add keyUse to public jwks (#20)

navikt · Nov 19, 2020 · 5485b2a · 5485b2a
1 parent dfd52bc
commit 5485b2a
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProvider.kt b/src/main/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProvider.kt
@@ -5,6 +5,7 @@ import com.nimbusds.jose.JWSAlgorithm
 import com.nimbusds.jose.JWSHeader
 import com.nimbusds.jose.crypto.RSASSASigner
 import com.nimbusds.jose.jwk.JWKSet
+import com.nimbusds.jose.jwk.KeyUse
 import com.nimbusds.jose.jwk.RSAKey
 import com.nimbusds.jwt.JWTClaimsSet
 import com.nimbusds.jwt.SignedJWT
@@ -124,6 +125,7 @@ class OAuth2TokenProvider {
         private fun createRSAKey(keyID: String, keyPair: KeyPair) =
             RSAKey.Builder(keyPair.public as RSAPublicKey)
                 .privateKey(keyPair.private as RSAPrivateKey)
+                .keyUse(KeyUse.SIGNATURE)
                 .keyID(keyID)
                 .build()
     }

diff --git a/src/test/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProviderTest.kt b/src/test/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProviderTest.kt
@@ -0,0 +1,24 @@
+package no.nav.security.mock.oauth2.token
+
+import com.nimbusds.jose.jwk.KeyType
+import com.nimbusds.jose.jwk.KeyUse
+import io.kotest.matchers.shouldBe
+import io.kotest.matchers.shouldNotBe
+import org.junit.jupiter.api.Test
+
+internal class OAuth2TokenProviderTest {
+    private val jwkSet = OAuth2TokenProvider().publicJwkSet()
+
+    @Test
+    fun `public jwks returns public part of JWKs`() =
+        jwkSet.keys.any { it.isPrivate } shouldNotBe true
+
+    @Test
+    fun `all keys in public jwks should contain kty, use and kid`() {
+        jwkSet.keys.forEach {
+            it.keyID shouldNotBe null
+            it.keyType shouldBe KeyType.RSA
+            it.keyUse shouldBe KeyUse.SIGNATURE
+        }
+    }
+}