Skip to content

Commit 016ef9b

Browse files
committed
chore: remove hardcoded private key
1 parent 22471ba commit 016ef9b

File tree

1 file changed

+30
-32
lines changed

1 file changed

+30
-32
lines changed

internal/m2mauth/m2mauth_test.go

Lines changed: 30 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@
1717
package m2mauth
1818

1919
import (
20+
"crypto/rand"
21+
"crypto/rsa"
22+
"crypto/x509"
23+
"encoding/pem"
2024
"net/http"
2125
"os"
2226
"regexp"
@@ -27,6 +31,26 @@ import (
2731
"github.com/stretchr/testify/require"
2832
)
2933

34+
// generateTestPrivateKey creates a 2048-bit RSA private key in PKCS8 PEM format for testing
35+
func generateTestPrivateKey() (string, error) {
36+
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
37+
if err != nil {
38+
return "", err
39+
}
40+
41+
pkcs8Bytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
42+
if err != nil {
43+
return "", err
44+
}
45+
46+
pemBlock := &pem.Block{
47+
Type: "PRIVATE KEY",
48+
Bytes: pkcs8Bytes,
49+
}
50+
51+
return string(pem.EncodeToMemory(pemBlock)), nil
52+
}
53+
3054
func TestMain(m *testing.M) {
3155
var reset func()
3256
reset = testutils.OsSetEnvIfBlank("OKTA_AWSCLI_ORG_DOMAIN", testutils.TestDomainName)
@@ -42,38 +66,12 @@ func TestMain(m *testing.M) {
4266
reset = testutils.OsSetEnvIfBlank("OKTA_AWSCLI_KEY_ID", "kid-rock")
4367
defer reset()
4468

45-
// NOTE: Okta Security this is just some random PK to unit test the client
46-
// assertion generator in this app. PK was created with
47-
// `openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt`
48-
reset = testutils.OsSetEnvIfBlank("OKTA_AWSCLI_PRIVATE_KEY", `
49-
-----BEGIN PRIVATE KEY-----
50-
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDb6SvsSfrP69gO
51-
yDpdXsZsT3ydS/ggCYFV8NhbHx6VtJeoLuQp+TCJ0pc4sC0ZvnBk5r6oAubLLDgK
52-
zqDsf8rIzg91mZPH2KfQs0bM02q+2naLkHYIVXjCFMh3ibXGWuNH/cItm9CLHJz0
53-
11K4LmsXUJdre4suSGDmUKOYgJqpcYHaWeEGNWcnMb7UGC+lcaXpwnkbp5ziBP6P
54-
PC/OH9S/HVDpiuJioex/zLLeCF/jnjHnbIa5EY1I5eWDttDgCxBRe+0p8XOtI6KJ
55-
wIUkhank99DoVp+KIcCxFW6WfQCac9/oT5I8I+j0lOtBAfQo+d2uVQd2xX80vsdM
56-
D2zvgyUHAgMBAAECggEAP4iQDgYZljR3CV5DrnIRNX2JbRBjsS3N1fxtJXZKKcow
57-
/n/9nzrFESxsUA5mGUfxxNT9RCECeLRfxI+J4onRFk6iHMGv9k7bvOnujIKQFm+b
58-
TBsCXsoCx1+lwxNgFtxvSX9AuFiJ2Yb8uafz2A5hFi1McdsRjN+QTzoA6bBN/qGp
59-
PO5PiVnfY9B9C/XAy2fWJ8JF0xZ8yBpJo9RNet241Ee0tiWwuHNpwntMT7C+K8f5
60-
cv5ccE+mA81ZwOrhbaIRct3HaFhV8l1j5usbvmZXlzHgOXzDfdLx/scADBbDwjmo
61-
djxrUBvLX1gwY6xRKXwgOv4ReZZcYV6Fvk5tTmgE8QKBgQD38fwyXZn24f4gb4X3
62-
WXf5WUuVlQx5cMMP5WQUgSPeUKuau2g0OR9ypy3KIG4qZj0sKFEP/aD8tbKfcDEg
63-
I+dK87nfUvvU3I+3TCgy16D8Ir7mmZimcUJ380d62I7YZSWTTRTjvrTb5S4MakoO
64-
s++N8sty/XM3whZe1Ls0XAraRQKBgQDjDgpjg/J5d/W1pG6Ru9YsvtyK64wGLP2o
65-
DpnQFUNNO+WR+VGBDitKvdzSsEinfSI3Reklydn+jzTt5BVNUvughfqX/fTb+QN1
66-
7meHr8FPEPlLgKyLkmq9E6yZWuvOeMgjV7/P4Pwh66+rU7GVm14P7VEA1UOYmjvu
67-
LJWjnw182wKBgQDOjGyefHEdRIhR9vWv531VYDjiBEdfBzvICz1DA42gzq0V+lbF
68-
Ymy7M1+myTtc4MzG81MMMiohOy/xOCIEd0RfoQfPba7SVWb3uF6odA7s2/kR2xRa
69-
W3GWwThjsvHUfPY/bnAfhSffI10oBIdrFiRSqNcpFNAdu/asyySkaqSzzQKBgFhS
70-
PN5LFEYF0NFwfgY4b+6F69oqGBTK6Xy2+UQFEWH4u6tVtUujTFnNkxlts0VbmrSv
71-
gCrP4vlvkWI8R8EFV5Ywp7L5+YabzanRK/qO9n4gFyk0i2nbcaPNBGW/BV0ShJ+i
72-
4Z0mYk17laDqdHjCsAs4ADt3ucyhqlBSjX7RPvjjAoGAHoR+FJglKaY2U82VV5pK
73-
sa8YdiJHAaJyd3olYNzq2QuxQOWN4d+BitVWPmM+IQkaBigESxTIam+n5/qHiVyV
74-
XNY+9eUj7XwoMVz03BISN8TEmDlRyyQYHffRUF69wDLlSY1PG4k/9uED50YsQZAm
75-
oO62j9Objbi/ntr/BSQIpYE=
76-
-----END PRIVATE KEY-----`)
69+
// Generate a fresh RSA key for testing JWT signing
70+
privateKey, err := generateTestPrivateKey()
71+
if err != nil {
72+
panic("failed to generate test private key: " + err.Error())
73+
}
74+
reset = testutils.OsSetEnvIfBlank("OKTA_AWSCLI_PRIVATE_KEY", privateKey)
7775
defer reset()
7876

7977
os.Exit(m.Run())

0 commit comments

Comments
 (0)