forked from ThalesGroup/gose
-
Notifications
You must be signed in to change notification settings - Fork 0
/
jwt_signer_test.go
121 lines (107 loc) · 3.88 KB
/
jwt_signer_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
// Copyright 2019 Thales e-Security, Inc
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
package gose
import (
"encoding/base64"
"encoding/json"
"errors"
"strings"
"testing"
"github.com/ThalesIgnite/gose/jose"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
)
func TestNewJwtSigner(t *testing.T) {
// Setup
mockedKey := MockedSigner{}
// Act and Assert
assert.NotNil(t, NewJwtSigner("issuer", &mockedKey))
}
func TestJwtSignerImpl_Sign(t *testing.T) {
// Setup
expectedSignature := []byte{1, 2, 3, 4}
mockedKey := MockedSigner{}
mockedKey.On("Kid").Return("keyid")
mockedKey.On("Algorithm").Return(jose.AlgPS256)
mockedKey.On("Sign", jose.KeyOpsSign, mock.AnythingOfType("[]uint8")).Return(expectedSignature, nil)
signer := NewJwtSigner("issuer", &mockedKey)
claims := jose.SettableJwtClaims{
Audiences: jose.Audiences{Aud: []string{"audience"}},
Subject: "subject",
}
untyped := map[string]interface{}{
"name": "John Doe",
}
// Act
jwt, err := signer.Sign(&claims, untyped)
// Assert
require.NotEmpty(t, jwt)
assert.NoError(t, err)
parts := strings.Split(jwt, ".")
require.Len(t, parts, 3)
// header verification
var header jose.JwsHeader
require.NoError(t, err)
headerBytes, err := base64.RawURLEncoding.DecodeString(parts[0])
require.NoError(t, err)
err = json.Unmarshal(headerBytes, &header)
assert.NoError(t, err)
assert.Equal(t, jose.AlgPS256, header.Alg)
assert.Equal(t, jose.JwtType, header.Typ)
assert.Equal(t, "keyid", header.Kid)
assert.Empty(t, header.Crit)
// MarshalBody verification
var recoveredClaims jose.JwtClaims
claimsBytes, err := base64.RawURLEncoding.DecodeString(parts[1])
err = json.Unmarshal(claimsBytes, &recoveredClaims)
require.NoError(t, err)
assert.Equal(t, claims.Audiences, recoveredClaims.Audiences)
assert.Equal(t, "issuer", recoveredClaims.Issuer)
assert.Equal(t, claims.Subject, recoveredClaims.Subject)
assert.Len(t, recoveredClaims.UntypedClaims, 1)
var name string
err = recoveredClaims.UnmarshalCustomClaim("name", &name)
require.NoError(t, err)
assert.Equal(t, "John Doe", name)
// Signature check
rawSignature, err := base64.RawURLEncoding.DecodeString(parts[2])
require.NoError(t, err)
assert.Equal(t, expectedSignature, rawSignature)
}
func TestJwtSignerImpl_Sign_FailsWhenSigningFails(t *testing.T) {
// Setup
expectedError := errors.New("Expected")
mockedKey := MockedSigner{}
mockedKey.On("Kid").Return("keyid")
mockedKey.On("Algorithm").Return(jose.AlgPS256)
mockedKey.On("Sign", jose.KeyOpsSign, mock.AnythingOfType("[]uint8")).Return(nil, expectedError)
signer := NewJwtSigner("issuer", &mockedKey)
claims := jose.SettableJwtClaims{
Audiences: jose.Audiences{Aud: []string{"audience"}},
Subject: "subject",
}
// Act
jwt, err := signer.Sign(&claims, nil)
// Assert
require.Empty(t, jwt)
assert.Equal(t, err, expectedError)
}