Get a JWKS on the web

3 files changed, 69 insertions, 0 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 172abf3..c8b4e9a 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -6,8 +6,10 @@ TESTS = %reldir%/load-library.scm \
   %reldir%/jwk-kty-ec-incorrect.scm \
   %reldir%/jwk-kty-rsa-correct.scm \
   %reldir%/jwk-kty-rsa-incorrect.scm \
+  %reldir%/jwk-public.scm \
   %reldir%/hash-ok.scm \
   %reldir%/hash-unsupported.scm \
+  %reldir%/jwks-get.scm \
   %reldir%/jkt.scm \
   %reldir%/verify.scm \
   %reldir%/verification-failed.scm \
diff --git a/tests/jwk-public.scm b/tests/jwk-public.scm
new file mode 100644
index 0000000..d82c80b
--- /dev/null
+++ b/tests/jwk-public.scm
@@ -0,0 +1,10 @@
+(use-modules (webid-oidc jwk)
+             (webid-oidc testing))
+
+(with-test-environment
+ "jwk-public"
+ (lambda ()
+   (let ((key
+          '((kty . "RSA") (alg . "RS256") (n . "sV158-MQ-5-sP2iTJibiMap1ug8tNY97laOud3Se_3jd4INq36NwhLpgU3FC5SCfJOs9wehTLzv_hBuo-sW0JNjAEtMEE-SDtx5486gjymDR-5Iwv7bgt25tD0cDgiboZLt1RLn-nP-V3zgYHZa_s9zLjpNyArsWWcSh6tWe2R8yW6BqS8l4_9z8jkKeyAwWmdpkY8BtKS0zZ9yljiCxKvs8CKjfHmrayg45sZ8V1-aRcjtR2ECxATHjE8L96_oNddZ-rj2axf2vTmnkx3OvIMgx0tZ0ycMG6Wy8wxxaR5ir2LV3Gkyfh72U7tI8Q1sokPmH6G62JcduNY66jEQlvQ") (kid . "dedc012d07f52aedfd5f97784e1bcbe23c19724d") (use . "sig") (e . "AQAB"))))
+     (unless (jwk-public? key)
+       (exit 1)))))
diff --git a/tests/jwks-get.scm b/tests/jwks-get.scm
new file mode 100644
index 0000000..4584c8d
--- /dev/null
+++ b/tests/jwks-get.scm
@@ -0,0 +1,57 @@
+(use-modules (webid-oidc jwk)
+             (webid-oidc testing)
+             (webid-oidc cache)
+             (web uri)
+             (srfi srfi-19)
+             (web response))
+
+(with-test-environment
+ "jwks-get"
+ (lambda ()
+   (define* (respond uri #:key (headers '()))
+     (unless (null? headers)
+       (exit 1))
+     (when (string? uri)
+       (set! uri (string->uri uri)))
+     (if (string=? (uri->string uri) "https://example.com/keys")
+         (values
+          (build-response #:headers `((expires . ,(time-utc->date (make-time time-utc 0 10)))
+                                      (content-type application/json (charset . "utf-8"))))
+          "{
+  \"keys\": [
+    {
+      \"e\": \"AQAB\",
+      \"use\": \"sig\",
+      \"kid\": \"dedc012d07f52aedfd5f97784e1bcbe23c19724d\",
+      \"n\": \"sV158-MQ-5-sP2iTJibiMap1ug8tNY97laOud3Se_3jd4INq36NwhLpgU3FC5SCfJOs9wehTLzv_hBuo-sW0JNjAEtMEE-SDtx5486gjymDR-5Iwv7bgt25tD0cDgiboZLt1RLn-nP-V3zgYHZa_s9zLjpNyArsWWcSh6tWe2R8yW6BqS8l4_9z8jkKeyAwWmdpkY8BtKS0zZ9yljiCxKvs8CKjfHmrayg45sZ8V1-aRcjtR2ECxATHjE8L96_oNddZ-rj2axf2vTmnkx3OvIMgx0tZ0ycMG6Wy8wxxaR5ir2LV3Gkyfh72U7tI8Q1sokPmH6G62JcduNY66jEQlvQ\",
+      \"alg\": \"RS256\",
+      \"kty\": \"RSA\"
+    },
+    {
+      \"alg\": \"RS256\",
+      \"kid\": \"2e3025f26b595f96eac907cc2b9471422bcaeb93\",
+      \"e\": \"AQAB\",
+      \"use\": \"sig\",
+      \"kty\": \"RSA\",
+      \"n\": \"syWuIlYmoWSl5rBQGOtYGwO5OCCZnhoWBCyl-x5gby5ofc4HNhBoVVMUggk-f_MH-pyMI5yRYsS_aPQ2bmSox2s4i9cPhxqtSAYMhTPwSwQ2BROC7xxi_N0ovp5Ivut5q8TwAn5kQZa_jR9d7JO20BUB7UqbMkBsqg2J8QTtMJ9YtA5BmUn4Y6vhIjTFtvrA6iM4i1cKoUD5Rirt5CYpcKwsLxBZbVk4E4rqgv7G0UlWt6NAs-z7XDkchlNBVpMUuiUBzxHl4LChc7dsWXRaO5vhu3j_2WnxuWCQZPlGoB51jD_ynZ027hhIcoa_tXg28_qb5Al78ZttiRCQDKueAQ\"
+    }
+  ]
+}
+")
+         (exit 2)))
+   (define current-time 0)
+   (define cache-http-get
+     (with-cache
+      #:current-time
+      (lambda ()
+        (make-time time-utc 0 current-time))
+      #:http-get respond))
+   (define jwks (get-jwks "https://example.com/keys"
+                          #:http-get cache-http-get))
+   (define keys (jwks-keys jwks))
+   (unless (eq? (length keys) 2)
+     (exit 3))
+   (map (lambda (k)
+          (unless (jwk-public? k)
+            (exit 4)))
+        keys)))