add support for ES algorithms (#118)

Signed-off-by: Stephan Wurm <[email protected]>

Author: swaeberle

src/ngx_http_auth_jwt_module.c

@@ -337,7 +337,7 @@ static ngx_int_t handle_request(ngx_http_request_t *r)
             return redirect(r, jwtcf);
           }
         }
-        else if (algorithm.len == 5 && ngx_strncmp(algorithm.data, "RS", 2) == 0)
+        else if (algorithm.len == 5 && (ngx_strncmp(algorithm.data, "RS", 2) == 0 || ngx_strncmp(algorithm.data, "ES", 2) == 0))
         {
           if (jwtcf->use_keyfile == 1)
           {
@@ -394,7 +394,7 @@ static int validate_alg(auth_jwt_conf_t *jwtcf, jwt_t *jwt)
 {
   const jwt_alg_t alg = jwt_get_alg(jwt);
 
-  if (alg != JWT_ALG_HS256 && alg != JWT_ALG_HS384 && alg != JWT_ALG_HS512 && alg != JWT_ALG_RS256 && alg != JWT_ALG_RS384 && alg != JWT_ALG_RS512)
+  if (alg != JWT_ALG_HS256 && alg != JWT_ALG_HS384 && alg != JWT_ALG_HS512 && alg != JWT_ALG_RS256 && alg != JWT_ALG_RS384 && alg != JWT_ALG_RS512 && alg != JWT_ALG_ES256 && alg != JWT_ALG_ES384 && alg != JWT_ALG_ES512)
   {
     return 1;
   }
@@ -633,7 +633,7 @@ static char *get_jwt(ngx_http_request_t *r, ngx_str_t jwt_location)
       if (ngx_strncmp(jwtHeaderVal->value.data, BEARER_PREFIX, strlen(BEARER_PREFIX)) == 0)
       {
         ngx_str_t jwtHeaderValWithoutBearer = jwtHeaderVal->value;
-        
+
         jwtHeaderValWithoutBearer.data += strlen(BEARER_PREFIX);
         jwtHeaderValWithoutBearer.len -= strlen(BEARER_PREFIX);
 

test/Dockerfile-test-nginx

@@ -9,4 +9,7 @@ RUN echo "Config Hash: ${CONFIG_HASH}"
 COPY /docker-entrypoint.d/* /docker-entrypoint.d/
 COPY /etc/nginx/conf.d/test.conf /etc/nginx/conf.d/test.conf
 COPY /etc/nginx/rsa_key_2048-pub.pem /etc/nginx/rsa-key.conf
+COPY /etc/nginx/ec_key_256-pub.pem /etc/nginx/ec-256-key.conf
+COPY /etc/nginx/ec_key_384-pub.pem /etc/nginx/ec-384-key.conf
+COPY /etc/nginx/ec_key_521-pub.pem /etc/nginx/ec-521-key.conf
 RUN sed -i "s|%{PORT}|${PORT}|" /etc/nginx/conf.d/test.conf

test/ec_key_256.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgOlEBGcZxxhv8FkN0
+YIvax6fnhJbMeotzIEBxIglkNu6hRANCAATP1NpDzvZmKd2Mw6hIrv4nzUfNu7OK
+mT5VuL5LhvUgzTqVGuxwevA7DlFsNVSfCljIBG3geio3fcd4k0Z9SygL
+-----END PRIVATE KEY-----

test/ec_key_384.pem

@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDADyrL6llSQoQOZ/PF/
+l761kAbrTwn4vu30Kr34ScW6bRKVXLq3cT3QssJ1nF9B63qhZANiAAQ48dOfIEd3
+0TCVE0JT4ZU0Db7Ftz+ex7lojP7uqTY9OI59yoMB01zUN4JK30BRXS9Yv0A9Bu1z
+fgLu93FSn0kd0zIPMvuu5LUt60M/miSt2lA0OrqFhKjx6FFdN/lNh64=
+-----END PRIVATE KEY-----

test/ec_key_521.pem

@@ -0,0 +1,8 @@
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAKkag6aVn4XAbaALo
+0b3pypdP5RBX7uKxHmKlkNCcpA0oVTdgjnM5NpJP8ZOM6NjVhEzsn6c/Tdn8hL8w
+SI55hFWhgYkDgYYABABpTipSvbs8fq44u4fA+v7DTNYViA58sqbrxjxdzwWZ8eEj
+CXsH7yzSGx3Y19NSyrX8HbjWmrj5uxiKeFCB8mGzTwDcFIKCMeMkHjZs/fmVOumR
+a2XSpj7BP6wqcN6Pf+UqECivGAZGRHoabo/dm5zF9M3gO+G9eOrf3G1wgFFM7Vzb
+Ow==
+-----END PRIVATE KEY-----

test/etc/nginx/conf.d/test.conf

@@ -72,6 +72,51 @@ server {
         try_files index.html =404;
     }
 
+    location /secure/cookie/es256 {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location COOKIE=jwt;
+        auth_jwt_algorithm ES256;
+        auth_jwt_key "-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz9TaQ872ZindjMOoSK7+J81Hzbuz
+ipk+Vbi+S4b1IM06lRrscHrwOw5RbDVUnwpYyARt4HoqN33HeJNGfUsoCw==
+-----END PUBLIC KEY-----";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
+    location /secure/cookie/es384 {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location COOKIE=jwt;
+        auth_jwt_algorithm ES384;
+        auth_jwt_key "-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOPHTnyBHd9EwlRNCU+GVNA2+xbc/nse5
+aIz+7qk2PTiOfcqDAdNc1DeCSt9AUV0vWL9APQbtc34C7vdxUp9JHdMyDzL7ruS1
+LetDP5okrdpQNDq6hYSo8ehRXTf5TYeu
+-----END PUBLIC KEY-----";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
+    location /secure/cookie/es512 {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location COOKIE=jwt;
+        auth_jwt_algorithm ES512;
+        auth_jwt_key "-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaU4qUr27PH6uOLuHwPr+w0zWFYgO
+fLKm68Y8Xc8FmfHhIwl7B+8s0hsd2NfTUsq1/B241pq4+bsYinhQgfJhs08A3BSC
+gjHjJB42bP35lTrpkWtl0qY+wT+sKnDej3/lKhAorxgGRkR6Gm6P3ZucxfTN4Dvh
+vXjq39xtcIBRTO1c2zs=
+-----END PUBLIC KEY-----";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
     location /secure/auth-header/default {
         auth_jwt_enabled on;
         auth_jwt_redirect on;
@@ -119,6 +164,48 @@ BwIDAQAB
         try_files index.html =404;
     }
 
+    location /secure/auth-header/es256 {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location HEADER=Authorization;
+        auth_jwt_key "-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz9TaQ872ZindjMOoSK7+J81Hzbuz
+ipk+Vbi+S4b1IM06lRrscHrwOw5RbDVUnwpYyARt4HoqN33HeJNGfUsoCw==
+-----END PUBLIC KEY-----";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
+    location /secure/auth-header/es384 {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location HEADER=Authorization;
+        auth_jwt_key "-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOPHTnyBHd9EwlRNCU+GVNA2+xbc/nse5
+aIz+7qk2PTiOfcqDAdNc1DeCSt9AUV0vWL9APQbtc34C7vdxUp9JHdMyDzL7ruS1
+LetDP5okrdpQNDq6hYSo8ehRXTf5TYeu
+-----END PUBLIC KEY-----";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
+    location /secure/auth-header/es512 {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location HEADER=Authorization;
+        auth_jwt_key "-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaU4qUr27PH6uOLuHwPr+w0zWFYgO
+fLKm68Y8Xc8FmfHhIwl7B+8s0hsd2NfTUsq1/B241pq4+bsYinhQgfJhs08A3BSC
+gjHjJB42bP35lTrpkWtl0qY+wT+sKnDej3/lKhAorxgGRkR6Gm6P3ZucxfTN4Dvh
+vXjq39xtcIBRTO1c2zs=
+-----END PUBLIC KEY-----";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
     location /secure/auth-header/rs256/file {
         auth_jwt_enabled on;
         auth_jwt_redirect on;
@@ -155,6 +242,42 @@ BwIDAQAB
         try_files index.html =404;
     }
 
+    location /secure/auth-header/es256/file {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location HEADER=Authorization;
+        auth_jwt_algorithm ES256;
+        auth_jwt_use_keyfile on;
+        auth_jwt_keyfile_path "/etc/nginx/ec-256-key.conf";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
+    location /secure/auth-header/es384/file {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location HEADER=Authorization;
+        auth_jwt_algorithm ES384;
+        auth_jwt_use_keyfile on;
+        auth_jwt_keyfile_path "/etc/nginx/ec-384-key.conf";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
+    location /secure/auth-header/es512/file {
+        auth_jwt_enabled on;
+        auth_jwt_redirect on;
+        auth_jwt_location HEADER=Authorization;
+        auth_jwt_algorithm ES512;
+        auth_jwt_use_keyfile on;
+        auth_jwt_keyfile_path "/etc/nginx/ec-521-key.conf";
+
+        alias /usr/share/nginx/html/;
+        try_files index.html =404;
+    }
+
     location /secure/custom-header/hs256 {
         auth_jwt_enabled on;
         auth_jwt_redirect on;

test/etc/nginx/ec_key_256-pub.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz9TaQ872ZindjMOoSK7+J81Hzbuz
+ipk+Vbi+S4b1IM06lRrscHrwOw5RbDVUnwpYyARt4HoqN33HeJNGfUsoCw==
+-----END PUBLIC KEY-----

test/etc/nginx/ec_key_384-pub.pem

@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOPHTnyBHd9EwlRNCU+GVNA2+xbc/nse5
+aIz+7qk2PTiOfcqDAdNc1DeCSt9AUV0vWL9APQbtc34C7vdxUp9JHdMyDzL7ruS1
+LetDP5okrdpQNDq6hYSo8ehRXTf5TYeu
+-----END PUBLIC KEY-----

test/etc/nginx/ec_key_521-pub.pem

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaU4qUr27PH6uOLuHwPr+w0zWFYgO
+fLKm68Y8Xc8FmfHhIwl7B+8s0hsd2NfTUsq1/B241pq4+bsYinhQgfJhs08A3BSC
+gjHjJB42bP35lTrpkWtl0qY+wT+sKnDej3/lKhAorxgGRkR6Gm6P3ZucxfTN4Dvh
+vXjq39xtcIBRTO1c2zs=
+-----END PUBLIC KEY-----

test/test.sh

@@ -100,6 +100,10 @@ main() {
   local JWT_RS256_INVALID=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ._aQmIBL4CVBxU1fNMOHp0kkagFaaX2TvAEenizytwd0
   local JWT_RS384_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.H35bTcZRhepWIoa8pKCbUMRuAOkVX9K5hJjc6tPmQwWmTw8lrktsvmMzJg_rgqnJLnAkciSIQw5EDj7fngS5zX2ThyRxrkPuE2Uiyw2Ect-mo9Kg1lrWgnyZCuCgq-Up9HQRAv0160mePlm8Gs4TOY6CPr38zwTcDZsy_Keq93igDQV8WuuWAGICaGd5ZyUOPjjzGShRjTU8Szz7fnpZpTtYRCYVo0pc5yfRWYm0fdn-4AseyGvd8JJ2xfnAEe4kZOkz7X1MLKtL0slKg3m2PH1lD7HwxIawXRTPWxArhJ9dcTNiDUrqtde2juGwOuMD_zTsb2Jj0_rmRb0Q6aljNw
   local JWT_RS512_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.iUupyKypfXJ5aZWfItSW-mOmx9a4C4X7Yr5p5Fk8W75ZhkOq0EeNfstTxx870brhkdPovBhO2LYI44_HoH9XicQNL6JnFprE0r61eJFngbuzlhRQiWpq0xYrazJWc9zB7_GgL2ZCwtw-Ts3G23Q0632wVm6-d7MKvG7RS8aEjN-MuVGdtLglH3forpItmFxw-if40EQsBL7hncN_XNcQTO4KPHkqmlpac_oKXRrLFDIIt2tB6OOpvY4QcpERoxexp4pi2f-JoINnWX_dU5JnIs3ypVJLQPfoJvxg8fsg3zYrOvMYnfsqOCYoHtZGK0O7jyfFmcGo5v2hLT-CpoF3Zw
+  local JWT_ES256_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.WFfJXGr5whKHB7arjsTXPTJ6TAsS1LoRxu7Vj2_HrLaIQphWJM6BICf-M3cv52tFzt-XTZb6GxlDgAbHo8z9Zg
+  local JWT_ES256_INVALID=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ._aQmIBL4CVBxU1fNMOHp0kkagFaaX2TvAEenizytwd0
+  local JWT_ES384_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzM4NCJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ._EFxXYOTAfT3gB3xUfgGR2UyXHeRTlDWqA94oZbB0DDa7YPZTEX9T4C_0ylnOFKZ6irGHZA8vxjgXDH3DZKWwBWcZ-XaQ_Q4Ws2J-AEeLqcl7_CS6q9mFo0Y7vUNEn-W
+  local JWT_ES512_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzUxMiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.AFY4gNCtZNYkrTiijDkV4eKIt2UPMIuJBfZIk69jgI8FSGCQyUIMmIVg0fTvbaSiaryXzcjbG5TCm8a9Vu3KFJutAHGrgvZqcdklxx6Fbk3an3r_CH68n_ncwS3SUV58mDjf0OX8jRuNdudU1L5xYNQdodo-fxPIb1oHXfMJ0CmULDR9
 
   run_test -n 'when auth disabled, should return 200' \
            -p '/' \
@@ -173,6 +177,21 @@ main() {
            -c '200' \
            -x ' --cookie "jwt=${JWT_RS256_VALID}"'
 
+  run_test -n 'when auth enabled with ES256 algorithm and valid JWT cookie, returns 200' \
+           -p '/secure/cookie/es256' \
+           -c '200' \
+           -x ' --cookie "jwt=${JWT_ES256_VALID}"'
+
+  run_test -n 'when auth enabled with ES384 algorithm and valid JWT cookie, returns 200' \
+           -p '/secure/cookie/es384' \
+           -c '200' \
+           -x ' --cookie "jwt=${JWT_ES384_VALID}"'
+
+  run_test -n 'when auth enabled with ES512 algorithm and valid JWT cookie, returns 200' \
+           -p '/secure/cookie/es512' \
+           -c '200' \
+           -x ' --cookie "jwt=${JWT_ES512_VALID}"'
+
   run_test -n 'when auth enabled with RS256 algorithm via file and valid JWT in Authorization header, returns 200' \
            -p '/secure/auth-header/rs256/file' \
            -c '200' \
@@ -193,6 +212,26 @@ main() {
            -c '200' \
            -x '--header "Authorization: Bearer ${JWT_RS256_VALID}"'
 
+  run_test -n 'when auth enabled with ES256 algorithm via file and valid JWT in Authorization header, returns 200' \
+           -p '/secure/auth-header/es256/file' \
+           -c '200' \
+           -x '--header "Authorization: Bearer ${JWT_ES256_VALID}"'
+
+  run_test -n 'when auth enabled with ES256 algorithm via file and invalid JWT in Authorization header, returns 401' \
+           -p '/secure/auth-header/es256/file' \
+           -c '302' \
+           -x '--header "Authorization: Bearer ${JWT_ES256_INVALID}"'
+
+  run_test -n 'when auth enabled with ES384 algorithm via file and valid JWT in Authorization header, returns 200' \
+           -p '/secure/auth-header/es384/file' \
+           -c '200' \
+           -x '--header "Authorization: Bearer ${JWT_ES384_VALID}"'
+
+  run_test -n 'when auth enabled with ES512 algorithm via file and valid JWT in Authorization header, returns 200' \
+           -p '/secure/auth-header/es512/file' \
+           -c '200' \
+           -x '--header "Authorization: Bearer ${JWT_ES512_VALID}"'
+
   run_test -n 'when auth enabled with HS256 algorithm and valid JWT in custom header without bearer, returns 200' \
            -p '/secure/custom-header/hs256/' \
            -c '200' \