hpke: move published public keys to a new endpoint (#4044)

2025-06-02 10:52:49 +02:00 · 2023-03-08 09:17:04 -07:00 · 2023-03-08 09:17:04 -07:00 · 0f295d4a63
commit 0f295d4a63
parent 74463c5468
13 changed files with 136 additions and 71 deletions
--- a/pkg/hpke/http_test.go
+++ b/pkg/hpke/http_test.go
@ -0,0 +1,34 @@
+package hpke_test
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/pomerium/pomerium/internal/handlers"
+	"github.com/pomerium/pomerium/pkg/hpke"
+)
+
+func TestFetchPublicKeyFromJWKS(t *testing.T) {
+	t.Parallel()
+
+	ctx, clearTimeout := context.WithTimeout(context.Background(), time.Second*10)
+	t.Cleanup(clearTimeout)
+
+	hpkePrivateKey, err := hpke.GeneratePrivateKey()
+	require.NoError(t, err)
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey()).ServeHTTP(w, r)
+	}))
+	t.Cleanup(srv.Close)
+
+	publicKey, err := hpke.FetchPublicKey(ctx, http.DefaultClient, srv.URL)
+	assert.NoError(t, err)
+	assert.Equal(t, hpkePrivateKey.PublicKey().String(), publicKey.String())
+}