Commit 3204690c authored by Simon Schürg's avatar Simon Schürg 🚀
Browse files

Add go file for fast code snippet tests

parent 82653a9b
package main
import (
"bytes"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/binary"
"encoding/json"
"encoding/pem"
"fmt"
"log"
"math/big"
"github.com/go-resty/resty/v2"
)
type JWKS struct {
Keys []JWK `json:"keys"`
}
type JWK struct {
Kid string `json:"kid"`
Kty string `json:"kty"`
Alg string `json:"alg"`
Use string `json:"use"`
N string `json:"n"`
E string `json:"e"`
X5C []string `json:"x5c"`
X5T string `json:"x5t"`
X5TS256 string `json:"x5t#S256"`
}
type OIDCMetadata struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
IntrospectionEndpoint string `json:"introspection_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
JwksURI string `json:"jwks_uri"`
CheckSessionIframe string `json:"check_session_iframe"`
GrantTypesSupported []string `json:"grant_types_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported"`
IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported"`
UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
ResponseModesSupported []string `json:"response_modes_supported"`
RegistrationEndpoint string `json:"registration_endpoint"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
ClaimsSupported []string `json:"claims_supported"`
ClaimTypesSupported []string `json:"claim_types_supported"`
ClaimsParameterSupported bool `json:"claims_parameter_supported"`
ScopesSupported []string `json:"scopes_supported"`
RequestParameterSupported bool `json:"request_parameter_supported"`
RequestURIParameterSupported bool `json:"request_uri_parameter_supported"`
RequireRequestURIRegistration bool `json:"require_request_uri_registration"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens"`
RevocationEndpoint string `json:"revocation_endpoint"`
RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported"`
RevocationEndpointAuthSigningAlgValuesSupported []string `json:"revocation_endpoint_auth_signing_alg_values_supported"`
BackchannelLogoutSupported bool `json:"backchannel_logout_supported"`
BackchannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported"`
}
func main() {
fmt.Println("Test")
issuer := "https://auth.schuerg.net/auth/realms/playground"
oidcMetadata := FetchOidcMetadata(issuer)
fmt.Println(oidcMetadata)
jwks := FetchOIDCCerts(issuer)
fmt.Println(jwks)
for i := 0; i < len(jwks.Keys); i++ {
JWKToPEM(jwks.Keys[i])
}
}
func FetchOIDCCerts(issuer string) JWKS {
url := issuer + "/protocol/openid-connect/certs"
client := resty.New()
resp, err := client.R().Get(url)
printHTTPResponse(resp, err)
jwks := JWKS{}
err = json.Unmarshal(resp.Body(), &jwks)
if err != nil {
log.Fatalln(err)
}
return jwks
}
func FetchOidcMetadata(issuer string) OIDCMetadata {
url := issuer + "/.well-known/openid-configuration"
client := resty.New()
resp, err := client.R().Get(url)
printHTTPResponse(resp, err)
oidcMetadata := OIDCMetadata{}
err = json.Unmarshal(resp.Body(), &oidcMetadata)
if err != nil {
log.Fatalln(err)
}
return oidcMetadata
}
func base64ToInt(s string) (uint32, error) {
a, e := base64.StdEncoding.DecodeString(s)
if e != nil {
return 0, e
}
return binary.LittleEndian.Uint32(append(a, 0)), nil
}
func JWKToPEM(jwk JWK) string {
fmt.Println(jwk.Kty)
if jwk.Kty != "RSA" {
log.Fatal("invalid key type:", jwk.Kty)
}
// decode the base64 bytes for n
nb, err := base64.RawURLEncoding.DecodeString(jwk.N)
if err != nil {
log.Fatal(err)
}
e, err := base64ToInt(jwk.E)
if err != nil {
log.Fatal(err)
}
pk := &rsa.PublicKey{
N: new(big.Int).SetBytes(nb),
E: int(e),
}
der, err := x509.MarshalPKIXPublicKey(pk)
if err != nil {
log.Fatal(err)
}
block := &pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: der,
}
var out bytes.Buffer
pem.Encode(&out, block)
return out.String()
}
func printHTTPResponse(resp *resty.Response, err error) {
fmt.Println("Response Info:")
fmt.Println(" Error :", err)
fmt.Println(" Status Code:", resp.StatusCode())
fmt.Println(" Status :", resp.Status())
fmt.Println(" Proto :", resp.Proto())
fmt.Println(" Time :", resp.Time())
fmt.Println(" Received At:", resp.ReceivedAt())
fmt.Println(" Body :\n", resp)
fmt.Println()
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment