signature=ca3da65e915f7d09b6ae2068371c31d1,lua-resty-jwt/sign-verify.t at ee1d024071f872e2b5a66eaaf9...

最新推荐文章于 2023-08-24 11:11:16 发布
最新推荐文章于 2023-08-24 11:11:16 发布
阅读量2.6k 收藏
点赞数
文章标签: signature=ca3da65e915f7d09b6ae2068371c31d1

use Test::Nginx::Socket::Lua;

repeat_each(2);

plan tests => repeat_each() * (3 * blocks());

our $HttpConfig = <

lua_package_path 'lib/?.lua;;';

_EOC_

no_long_string();

run_tests();

__DATA__

=== TEST 1: JWT sign HS256

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

"lua-resty-jwt",

{

header={typ="JWT",alg="HS256"},

raw_header=jwt:jwt_encode("{\\"typ\\":\\"JWT\\",\\"alg\\":\\"HS256\\"}"),

raw_payload=jwt:jwt_encode("{\\"foo\\":\\"bar\\"}")

}

)

ngx.say(jwt_token)

';

}

--- request

GET /t

--- response_body

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.VAoRL1IU0nOguxURF2ZcKR0SGKE1gCbqwyh8u2MLAyY

--- no_error_log

[error]

=== TEST 2: JWT sign HS512

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

"lua-resty-jwt",

{

header={typ="JWT",alg="HS512"},

raw_header=jwt:jwt_encode("{\\"typ\\":\\"JWT\\",\\"alg\\":\\"HS512\\"}"),

raw_payload=jwt:jwt_encode("{\\"foo\\":\\"bar\\"}")

}

)

ngx.say(jwt_token)

';

}

--- request

GET /t

--- response_body

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJmb28iOiJiYXIifQ._r7cUx1935GlmpI41mElmYQJlY4LqAZ50mdLyPUaVfbbC13Afhi6NmrqQvk1yefSSIn3ZOJ0h9Rvwm_RtbsInA

--- no_error_log

[error]

=== TEST 3: JWT verify invalid

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_obj = jwt:verify(

"lua-resty-jwt", "invalid-random-str"

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

false

invalid jwt string

--- no_error_log

[error]

=== TEST 4: JWT verify wrong signature

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_obj = jwt:verify(

"lua-resty-jwt",

"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9" ..

".eyJmb28iOiJiYXIifQ" ..

".signature"

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

false

signature mismatch: signature

--- no_error_log

[error]

=== TEST 5: JWT simple verify with no validation option

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_obj = jwt:verify(

"lua-resty-jwt",

"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9" ..

".eyJmb28iOiJiYXIifQ" ..

".VAoRL1IU0nOguxURF2ZcKR0SGKE1gCbqwyh8u2MLAyY",

{ }

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

--- no_error_log

[error]

=== TEST 6: JWT sign and verify

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

"lua-resty-jwt",

{

header={typ="JWT",alg="HS256"},

payload={foo="bar", exp=9999999999}

}

)

local jwt_obj = jwt:verify("lua-resty-jwt", jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

bar

--- no_error_log

[error]

=== TEST 7: JWT sign and verify RS256

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDETMBEGCgmSJomT8ixk\nARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmRvY2tlcjETMBEGA1UECgwKRG9ja2Vy\nIEluYzEfMB0GA1UECwwWRG9ja2VyIFRlc3QgU2lnbmluZyBDQTEfMB0GA1UEAwwW\nRG9ja2VyIFRlc3QgU2lnbmluZyBDQTAeFw0xNTA1MTMyMzAxMzlaFw0xNzA1MTIy\nMzAxMzlaMGsxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZk\nb2NrZXIxEzARBgNVBAoMCkRvY2tlciBJbmMxDDAKBgNVBAsMA2h1YjEZMBcGA1UE\nAwwQaHViZ3cuZG9ja2VyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBANt4HzdXTDX9yklf5wemrt39peRmdJAHpodYn3PQBhkv8VGEU5+kpV8M9zg5\nj7SSjOED9+3LZ09l6iTBT+dQCJMEgyHN1gHPzkyjklrKfCC6yIKUIt+I/oUoHm3e\nloACrJZXYniZxCpiDf5JeitHCaVxJRGj+MXORe5SVY+V7MLlA3NSDHX6gIhknq59\nBOmSVJyww3Ka54kYtZwz3KZzMdrfvCdkjiCeD1zMJwYX6IU9z746DfHNuMnsH7Di\nmrzhoX/3CMFj9sXdpcrzFSlMDqUxIQunFyN6G4JKZywf9Dvs30Ay6q8gBhursRFd\nx6otDl0z7tqfJkA3e4GSt4/DR7MCAwEAAaOBpDCBoTAOBgNVHQ8BAf8EBAMCBLAw\nCQYDVR0TBAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\nBwMDMB0GA1UdDgQWBBQa440jFVFkVPsnGp3sp2bEdtz+6jAfBgNVHSMEGDAWgBQi\nzqX0zdgLeF6GAy7a+zvT4pBCLjAbBgNVHREEFDASghBodWJndy5kb2NrZXIuY29t\nMA0GCSqGSIb3DQEBBQUAA4IBAQB8PdN14gs6zB2m2eB1JpyoFSwho4O1z9UkZqdb\nGUB5SmElVydR2nOMLLUuJoa1zTd1FcX0zlHtDKuRXmO7xaPtrH4Uxiq3Lpu7i2WB\nUDTnMXuzX7hzc5DeU7k7mMbwKRkb+kijJTkET6wcaJwwDSyhzOCZgXW3V0WjHdbD\nprJc52tUk3CHOZY8iZWDVf9gHQpVeJnKzospXJRs3qQksEzD6ciRXu0VHnxeC0DP\n5pnQC17Kkm1QOCHRrsIGDHk9wB1zJlMoeMgIPrCLcC0GappmUlHSMka+3MZYgeW4\nAVlzdia3EYSUuM8Gb5tjSSm/6rTOnXR+zL4PBhNZdAD17hyY\n-----END CERTIFICATE-----';

set $key '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbeB83V0w1/cpJ\nX+cHpq7d/aXkZnSQB6aHWJ9z0AYZL/FRhFOfpKVfDPc4OY+0kozhA/fty2dPZeok\nwU/nUAiTBIMhzdYBz85Mo5JaynwgusiClCLfiP6FKB5t3paAAqyWV2J4mcQqYg3+\nSXorRwmlcSURo/jFzkXuUlWPlezC5QNzUgx1+oCIZJ6ufQTpklScsMNymueJGLWc\nM9ymczHa37wnZI4gng9czCcGF+iFPc++Og3xzbjJ7B+w4pq84aF/9wjBY/bF3aXK\n8xUpTA6lMSELpxcjehuCSmcsH/Q77N9AMuqvIAYbq7ERXceqLQ5dM+7anyZAN3uB\nkrePw0ezAgMBAAECggEBAIZga0SYN/qK9ROuG6fsn/8eMjfBn7ccaBNQ6PihM0qy\ntyABVK5XwkWLi8cqP1oBrS6NHn3D3/KWZSGyFzl7IHTb+2p0PIeJdDgqow7iEdR8\naQ7CowOZPrXLFa6R7jZc7M10nb9X7utAdG7xEFN1QGvC9j5x1n1OyjScxvSOiJPf\nQMyR7pAUW3GoNYBdgs8YWmMU7SiS8hp4LRsQ2aJpZUexUVk3o1E3ZIeM/joE+jFZ\nNX+rL0Aqmn0JVgKqZI2CbDB5AwJdSpUYd/m0Ko3E/Hxdu/CbeJqdjSl4ArVIyRBL\nJWY4aMbC81B6ftYGyjpBujXIoyTYNIhf+CYYXzNrsOkCgYEA8J4ajDpKtxowkbIj\nT+9FTY54d+SWcvwEKA22KayyFwx/mXWTnfsylzF6JbGAiZKSG9gbUOP1LsoGDsGj\nhFdLMSfmi151IbOJg1l74E7nM5bqW9ULGyLBOpWlvopXt31jV6uQd/t/+gdflyw0\nMtr642krwfz8UOshkeEIsk+7mmUCgYEA6X/omGsvMyLpa2IWjxwuw+51pCdIoZvL\n7BpV1YHqwO8jWVv1KKpOKzrYZVu93w0WMCHoG/g9FGQtOBmMRk2OKOxmCF+H1or4\nI1+iI/dhTPA2tEeAELX+yGtu4fpEHe+dga1QCNdq06366rn0bhWB5hst1DdVQnXn\n+0KjhLmg7DcCgYAxqQ/lnSpKfBdGGrP7DXEKPrtSU1VRyf25norYMxJWe3fiXkfn\nNS8N0WJaYTYcLqoFIScSHNo/m+aAKSrsZ2/XZ1rHrOkT2ZAqEc/lTaOeHCmmZmPy\nZ8vloXkhyD+uWSylrX0VpkyVd+wcsTzcuiFJyi0Dzojs0nqNNxqqYpZfmQKBgDep\npUIIcyUGkoxlwqj09/T/OI4cS0UzRaaQFJwkL1k06MFZmZTLHH1TtthayWWN0hdB\nTfq076KXyuvPs0/jFxuMVzpxw4kScdrE5nsactiLfw706IOTTxxp9/Ho3iogv/R0\n41poN/AkTmd8UteXSvMW0ZMAadPBFb8hAKgYNFN7AoGAbw6WYYPnhikP7gqWmTh0\n0SOeET5WbRfseiUWMfLGL+R5GmNiBhw63n8srz+KJVLJv0PJ/WKDR7o/Hxjv3w9c\ndkqcFG1MW2NKjrdxztptrRaSD7JyA750rB+CsrwvqzJCvwbulp1iRfWkTqq2fnUU\nQvpxhOYnq/ZlXPjUiE5w67w=\n-----END PRIVATE KEY-----';

set $pub_key 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23gfN1dMNf3KSV/nB6au3f2l5GZ0kAemh1ifc9AGGS/xUYRTn6SlXwz3ODmPtJKM4QP37ctnT2XqJMFP51AIkwSDIc3WAc/OTKOSWsp8ILrIgpQi34j+hSgebd6WgAKslldieJnEKmIN/kl6K0cJpXElEaP4xc5F7lJVj5XswuUDc1IMdfqAiGSern0E6ZJUnLDDcprniRi1nDPcpnMx2t+8J2SOIJ4PXMwnBhfohT3PvjoN8c24yewfsOKavOGhf/cIwWP2xd2lyvMVKUwOpTEhC6cXI3obgkpnLB/0O+zfQDLqryAGG6uxEV3Hqi0OXTPu2p8mQDd7gZK3j8NHswIDAQAB';

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5c={

ngx.var.pub_key,

} },

payload={foo="bar", exp=9999999999}

}

)

local jwt_obj = jwt:verify(ngx.var.cert, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

bar

--- no_error_log

[error]

=== TEST 8: RS256 malformed header

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDETMBEGCgmSJomT8ixk\nARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmRvY2tlcjETMBEGA1UECgwKRG9ja2Vy\nIEluYzEfMB0GA1UECwwWRG9ja2VyIFRlc3QgU2lnbmluZyBDQTEfMB0GA1UEAwwW\nRG9ja2VyIFRlc3QgU2lnbmluZyBDQTAeFw0xNTA1MTMyMzAxMzlaFw0xNzA1MTIy\nMzAxMzlaMGsxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZk\nb2NrZXIxEzARBgNVBAoMCkRvY2tlciBJbmMxDDAKBgNVBAsMA2h1YjEZMBcGA1UE\nAwwQaHViZ3cuZG9ja2VyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBANt4HzdXTDX9yklf5wemrt39peRmdJAHpodYn3PQBhkv8VGEU5+kpV8M9zg5\nj7SSjOED9+3LZ09l6iTBT+dQCJMEgyHN1gHPzkyjklrKfCC6yIKUIt+I/oUoHm3e\nloACrJZXYniZxCpiDf5JeitHCaVxJRGj+MXORe5SVY+V7MLlA3NSDHX6gIhknq59\nBOmSVJyww3Ka54kYtZwz3KZzMdrfvCdkjiCeD1zMJwYX6IU9z746DfHNuMnsH7Di\nmrzhoX/3CMFj9sXdpcrzFSlMDqUxIQunFyN6G4JKZywf9Dvs30Ay6q8gBhursRFd\nx6otDl0z7tqfJkA3e4GSt4/DR7MCAwEAAaOBpDCBoTAOBgNVHQ8BAf8EBAMCBLAw\nCQYDVR0TBAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\nBwMDMB0GA1UdDgQWBBQa440jFVFkVPsnGp3sp2bEdtz+6jAfBgNVHSMEGDAWgBQi\nzqX0zdgLeF6GAy7a+zvT4pBCLjAbBgNVHREEFDASghBodWJndy5kb2NrZXIuY29t\nMA0GCSqGSIb3DQEBBQUAA4IBAQB8PdN14gs6zB2m2eB1JpyoFSwho4O1z9UkZqdb\nGUB5SmElVydR2nOMLLUuJoa1zTd1FcX0zlHtDKuRXmO7xaPtrH4Uxiq3Lpu7i2WB\nUDTnMXuzX7hzc5DeU7k7mMbwKRkb+kijJTkET6wcaJwwDSyhzOCZgXW3V0WjHdbD\nprJc52tUk3CHOZY8iZWDVf9gHQpVeJnKzospXJRs3qQksEzD6ciRXu0VHnxeC0DP\n5pnQC17Kkm1QOCHRrsIGDHk9wB1zJlMoeMgIPrCLcC0GappmUlHSMka+3MZYgeW4\nAVlzdia3EYSUuM8Gb5tjSSm/6rTOnXR+zL4PBhNZdAD17hyY\n-----END CERTIFICATE-----';

set $key '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbeB83V0w1/cpJ\nX+cHpq7d/aXkZnSQB6aHWJ9z0AYZL/FRhFOfpKVfDPc4OY+0kozhA/fty2dPZeok\nwU/nUAiTBIMhzdYBz85Mo5JaynwgusiClCLfiP6FKB5t3paAAqyWV2J4mcQqYg3+\nSXorRwmlcSURo/jFzkXuUlWPlezC5QNzUgx1+oCIZJ6ufQTpklScsMNymueJGLWc\nM9ymczHa37wnZI4gng9czCcGF+iFPc++Og3xzbjJ7B+w4pq84aF/9wjBY/bF3aXK\n8xUpTA6lMSELpxcjehuCSmcsH/Q77N9AMuqvIAYbq7ERXceqLQ5dM+7anyZAN3uB\nkrePw0ezAgMBAAECggEBAIZga0SYN/qK9ROuG6fsn/8eMjfBn7ccaBNQ6PihM0qy\ntyABVK5XwkWLi8cqP1oBrS6NHn3D3/KWZSGyFzl7IHTb+2p0PIeJdDgqow7iEdR8\naQ7CowOZPrXLFa6R7jZc7M10nb9X7utAdG7xEFN1QGvC9j5x1n1OyjScxvSOiJPf\nQMyR7pAUW3GoNYBdgs8YWmMU7SiS8hp4LRsQ2aJpZUexUVk3o1E3ZIeM/joE+jFZ\nNX+rL0Aqmn0JVgKqZI2CbDB5AwJdSpUYd/m0Ko3E/Hxdu/CbeJqdjSl4ArVIyRBL\nJWY4aMbC81B6ftYGyjpBujXIoyTYNIhf+CYYXzNrsOkCgYEA8J4ajDpKtxowkbIj\nT+9FTY54d+SWcvwEKA22KayyFwx/mXWTnfsylzF6JbGAiZKSG9gbUOP1LsoGDsGj\nhFdLMSfmi151IbOJg1l74E7nM5bqW9ULGyLBOpWlvopXt31jV6uQd/t/+gdflyw0\nMtr642krwfz8UOshkeEIsk+7mmUCgYEA6X/omGsvMyLpa2IWjxwuw+51pCdIoZvL\n7BpV1YHqwO8jWVv1KKpOKzrYZVu93w0WMCHoG/g9FGQtOBmMRk2OKOxmCF+H1or4\nI1+iI/dhTPA2tEeAELX+yGtu4fpEHe+dga1QCNdq06366rn0bhWB5hst1DdVQnXn\n+0KjhLmg7DcCgYAxqQ/lnSpKfBdGGrP7DXEKPrtSU1VRyf25norYMxJWe3fiXkfn\nNS8N0WJaYTYcLqoFIScSHNo/m+aAKSrsZ2/XZ1rHrOkT2ZAqEc/lTaOeHCmmZmPy\nZ8vloXkhyD+uWSylrX0VpkyVd+wcsTzcuiFJyi0Dzojs0nqNNxqqYpZfmQKBgDep\npUIIcyUGkoxlwqj09/T/OI4cS0UzRaaQFJwkL1k06MFZmZTLHH1TtthayWWN0hdB\nTfq076KXyuvPs0/jFxuMVzpxw4kScdrE5nsactiLfw706IOTTxxp9/Ho3iogv/R0\n41poN/AkTmd8UteXSvMW0ZMAadPBFb8hAKgYNFN7AoGAbw6WYYPnhikP7gqWmTh0\n0SOeET5WbRfseiUWMfLGL+R5GmNiBhw63n8srz+KJVLJv0PJ/WKDR7o/Hxjv3w9c\ndkqcFG1MW2NKjrdxztptrRaSD7JyA750rB+CsrwvqzJCvwbulp1iRfWkTqq2fnUU\nQvpxhOYnq/ZlXPjUiE5w67w=\n-----END PRIVATE KEY-----';

content_by_lua '

local jwt = require "resty.jwt"

jwt:set_trusted_certs_file("/path/to/cert")

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5c={nil, } },

payload={foo="bar"}

}

)

local jwt_obj = jwt:verify(ngx.var.cert, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

false

Unsupported RS256 key model

bar

--- no_error_log

[error]

=== TEST 9: RS256 malformed header 2

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDETMBEGCgmSJomT8ixk\nARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmRvY2tlcjETMBEGA1UECgwKRG9ja2Vy\nIEluYzEfMB0GA1UECwwWRG9ja2VyIFRlc3QgU2lnbmluZyBDQTEfMB0GA1UEAwwW\nRG9ja2VyIFRlc3QgU2lnbmluZyBDQTAeFw0xNTA1MTMyMzAxMzlaFw0xNzA1MTIy\nMzAxMzlaMGsxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZk\nb2NrZXIxEzARBgNVBAoMCkRvY2tlciBJbmMxDDAKBgNVBAsMA2h1YjEZMBcGA1UE\nAwwQaHViZ3cuZG9ja2VyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBANt4HzdXTDX9yklf5wemrt39peRmdJAHpodYn3PQBhkv8VGEU5+kpV8M9zg5\nj7SSjOED9+3LZ09l6iTBT+dQCJMEgyHN1gHPzkyjklrKfCC6yIKUIt+I/oUoHm3e\nloACrJZXYniZxCpiDf5JeitHCaVxJRGj+MXORe5SVY+V7MLlA3NSDHX6gIhknq59\nBOmSVJyww3Ka54kYtZwz3KZzMdrfvCdkjiCeD1zMJwYX6IU9z746DfHNuMnsH7Di\nmrzhoX/3CMFj9sXdpcrzFSlMDqUxIQunFyN6G4JKZywf9Dvs30Ay6q8gBhursRFd\nx6otDl0z7tqfJkA3e4GSt4/DR7MCAwEAAaOBpDCBoTAOBgNVHQ8BAf8EBAMCBLAw\nCQYDVR0TBAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\nBwMDMB0GA1UdDgQWBBQa440jFVFkVPsnGp3sp2bEdtz+6jAfBgNVHSMEGDAWgBQi\nzqX0zdgLeF6GAy7a+zvT4pBCLjAbBgNVHREEFDASghBodWJndy5kb2NrZXIuY29t\nMA0GCSqGSIb3DQEBBQUAA4IBAQB8PdN14gs6zB2m2eB1JpyoFSwho4O1z9UkZqdb\nGUB5SmElVydR2nOMLLUuJoa1zTd1FcX0zlHtDKuRXmO7xaPtrH4Uxiq3Lpu7i2WB\nUDTnMXuzX7hzc5DeU7k7mMbwKRkb+kijJTkET6wcaJwwDSyhzOCZgXW3V0WjHdbD\nprJc52tUk3CHOZY8iZWDVf9gHQpVeJnKzospXJRs3qQksEzD6ciRXu0VHnxeC0DP\n5pnQC17Kkm1QOCHRrsIGDHk9wB1zJlMoeMgIPrCLcC0GappmUlHSMka+3MZYgeW4\nAVlzdia3EYSUuM8Gb5tjSSm/6rTOnXR+zL4PBhNZdAD17hyY\n-----END CERTIFICATE-----';

set $key '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbeB83V0w1/cpJ\nX+cHpq7d/aXkZnSQB6aHWJ9z0AYZL/FRhFOfpKVfDPc4OY+0kozhA/fty2dPZeok\nwU/nUAiTBIMhzdYBz85Mo5JaynwgusiClCLfiP6FKB5t3paAAqyWV2J4mcQqYg3+\nSXorRwmlcSURo/jFzkXuUlWPlezC5QNzUgx1+oCIZJ6ufQTpklScsMNymueJGLWc\nM9ymczHa37wnZI4gng9czCcGF+iFPc++Og3xzbjJ7B+w4pq84aF/9wjBY/bF3aXK\n8xUpTA6lMSELpxcjehuCSmcsH/Q77N9AMuqvIAYbq7ERXceqLQ5dM+7anyZAN3uB\nkrePw0ezAgMBAAECggEBAIZga0SYN/qK9ROuG6fsn/8eMjfBn7ccaBNQ6PihM0qy\ntyABVK5XwkWLi8cqP1oBrS6NHn3D3/KWZSGyFzl7IHTb+2p0PIeJdDgqow7iEdR8\naQ7CowOZPrXLFa6R7jZc7M10nb9X7utAdG7xEFN1QGvC9j5x1n1OyjScxvSOiJPf\nQMyR7pAUW3GoNYBdgs8YWmMU7SiS8hp4LRsQ2aJpZUexUVk3o1E3ZIeM/joE+jFZ\nNX+rL0Aqmn0JVgKqZI2CbDB5AwJdSpUYd/m0Ko3E/Hxdu/CbeJqdjSl4ArVIyRBL\nJWY4aMbC81B6ftYGyjpBujXIoyTYNIhf+CYYXzNrsOkCgYEA8J4ajDpKtxowkbIj\nT+9FTY54d+SWcvwEKA22KayyFwx/mXWTnfsylzF6JbGAiZKSG9gbUOP1LsoGDsGj\nhFdLMSfmi151IbOJg1l74E7nM5bqW9ULGyLBOpWlvopXt31jV6uQd/t/+gdflyw0\nMtr642krwfz8UOshkeEIsk+7mmUCgYEA6X/omGsvMyLpa2IWjxwuw+51pCdIoZvL\n7BpV1YHqwO8jWVv1KKpOKzrYZVu93w0WMCHoG/g9FGQtOBmMRk2OKOxmCF+H1or4\nI1+iI/dhTPA2tEeAELX+yGtu4fpEHe+dga1QCNdq06366rn0bhWB5hst1DdVQnXn\n+0KjhLmg7DcCgYAxqQ/lnSpKfBdGGrP7DXEKPrtSU1VRyf25norYMxJWe3fiXkfn\nNS8N0WJaYTYcLqoFIScSHNo/m+aAKSrsZ2/XZ1rHrOkT2ZAqEc/lTaOeHCmmZmPy\nZ8vloXkhyD+uWSylrX0VpkyVd+wcsTzcuiFJyi0Dzojs0nqNNxqqYpZfmQKBgDep\npUIIcyUGkoxlwqj09/T/OI4cS0UzRaaQFJwkL1k06MFZmZTLHH1TtthayWWN0hdB\nTfq076KXyuvPs0/jFxuMVzpxw4kScdrE5nsactiLfw706IOTTxxp9/Ho3iogv/R0\n41poN/AkTmd8UteXSvMW0ZMAadPBFb8hAKgYNFN7AoGAbw6WYYPnhikP7gqWmTh0\n0SOeET5WbRfseiUWMfLGL+R5GmNiBhw63n8srz+KJVLJv0PJ/WKDR7o/Hxjv3w9c\ndkqcFG1MW2NKjrdxztptrRaSD7JyA750rB+CsrwvqzJCvwbulp1iRfWkTqq2fnUU\nQvpxhOYnq/ZlXPjUiE5w67w=\n-----END PRIVATE KEY-----';

content_by_lua '

local jwt = require "resty.jwt"

jwt:set_trusted_certs_file("/path/to/cert")

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5c={"not a valid certificate", } },

payload={foo="bar"}

}

)

local jwt_obj = jwt:verify(ngx.var.cert, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

false

Malformed x5c header

bar

--- no_error_log

[error]

=== TEST 10: RS256 unsupported alg

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

jwt:set_alg_whitelist({RS256=1})

local jwt_obj = jwt:verify(

"lua-resty-jwt",

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."

.. "eyJmb28iOiJiYXIifQ."

.. "VxhQcGihWyHuJeHhpUiq2FU7aW2s_3ZJlY6h1kdlmJY"

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

false

whitelist unsupported alg: HS256

--- no_error_log

[error]

=== TEST 11: JWT sign and verify RS256 - Take 2

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\nA1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\nMRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\nYiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\nODIyMDUyNzQxWhcNMTcwODIxMDUyNzQxWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\nCAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\nZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0z9FeMynsC8+u\ndvX+LciZxnh5uRj4C9S6tNeeAlIGCfQYk0zUcNFCoCkTknNQd/YEiawDLNbxBqut\nbMDZ1aarys1a0lYmUeVLCIqvzBkPJTSQsCopQQ9V8WuT252zzNzs68dVGNdCJd5J\nNRQykpwexmnjPPv0mvj7i8XgG379TyW6P+WWV5okeUkXJ9eJS2ouDYdR2SM9BoVW\n+FgxDu6BmXhozW5EfsnajFp7HL8kQClI0QOc79yuKl3492rH6bzFsFn2lfwWy9ic\n7cP8EpCTeFp1tFaD+vxBhPZkeTQ1HKx6hQ5zeHIB5ySJJZ7af2W8r4eTGYzbdRW2\n4DDHCPhZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQMv+BFvGdMVzkQaQ3/+2noVz\n/uAKbzpEL8xTcxYyP3lkOeh4FoxiSWqy5pGFALdPONoDuYFpLhjJSZaEwuvjI/Tr\nrGhLV1pRG9frwDFshqD2Vaj4ENBCBh6UpeBop5+285zQ4SI7q4U9oSebUDJiuOx6\n+tZ9KynmrbJpTSi0+BM=\n-----END CERTIFICATE-----';

set $key '-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAtM/RXjMp7AvPrnb1/i3ImcZ4ebkY+AvUurTXngJSBgn0GJNM\n1HDRQqApE5JzUHf2BImsAyzW8QarrWzA2dWmq8rNWtJWJlHlSwiKr8wZDyU0kLAq\nKUEPVfFrk9uds8zc7OvHVRjXQiXeSTUUMpKcHsZp4zz79Jr4+4vF4Bt+/U8luj/l\nlleaJHlJFyfXiUtqLg2HUdkjPQaFVvhYMQ7ugZl4aM1uRH7J2oxaexy/JEApSNED\nnO/cripd+Pdqx+m8xbBZ9pX8FsvYnO3D/BKQk3hadbRWg/r8QYT2ZHk0NRyseoUO\nc3hyAeckiSWe2n9lvK+HkxmM23UVtuAwxwj4WQIDAQABAoIBAE76H0d4La2PEy3v\nhE98DA0vJdx1PzTJZigPacb42H8OxfIeFQcOKDlj381OwNO7MliVEe9pHJG3CjH8\nONhtfBm5wa0UBtFCIFd/6aQUEDYPWECC0kemxV4Sz5yL5vxsVWufKThAW3XnOIrd\nhm74nvzKSeIZ9yvGrU6ipNHY8MUPm0DQVrVYE5MiKjKVExQ4uRAolV2hlmeQDlSt\nk85S0TUOWO1EvJZhsVVs7dBjjY10hIjv3gZPAO8CN85JzMeaNbmWv4RQj0B997in\nrqlOa5qYYt80tAWO4hmPRKCrv6PgThz8C0Cd8AgwNzvQD2d4JpmxxTzBT6/5lRng\nHhj/wQECgYEA2jxC0a4lGmp1q2aYE1Zyiq0UqjxA92pwFYJg3800MLkf96A+dOhd\nwDAc5aAKN8vQV5g33vKi5+pIHWUCskhTS8/PPGrfeqIvtphCj6b7LKosBOhdzrRD\nOsr+Az/SiR2h5l2lr/v7I8I86RTY7MBk4QcRb601kSagWLDNVzSSdhECgYEA1Bm0\n0sByqkQmFoUNRjwmShPfJeVLTCr1G4clljl6MqHmGyRDHxtcp1+CXlyJJemLQY2A\nqrM7/T4x2ta6ME2WgDydFe9M8oU3BbefNYovS6YnoyBqxCx7yZ1vO0Jo40rZI8Bi\nKoCi6e0Hugg4xyPRz9TTNLmr/yEC1qQesMhM9ckCgYEArsT7rfgMdq8zNOSgfTwJ\n1sztc7d1P67ZvCABfLlVRn+6/hAydGVyTus4+RvFkxGB8+RPOhiOJbQVtJSkKCqL\nqnbtu7DK7+ba1xvwkiJjnE1bm0KLfXIXNQpDik6eSHiWo2nzuo/Ne8GeDftIDbG2\nGBAVAp5v+6I3X0+X4nKTqEECgYEAwT4Cj5mjXxnkEdR7eahHwmpEf0RfzC+/Tate\nRXZsrUDwY34wYWEOk7fjEZIBqrcTl1ATEHNojpxh096bmHK4UnHnNRrn4nYY4W6g\n8ajK2oOxzWA1pjJZPiHgO/+PjLafC4G2br7wr2y0A3yGLnmmKVLgc0NPP42WBnVV\nOP/ljnECgYABlDdJCAehDNSv4mdEzY5bfD+VBFd2QsgE1hYhmUYYRNlgIfIL9Y8e\nCduqXFLNZ/LHdmtYembgUqrMiJTUqcbSrJt26kBQx0az3LAV+J2p68PQ85KR9ZPy\nN1jEnRqpAwEdw7S+8l0yVyaNkm66eRI80p+w3AxNbS9hJ/7UlV3lGA==\n-----END RSA PRIVATE KEY-----';

content_by_lua '

local jwt = require "resty.jwt"

local function get_public_key(url, iss, kid)

if iss ~= "Authz" then

error("No issuer. Duh :(")

end

if kid ~= "IamAPubl1cKeV" then

error("No key identifier. Duh :(")

end

return ngx.var.cert

end

jwt:set_trusted_certs_file("/lua-resty-jwt/testcerts/root.pem")

jwt:set_alg_whitelist({ RS256 = 1 })

jwt:set_x5u_content_retriever(get_public_key)

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5u="https://dummy.com/certs",

kid="IamAPubl1cKeV",

},

payload={foo="bar", iss="Authz", exp=9999999999}

}

)

local jwt_obj = jwt:verify(nil, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

bar

--- no_error_log

[error]

weixin_39979948
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
探索 `lua-resty-jwt`:在 OpenResty 中轻松实现 JWT 验证
gitblog_00011的博客
04-17 1016
探索 lua-resty-jwt:在 OpenResty 中轻松实现 JWT 验证 项目地址:https://gitcode.com/SkyLothar/lua-resty-jwt 在现代 Web 应用中,JSON Web Token(JWT)作为一种轻量级的身份验证机制,被广泛应用于 API 的授权和身份管理。lua-resty-jwt 是一个为 OpenResty 平台设计的 Lua 模块,...
lua-resty-jwt:JWT为伟大的Openresty
02-03
lua-resty-jwt:JWT为伟大的Openresty
.net core的Knife4jUI,让swagger更精致
标准都是留给不爱的人,爱的本质是自由意志的沉沦
08-10 2022
首先,安装 IGeekFan.AspNetCore.Knife4jUI NuGet 包。可以通过 Visual Studio 的 NuGet 包管理器或者 .NET CLI 进行安装。这样就完成了 IGeekFan.AspNetCore.Knife4jUI 的配置。您可以在启动应用程序后,访问。(具体地址取决于您的应用程序配置)来查看生成的 Swagger UI。
nginx安装lua、jwt模块,通过lua验证jwt实现蓝绿发布样例
少说,多做
02-27 6173
例如:随着人工智能的不断发展,机器学习这门技术也越来越重要,很多人都开启了学习机器学习,本文就介绍了机器学习的基础内容。
Openresty(十五)通过lua实现令牌校验
wzj_110的博客
09-16 1211
一 模块地址 +++++++++++++"安装方式"+++++++++++++ 1.opm安装 -->'默认'安装的位置 opm get SkyLothar/lua-resty-jwt 2.源码安装 参考博客 网关权限控制 二 实现 测试思路
长虹智能电视刷机升级固件 69机芯Q3RS整机USB刷机升级文件ZLS69HiF-V2.10051
01-12
2、打开Hash_1.0.4.exe,点击浏览,选中拷贝到U盘的升级文件,读取MD5码,是否等于5F09C3FF82A717A01218CD1E05E9B6ED 如果等于,可以进入步骤3,如果不等于,说明文件拷贝过程已经出错,需要重新下载、解压、拷贝、...
海尔智能电视刷机数据 U65H3 机编DH1UZ0D1506 务必确认机编一致 强制刷机 整机USB升级主程序
最新发布
04-10
3、子菜单选择“本地升级”,按“确认”键进入U盘文件列表,选择OTA的zip文件,确认进行升级 4、升级完成电视自动重启。 二、强制升级方法: 1、强制升级968、962、966需要的文件:recovery.img、update.zip、...
Jabra捷波朗Elite 65e - 钛黑色快速说明书.pdf
02-13
**Jabra捷波朗Elite 65e 快速使用指南** Jabra捷波朗Elite 65e是一款高端的无线耳机,专为音乐爱好者和忙碌的生活方式设计。这款耳机以其出色的音质、主动降噪功能(ANC)以及HearThrough技术而闻名,让用户在享受...
Jabra捷波朗Elite 65e - 钛黑色用户手册.pdf
02-13
"Jabra捷波朗Elite 65e用户手册" Jabra捷波朗Elite 65e悦沁是一款蓝牙耳机,具有主动降噪(ANC)、电池可维持全天使用、双连接能力、无线距离达10米/33英尺、来电震动提醒、侧听功能等特性。下面将对其用户手册中...
长虹智能电视强制刷机升级固件 ZLS58GiH机芯 E9600、55G6最新ZLS58GiH-V1.00102
01-21
43E9600、50E9600、55E9600、65E9600、E9600系列,55G6 强制升级方法: 1)下载后解压,找到upgrade_ZLS58G**********.bin复制U盘根目录(不要有任何文件夹)。 2)将U盘插入USB接口,按住机上“电源键”或者不停的...
Lua识别Jwt令牌业务
流楚丶格念的博客
01-26 1566
​ 在资料\lua中已经下载好了该依赖库lua-resty-jwt-master.zip,我们将该库文件上传到服务器上,并解压,当然,我们也可以使用opm直接安装lua-resty-jwt,配置lua-resty-jwt之前,我们需要先安装resty和opm。令牌识别有可能在很多操作都需要用到,所以我们可以创建一个独立的模块,用于识别令牌,文件名字叫token.lua。此时lua-resty-jwt安装好了,可以直接使用了。
【openresty】利用 JWT 实现令牌校验 | 模拟注册登录流程 | RunnerGo 自动化测试
Cauchy的博客
08-24 746
JWT(JSON Web Token)是一种基于 JSON 的开放标准(RFC 7519),它定义了一种简洁的、自包含的协议格式,用于在通信双方传递 json 对象,常用来实现分布式用户认证。它通常用于用户的登录鉴权,进行身份验证和信息交换。用户使用账号、密码登录,请求发送到 Authentication Server。Authentication Server 进行用户验证(查询数据库等),创建 JWT 字符串返回给客户端。客户端请求接口访问资源时,请求头携带 JWT。
Openresty之jwt的token验证
小丑鱼的专栏
01-17 1429
在使用代理的时候可能需要验证来访问请求的token,验证token代码也是在lua脚本文件中操作,然后通过access_by_lua_file过程进行拦截,然后获取里面的token,进行验证,验证通过与否做一些定制化的操作。
jwt在nginx lua中的使用
focus on security
06-23 1268
Nginx是一个Web服务器,也可以用作反向代理,负载平衡器,邮件代理和HTTP缓存。Nginx可用于创建一个API网关,该API网关以事件驱动的方式处理请求,并以快速,资源占用少的方式处理对服务器的查询。此外,它还降低了复杂性并通过降低性能来最大化性能提供API调用的平均响应时间。 我们大多数人都已经熟悉Kong,探索使用OpenResty构建API网关的可能性。 我们需要做的第一件事是安装openresty。OpenResty使我们能够使用Lua编写Nginx脚本。 安装完成后,您应该导航到浏览器
替换CloudStack中realhostip.com为自定义域名
weixin_34242658的博客
10-23 1035
官方原文链接https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name简介功能影响已知问题先决条件安装步骤上传自定义证书验证过程实施细节故障排查常见问题如何生成自定义根CA和证书?如何从证书颁发机构Ve...
更换博客地址的通知
在路上
04-04 6718
即日起走独立自主的博客之路域名为:http://follhouse.cn
收藏网站66
chun1234567的专栏
07-21 954
http://zhidao.baidu.com/question/289164739.html" android 基本文件操作命令_百度知道 http://blog.csdn.net/yihongyuelan/article/details/32324335   Android 4.4 Kitkat Phone工作流程浅析(九)__状态通知流程分析 http://blog.csdn.net
使用Nginx和Lua进行JWT校验
jiangshanwe
12-15 4321
项目背景 需要在DMZ区和API网关中间增加授权服务。该服务的作用是校验api请求中的token值的签名合法性以及token是否过期 参考 因为不涉及到数据库和其它资源的依赖,jwt本身也是无状态的。因此鉴权服务没有再基于Java或者其它语言来做。而是使用lua脚本对nginx做了一个增强:使用lua脚本来校验token是否有效,无效直接返回401,有效则原样转发。 方案实现过程中主要参考了基于 OpenResty 实现 JWT 验证,只遇到了secret签名的问题。在这里非常感谢博主。 openresty
ISA-95标准应用与企业控制系统集成教程
Dennis Brandl是一位在ISA-95领域有着深厚背景的专家,他自1990年以来就是ISA SP88批处理控制系统委员会的活跃成员,是美国在批处理控制领域的IEC专家,同时也是ISA-95标准的编辑和IEC SC65E JWG5工作组的召集人。...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值