diff --git a/internal/controller/supervisorconfig/jwks.go b/internal/controller/supervisorconfig/jwks.go index 24fa67ff..a507df90 100644 --- a/internal/controller/supervisorconfig/jwks.go +++ b/internal/controller/supervisorconfig/jwks.go @@ -5,8 +5,9 @@ package supervisorconfig import ( "context" + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" - "crypto/rsa" "encoding/json" "fmt" "io" @@ -44,12 +45,12 @@ const ( opcKind = "OIDCProviderConfig" ) -// generateKey is stubbed out for the purpose of testing. The default behavior is to generate an RSA key. +// generateKey is stubbed out for the purpose of testing. The default behavior is to generate an EC key. //nolint:gochecknoglobals -var generateKey func(r io.Reader, bits int) (interface{}, error) = generateRSAKey +var generateKey func(r io.Reader) (interface{}, error) = generateECKey -func generateRSAKey(r io.Reader, bits int) (interface{}, error) { - return rsa.GenerateKey(r, bits) +func generateECKey(r io.Reader) (interface{}, error) { + return ecdsa.GenerateKey(elliptic.P256(), r) } // jwkController holds the fields necessary for the JWKS controller to communicate with OPC's and @@ -205,15 +206,15 @@ func (c *jwksController) generateSecret(opc *configv1alpha1.OIDCProviderConfig) // // For now, we just generate an new RSA keypair and put that in the secret. - key, err := generateKey(rand.Reader, 4096) + key, err := generateKey(rand.Reader) if err != nil { return nil, fmt.Errorf("cannot generate key: %w", err) } jwk := jose.JSONWebKey{ Key: key, - KeyID: "some-key", - Algorithm: "RS256", + KeyID: "pinniped-supervisor-key", + Algorithm: "ES256", Use: "sig", } jwkData, err := json.Marshal(jwk) diff --git a/internal/controller/supervisorconfig/jwks_test.go b/internal/controller/supervisorconfig/jwks_test.go index 30298db4..ecab24ad 100644 --- a/internal/controller/supervisorconfig/jwks_test.go +++ b/internal/controller/supervisorconfig/jwks_test.go @@ -227,11 +227,11 @@ func TestJWKSControllerSync(t *testing.T) { const namespace = "tuna-namespace" - goodRSAKeyPEM, err := ioutil.ReadFile("testdata/good-rsa-key.pem") + goodKeyPEM, err := ioutil.ReadFile("testdata/good-ec-key.pem") require.NoError(t, err) - block, _ := pem.Decode(goodRSAKeyPEM) - require.NotNil(t, block, "expected block to be non-nil...is goodRSAKeyPEM a valid PEM?") - goodRSAKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) + block, _ := pem.Decode(goodKeyPEM) + require.NotNil(t, block, "expected block to be non-nil...is goodKeyPEM a valid PEM?") + goodKey, err := x509.ParseECPrivateKey(block.Bytes) require.NoError(t, err) opcGVR := schema.GroupVersionResource{ @@ -610,9 +610,9 @@ func TestJWKSControllerSync(t *testing.T) { t.Run(test.name, func(t *testing.T) { // We shouldn't run this test in parallel since it messes with a global function (generateKey). generateKeyCount := 0 - generateKey = func(_ io.Reader, _ int) (interface{}, error) { + generateKey = func(_ io.Reader) (interface{}, error) { generateKeyCount++ - return goodRSAKey, test.generateKeyErr + return goodKey, test.generateKeyErr } ctx, cancel := context.WithTimeout(context.Background(), time.Second*3) diff --git a/internal/controller/supervisorconfig/testdata/good-ec-key.pem b/internal/controller/supervisorconfig/testdata/good-ec-key.pem new file mode 100644 index 00000000..211202f4 --- /dev/null +++ b/internal/controller/supervisorconfig/testdata/good-ec-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEINR2PAduYBO64CaDT4vLoMnn8y4UX5VTFdOA7wUQF0n/oAoGCCqGSM49 +AwEHoUQDQgAEawmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2UVwyHTq5ct +qr1vYw6LGUtWJ1STJw7W7sgc6StOLs3RrA== +-----END EC PRIVATE KEY----- diff --git a/internal/controller/supervisorconfig/testdata/good-jwk.json b/internal/controller/supervisorconfig/testdata/good-jwk.json index 20cda4f3..89e4be66 100644 --- a/internal/controller/supervisorconfig/testdata/good-jwk.json +++ b/internal/controller/supervisorconfig/testdata/good-jwk.json @@ -1,14 +1,10 @@ { "use": "sig", - "kty": "RSA", - "kid": "some-key", - "alg": "RS256", - "n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w", - "e": "AQAB", - "d": "yIaLQBD3CzgkRcsdeZN7LLTmL8BHcw-kPEul3WLtPmUBvJsiEfUBd0zgINjKi4gsnzP6azRVXZ0PqURzf3n6NkiJ36Bd70UtLQAldfnHSKmpwy9uVAsLQOrSd7ovI7rsWoCXcW0K1p70lSEcbJYLRlJEipDuLM1aC1iHNAyGEcuQr4vlKaaWJ0lwQv0dxeEYsOTvMUvewOy1T8gREdSOQYJ5PgcF6solq04gCYmGv2paEersPFcfEarA5h8FHKlqGRTGwg3ltJMA1NaRPs0teYR2nKdLUk8nc012F7qfpN8iDx6H6f8tJn_QchgbLo8_s5uB6KC2zmdceCLRiP-VQQ", - "p": "53FGQ4Kc-bJeZfRejxgg1avgi0i7THXpb2_-E2hgUpzFEza2e3TOQ1-N44sotDVjv7bylZwuLsdV7ug9jIVWzr4qldEOlpvGOh_QjqrEl12lwA-9EFNp3UrMwclGUvLwm5QjFRE74iEQR0b0ljetvupNE-FncNWhxlOnQEDXVjE", - "q": "5a1kYSkozQiPHEycYpuflRWRY_twrWywhO2Gwzqq583qBUYInUjhNS6_dzrAA_6rDSuPXux4OjxdkLbVziLfHhLo_f1fCTm0-UlQIasxfn-WTFRpZsAjzaaiL5n0OegvSDAKXbT9zuAfH5r6RjhsSXqG-s5jbk810rVmwUh2Vqc", - "dp": "bhRnaga-qNjYoz-GliLQwzA73aObSjOu8szemNaFMeXUql3Uj4Wv8UWKlBaFJqlaJz5ZxSUCpkczLS2S0Lo-3ph-YsGLYcD3mH-3T5QTazckdeRGdXRnHtTL7MPRyfQ40paz1PpcdCJrvqsV_DjBT9PbE0CbVYSWrGDvZNUyVpE", - "dq": "4jjKASVQSbtfcklHU5zjLy3COc-EaVz_9L4cGZlkktNv6GfVvk31fLOh5OcaEBU8F8nK-n1B4mJo6kwcBWC1kOKhWOLCQ8zyIwQCCFeddXJn8KDH_GvOGBZD80zZkFvQjnK7ExddUvHP1gqI7rdOeYVVBB5bM2CTrAn-vuwHm0s", - "qi": "brSwOeUadJ9wnqNN_cdCKyDb8ed37h7Cd509hkiby7JiD7VqBfFWmYqtIdX-jEfms6OSlCiUKAeTHryKAV7Wb6yHNgT78iOCfgGIIz2mmV8KNdAzdkkMlGu5Uuwi0EW8ww25Xw0c5zIneVZmg-0ydFUUa5GEHrQ3Du7MMAHlQCo" + "kty": "EC", + "kid": "pinniped-supervisor-key", + "crv": "P-256", + "alg": "ES256", + "x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U", + "y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw", + "d": "1HY8B25gE7rgJoNPi8ugyefzLhRflVMV04DvBRAXSf8" } diff --git a/internal/controller/supervisorconfig/testdata/good-jwks.json b/internal/controller/supervisorconfig/testdata/good-jwks.json index ddb4fecb..b099245e 100644 --- a/internal/controller/supervisorconfig/testdata/good-jwks.json +++ b/internal/controller/supervisorconfig/testdata/good-jwks.json @@ -2,11 +2,12 @@ "keys": [ { "use": "sig", - "kty": "RSA", - "kid": "some-key", - "alg": "RS256", - "n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w", - "e": "AQAB" + "kty": "EC", + "kid": "pinniped-supervisor-key", + "crv": "P-256", + "alg": "ES256", + "x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U", + "y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw" } ] } diff --git a/internal/controller/supervisorconfig/testdata/good-rsa-key.pem b/internal/controller/supervisorconfig/testdata/good-rsa-key.pem deleted file mode 100644 index 459761eb..00000000 --- a/internal/controller/supervisorconfig/testdata/good-rsa-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAz6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo -2XshthG21+L82rmxUQ23+1XTkBSBK5iZl3Q/liHt1MLjZrpjuRc0CKMDcrExAMX6 -duicFVlhkIakIeupp+PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa+c2GXuEuX5 -72CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnA -dxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B/Q0g3vGyFNVf0MM4LX3OSre4yVlp -hZOW3YeLIeBq/4KmgutD0AZHzCF18KUjJgOv9wIDAQABAoIBAQDIhotAEPcLOCRF -yx15k3sstOYvwEdzD6Q8S6XdYu0+ZQG8myIR9QF3TOAg2MqLiCyfM/prNFVdnQ+p -RHN/efo2SInfoF3vRS0tACV1+cdIqanDL25UCwtA6tJ3ui8juuxagJdxbQrWnvSV -IRxslgtGUkSKkO4szVoLWIc0DIYRy5Cvi+UpppYnSXBC/R3F4Riw5O8xS97A7LVP -yBER1I5Bgnk+BwXqyiWrTiAJiYa/aloR6uw8Vx8RqsDmHwUcqWoZFMbCDeW0kwDU -1pE+zS15hHacp0tSTydzTXYXup+k3yIPHofp/y0mf9ByGBsujz+zm4HooLbOZ1x4 -ItGI/5VBAoGBAOdxRkOCnPmyXmX0Xo8YINWr4ItIu0x16W9v/hNoYFKcxRM2tnt0 -zkNfjeOLKLQ1Y7+28pWcLi7HVe7oPYyFVs6+KpXRDpabxjof0I6qxJddpcAPvRBT -ad1KzMHJRlLy8JuUIxURO+IhEEdG9JY3rb7qTRPhZ3DVocZTp0BA11YxAoGBAOWt -ZGEpKM0IjxxMnGKbn5UVkWP7cK1ssITthsM6qufN6gVGCJ1I4TUuv3c6wAP+qw0r -j17seDo8XZC21c4i3x4S6P39Xwk5tPlJUCGrMX5/lkxUaWbAI82moi+Z9DnoL0gw -Cl20/c7gHx+a+kY4bEl6hvrOY25PNdK1ZsFIdlanAoGAbhRnaga+qNjYoz+GliLQ -wzA73aObSjOu8szemNaFMeXUql3Uj4Wv8UWKlBaFJqlaJz5ZxSUCpkczLS2S0Lo+ -3ph+YsGLYcD3mH+3T5QTazckdeRGdXRnHtTL7MPRyfQ40paz1PpcdCJrvqsV/DjB -T9PbE0CbVYSWrGDvZNUyVpECgYEA4jjKASVQSbtfcklHU5zjLy3COc+EaVz/9L4c -GZlkktNv6GfVvk31fLOh5OcaEBU8F8nK+n1B4mJo6kwcBWC1kOKhWOLCQ8zyIwQC -CFeddXJn8KDH/GvOGBZD80zZkFvQjnK7ExddUvHP1gqI7rdOeYVVBB5bM2CTrAn+ -vuwHm0sCgYButLA55Rp0n3Ceo039x0IrINvx53fuHsJ3nT2GSJvLsmIPtWoF8VaZ -iq0h1f6MR+azo5KUKJQoB5MevIoBXtZvrIc2BPvyI4J+AYgjPaaZXwo10DN2SQyU -a7lS7CLQRbzDDblfDRznMid5VmaD7TJ0VRRrkYQetDcO7swwAeVAKg== ------END RSA PRIVATE KEY----- diff --git a/internal/controller/supervisorconfig/testdata/invalid-key-jwk.json b/internal/controller/supervisorconfig/testdata/invalid-key-jwk.json index 4c51e5c9..cee9bfb9 100644 --- a/internal/controller/supervisorconfig/testdata/invalid-key-jwk.json +++ b/internal/controller/supervisorconfig/testdata/invalid-key-jwk.json @@ -1,8 +1,10 @@ { "use": "sig", - "kty": "RSA", - "kid": "some-key", - "alg": "RS256", - "n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w", - "e": "0" + "kty": "EC", + "kid": "pinniped-supervisor-key", + "crv": "P-256", + "alg": "ES256", + "x": "0", + "y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw", + "d": "1HY8B25gE7rgJoNPi8ugyefzLhRflVMV04DvBRAXSf8" } diff --git a/internal/controller/supervisorconfig/testdata/invalid-key-jwks.json b/internal/controller/supervisorconfig/testdata/invalid-key-jwks.json index b5eef40e..cff683f2 100644 --- a/internal/controller/supervisorconfig/testdata/invalid-key-jwks.json +++ b/internal/controller/supervisorconfig/testdata/invalid-key-jwks.json @@ -2,11 +2,12 @@ "keys": [ { "use": "sig", - "kty": "RSA", - "kid": "some-key", - "alg": "RS256", - "n": "0", - "e": "AQAB" + "kty": "EC", + "kid": "pinniped-supervisor-key", + "crv": "P-256", + "alg": "ES256", + "x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U", + "y": "0" } ] } diff --git a/internal/controller/supervisorconfig/testdata/missing-active-jwks.json b/internal/controller/supervisorconfig/testdata/missing-active-jwks.json index 08e36e4f..c6e77e6f 100644 --- a/internal/controller/supervisorconfig/testdata/missing-active-jwks.json +++ b/internal/controller/supervisorconfig/testdata/missing-active-jwks.json @@ -2,11 +2,12 @@ "keys": [ { "use": "sig", - "kty": "RSA", + "kty": "EC", "kid": "some-other-key", - "alg": "RS256", - "n": "qNAsShEVuXiPz2UmI-1q_R_80WA3VHWt7WU7NbhPf59GohTKKvosG4a1C8alY2eh25yFIB6BbyPOFnTWFDrPnNmZYn0m0ByHW7EbO92yFKjS6F9p1VICWOp003F5UWIfCy5fzFA3oDBPSBs2r6N9g0xcqbwihuT1Cn1vQb_CRA0-G44XFQ4hHnHJfmFsgv-za7BlcT4V_RRaPtJBNnQRVmNXxjKwLs1XwGAW-I0QObr4HPsMBdBPXJYQeC5WJS59KbP2wvimgkArzStdw-n2H_5TYUaKFyylX8vCb3ndCs7Mp90fI3YGhvZrQ7N7mmL_vn4lrCcQMD2T_U9-dKbB6aXXNlyS-VY-MXbhnY_MGbGIGEdIdwGynGmyuLiNCA9qXDJ4zVWdlatsTqSFyGh20ntj8fcdxfjMg_AXbwr_Fc_9dkvshU9Qsui6FCxB6GwZA4o9Pyu0NtzetWcwZdpKpDaFTkmhQbPMP6MoshovaYdJWYsvuBSjTZycawikgMWAPuinFSAcwI10P6YucJRVlUgIOMusKnGfu8xXxQWysleesJe-1BSQHmyKjIGuIIjiWamAga8Hn4n24LqlBhRgjPJqL_QH25GrpIyFW-6DsHuOKNgJk7IJSZOl6Mkox660gsbdfpTsYeEY9IWc5am4vZOfadx86d9O13p7rZBUsus", - "e": "AQAB" + "crv": "P-256", + "alg": "ES256", + "x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U", + "y": "0" } ] } diff --git a/internal/controller/supervisorconfig/testdata/private-jwks.json b/internal/controller/supervisorconfig/testdata/private-jwks.json index d72ce22b..b88f8fcc 100644 --- a/internal/controller/supervisorconfig/testdata/private-jwks.json +++ b/internal/controller/supervisorconfig/testdata/private-jwks.json @@ -2,17 +2,13 @@ "keys": [ { "use": "sig", - "kty": "RSA", - "kid": "some-key", - "alg": "RS256", - "n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w", - "e": "AQAB", - "d": "yIaLQBD3CzgkRcsdeZN7LLTmL8BHcw-kPEul3WLtPmUBvJsiEfUBd0zgINjKi4gsnzP6azRVXZ0PqURzf3n6NkiJ36Bd70UtLQAldfnHSKmpwy9uVAsLQOrSd7ovI7rsWoCXcW0K1p70lSEcbJYLRlJEipDuLM1aC1iHNAyGEcuQr4vlKaaWJ0lwQv0dxeEYsOTvMUvewOy1T8gREdSOQYJ5PgcF6solq04gCYmGv2paEersPFcfEarA5h8FHKlqGRTGwg3ltJMA1NaRPs0teYR2nKdLUk8nc012F7qfpN8iDx6H6f8tJn_QchgbLo8_s5uB6KC2zmdceCLRiP-VQQ", - "p": "53FGQ4Kc-bJeZfRejxgg1avgi0i7THXpb2_-E2hgUpzFEza2e3TOQ1-N44sotDVjv7bylZwuLsdV7ug9jIVWzr4qldEOlpvGOh_QjqrEl12lwA-9EFNp3UrMwclGUvLwm5QjFRE74iEQR0b0ljetvupNE-FncNWhxlOnQEDXVjE", - "q": "5a1kYSkozQiPHEycYpuflRWRY_twrWywhO2Gwzqq583qBUYInUjhNS6_dzrAA_6rDSuPXux4OjxdkLbVziLfHhLo_f1fCTm0-UlQIasxfn-WTFRpZsAjzaaiL5n0OegvSDAKXbT9zuAfH5r6RjhsSXqG-s5jbk810rVmwUh2Vqc", - "dp": "bhRnaga-qNjYoz-GliLQwzA73aObSjOu8szemNaFMeXUql3Uj4Wv8UWKlBaFJqlaJz5ZxSUCpkczLS2S0Lo-3ph-YsGLYcD3mH-3T5QTazckdeRGdXRnHtTL7MPRyfQ40paz1PpcdCJrvqsV_DjBT9PbE0CbVYSWrGDvZNUyVpE", - "dq": "4jjKASVQSbtfcklHU5zjLy3COc-EaVz_9L4cGZlkktNv6GfVvk31fLOh5OcaEBU8F8nK-n1B4mJo6kwcBWC1kOKhWOLCQ8zyIwQCCFeddXJn8KDH_GvOGBZD80zZkFvQjnK7ExddUvHP1gqI7rdOeYVVBB5bM2CTrAn-vuwHm0s", - "qi": "brSwOeUadJ9wnqNN_cdCKyDb8ed37h7Cd509hkiby7JiD7VqBfFWmYqtIdX-jEfms6OSlCiUKAeTHryKAV7Wb6yHNgT78iOCfgGIIz2mmV8KNdAzdkkMlGu5Uuwi0EW8ww25Xw0c5zIneVZmg-0ydFUUa5GEHrQ3Du7MMAHlQCo" + "kty": "EC", + "kid": "pinniped-supervisor-key", + "crv": "P-256", + "alg": "ES256", + "x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U", + "y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw", + "d": "1HY8B25gE7rgJoNPi8ugyefzLhRflVMV04DvBRAXSf8" } ] } diff --git a/internal/controller/supervisorconfig/testdata/public-jwk.json b/internal/controller/supervisorconfig/testdata/public-jwk.json index 1b4b7a88..bd440e4e 100644 --- a/internal/controller/supervisorconfig/testdata/public-jwk.json +++ b/internal/controller/supervisorconfig/testdata/public-jwk.json @@ -1,8 +1,9 @@ { "use": "sig", - "kty": "RSA", - "kid": "some-key", - "alg": "RS256", - "n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w", - "e": "AQAB" + "kty": "EC", + "kid": "pinniped-supervisor-key", + "crv": "P-256", + "alg": "ES256", + "x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U", + "y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw" } diff --git a/test/integration/supervisor_keys_test.go b/test/integration/supervisor_keys_test.go index feb7f50c..b6f73e93 100644 --- a/test/integration/supervisor_keys_test.go +++ b/test/integration/supervisor_keys_test.go @@ -27,7 +27,6 @@ func TestSupervisorOIDCKeys(t *testing.T) { defer cancel() // Create our OPC under test. - // TODO: maybe use this in other supervisor test? opc := library.CreateTestOIDCProvider(ctx, t, "") // Ensure a secret is created with the OPC's JWKS.