Skip to content

Instantly share code, notes, and snippets.

View ritou's full-sized avatar

Ryo Ito ritou

45 followers · 8 following
View GitHub Profile
@ritou
ritou / openssl-rsa-pubkey-handling.pl
Last active December 13, 2015 20:09
openssl-rsa-pubkey-handling.pl This is RSA Public key Handling. 1. X.509 Cert to Public Key. 2. Modulus, Exponent to Public Key
#!/usr/bin/env perl
use strict;
use warnings;
use Crypt::OpenSSL::CA;
use Crypt::OpenSSL::RSA;
use Crypt::OpenSSL::Bignum;
use MIME::Base64 qw(decode_base64);
@ritou
ritou / validate_id_token_using_JSON_WebToken.pl
Created February 14, 2013 19:50
ID Token validation using JSON::WebToken module
#!/usr/bin/env perl
use strict;
use warnings;
use Crypt::OpenSSL::CA;
use JSON::WebToken;
use Data::Dump qw(dump);
my $jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzNTk0Mjg3MTgsInN1YiI6IlU2WFRQa0YzNGd1dmVzdTVrQktKTmtobXloY0tKX2FqWHFtTDBzZFVJTVUiLCJpYXQiOjEzNTk0MjgxMTgsImF1ZCI6IjVaUDcyYzdDbEQyUXlyR0dmcTFrWXkxMzU5NDIxMjA1IiwiaXNzIjoiaHR0cHM6Ly8ybmRhdXRoLm9wZW5pZGNvbm5lY3QuaW5mbyJ9.g-xh044m2h402Pk9oEvYU-gv7_qjrrY1HuO7BQukC4jhYQMLcXcc8W9orW5vbt7_Hymi9ZU8KRl6Et01L9FXZ73HkFn4DokEPo76LyF1JnVA3DfBuX2izh_qprX-fyzOmq7SxGzWwSnDMJGjRHpWXifyeE8dhwSE4tmC2Cu-FNWqHzkJmYCUQoHwAgAFx4e4oOwcs59Q9o1OA21-p8g8_4_9W9QHf6dUeo42-TdKU82M9KiUrXsaV3X3ed9evLvMkDmHMFPZskd1OgzLQkkQ-1mNhXqlB8fJLOL1LpBC5f_xY1y_iwi6gRnmbHST1c6ji5QawpjBu_HdLV6-0ufyjQ";
@ritou
ritou / crypt_jwt_sample_jws_exXXX.pl
Created November 16, 2015 13:30
Crypt::JWTを用いてESXXXなJSON Web Signatureをごにょごにょするサンプル
use Crypt::JWT qw(encode_jwt decode_jwt);
use Crypt::PK::ECC;
use MIME::Base64 qw(decode_base64url);
use Data::Dumper;
warn "=== Example JWS Using ECDSA P-256 SHA-256 ===\n";
warn "see https://tools.ietf.org/html/rfc7515#appendix-A.3\n";
warn "=== Private Key ===\n";
my $ec_jwk_data = {
@ritou
ritou / crypt_jwt_sample_jws_rs256.pl
Created November 16, 2015 06:03
Crypt::JWTを用いてRS256なJSON Web Signatureをごにょごにょするサンプル
use Crypt::JWT qw(encode_jwt decode_jwt);
use Crypt::PK::RSA;
use MIME::Base64 qw(decode_base64url);
use Data::Dumper;
warn "see https://tools.ietf.org/html/rfc7515#appendix-A.2\n";
my $payload = decode_base64url("eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ");
my $rsa_priv_data = {
"kty" => "RSA",
"n" => "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",
@ritou
ritou / crypt_jwt_sample_jws_es512.pl
Created November 14, 2015 15:06
sample for Crypt::JWT
use Crypt::JWT qw(encode_jwt decode_jwt);
use Data::Dumper;
# encode
my $payload = "Payload";
my $ecc_priv = {
kty => "EC",
crv => "P-521",
x => "AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk",
@ritou
ritou / handling_rsa_pubkey.pl
Last active October 25, 2015 09:31
use Crypt::OpenSSL::CA;
use Crypt::OpenSSL::Bignum;
use Crypt::OpenSSL::RSA;
use MIME::Base64 qw/encode_base64url decode_base64url/;
use Data::Dumper;
# Crypt::OpenSSL::CA to n and e
my $rsa_pubkey = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XxKc3Rz/8EakvZG+Ez9
nCpdn2HGVq0CRD1GZ/fEuM7nHfmy1LzC0VyNa8YkU7Qrb4s/BgSxjFrLvbpFHcUo
@ritou
ritou / oc4_rp_tests.md
Created October 4, 2012 03:18
OpenID Connect Interop OC4 RP Tests

OpenID Connect InteropでRPが実施すべきテスト一覧を残しておく。

OC4:FeatureTest-Requesting_UserInfo_Claims_with_scope_Values

Use the OP http://www.kodtest.se:8088/ . This OP supports provider info discovery and client registration. When you issue the authorization request specify for instance scope="openid email". To verify that the OP acted on the scope specification you have to do a Userinfo request and check that there it contains email and email_verified claims.

  • リクエストでscope=openid emailを指定
  • UserInfoレスポンスでemail, verifiedが返ってくることを確認
@ritou
ritou / gist:3130368
Created July 17, 2012 16:14
Ubuntuでoictestを動かすまでにやったこと
Ubuntuでoictestを動かすまでにやったこと
$ mkdir ~/oictest
$ cd ~/oictest
# ソース落とす
$ git clone git://github.com/rohe/pyoidc.git
# $ git clone git://github.com/andreassolberg/oictest.git
# oictestは自分でforkしたものを利用する
$ git clone git@github.com:ritou/oictest.git
@ritou
ritou / gist:3130212
Created July 17, 2012 15:47
20120717 oictest result for my OP
$ oic_flow_tests.py ryo > ryo.out
$ cat ryo.out
* (mj-00)Client registration Request - OK
* (mj-01)Request with response_type=code - OK
* (oic-code-token)Simple authorization grant flow - OK
* (mj-39)Trying to use access code twice should result in an error - OK
* (mj-40)Trying to use access code twice should result in revoking previous issued tokens - OK
* (oic-code-token-userinfo_bb)Authorization grant flow response_type='code token',
UserInfo request using POST and bearer body authentication - OK
* (mj-02)Request with response_type=token - OK
@ritou
ritou / gist:2520183
Created April 28, 2012 16:51
SITF デモ環境

SITF デモ環境

SITFとは?

学生かどうかの情報を含む属性情報を安全に流通させるしくみ

簡単に動くやつつくってみた。予定はないけどデモとかに使えるようにするのが今回の目的。