package oidc import ( "crypto" "fmt" "strings" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/authelia/authelia/v4/internal/configuration/schema" ) func TestKeyManager_AddActiveJWK(t *testing.T) { manager := NewKeyManager() assert.Nil(t, manager.jwk) assert.Nil(t, manager.Strategy()) j, err := manager.AddActiveJWK(schema.X509CertificateChain{}, MustParseRSAPrivateKey(exampleIssuerPrivateKey)) require.NoError(t, err) require.NotNil(t, j) require.NotNil(t, manager.jwk) require.NotNil(t, manager.Strategy()) thumbprint, err := j.JSONWebKey().Thumbprint(crypto.SHA1) assert.NoError(t, err) kid := strings.ToLower(fmt.Sprintf("%x", thumbprint)[:6]) assert.Equal(t, manager.jwk.id, kid) assert.Equal(t, kid, j.JSONWebKey().KeyID) assert.Len(t, manager.jwks.Keys, 1) keys := manager.jwks.Key(kid) assert.Equal(t, keys[0].KeyID, kid) privKey, err := manager.GetActivePrivateKey() assert.NoError(t, err) assert.NotNil(t, privKey) webKey, err := manager.GetActiveJWK() assert.NoError(t, err) assert.NotNil(t, webKey) keySet := manager.GetKeySet() assert.NotNil(t, keySet) assert.Equal(t, kid, manager.GetActiveKeyID()) }