const rsKey = `-----BEGIN RSA PRIVATE KEY----- +/* Retaining private key as a comment +const rsKey = `-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw 33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW +jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB @@ -31,7 +32,8 @@ Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523 Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw== ------END RSA PRIVATE KEY-----`;*/ +-----END RSA PRIVATE KEY-----`; +*/ const rsPub = `-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs From 63dff0d34dee6ade59c385af7feb1ac188799ffb Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 17:55:44 +1000 Subject: [PATCH 5/9] Update JWTVerify.mjs Enabled validation of ECSHA256 JWT tokens in the tests --- tests/operations/tests/JWTVerify.mjs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/operations/tests/JWTVerify.mjs b/tests/operations/tests/JWTVerify.mjs index f4cf75b4..860b9ad2 100644 --- a/tests/operations/tests/JWTVerify.mjs +++ b/tests/operations/tests/JWTVerify.mjs @@ -40,11 +40,17 @@ UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D o2kQ+X5xK9cipRgEKwIDAQAB -----END PUBLIC KEY-----`; +/* Retaining private key as a comment const esKey = `-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2 OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r 1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G -----END PRIVATE KEY-----`; +*/ +const esPub = `-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9 +q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg== +-----END PUBLIC KEY-----`; TestRegister.addTests([ { @@ -72,11 +78,11 @@ TestRegister.addTests([ { name: "JWT Verify: ES", input: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.WkECT51jSfpRkcpQ4x0h5Dwe7CFBI6u6Et2gWp91HC7mpN_qCFadRpsvJLtKubm6cJTLa68xtei0YrDD8fxIUA", - expectedOutput: invalidAlgorithm, + expectedOutput: outputObject, recipeConfig: [ { op: "JWT Verify", - args: [esKey], + args: [esPub], } ], } From fa05cf1d78692e4941a1ffcd1a6e120446ea6266 Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 17:58:49 +1000 Subject: [PATCH 6/9] Update JWTVerify.mjs Enabled ESRSA verification. --- src/core/operations/JWTVerify.mjs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs index 9cc42c30..1b4e92fa 100644 --- a/src/core/operations/JWTVerify.mjs +++ b/src/core/operations/JWTVerify.mjs @@ -48,7 +48,11 @@ class JWTVerify extends Operation { "HS384", "HS512", "RS256", + "RS384", "RS512", + "ES256", + "ES384", + "ES512", "none" ]}); From 1bcb8e433d7c0e49f26c7bd4e67e1a295b9245b5 Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 18:10:54 +1000 Subject: [PATCH 7/9] Update JWTVerify.mjs --- tests/operations/tests/JWTVerify.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/operations/tests/JWTVerify.mjs b/tests/operations/tests/JWTVerify.mjs index 860b9ad2..017bcf04 100644 --- a/tests/operations/tests/JWTVerify.mjs +++ b/tests/operations/tests/JWTVerify.mjs @@ -14,7 +14,7 @@ const outputObject = JSON.stringify({ iat: 1 }, null, 4); -const invalidAlgorithm = "JsonWebTokenError: invalid algorithm"; +// const invalidAlgorithm = "JsonWebTokenError: invalid algorithm"; const hsKey = "secret_cat"; /* Retaining private key as a comment From d5a0adea0c127e68012da80e88c72ef274efb045 Mon Sep 17 00:00:00 2001 From: aussieklutz Date: Sat, 6 Feb 2021 18:35:46 +1000 Subject: [PATCH 8/9] Update JWTVerify.mjs --- src/core/operations/JWTVerify.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs index 1b4e92fa..5773e100 100644 --- a/src/core/operations/JWTVerify.mjs +++ b/src/core/operations/JWTVerify.mjs @@ -27,7 +27,7 @@ class JWTVerify extends Operation { this.outputType = "JSON"; this.args = [ { - name: "Private/Secret Key", + name: "Public/Secret Key", type: "text", value: "secret" }, From 24548e3a48b99480a4005e744c28463bcef42609 Mon Sep 17 00:00:00 2001 From: n1474335 Date: Tue, 9 Feb 2021 14:23:02 +0000 Subject: [PATCH 9/9] Tidied up JWT tests --- src/core/operations/JWTVerify.mjs | 4 +++- tests/operations/tests/JWTVerify.mjs | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs index ae698d42..604edc9c 100644 --- a/src/core/operations/JWTVerify.mjs +++ b/src/core/operations/JWTVerify.mjs @@ -42,9 +42,11 @@ class JWTVerify extends Operation { */ run(input, args) { const [key] = args; + const algos = JWT_ALGORITHMS; + algos[algos.indexOf("None")] = "none"; try { - const verified = jwt.verify(input, key, { algorithms: JWT_ALGORITHMS }); + const verified = jwt.verify(input, key, { algorithms: algos }); if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") { throw new OperationError(verified.message); diff --git a/tests/operations/tests/JWTVerify.mjs b/tests/operations/tests/JWTVerify.mjs index 017bcf04..0a0817cc 100644 --- a/tests/operations/tests/JWTVerify.mjs +++ b/tests/operations/tests/JWTVerify.mjs @@ -14,11 +14,9 @@ const outputObject = JSON.stringify({ iat: 1 }, null, 4); -// const invalidAlgorithm = "JsonWebTokenError: invalid algorithm"; - const hsKey = "secret_cat"; /* Retaining private key as a comment -const rsKey = `-----BEGIN RSA PRIVATE KEY----- +const rsPriv = `-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw 33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW +jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB @@ -41,7 +39,7 @@ HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D o2kQ+X5xK9cipRgEKwIDAQAB -----END PUBLIC KEY-----`; /* Retaining private key as a comment -const esKey = `-----BEGIN PRIVATE KEY----- +const esPriv = `-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2 OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r 1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G