Angular Security course

Author: jhades

demos/jwt-check-hs256.js

@@ -1,18 +1,27 @@
 
 var jwt = require('jsonwebtoken');
 
-console.log("Verify JWT example using HMAC SHA256");
-
 
 // verify an existing JWT
-
-var existingToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3RAbWFpbGluYXRvci5jb20iLCJpYXQiOjE1MDI4NzY5NzJ9.ekc_eGqp7ex1zqJyJn_huy2Q-0U78tUKuOeyJhnsQ8M';
+var existingToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3RAbWFpbGluYXRvci5jb20iLCJpYXQiOjE1MDI4ODAzNTJ9.uXXUBgipNmjvb4UvEnQ0LOdO8aKxne9Wg01jcoj3YWE';
 
 
 var secretKey = 'secret-key';
 
-const verify = jwt.verify(existingToken, secretKey);
+
+
+const verify = jwt.verify(existingToken, secretKey, {algorithm: 'HS256' });
 
 
 console.log("Decoded JWT:", verify);
 
+
+
+
+//const wrong = jwt.verify(existingToken, 'wrong-secret');
+
+//console.log(":", wrong);
+
+
+
+

demos/jwt-check-rs256.js

@@ -0,0 +1,20 @@
+
+var jwt = require('jsonwebtoken');
+var fs = require('fs');
+
+
+// verify an existing JWT
+var existingToken = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3RAbWFpbGluYXRvci5jb20iLCJpYXQiOjE1MDI4ODAzODB9.LiZZp_SIy2TApLnJGjWfWhKUU0uc6oh5wJa5gLY4l82cmgB4MGMssxbagaIROmkmSA68tk57YihBmbz7d76lyV1dWw6HAZ6KttvkHnvk8Zyg0QethIG6TYPJ083H_xWUBTDDF-bQCXf3AgELMuKyUWqVONW294tW5n7vKqo41eMx-r372oxHdL9Du_GzZ2LJrWtxPnaIWh5hb0MiPz5KNKlWh0D4MBb-lEkmghc7QE69mIKJ2u3-ZYe_i3KGEclCZArKusmpxfhNbmfvU_JX2kF7ko4HS5qe4a7ZV04Bzgovz5TNZ-13j79jSWpWod3jA_xZZfLfMpgBhteWuxhImw';
+
+
+var publicKey = fs.readFileSync('./demos/public.key');
+
+
+console.log("verifying");
+
+const verify = jwt.verify(existingToken, publicKey, {algorithm: 'RS256' });
+
+
+
+console.log("Decoded JWT:", verify);
+

demos/jwt-hs256.js

@@ -1,6 +1,4 @@
 
-console.log(" Create JWT example using HMAC SHA256");
-
 var jwt = require('jsonwebtoken');
 
 
@@ -15,7 +13,7 @@ var payload = {
 // create a JWT
 var newToken = jwt.sign(payload, secretKey, {algorithm: 'HS256' });
 
-console.log("JWT created:", newtoken);
+console.log("JWT created:", newToken);
 
 
 

demos/jwt-rs256.js

@@ -1,24 +1,21 @@
 
-console.log(" JWT example using HMAC SHA256");
-
 var jwt = require('jsonwebtoken');
+var fs = require('fs');
 
 
-
-var privateKey = 'private-key';
-
-
-
+var privateKey = fs.readFileSync('./demos/private.key');
 
 var payload = {
   email: 'test@mailinator.com'
 };
 
 
-var token = jwt.sign(payload, secretKey, {algorithm: 'RS256' });
+var token = jwt.sign(payload, privateKey, {algorithm: 'RS256' });
+
+
+console.log('RSA 256 JWT', token);
 
 
-console.log(token);
 
 
 

demos/private.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAy045zvgkxhA7SlR5dzYZ+THQuUyEANqT1OWgijaTSULYIf/z
+pnAKIxB2hyIxADeRgQEfHJ8mpdWCkblxIeWancxi/7gQNeWv++7SIWDGKL3oj4wG
+1Q9zU0/IMQy5wb0Nb1tvdgRNDSpz7f4fYYzgXcsvDP34C+PScfoxJjPesRXiDErV
+H8VjuBOPWa1vIcDJZfAGg0vsvHV+3YfOtegmHEgGWS0tf4I2M+gB0gT2QSi83Gva
+ywcB5lkWnc6iJIy9nq8Ls8+5FVIY53Fus+tIthjZNAWYxqhvGcdgUxl5JnoDcGbR
+q8QzzS5CJw1fPbpetq1khXzQbJ69NKU2O97XdQIDAQABAoIBAQCBo4odPgJFAgis
+px0lNSxuyKMt5WqvGLH3qc0rFQ3qQ2OKmqmFUiBEp7TNCrJwTv7LYimymJGOYY12
+2ucXFE/5m2DtazN7CtGjNnBrtEfnpuFq14FrzwRc9ZzUGidBMQomHgn/GVMAuDdg
+ZREhpTFU3cFM6Y2IF2gUIdPBZoX0KLsJbcu3bF6BwPV62fOcDNg8Q6VMND0d0aYH
+EvkyU0QSTnbhWU2mTz/sm6sZ3Dvcd1M1ijjbYg7lGgungjz1GzG7LQg5PIzLnSHd
+EE2iMAtJCglqPKvFIfXD3buL1WodWw82RlxhtWkIKkgu+9Er1kIGU8kcuHqI5/Z+
+IpstujEBAoGBAOmtCrhquJrUot+oiz+4R4BMuhpOd3dlesYDHdHMgtlx2ianko7E
+HirsNVgB5blyl6unK/aFjZMmcNAkksfUi/g1HO1qm2PtAZDcQX4oFNBSzMcZ+lNt
+HPk8Ye541+XbSmw8axVdtBRGcE5f14EDDOATbFokvu7eBhC0nZtuLvBhAoGBAN66
+bDk/DY6YC9jSeVdaR2Hp6ExiJuRmwUMrvCJYVRNkOTVlUtS9cY5pSEupScC0bSvv
+nTw3fVCRBsPlthkFWi3eUBjuKDQHHOGdbEZwrXqsHQVxqvwGPBBMjA21pF+pAKN1
+eLMBZJUCxUCNUissFuKMCcbB6ak9U9wJR3cGv0+VAoGAeC8q41zoY6HXv2blb7ls
+9P0BfsQ6x6rm8W7q6FviNMpM5DKtu0X9KiBg80nOiIn6niuV/e4Eudk8jqEw6RxV
+fSx8G1QIZeWhN4tBGAyvX9ImRoUC7eOh0kKPL+LxT+Rwq6iLfuq50u/DlVvP8CfM
+eHck9FwP47VHs1Hh+e46sCECgYAHj8q20tYx/iWA0fx+o7kCsP9LAJYTcQ2kqypy
+/A6/Xsq2bl82i8v8KsTilLfFTBrcwADVl4iwoIvbQMRC6zSZlA+iGQvSYF9xpXeU
+mKS7InbFxYspjUiiwQaMPJt9B+7WndlgMm7oxDRQMbwVbSTFwj1euxyku0lKkiIT
+/22lVQKBgAHvBX4EuiSCUxFHpK+WMbe3Mq1FLosLAeMB9GUcYPbJ3jMWBymtqkTq
+xfLZ4Gb+vMsMTevm1FFWcESw1sa34Knhml31LlAuM2dxvPNi6UiNPrU5dyRxFhFj
+TeyJixp8bogtqk8xwQuDDaTZm6LuRytI4143WSoOsijsLacvHnSA
+-----END RSA PRIVATE KEY-----

demos/public.key

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy045zvgkxhA7SlR5dzYZ
++THQuUyEANqT1OWgijaTSULYIf/zpnAKIxB2hyIxADeRgQEfHJ8mpdWCkblxIeWa
+ncxi/7gQNeWv++7SIWDGKL3oj4wG1Q9zU0/IMQy5wb0Nb1tvdgRNDSpz7f4fYYzg
+XcsvDP34C+PScfoxJjPesRXiDErVH8VjuBOPWa1vIcDJZfAGg0vsvHV+3YfOtegm
+HEgGWS0tf4I2M+gB0gT2QSi83GvaywcB5lkWnc6iJIy9nq8Ls8+5FVIY53Fus+tI
+thjZNAWYxqhvGcdgUxl5JnoDcGbRq8QzzS5CJw1fPbpetq1khXzQbJ69NKU2O97X
+dQIDAQAB
+-----END PUBLIC KEY-----

package.json

@@ -15,6 +15,8 @@
     "verify-password": "node ./demos/verify-password.js",
     "jwt-hs256": "node ./demos/jwt-hs256.js",
     "jwt-check-hs256": "node ./demos/jwt-check-hs256.js",
+    "jwt-rs256": "node ./demos/jwt-rs256.js",
+    "jwt-check-rs256": "node ./demos/jwt-check-rs256.js",
     "build": "ng build",
     "test": "ng test",
     "lint": "ng lint",