blob: d4be5eed351eba067b7a57aa13b98dc5cc575883 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# JWS Signing Input (RFC 7515) validation
# missing or empty protected header
printf "\\r\\n" | lacme-accountd --stdio 2>"$STDERR"
grepstderr -Fq "] NOSIGN [malformed JWS Protected Header]"
printf ".foo\\r\\n" | lacme-accountd --stdio 2>"$STDERR"
grepstderr -Fq "] NOSIGN [malformed JWS Protected Header]"
# invalid base64url-encoded protected header
printf "foo/bar.baz\\r\\n" | lacme-accountd --stdio 2>"$STDERR"
grepstderr -Fq "] NOSIGN [malformed JWS Protected Header]"
# missing payload
printf "foo\\r\\n" | lacme-accountd --stdio 2>"$STDERR"
grepstderr -Fq "] NOSIGN [malformed JWS Payload]"
# invalid base64url-encoded payload
printf "foo.bar/baz\\r\\n" | lacme-accountd --stdio 2>"$STDERR"
grepstderr -Fq "] NOSIGN [malformed JWS Payload]"
# invalid JWS Protected Header: not a JSON object; missing fields "alg",
# "nonce", "url", or either "jwk" or "kid"
for s in "null" "\"str\"" "{}" "{\"alg\":\"\",\"nonce\":\"\",\"url\":\"\"}" "{\"jwk\":{}}"; do
s="$(printf "%s" "$s" | base64 -w0 | sed "s/=*$//" | tr "+/" "-_")"
printf "%s.\\r\\n" "$s" | lacme-accountd --stdio 2>"$STDERR"
grepstderr -F "] NOSIGN [invalid JWS Protected Header]"
done
# valid JWS Protected Header and Payload
h="{\"alg\":\"\",\"nonce\":\"\",\"url\":\"\",\"jwk\":{}}"
s="$(printf "%s" "$h" | base64 -w0 | sed "s/=*$//" | tr "+/" "-_")"
p="$(printf "%s" "JWS Payload" | base64 -w0 | sed "s/=*$//" | tr "+/" "-_")"
printf "%s.%s\\r\\n" "$s" "$p" | lacme-accountd --stdio 2>"$STDERR"
grepstderr -F "] SIGNED header=base64url($h) playload=base64url(JWS Payload)"
# vim: set filetype=sh :
|