signature=ca3da65e915f7d09b6ae2068371c31d1,lua-resty-jwt/sign-verify.t at ee1d024071f872e2b5a66eaaf9...

最新推荐文章于 2023-09-20 16:27:10 发布
最新推荐文章于 2023-09-20 16:27:10 发布
阅读量2.5k 收藏
点赞数
文章标签: signature=ca3da65e915f7d09b6ae2068371c31d1

use Test::Nginx::Socket::Lua;

repeat_each(2);

plan tests => repeat_each() * (3 * blocks());

our $HttpConfig = <

lua_package_path 'lib/?.lua;;';

_EOC_

no_long_string();

run_tests();

__DATA__

=== TEST 1: JWT sign HS256

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

"lua-resty-jwt",

{

header={typ="JWT",alg="HS256"},

raw_header=jwt:jwt_encode("{\\"typ\\":\\"JWT\\",\\"alg\\":\\"HS256\\"}"),

raw_payload=jwt:jwt_encode("{\\"foo\\":\\"bar\\"}")

}

)

ngx.say(jwt_token)

';

}

--- request

GET /t

--- response_body

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.VAoRL1IU0nOguxURF2ZcKR0SGKE1gCbqwyh8u2MLAyY

--- no_error_log

[error]

=== TEST 2: JWT sign HS512

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

"lua-resty-jwt",

{

header={typ="JWT",alg="HS512"},

raw_header=jwt:jwt_encode("{\\"typ\\":\\"JWT\\",\\"alg\\":\\"HS512\\"}"),

raw_payload=jwt:jwt_encode("{\\"foo\\":\\"bar\\"}")

}

)

ngx.say(jwt_token)

';

}

--- request

GET /t

--- response_body

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJmb28iOiJiYXIifQ._r7cUx1935GlmpI41mElmYQJlY4LqAZ50mdLyPUaVfbbC13Afhi6NmrqQvk1yefSSIn3ZOJ0h9Rvwm_RtbsInA

--- no_error_log

[error]

=== TEST 3: JWT verify invalid

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_obj = jwt:verify(

"lua-resty-jwt", "invalid-random-str"

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

false

invalid jwt string

--- no_error_log

[error]

=== TEST 4: JWT verify wrong signature

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_obj = jwt:verify(

"lua-resty-jwt",

"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9" ..

".eyJmb28iOiJiYXIifQ" ..

".signature"

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

false

signature mismatch: signature

--- no_error_log

[error]

=== TEST 5: JWT simple verify with no validation option

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_obj = jwt:verify(

"lua-resty-jwt",

"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9" ..

".eyJmb28iOiJiYXIifQ" ..

".VAoRL1IU0nOguxURF2ZcKR0SGKE1gCbqwyh8u2MLAyY",

{ }

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

--- no_error_log

[error]

=== TEST 6: JWT sign and verify

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

"lua-resty-jwt",

{

header={typ="JWT",alg="HS256"},

payload={foo="bar", exp=9999999999}

}

)

local jwt_obj = jwt:verify("lua-resty-jwt", jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

bar

--- no_error_log

[error]

=== TEST 7: JWT sign and verify RS256

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDETMBEGCgmSJomT8ixk\nARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmRvY2tlcjETMBEGA1UECgwKRG9ja2Vy\nIEluYzEfMB0GA1UECwwWRG9ja2VyIFRlc3QgU2lnbmluZyBDQTEfMB0GA1UEAwwW\nRG9ja2VyIFRlc3QgU2lnbmluZyBDQTAeFw0xNTA1MTMyMzAxMzlaFw0xNzA1MTIy\nMzAxMzlaMGsxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZk\nb2NrZXIxEzARBgNVBAoMCkRvY2tlciBJbmMxDDAKBgNVBAsMA2h1YjEZMBcGA1UE\nAwwQaHViZ3cuZG9ja2VyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBANt4HzdXTDX9yklf5wemrt39peRmdJAHpodYn3PQBhkv8VGEU5+kpV8M9zg5\nj7SSjOED9+3LZ09l6iTBT+dQCJMEgyHN1gHPzkyjklrKfCC6yIKUIt+I/oUoHm3e\nloACrJZXYniZxCpiDf5JeitHCaVxJRGj+MXORe5SVY+V7MLlA3NSDHX6gIhknq59\nBOmSVJyww3Ka54kYtZwz3KZzMdrfvCdkjiCeD1zMJwYX6IU9z746DfHNuMnsH7Di\nmrzhoX/3CMFj9sXdpcrzFSlMDqUxIQunFyN6G4JKZywf9Dvs30Ay6q8gBhursRFd\nx6otDl0z7tqfJkA3e4GSt4/DR7MCAwEAAaOBpDCBoTAOBgNVHQ8BAf8EBAMCBLAw\nCQYDVR0TBAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\nBwMDMB0GA1UdDgQWBBQa440jFVFkVPsnGp3sp2bEdtz+6jAfBgNVHSMEGDAWgBQi\nzqX0zdgLeF6GAy7a+zvT4pBCLjAbBgNVHREEFDASghBodWJndy5kb2NrZXIuY29t\nMA0GCSqGSIb3DQEBBQUAA4IBAQB8PdN14gs6zB2m2eB1JpyoFSwho4O1z9UkZqdb\nGUB5SmElVydR2nOMLLUuJoa1zTd1FcX0zlHtDKuRXmO7xaPtrH4Uxiq3Lpu7i2WB\nUDTnMXuzX7hzc5DeU7k7mMbwKRkb+kijJTkET6wcaJwwDSyhzOCZgXW3V0WjHdbD\nprJc52tUk3CHOZY8iZWDVf9gHQpVeJnKzospXJRs3qQksEzD6ciRXu0VHnxeC0DP\n5pnQC17Kkm1QOCHRrsIGDHk9wB1zJlMoeMgIPrCLcC0GappmUlHSMka+3MZYgeW4\nAVlzdia3EYSUuM8Gb5tjSSm/6rTOnXR+zL4PBhNZdAD17hyY\n-----END CERTIFICATE-----';

set $key '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbeB83V0w1/cpJ\nX+cHpq7d/aXkZnSQB6aHWJ9z0AYZL/FRhFOfpKVfDPc4OY+0kozhA/fty2dPZeok\nwU/nUAiTBIMhzdYBz85Mo5JaynwgusiClCLfiP6FKB5t3paAAqyWV2J4mcQqYg3+\nSXorRwmlcSURo/jFzkXuUlWPlezC5QNzUgx1+oCIZJ6ufQTpklScsMNymueJGLWc\nM9ymczHa37wnZI4gng9czCcGF+iFPc++Og3xzbjJ7B+w4pq84aF/9wjBY/bF3aXK\n8xUpTA6lMSELpxcjehuCSmcsH/Q77N9AMuqvIAYbq7ERXceqLQ5dM+7anyZAN3uB\nkrePw0ezAgMBAAECggEBAIZga0SYN/qK9ROuG6fsn/8eMjfBn7ccaBNQ6PihM0qy\ntyABVK5XwkWLi8cqP1oBrS6NHn3D3/KWZSGyFzl7IHTb+2p0PIeJdDgqow7iEdR8\naQ7CowOZPrXLFa6R7jZc7M10nb9X7utAdG7xEFN1QGvC9j5x1n1OyjScxvSOiJPf\nQMyR7pAUW3GoNYBdgs8YWmMU7SiS8hp4LRsQ2aJpZUexUVk3o1E3ZIeM/joE+jFZ\nNX+rL0Aqmn0JVgKqZI2CbDB5AwJdSpUYd/m0Ko3E/Hxdu/CbeJqdjSl4ArVIyRBL\nJWY4aMbC81B6ftYGyjpBujXIoyTYNIhf+CYYXzNrsOkCgYEA8J4ajDpKtxowkbIj\nT+9FTY54d+SWcvwEKA22KayyFwx/mXWTnfsylzF6JbGAiZKSG9gbUOP1LsoGDsGj\nhFdLMSfmi151IbOJg1l74E7nM5bqW9ULGyLBOpWlvopXt31jV6uQd/t/+gdflyw0\nMtr642krwfz8UOshkeEIsk+7mmUCgYEA6X/omGsvMyLpa2IWjxwuw+51pCdIoZvL\n7BpV1YHqwO8jWVv1KKpOKzrYZVu93w0WMCHoG/g9FGQtOBmMRk2OKOxmCF+H1or4\nI1+iI/dhTPA2tEeAELX+yGtu4fpEHe+dga1QCNdq06366rn0bhWB5hst1DdVQnXn\n+0KjhLmg7DcCgYAxqQ/lnSpKfBdGGrP7DXEKPrtSU1VRyf25norYMxJWe3fiXkfn\nNS8N0WJaYTYcLqoFIScSHNo/m+aAKSrsZ2/XZ1rHrOkT2ZAqEc/lTaOeHCmmZmPy\nZ8vloXkhyD+uWSylrX0VpkyVd+wcsTzcuiFJyi0Dzojs0nqNNxqqYpZfmQKBgDep\npUIIcyUGkoxlwqj09/T/OI4cS0UzRaaQFJwkL1k06MFZmZTLHH1TtthayWWN0hdB\nTfq076KXyuvPs0/jFxuMVzpxw4kScdrE5nsactiLfw706IOTTxxp9/Ho3iogv/R0\n41poN/AkTmd8UteXSvMW0ZMAadPBFb8hAKgYNFN7AoGAbw6WYYPnhikP7gqWmTh0\n0SOeET5WbRfseiUWMfLGL+R5GmNiBhw63n8srz+KJVLJv0PJ/WKDR7o/Hxjv3w9c\ndkqcFG1MW2NKjrdxztptrRaSD7JyA750rB+CsrwvqzJCvwbulp1iRfWkTqq2fnUU\nQvpxhOYnq/ZlXPjUiE5w67w=\n-----END PRIVATE KEY-----';

set $pub_key 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23gfN1dMNf3KSV/nB6au3f2l5GZ0kAemh1ifc9AGGS/xUYRTn6SlXwz3ODmPtJKM4QP37ctnT2XqJMFP51AIkwSDIc3WAc/OTKOSWsp8ILrIgpQi34j+hSgebd6WgAKslldieJnEKmIN/kl6K0cJpXElEaP4xc5F7lJVj5XswuUDc1IMdfqAiGSern0E6ZJUnLDDcprniRi1nDPcpnMx2t+8J2SOIJ4PXMwnBhfohT3PvjoN8c24yewfsOKavOGhf/cIwWP2xd2lyvMVKUwOpTEhC6cXI3obgkpnLB/0O+zfQDLqryAGG6uxEV3Hqi0OXTPu2p8mQDd7gZK3j8NHswIDAQAB';

content_by_lua '

local jwt = require "resty.jwt"

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5c={

ngx.var.pub_key,

} },

payload={foo="bar", exp=9999999999}

}

)

local jwt_obj = jwt:verify(ngx.var.cert, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

bar

--- no_error_log

[error]

=== TEST 8: RS256 malformed header

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDETMBEGCgmSJomT8ixk\nARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmRvY2tlcjETMBEGA1UECgwKRG9ja2Vy\nIEluYzEfMB0GA1UECwwWRG9ja2VyIFRlc3QgU2lnbmluZyBDQTEfMB0GA1UEAwwW\nRG9ja2VyIFRlc3QgU2lnbmluZyBDQTAeFw0xNTA1MTMyMzAxMzlaFw0xNzA1MTIy\nMzAxMzlaMGsxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZk\nb2NrZXIxEzARBgNVBAoMCkRvY2tlciBJbmMxDDAKBgNVBAsMA2h1YjEZMBcGA1UE\nAwwQaHViZ3cuZG9ja2VyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBANt4HzdXTDX9yklf5wemrt39peRmdJAHpodYn3PQBhkv8VGEU5+kpV8M9zg5\nj7SSjOED9+3LZ09l6iTBT+dQCJMEgyHN1gHPzkyjklrKfCC6yIKUIt+I/oUoHm3e\nloACrJZXYniZxCpiDf5JeitHCaVxJRGj+MXORe5SVY+V7MLlA3NSDHX6gIhknq59\nBOmSVJyww3Ka54kYtZwz3KZzMdrfvCdkjiCeD1zMJwYX6IU9z746DfHNuMnsH7Di\nmrzhoX/3CMFj9sXdpcrzFSlMDqUxIQunFyN6G4JKZywf9Dvs30Ay6q8gBhursRFd\nx6otDl0z7tqfJkA3e4GSt4/DR7MCAwEAAaOBpDCBoTAOBgNVHQ8BAf8EBAMCBLAw\nCQYDVR0TBAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\nBwMDMB0GA1UdDgQWBBQa440jFVFkVPsnGp3sp2bEdtz+6jAfBgNVHSMEGDAWgBQi\nzqX0zdgLeF6GAy7a+zvT4pBCLjAbBgNVHREEFDASghBodWJndy5kb2NrZXIuY29t\nMA0GCSqGSIb3DQEBBQUAA4IBAQB8PdN14gs6zB2m2eB1JpyoFSwho4O1z9UkZqdb\nGUB5SmElVydR2nOMLLUuJoa1zTd1FcX0zlHtDKuRXmO7xaPtrH4Uxiq3Lpu7i2WB\nUDTnMXuzX7hzc5DeU7k7mMbwKRkb+kijJTkET6wcaJwwDSyhzOCZgXW3V0WjHdbD\nprJc52tUk3CHOZY8iZWDVf9gHQpVeJnKzospXJRs3qQksEzD6ciRXu0VHnxeC0DP\n5pnQC17Kkm1QOCHRrsIGDHk9wB1zJlMoeMgIPrCLcC0GappmUlHSMka+3MZYgeW4\nAVlzdia3EYSUuM8Gb5tjSSm/6rTOnXR+zL4PBhNZdAD17hyY\n-----END CERTIFICATE-----';

set $key '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbeB83V0w1/cpJ\nX+cHpq7d/aXkZnSQB6aHWJ9z0AYZL/FRhFOfpKVfDPc4OY+0kozhA/fty2dPZeok\nwU/nUAiTBIMhzdYBz85Mo5JaynwgusiClCLfiP6FKB5t3paAAqyWV2J4mcQqYg3+\nSXorRwmlcSURo/jFzkXuUlWPlezC5QNzUgx1+oCIZJ6ufQTpklScsMNymueJGLWc\nM9ymczHa37wnZI4gng9czCcGF+iFPc++Og3xzbjJ7B+w4pq84aF/9wjBY/bF3aXK\n8xUpTA6lMSELpxcjehuCSmcsH/Q77N9AMuqvIAYbq7ERXceqLQ5dM+7anyZAN3uB\nkrePw0ezAgMBAAECggEBAIZga0SYN/qK9ROuG6fsn/8eMjfBn7ccaBNQ6PihM0qy\ntyABVK5XwkWLi8cqP1oBrS6NHn3D3/KWZSGyFzl7IHTb+2p0PIeJdDgqow7iEdR8\naQ7CowOZPrXLFa6R7jZc7M10nb9X7utAdG7xEFN1QGvC9j5x1n1OyjScxvSOiJPf\nQMyR7pAUW3GoNYBdgs8YWmMU7SiS8hp4LRsQ2aJpZUexUVk3o1E3ZIeM/joE+jFZ\nNX+rL0Aqmn0JVgKqZI2CbDB5AwJdSpUYd/m0Ko3E/Hxdu/CbeJqdjSl4ArVIyRBL\nJWY4aMbC81B6ftYGyjpBujXIoyTYNIhf+CYYXzNrsOkCgYEA8J4ajDpKtxowkbIj\nT+9FTY54d+SWcvwEKA22KayyFwx/mXWTnfsylzF6JbGAiZKSG9gbUOP1LsoGDsGj\nhFdLMSfmi151IbOJg1l74E7nM5bqW9ULGyLBOpWlvopXt31jV6uQd/t/+gdflyw0\nMtr642krwfz8UOshkeEIsk+7mmUCgYEA6X/omGsvMyLpa2IWjxwuw+51pCdIoZvL\n7BpV1YHqwO8jWVv1KKpOKzrYZVu93w0WMCHoG/g9FGQtOBmMRk2OKOxmCF+H1or4\nI1+iI/dhTPA2tEeAELX+yGtu4fpEHe+dga1QCNdq06366rn0bhWB5hst1DdVQnXn\n+0KjhLmg7DcCgYAxqQ/lnSpKfBdGGrP7DXEKPrtSU1VRyf25norYMxJWe3fiXkfn\nNS8N0WJaYTYcLqoFIScSHNo/m+aAKSrsZ2/XZ1rHrOkT2ZAqEc/lTaOeHCmmZmPy\nZ8vloXkhyD+uWSylrX0VpkyVd+wcsTzcuiFJyi0Dzojs0nqNNxqqYpZfmQKBgDep\npUIIcyUGkoxlwqj09/T/OI4cS0UzRaaQFJwkL1k06MFZmZTLHH1TtthayWWN0hdB\nTfq076KXyuvPs0/jFxuMVzpxw4kScdrE5nsactiLfw706IOTTxxp9/Ho3iogv/R0\n41poN/AkTmd8UteXSvMW0ZMAadPBFb8hAKgYNFN7AoGAbw6WYYPnhikP7gqWmTh0\n0SOeET5WbRfseiUWMfLGL+R5GmNiBhw63n8srz+KJVLJv0PJ/WKDR7o/Hxjv3w9c\ndkqcFG1MW2NKjrdxztptrRaSD7JyA750rB+CsrwvqzJCvwbulp1iRfWkTqq2fnUU\nQvpxhOYnq/ZlXPjUiE5w67w=\n-----END PRIVATE KEY-----';

content_by_lua '

local jwt = require "resty.jwt"

jwt:set_trusted_certs_file("/path/to/cert")

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5c={nil, } },

payload={foo="bar"}

}

)

local jwt_obj = jwt:verify(ngx.var.cert, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

false

Unsupported RS256 key model

bar

--- no_error_log

[error]

=== TEST 9: RS256 malformed header 2

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDETMBEGCgmSJomT8ixk\nARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmRvY2tlcjETMBEGA1UECgwKRG9ja2Vy\nIEluYzEfMB0GA1UECwwWRG9ja2VyIFRlc3QgU2lnbmluZyBDQTEfMB0GA1UEAwwW\nRG9ja2VyIFRlc3QgU2lnbmluZyBDQTAeFw0xNTA1MTMyMzAxMzlaFw0xNzA1MTIy\nMzAxMzlaMGsxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZk\nb2NrZXIxEzARBgNVBAoMCkRvY2tlciBJbmMxDDAKBgNVBAsMA2h1YjEZMBcGA1UE\nAwwQaHViZ3cuZG9ja2VyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBANt4HzdXTDX9yklf5wemrt39peRmdJAHpodYn3PQBhkv8VGEU5+kpV8M9zg5\nj7SSjOED9+3LZ09l6iTBT+dQCJMEgyHN1gHPzkyjklrKfCC6yIKUIt+I/oUoHm3e\nloACrJZXYniZxCpiDf5JeitHCaVxJRGj+MXORe5SVY+V7MLlA3NSDHX6gIhknq59\nBOmSVJyww3Ka54kYtZwz3KZzMdrfvCdkjiCeD1zMJwYX6IU9z746DfHNuMnsH7Di\nmrzhoX/3CMFj9sXdpcrzFSlMDqUxIQunFyN6G4JKZywf9Dvs30Ay6q8gBhursRFd\nx6otDl0z7tqfJkA3e4GSt4/DR7MCAwEAAaOBpDCBoTAOBgNVHQ8BAf8EBAMCBLAw\nCQYDVR0TBAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\nBwMDMB0GA1UdDgQWBBQa440jFVFkVPsnGp3sp2bEdtz+6jAfBgNVHSMEGDAWgBQi\nzqX0zdgLeF6GAy7a+zvT4pBCLjAbBgNVHREEFDASghBodWJndy5kb2NrZXIuY29t\nMA0GCSqGSIb3DQEBBQUAA4IBAQB8PdN14gs6zB2m2eB1JpyoFSwho4O1z9UkZqdb\nGUB5SmElVydR2nOMLLUuJoa1zTd1FcX0zlHtDKuRXmO7xaPtrH4Uxiq3Lpu7i2WB\nUDTnMXuzX7hzc5DeU7k7mMbwKRkb+kijJTkET6wcaJwwDSyhzOCZgXW3V0WjHdbD\nprJc52tUk3CHOZY8iZWDVf9gHQpVeJnKzospXJRs3qQksEzD6ciRXu0VHnxeC0DP\n5pnQC17Kkm1QOCHRrsIGDHk9wB1zJlMoeMgIPrCLcC0GappmUlHSMka+3MZYgeW4\nAVlzdia3EYSUuM8Gb5tjSSm/6rTOnXR+zL4PBhNZdAD17hyY\n-----END CERTIFICATE-----';

set $key '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbeB83V0w1/cpJ\nX+cHpq7d/aXkZnSQB6aHWJ9z0AYZL/FRhFOfpKVfDPc4OY+0kozhA/fty2dPZeok\nwU/nUAiTBIMhzdYBz85Mo5JaynwgusiClCLfiP6FKB5t3paAAqyWV2J4mcQqYg3+\nSXorRwmlcSURo/jFzkXuUlWPlezC5QNzUgx1+oCIZJ6ufQTpklScsMNymueJGLWc\nM9ymczHa37wnZI4gng9czCcGF+iFPc++Og3xzbjJ7B+w4pq84aF/9wjBY/bF3aXK\n8xUpTA6lMSELpxcjehuCSmcsH/Q77N9AMuqvIAYbq7ERXceqLQ5dM+7anyZAN3uB\nkrePw0ezAgMBAAECggEBAIZga0SYN/qK9ROuG6fsn/8eMjfBn7ccaBNQ6PihM0qy\ntyABVK5XwkWLi8cqP1oBrS6NHn3D3/KWZSGyFzl7IHTb+2p0PIeJdDgqow7iEdR8\naQ7CowOZPrXLFa6R7jZc7M10nb9X7utAdG7xEFN1QGvC9j5x1n1OyjScxvSOiJPf\nQMyR7pAUW3GoNYBdgs8YWmMU7SiS8hp4LRsQ2aJpZUexUVk3o1E3ZIeM/joE+jFZ\nNX+rL0Aqmn0JVgKqZI2CbDB5AwJdSpUYd/m0Ko3E/Hxdu/CbeJqdjSl4ArVIyRBL\nJWY4aMbC81B6ftYGyjpBujXIoyTYNIhf+CYYXzNrsOkCgYEA8J4ajDpKtxowkbIj\nT+9FTY54d+SWcvwEKA22KayyFwx/mXWTnfsylzF6JbGAiZKSG9gbUOP1LsoGDsGj\nhFdLMSfmi151IbOJg1l74E7nM5bqW9ULGyLBOpWlvopXt31jV6uQd/t/+gdflyw0\nMtr642krwfz8UOshkeEIsk+7mmUCgYEA6X/omGsvMyLpa2IWjxwuw+51pCdIoZvL\n7BpV1YHqwO8jWVv1KKpOKzrYZVu93w0WMCHoG/g9FGQtOBmMRk2OKOxmCF+H1or4\nI1+iI/dhTPA2tEeAELX+yGtu4fpEHe+dga1QCNdq06366rn0bhWB5hst1DdVQnXn\n+0KjhLmg7DcCgYAxqQ/lnSpKfBdGGrP7DXEKPrtSU1VRyf25norYMxJWe3fiXkfn\nNS8N0WJaYTYcLqoFIScSHNo/m+aAKSrsZ2/XZ1rHrOkT2ZAqEc/lTaOeHCmmZmPy\nZ8vloXkhyD+uWSylrX0VpkyVd+wcsTzcuiFJyi0Dzojs0nqNNxqqYpZfmQKBgDep\npUIIcyUGkoxlwqj09/T/OI4cS0UzRaaQFJwkL1k06MFZmZTLHH1TtthayWWN0hdB\nTfq076KXyuvPs0/jFxuMVzpxw4kScdrE5nsactiLfw706IOTTxxp9/Ho3iogv/R0\n41poN/AkTmd8UteXSvMW0ZMAadPBFb8hAKgYNFN7AoGAbw6WYYPnhikP7gqWmTh0\n0SOeET5WbRfseiUWMfLGL+R5GmNiBhw63n8srz+KJVLJv0PJ/WKDR7o/Hxjv3w9c\ndkqcFG1MW2NKjrdxztptrRaSD7JyA750rB+CsrwvqzJCvwbulp1iRfWkTqq2fnUU\nQvpxhOYnq/ZlXPjUiE5w67w=\n-----END PRIVATE KEY-----';

content_by_lua '

local jwt = require "resty.jwt"

jwt:set_trusted_certs_file("/path/to/cert")

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5c={"not a valid certificate", } },

payload={foo="bar"}

}

)

local jwt_obj = jwt:verify(ngx.var.cert, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

false

Malformed x5c header

bar

--- no_error_log

[error]

=== TEST 10: RS256 unsupported alg

--- http_config eval: $::HttpConfig

--- config

location /t {

content_by_lua '

local jwt = require "resty.jwt"

jwt:set_alg_whitelist({RS256=1})

local jwt_obj = jwt:verify(

"lua-resty-jwt",

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."

.. "eyJmb28iOiJiYXIifQ."

.. "VxhQcGihWyHuJeHhpUiq2FU7aW2s_3ZJlY6h1kdlmJY"

)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

';

}

--- request

GET /t

--- response_body

false

whitelist unsupported alg: HS256

--- no_error_log

[error]

=== TEST 11: JWT sign and verify RS256 - Take 2

--- http_config eval: $::HttpConfig

--- config

location /t {

set $cert '-----BEGIN CERTIFICATE-----\nMIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\nA1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\nMRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\nYiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\nODIyMDUyNzQxWhcNMTcwODIxMDUyNzQxWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\nCAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\nZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0z9FeMynsC8+u\ndvX+LciZxnh5uRj4C9S6tNeeAlIGCfQYk0zUcNFCoCkTknNQd/YEiawDLNbxBqut\nbMDZ1aarys1a0lYmUeVLCIqvzBkPJTSQsCopQQ9V8WuT252zzNzs68dVGNdCJd5J\nNRQykpwexmnjPPv0mvj7i8XgG379TyW6P+WWV5okeUkXJ9eJS2ouDYdR2SM9BoVW\n+FgxDu6BmXhozW5EfsnajFp7HL8kQClI0QOc79yuKl3492rH6bzFsFn2lfwWy9ic\n7cP8EpCTeFp1tFaD+vxBhPZkeTQ1HKx6hQ5zeHIB5ySJJZ7af2W8r4eTGYzbdRW2\n4DDHCPhZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQMv+BFvGdMVzkQaQ3/+2noVz\n/uAKbzpEL8xTcxYyP3lkOeh4FoxiSWqy5pGFALdPONoDuYFpLhjJSZaEwuvjI/Tr\nrGhLV1pRG9frwDFshqD2Vaj4ENBCBh6UpeBop5+285zQ4SI7q4U9oSebUDJiuOx6\n+tZ9KynmrbJpTSi0+BM=\n-----END CERTIFICATE-----';

set $key '-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAtM/RXjMp7AvPrnb1/i3ImcZ4ebkY+AvUurTXngJSBgn0GJNM\n1HDRQqApE5JzUHf2BImsAyzW8QarrWzA2dWmq8rNWtJWJlHlSwiKr8wZDyU0kLAq\nKUEPVfFrk9uds8zc7OvHVRjXQiXeSTUUMpKcHsZp4zz79Jr4+4vF4Bt+/U8luj/l\nlleaJHlJFyfXiUtqLg2HUdkjPQaFVvhYMQ7ugZl4aM1uRH7J2oxaexy/JEApSNED\nnO/cripd+Pdqx+m8xbBZ9pX8FsvYnO3D/BKQk3hadbRWg/r8QYT2ZHk0NRyseoUO\nc3hyAeckiSWe2n9lvK+HkxmM23UVtuAwxwj4WQIDAQABAoIBAE76H0d4La2PEy3v\nhE98DA0vJdx1PzTJZigPacb42H8OxfIeFQcOKDlj381OwNO7MliVEe9pHJG3CjH8\nONhtfBm5wa0UBtFCIFd/6aQUEDYPWECC0kemxV4Sz5yL5vxsVWufKThAW3XnOIrd\nhm74nvzKSeIZ9yvGrU6ipNHY8MUPm0DQVrVYE5MiKjKVExQ4uRAolV2hlmeQDlSt\nk85S0TUOWO1EvJZhsVVs7dBjjY10hIjv3gZPAO8CN85JzMeaNbmWv4RQj0B997in\nrqlOa5qYYt80tAWO4hmPRKCrv6PgThz8C0Cd8AgwNzvQD2d4JpmxxTzBT6/5lRng\nHhj/wQECgYEA2jxC0a4lGmp1q2aYE1Zyiq0UqjxA92pwFYJg3800MLkf96A+dOhd\nwDAc5aAKN8vQV5g33vKi5+pIHWUCskhTS8/PPGrfeqIvtphCj6b7LKosBOhdzrRD\nOsr+Az/SiR2h5l2lr/v7I8I86RTY7MBk4QcRb601kSagWLDNVzSSdhECgYEA1Bm0\n0sByqkQmFoUNRjwmShPfJeVLTCr1G4clljl6MqHmGyRDHxtcp1+CXlyJJemLQY2A\nqrM7/T4x2ta6ME2WgDydFe9M8oU3BbefNYovS6YnoyBqxCx7yZ1vO0Jo40rZI8Bi\nKoCi6e0Hugg4xyPRz9TTNLmr/yEC1qQesMhM9ckCgYEArsT7rfgMdq8zNOSgfTwJ\n1sztc7d1P67ZvCABfLlVRn+6/hAydGVyTus4+RvFkxGB8+RPOhiOJbQVtJSkKCqL\nqnbtu7DK7+ba1xvwkiJjnE1bm0KLfXIXNQpDik6eSHiWo2nzuo/Ne8GeDftIDbG2\nGBAVAp5v+6I3X0+X4nKTqEECgYEAwT4Cj5mjXxnkEdR7eahHwmpEf0RfzC+/Tate\nRXZsrUDwY34wYWEOk7fjEZIBqrcTl1ATEHNojpxh096bmHK4UnHnNRrn4nYY4W6g\n8ajK2oOxzWA1pjJZPiHgO/+PjLafC4G2br7wr2y0A3yGLnmmKVLgc0NPP42WBnVV\nOP/ljnECgYABlDdJCAehDNSv4mdEzY5bfD+VBFd2QsgE1hYhmUYYRNlgIfIL9Y8e\nCduqXFLNZ/LHdmtYembgUqrMiJTUqcbSrJt26kBQx0az3LAV+J2p68PQ85KR9ZPy\nN1jEnRqpAwEdw7S+8l0yVyaNkm66eRI80p+w3AxNbS9hJ/7UlV3lGA==\n-----END RSA PRIVATE KEY-----';

content_by_lua '

local jwt = require "resty.jwt"

local function get_public_key(url, iss, kid)

if iss ~= "Authz" then

error("No issuer. Duh :(")

end

if kid ~= "IamAPubl1cKeV" then

error("No key identifier. Duh :(")

end

return ngx.var.cert

end

jwt:set_trusted_certs_file("/lua-resty-jwt/testcerts/root.pem")

jwt:set_alg_whitelist({ RS256 = 1 })

jwt:set_x5u_content_retriever(get_public_key)

local jwt_token = jwt:sign(

ngx.var.key,

{

header={

typ="JWT",

alg="RS256",

x5u="https://dummy.com/certs",

kid="IamAPubl1cKeV",

},

payload={foo="bar", iss="Authz", exp=9999999999}

}

)

local jwt_obj = jwt:verify(nil, jwt_token)

ngx.say(jwt_obj["verified"])

ngx.say(jwt_obj["reason"])

ngx.say(jwt_obj["payload"]["foo"])

';

}

--- request

GET /t

--- response_body

true

everything is awesome~ :p

bar

--- no_error_log

[error]

weixin_39979948
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
探索 `lua-resty-jwt`:在 OpenResty 中轻松实现 JWT 验证
gitblog_00011的博客
04-17 994
探索 lua-resty-jwt:在 OpenResty 中轻松实现 JWT 验证 项目地址:https://gitcode.com/SkyLothar/lua-resty-jwt 在现代 Web 应用中,JSON Web Token(JWT)作为一种轻量级的身份验证机制,被广泛应用于 API 的授权和身份管理。lua-resty-jwt 是一个为 OpenResty 平台设计的 Lua 模块,...
lua-resty-jwtJWT为伟大的Openresty
02-03
lua-resty-jwtJWT为伟大的Openresty
jwt在nginx lua中的使用
focus on security
06-23 1262
Nginx是一个Web服务器,也可以用作反向代理,负载平衡器,邮件代理和HTTP缓存。Nginx可用于创建一个API网关,该API网关以事件驱动的方式处理请求,并以快速,资源占用少的方式处理对服务器的查询。此外,它还降低了复杂性并通过降低性能来最大化性能提供API调用的平均响应时间。 我们大多数人都已经熟悉Kong,探索使用OpenResty构建API网关的可能性。 我们需要做的第一件事是安装openresty。OpenResty使我们能够使用Lua编写Nginx脚本。 安装完成后,您应该导航到浏览器
nginx安装luajwt模块,通过lua验证jwt实现蓝绿发布样例
zzhongcy的专栏
09-20 376
lua-nginx-module-0.10.22.tar.gz # 0.10.16 以后都需要 lua-resty-core和lua-resty-lrucache。luajit2-2.1-20220411.tar.gz #luajit官网存在一定的坑,下载openresty的优化版本。将jwttoken.lua放到nignx所在服务器的/usr/local/lua_core/lib/lua/目录下。--1-按员工code蓝绿,2-按部门id蓝绿,3-按ip蓝绿。修改Makefile,指定luajit。
长虹智能电视刷机升级固件 69机芯Q3RS整机USB刷机升级文件ZLS69HiF-V2.10051
01-12
2、打开Hash_1.0.4.exe,点击浏览,选中拷贝到U盘的升级文件,读取MD5码,是否等于5F09C3FF82A717A01218CD1E05E9B6ED 如果等于,可以进入步骤3,如果不等于,说明文件拷贝过程已经出错,需要重新下载、解压、拷贝、...
海尔智能电视刷机数据 U65H3 机编DH1UZ0D1506 务必确认机编一致 强制刷机 整机USB升级主程序
最新发布
04-10
3、子菜单选择“本地升级”,按“确认”键进入U盘文件列表,选择OTA的zip文件,确认进行升级 4、升级完成电视自动重启。 二、强制升级方法: 1、强制升级968、962、966需要的文件:recovery.img、update.zip、...
Jabra捷波朗Elite 65e - 钛黑色用户手册.pdf
02-13
"Jabra捷波朗Elite 65e用户手册" Jabra捷波朗Elite 65e悦沁是一款蓝牙耳机,具有主动降噪(ANC)、电池可维持全天使用、双连接能力、无线距离达10米/33英尺、来电震动提醒、侧听功能等特性。下面将对其用户手册中...
长虹智能电视强制刷机升级固件 ZLS58GiH机芯 E9600、55G6最新ZLS58GiH-V1.00102
01-21
43E9600、50E9600、55E9600、65E9600、E9600系列,55G6 强制升级方法: 1)下载后解压,找到upgrade_ZLS58G**********.bin复制U盘根目录(不要有任何文件夹)。 2)将U盘插入USB接口,按住机上“电源键”或者不停的...
iOS游戏应用源代码——tonyleone-Santa-65e4210.zip
07-05
【iOS游戏应用源代码——tonyleone-Santa-65e4210.zip】是一个包含iOS游戏开发源代码的压缩文件,它提供了一个深入学习iOS游戏编程的实例。在这个项目中,我们可以发现一系列与iOS游戏开发相关的技术知识点,包括...
使用系统默认浏览器打开http网址
11-13
本工程用于展示使用java如何实现这样的功能:使用系统默认浏览器打开http网址;使用用户指定的浏览器打开http网址。 本工程编码方式为:GBK 出现异常即解决方法: 当调用Tool类中的第二个方法时,指定的browerType的值为“chrome”,运行程序出现:java.io.IOException: Cannot run program "chrome": CreateProcess error=2, ????????? 解决方法:找到谷歌浏览器安装根目录Google,然后依次打开Chrome和Application文件夹,看一下里面是否有“chrome.exe”文件,确定有该文件以后,复制该文件的路径(路径中不包含该文件的文件名,例如“C:\Program Files\Google\Chrome\Application”),然后将其值添加到计算机PATH环境变量中,最后重启计算机即可。注意:添加时别忘了分号。
.net core的Knife4jUI,让swagger更精致
标准都是留给不爱的人,爱的本质是自由意志的沉沦
08-10 1994
首先,安装 IGeekFan.AspNetCore.Knife4jUI NuGet 包。可以通过 Visual Studio 的 NuGet 包管理器或者 .NET CLI 进行安装。这样就完成了 IGeekFan.AspNetCore.Knife4jUI 的配置。您可以在启动应用程序后,访问。(具体地址取决于您的应用程序配置)来查看生成的 Swagger UI。
Lua识别Jwt令牌业务
流楚丶格念的博客
01-26 1566
​ 在资料\lua中已经下载好了该依赖库lua-resty-jwt-master.zip,我们将该库文件上传到服务器上,并解压,当然,我们也可以使用opm直接安装lua-resty-jwt,配置lua-resty-jwt之前,我们需要先安装resty和opm。令牌识别有可能在很多操作都需要用到,所以我们可以创建一个独立的模块,用于识别令牌,文件名字叫token.lua。此时lua-resty-jwt安装好了,可以直接使用了。
【openresty】利用 JWT 实现令牌校验 | 模拟注册登录流程 | RunnerGo 自动化测试
Cauchy的博客
08-24 739
JWT(JSON Web Token)是一种基于 JSON 的开放标准(RFC 7519),它定义了一种简洁的、自包含的协议格式,用于在通信双方传递 json 对象,常用来实现分布式用户认证。它通常用于用户的登录鉴权,进行身份验证和信息交换。用户使用账号、密码登录,请求发送到 Authentication Server。Authentication Server 进行用户验证(查询数据库等),创建 JWT 字符串返回给客户端。客户端请求接口访问资源时,请求头携带 JWT
更换博客地址的通知
在路上
04-04 6641
即日起走独立自主的博客之路域名为:http://follhouse.cn
signature=a20b3c3a6ff607accc831e6d492695f4,qfinance-token/yarn.lock at master · QFinanceDeFi/qfinanc...
weixin_35317737的博客
05-30 6万+
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.# yarn lockfile v1"@babel/helper-module-imports@^7.12.1":version "7.12.5"resolved "https://registry.yarnpkg.com/@babel/helper-module-imp...
http://syy7.com/a/25.php,vue_element/vue_elementui.sql at 3ffdcb477ce3fbbc24cf1a4d7e3481a187023a02 ·...
热门推荐
weixin_34064233的博客
04-13 94万+
INSERT INTO `user_tb` VALUES ('1', '女', 'burtyang', 'C041580E1C6192B6084E03CE76D5C05C', '18', null, 'data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAwICQoJBwwKCQoNDAwOER0TERAQESMZGxUdKiUsKykl...
JS常用工具函数-中文按拼音排序
风萧萧兮易水寒
07-07 2万+
汉字转拼音 /* --- description: Pinyin, to get chinese pinyin from chinese. provides: [Pinyin] ... */ //(function( window, undefined ){ // var Pinyin = new Class({ var pinyin = (function() { var Piny...
MFC 上传图片到http://169.254.1.10:8090/api/v1/~bali/ABC0123456789 有多少种方式
05-14
HINTERNET hRequest = HttpOpenRequest(hConnection, _T("POST"), _T("/api/v1/~bali/ABC0123456789"), NULL, NULL, NULL, INTERNET_FLAG_RELOAD, 0); CString strHeaders = _T("Content-Type: multipart/form-data...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值