diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProvider.kt b/src/main/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProvider.kt index 39e19e8f..1d1d72a4 100644 --- a/src/main/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProvider.kt +++ b/src/main/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProvider.kt @@ -5,6 +5,7 @@ import com.nimbusds.jose.JWSAlgorithm import com.nimbusds.jose.JWSHeader import com.nimbusds.jose.crypto.RSASSASigner import com.nimbusds.jose.jwk.JWKSet +import com.nimbusds.jose.jwk.KeyUse import com.nimbusds.jose.jwk.RSAKey import com.nimbusds.jwt.JWTClaimsSet import com.nimbusds.jwt.SignedJWT @@ -124,6 +125,7 @@ class OAuth2TokenProvider { private fun createRSAKey(keyID: String, keyPair: KeyPair) = RSAKey.Builder(keyPair.public as RSAPublicKey) .privateKey(keyPair.private as RSAPrivateKey) + .keyUse(KeyUse.SIGNATURE) .keyID(keyID) .build() } diff --git a/src/test/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProviderTest.kt b/src/test/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProviderTest.kt new file mode 100644 index 00000000..2ba9d223 --- /dev/null +++ b/src/test/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenProviderTest.kt @@ -0,0 +1,24 @@ +package no.nav.security.mock.oauth2.token + +import com.nimbusds.jose.jwk.KeyType +import com.nimbusds.jose.jwk.KeyUse +import io.kotest.matchers.shouldBe +import io.kotest.matchers.shouldNotBe +import org.junit.jupiter.api.Test + +internal class OAuth2TokenProviderTest { + private val jwkSet = OAuth2TokenProvider().publicJwkSet() + + @Test + fun `public jwks returns public part of JWKs`() = + jwkSet.keys.any { it.isPrivate } shouldNotBe true + + @Test + fun `all keys in public jwks should contain kty, use and kid`() { + jwkSet.keys.forEach { + it.keyID shouldNotBe null + it.keyType shouldBe KeyType.RSA + it.keyUse shouldBe KeyUse.SIGNATURE + } + } +}