supervisor-generate-key: use EC keys intead of RSA
EC keys are smaller and take less time to generate. Our integration tests were super flakey because generating an RSA key would take up to 10 seconds *gasp*. The main token verifier that we care about is Kubernetes, which supports P256, so hopefully it won't be that much of an issue that our default signing key type is EC. The OIDC spec seems kinda squirmy when it comes to using non-RSA signing algorithms... Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler
parent
5a0dab768f
commit
e05213f9dd
@ -5,8 +5,9 @@ package supervisorconfig
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
@ -44,12 +45,12 @@ const (
|
||||
opcKind = "OIDCProviderConfig"
|
||||
)
|
||||
|
||||
// generateKey is stubbed out for the purpose of testing. The default behavior is to generate an RSA key.
|
||||
// generateKey is stubbed out for the purpose of testing. The default behavior is to generate an EC key.
|
||||
//nolint:gochecknoglobals
|
||||
var generateKey func(r io.Reader, bits int) (interface{}, error) = generateRSAKey
|
||||
var generateKey func(r io.Reader) (interface{}, error) = generateECKey
|
||||
|
||||
func generateRSAKey(r io.Reader, bits int) (interface{}, error) {
|
||||
return rsa.GenerateKey(r, bits)
|
||||
func generateECKey(r io.Reader) (interface{}, error) {
|
||||
return ecdsa.GenerateKey(elliptic.P256(), r)
|
||||
}
|
||||
|
||||
// jwkController holds the fields necessary for the JWKS controller to communicate with OPC's and
|
||||
@ -205,15 +206,15 @@ func (c *jwksController) generateSecret(opc *configv1alpha1.OIDCProviderConfig)
|
||||
//
|
||||
// For now, we just generate an new RSA keypair and put that in the secret.
|
||||
|
||||
key, err := generateKey(rand.Reader, 4096)
|
||||
key, err := generateKey(rand.Reader)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot generate key: %w", err)
|
||||
}
|
||||
|
||||
jwk := jose.JSONWebKey{
|
||||
Key: key,
|
||||
KeyID: "some-key",
|
||||
Algorithm: "RS256",
|
||||
KeyID: "pinniped-supervisor-key",
|
||||
Algorithm: "ES256",
|
||||
Use: "sig",
|
||||
}
|
||||
jwkData, err := json.Marshal(jwk)
|
||||
|
||||
@ -227,11 +227,11 @@ func TestJWKSControllerSync(t *testing.T) {
|
||||
|
||||
const namespace = "tuna-namespace"
|
||||
|
||||
goodRSAKeyPEM, err := ioutil.ReadFile("testdata/good-rsa-key.pem")
|
||||
goodKeyPEM, err := ioutil.ReadFile("testdata/good-ec-key.pem")
|
||||
require.NoError(t, err)
|
||||
block, _ := pem.Decode(goodRSAKeyPEM)
|
||||
require.NotNil(t, block, "expected block to be non-nil...is goodRSAKeyPEM a valid PEM?")
|
||||
goodRSAKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
||||
block, _ := pem.Decode(goodKeyPEM)
|
||||
require.NotNil(t, block, "expected block to be non-nil...is goodKeyPEM a valid PEM?")
|
||||
goodKey, err := x509.ParseECPrivateKey(block.Bytes)
|
||||
require.NoError(t, err)
|
||||
|
||||
opcGVR := schema.GroupVersionResource{
|
||||
@ -610,9 +610,9 @@ func TestJWKSControllerSync(t *testing.T) {
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
// We shouldn't run this test in parallel since it messes with a global function (generateKey).
|
||||
generateKeyCount := 0
|
||||
generateKey = func(_ io.Reader, _ int) (interface{}, error) {
|
||||
generateKey = func(_ io.Reader) (interface{}, error) {
|
||||
generateKeyCount++
|
||||
return goodRSAKey, test.generateKeyErr
|
||||
return goodKey, test.generateKeyErr
|
||||
}
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Second*3)
|
||||
|
||||
5
internal/controller/supervisorconfig/testdata/good-ec-key.pem
vendored
Normal file
5
internal/controller/supervisorconfig/testdata/good-ec-key.pem
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEINR2PAduYBO64CaDT4vLoMnn8y4UX5VTFdOA7wUQF0n/oAoGCCqGSM49
|
||||
AwEHoUQDQgAEawmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2UVwyHTq5ct
|
||||
qr1vYw6LGUtWJ1STJw7W7sgc6StOLs3RrA==
|
||||
-----END EC PRIVATE KEY-----
|
||||
@ -1,14 +1,10 @@
|
||||
{
|
||||
"use": "sig",
|
||||
"kty": "RSA",
|
||||
"kid": "some-key",
|
||||
"alg": "RS256",
|
||||
"n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w",
|
||||
"e": "AQAB",
|
||||
"d": "yIaLQBD3CzgkRcsdeZN7LLTmL8BHcw-kPEul3WLtPmUBvJsiEfUBd0zgINjKi4gsnzP6azRVXZ0PqURzf3n6NkiJ36Bd70UtLQAldfnHSKmpwy9uVAsLQOrSd7ovI7rsWoCXcW0K1p70lSEcbJYLRlJEipDuLM1aC1iHNAyGEcuQr4vlKaaWJ0lwQv0dxeEYsOTvMUvewOy1T8gREdSOQYJ5PgcF6solq04gCYmGv2paEersPFcfEarA5h8FHKlqGRTGwg3ltJMA1NaRPs0teYR2nKdLUk8nc012F7qfpN8iDx6H6f8tJn_QchgbLo8_s5uB6KC2zmdceCLRiP-VQQ",
|
||||
"p": "53FGQ4Kc-bJeZfRejxgg1avgi0i7THXpb2_-E2hgUpzFEza2e3TOQ1-N44sotDVjv7bylZwuLsdV7ug9jIVWzr4qldEOlpvGOh_QjqrEl12lwA-9EFNp3UrMwclGUvLwm5QjFRE74iEQR0b0ljetvupNE-FncNWhxlOnQEDXVjE",
|
||||
"q": "5a1kYSkozQiPHEycYpuflRWRY_twrWywhO2Gwzqq583qBUYInUjhNS6_dzrAA_6rDSuPXux4OjxdkLbVziLfHhLo_f1fCTm0-UlQIasxfn-WTFRpZsAjzaaiL5n0OegvSDAKXbT9zuAfH5r6RjhsSXqG-s5jbk810rVmwUh2Vqc",
|
||||
"dp": "bhRnaga-qNjYoz-GliLQwzA73aObSjOu8szemNaFMeXUql3Uj4Wv8UWKlBaFJqlaJz5ZxSUCpkczLS2S0Lo-3ph-YsGLYcD3mH-3T5QTazckdeRGdXRnHtTL7MPRyfQ40paz1PpcdCJrvqsV_DjBT9PbE0CbVYSWrGDvZNUyVpE",
|
||||
"dq": "4jjKASVQSbtfcklHU5zjLy3COc-EaVz_9L4cGZlkktNv6GfVvk31fLOh5OcaEBU8F8nK-n1B4mJo6kwcBWC1kOKhWOLCQ8zyIwQCCFeddXJn8KDH_GvOGBZD80zZkFvQjnK7ExddUvHP1gqI7rdOeYVVBB5bM2CTrAn-vuwHm0s",
|
||||
"qi": "brSwOeUadJ9wnqNN_cdCKyDb8ed37h7Cd509hkiby7JiD7VqBfFWmYqtIdX-jEfms6OSlCiUKAeTHryKAV7Wb6yHNgT78iOCfgGIIz2mmV8KNdAzdkkMlGu5Uuwi0EW8ww25Xw0c5zIneVZmg-0ydFUUa5GEHrQ3Du7MMAHlQCo"
|
||||
"kty": "EC",
|
||||
"kid": "pinniped-supervisor-key",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U",
|
||||
"y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw",
|
||||
"d": "1HY8B25gE7rgJoNPi8ugyefzLhRflVMV04DvBRAXSf8"
|
||||
}
|
||||
|
||||
@ -2,11 +2,12 @@
|
||||
"keys": [
|
||||
{
|
||||
"use": "sig",
|
||||
"kty": "RSA",
|
||||
"kid": "some-key",
|
||||
"alg": "RS256",
|
||||
"n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w",
|
||||
"e": "AQAB"
|
||||
"kty": "EC",
|
||||
"kid": "pinniped-supervisor-key",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U",
|
||||
"y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAz6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo
|
||||
2XshthG21+L82rmxUQ23+1XTkBSBK5iZl3Q/liHt1MLjZrpjuRc0CKMDcrExAMX6
|
||||
duicFVlhkIakIeupp+PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa+c2GXuEuX5
|
||||
72CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnA
|
||||
dxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B/Q0g3vGyFNVf0MM4LX3OSre4yVlp
|
||||
hZOW3YeLIeBq/4KmgutD0AZHzCF18KUjJgOv9wIDAQABAoIBAQDIhotAEPcLOCRF
|
||||
yx15k3sstOYvwEdzD6Q8S6XdYu0+ZQG8myIR9QF3TOAg2MqLiCyfM/prNFVdnQ+p
|
||||
RHN/efo2SInfoF3vRS0tACV1+cdIqanDL25UCwtA6tJ3ui8juuxagJdxbQrWnvSV
|
||||
IRxslgtGUkSKkO4szVoLWIc0DIYRy5Cvi+UpppYnSXBC/R3F4Riw5O8xS97A7LVP
|
||||
yBER1I5Bgnk+BwXqyiWrTiAJiYa/aloR6uw8Vx8RqsDmHwUcqWoZFMbCDeW0kwDU
|
||||
1pE+zS15hHacp0tSTydzTXYXup+k3yIPHofp/y0mf9ByGBsujz+zm4HooLbOZ1x4
|
||||
ItGI/5VBAoGBAOdxRkOCnPmyXmX0Xo8YINWr4ItIu0x16W9v/hNoYFKcxRM2tnt0
|
||||
zkNfjeOLKLQ1Y7+28pWcLi7HVe7oPYyFVs6+KpXRDpabxjof0I6qxJddpcAPvRBT
|
||||
ad1KzMHJRlLy8JuUIxURO+IhEEdG9JY3rb7qTRPhZ3DVocZTp0BA11YxAoGBAOWt
|
||||
ZGEpKM0IjxxMnGKbn5UVkWP7cK1ssITthsM6qufN6gVGCJ1I4TUuv3c6wAP+qw0r
|
||||
j17seDo8XZC21c4i3x4S6P39Xwk5tPlJUCGrMX5/lkxUaWbAI82moi+Z9DnoL0gw
|
||||
Cl20/c7gHx+a+kY4bEl6hvrOY25PNdK1ZsFIdlanAoGAbhRnaga+qNjYoz+GliLQ
|
||||
wzA73aObSjOu8szemNaFMeXUql3Uj4Wv8UWKlBaFJqlaJz5ZxSUCpkczLS2S0Lo+
|
||||
3ph+YsGLYcD3mH+3T5QTazckdeRGdXRnHtTL7MPRyfQ40paz1PpcdCJrvqsV/DjB
|
||||
T9PbE0CbVYSWrGDvZNUyVpECgYEA4jjKASVQSbtfcklHU5zjLy3COc+EaVz/9L4c
|
||||
GZlkktNv6GfVvk31fLOh5OcaEBU8F8nK+n1B4mJo6kwcBWC1kOKhWOLCQ8zyIwQC
|
||||
CFeddXJn8KDH/GvOGBZD80zZkFvQjnK7ExddUvHP1gqI7rdOeYVVBB5bM2CTrAn+
|
||||
vuwHm0sCgYButLA55Rp0n3Ceo039x0IrINvx53fuHsJ3nT2GSJvLsmIPtWoF8VaZ
|
||||
iq0h1f6MR+azo5KUKJQoB5MevIoBXtZvrIc2BPvyI4J+AYgjPaaZXwo10DN2SQyU
|
||||
a7lS7CLQRbzDDblfDRznMid5VmaD7TJ0VRRrkYQetDcO7swwAeVAKg==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@ -1,8 +1,10 @@
|
||||
{
|
||||
"use": "sig",
|
||||
"kty": "RSA",
|
||||
"kid": "some-key",
|
||||
"alg": "RS256",
|
||||
"n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w",
|
||||
"e": "0"
|
||||
"kty": "EC",
|
||||
"kid": "pinniped-supervisor-key",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "0",
|
||||
"y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw",
|
||||
"d": "1HY8B25gE7rgJoNPi8ugyefzLhRflVMV04DvBRAXSf8"
|
||||
}
|
||||
|
||||
@ -2,11 +2,12 @@
|
||||
"keys": [
|
||||
{
|
||||
"use": "sig",
|
||||
"kty": "RSA",
|
||||
"kid": "some-key",
|
||||
"alg": "RS256",
|
||||
"n": "0",
|
||||
"e": "AQAB"
|
||||
"kty": "EC",
|
||||
"kid": "pinniped-supervisor-key",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U",
|
||||
"y": "0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,11 +2,12 @@
|
||||
"keys": [
|
||||
{
|
||||
"use": "sig",
|
||||
"kty": "RSA",
|
||||
"kty": "EC",
|
||||
"kid": "some-other-key",
|
||||
"alg": "RS256",
|
||||
"n": "qNAsShEVuXiPz2UmI-1q_R_80WA3VHWt7WU7NbhPf59GohTKKvosG4a1C8alY2eh25yFIB6BbyPOFnTWFDrPnNmZYn0m0ByHW7EbO92yFKjS6F9p1VICWOp003F5UWIfCy5fzFA3oDBPSBs2r6N9g0xcqbwihuT1Cn1vQb_CRA0-G44XFQ4hHnHJfmFsgv-za7BlcT4V_RRaPtJBNnQRVmNXxjKwLs1XwGAW-I0QObr4HPsMBdBPXJYQeC5WJS59KbP2wvimgkArzStdw-n2H_5TYUaKFyylX8vCb3ndCs7Mp90fI3YGhvZrQ7N7mmL_vn4lrCcQMD2T_U9-dKbB6aXXNlyS-VY-MXbhnY_MGbGIGEdIdwGynGmyuLiNCA9qXDJ4zVWdlatsTqSFyGh20ntj8fcdxfjMg_AXbwr_Fc_9dkvshU9Qsui6FCxB6GwZA4o9Pyu0NtzetWcwZdpKpDaFTkmhQbPMP6MoshovaYdJWYsvuBSjTZycawikgMWAPuinFSAcwI10P6YucJRVlUgIOMusKnGfu8xXxQWysleesJe-1BSQHmyKjIGuIIjiWamAga8Hn4n24LqlBhRgjPJqL_QH25GrpIyFW-6DsHuOKNgJk7IJSZOl6Mkox660gsbdfpTsYeEY9IWc5am4vZOfadx86d9O13p7rZBUsus",
|
||||
"e": "AQAB"
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U",
|
||||
"y": "0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,17 +2,13 @@
|
||||
"keys": [
|
||||
{
|
||||
"use": "sig",
|
||||
"kty": "RSA",
|
||||
"kid": "some-key",
|
||||
"alg": "RS256",
|
||||
"n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w",
|
||||
"e": "AQAB",
|
||||
"d": "yIaLQBD3CzgkRcsdeZN7LLTmL8BHcw-kPEul3WLtPmUBvJsiEfUBd0zgINjKi4gsnzP6azRVXZ0PqURzf3n6NkiJ36Bd70UtLQAldfnHSKmpwy9uVAsLQOrSd7ovI7rsWoCXcW0K1p70lSEcbJYLRlJEipDuLM1aC1iHNAyGEcuQr4vlKaaWJ0lwQv0dxeEYsOTvMUvewOy1T8gREdSOQYJ5PgcF6solq04gCYmGv2paEersPFcfEarA5h8FHKlqGRTGwg3ltJMA1NaRPs0teYR2nKdLUk8nc012F7qfpN8iDx6H6f8tJn_QchgbLo8_s5uB6KC2zmdceCLRiP-VQQ",
|
||||
"p": "53FGQ4Kc-bJeZfRejxgg1avgi0i7THXpb2_-E2hgUpzFEza2e3TOQ1-N44sotDVjv7bylZwuLsdV7ug9jIVWzr4qldEOlpvGOh_QjqrEl12lwA-9EFNp3UrMwclGUvLwm5QjFRE74iEQR0b0ljetvupNE-FncNWhxlOnQEDXVjE",
|
||||
"q": "5a1kYSkozQiPHEycYpuflRWRY_twrWywhO2Gwzqq583qBUYInUjhNS6_dzrAA_6rDSuPXux4OjxdkLbVziLfHhLo_f1fCTm0-UlQIasxfn-WTFRpZsAjzaaiL5n0OegvSDAKXbT9zuAfH5r6RjhsSXqG-s5jbk810rVmwUh2Vqc",
|
||||
"dp": "bhRnaga-qNjYoz-GliLQwzA73aObSjOu8szemNaFMeXUql3Uj4Wv8UWKlBaFJqlaJz5ZxSUCpkczLS2S0Lo-3ph-YsGLYcD3mH-3T5QTazckdeRGdXRnHtTL7MPRyfQ40paz1PpcdCJrvqsV_DjBT9PbE0CbVYSWrGDvZNUyVpE",
|
||||
"dq": "4jjKASVQSbtfcklHU5zjLy3COc-EaVz_9L4cGZlkktNv6GfVvk31fLOh5OcaEBU8F8nK-n1B4mJo6kwcBWC1kOKhWOLCQ8zyIwQCCFeddXJn8KDH_GvOGBZD80zZkFvQjnK7ExddUvHP1gqI7rdOeYVVBB5bM2CTrAn-vuwHm0s",
|
||||
"qi": "brSwOeUadJ9wnqNN_cdCKyDb8ed37h7Cd509hkiby7JiD7VqBfFWmYqtIdX-jEfms6OSlCiUKAeTHryKAV7Wb6yHNgT78iOCfgGIIz2mmV8KNdAzdkkMlGu5Uuwi0EW8ww25Xw0c5zIneVZmg-0ydFUUa5GEHrQ3Du7MMAHlQCo"
|
||||
"kty": "EC",
|
||||
"kid": "pinniped-supervisor-key",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U",
|
||||
"y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw",
|
||||
"d": "1HY8B25gE7rgJoNPi8ugyefzLhRflVMV04DvBRAXSf8"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,8 +1,9 @@
|
||||
{
|
||||
"use": "sig",
|
||||
"kty": "RSA",
|
||||
"kid": "some-key",
|
||||
"alg": "RS256",
|
||||
"n": "z6UWJvYJtVxXpvITGDdq9I2ln73zu7gH4RB4q7t5bKFPYAEo2XshthG21-L82rmxUQ23-1XTkBSBK5iZl3Q_liHt1MLjZrpjuRc0CKMDcrExAMX6duicFVlhkIakIeupp-PrlvLSp9ZNXuQ3z1eSKK51d2svHRSqJXdHBa-c2GXuEuX572CnV2oGO06L8f1Tt0yLT3HxzHMRbwntID9Rg2KJj0f5lBin2Kd4wJejHgBj8hnAdxe6nnDsFYqgUQu3Qao9edgwiX9EftzGlo9B_Q0g3vGyFNVf0MM4LX3OSre4yVlphZOW3YeLIeBq_4KmgutD0AZHzCF18KUjJgOv9w",
|
||||
"e": "AQAB"
|
||||
"kty": "EC",
|
||||
"kid": "pinniped-supervisor-key",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U",
|
||||
"y": "FcMh06uXLaq9b2MOixlLVidUkycO1u7IHOkrTi7N0aw"
|
||||
}
|
||||
|
||||
@ -27,7 +27,6 @@ func TestSupervisorOIDCKeys(t *testing.T) {
|
||||
defer cancel()
|
||||
|
||||
// Create our OPC under test.
|
||||
// TODO: maybe use this in other supervisor test?
|
||||
opc := library.CreateTestOIDCProvider(ctx, t, "")
|
||||
|
||||
// Ensure a secret is created with the OPC's JWKS.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user