Add test on encryption token algorithm configuration

robsontenorio · Apr 25, 2024 · 909ea9b · 909ea9b
1 parent ace3775
commit 909ea9b
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 9 deletions.
diff --git a/tests/AuthenticateTest.php b/tests/AuthenticateTest.php
@@ -12,6 +12,7 @@
 use KeycloakGuard\KeycloakGuard;
 use KeycloakGuard\Tests\Extensions\CustomUserProvider;
 use KeycloakGuard\Tests\Models\User;
+use KeycloakGuard\Token;
 
 class AuthenticateTest extends TestCase
 {
@@ -425,4 +426,19 @@ public function test_acting_as_keycloak_user_trait_without_user()
         $this->assertFalse(Auth::guest());
     }
 
+    public function test_it_decodes_token_with_the_configured_encryption_algorithm()
+    {
+        $this->prepareCredentials('ES256', [
+            'private_key_type' => OPENSSL_KEYTYPE_EC,
+            'curve_name' => 'prime256v1'
+        ]);
+
+        config([
+            'keycloak.token_encryption_algorithm' => 'ES256',
+            'keycloak.realm_public_key' => Token::plainPublicKey($this->publicKey)
+        ]);
+
+        $this->withKeycloakToken()->json('GET', '/foo/secret');
+        $this->assertEquals($this->user->username, Auth::user()->username);
+    }
 }
diff --git a/tests/TestCase.php b/tests/TestCase.php
@@ -38,14 +38,18 @@ protected function setUp(): void
         ]);
     }
 
-    protected function prepareCredentials()
+    protected function prepareCredentials($encryptionAlgorithm = 'RS256', $openSSLConfig = null)
     {
         // Prepare private/public keys and a default JWT token, with a simple payload
-        $this->privateKey = openssl_pkey_new([
-            'digest_alg' => 'sha256',
-            'private_key_bits' => 1024,
-            'private_key_type' => OPENSSL_KEYTYPE_RSA
-        ]);
+        if (!$openSSLConfig) {
+            $openSSLConfig = [
+                'digest_alg' => 'sha256',
+                'private_key_bits' => 1024,
+                'private_key_type' => OPENSSL_KEYTYPE_RSA
+            ];
+        }
+
+        $this->privateKey = openssl_pkey_new($openSSLConfig);
 
         $this->publicKey = openssl_pkey_get_details($this->privateKey)['key'];
 
@@ -54,7 +58,7 @@ protected function prepareCredentials()
             'resource_access' => ['myapp-backend' => []]
         ];
 
-        $this->token = JWT::encode($this->payload, $this->privateKey, 'RS256');
+        $this->token = JWT::encode($this->payload, $this->privateKey, $encryptionAlgorithm);
     }
 
     // Default configs to make it running
@@ -96,11 +100,11 @@ protected function getPackageProviders($app)
     }
 
     // Build a different token with custom payload
-    protected function buildCustomToken(array $payload)
+    protected function buildCustomToken(array $payload, $encryptionAlgorithm = 'RS256')
     {
         $payload = array_replace($this->payload, $payload);
 
-        $this->token = JWT::encode($payload, $this->privateKey, 'RS256');
+        $this->token = JWT::encode($payload, $this->privateKey, $encryptionAlgorithm);
     }
 
     // Setup default token, for the default user