1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-14 04:35:57 +01:00
galene/token/token_test.go

111 lines
3.3 KiB
Go
Raw Normal View History

2021-10-29 23:37:05 +02:00
package token
import (
"crypto/ecdsa"
"encoding/json"
2022-02-18 16:08:44 +01:00
"errors"
"reflect"
2021-10-29 23:37:05 +02:00
"testing"
2022-02-18 16:08:44 +01:00
"github.com/golang-jwt/jwt/v4"
2021-10-29 23:37:05 +02:00
)
func TestHS256(t *testing.T) {
key := `{
"kty":"oct",
"alg":"HS256",
"k":"4S9YZLHK1traIaXQooCnPfBw_yR8j9VEPaAMWAog_YQ"
}`
var j map[string]interface{}
err := json.Unmarshal([]byte(key), &j)
if err != nil {
t.Fatalf("Unmarshal: %v", err)
}
2022-02-20 01:16:26 +01:00
k, err := ParseKey(j)
2021-10-29 23:37:05 +02:00
if err != nil {
2022-02-20 01:16:26 +01:00
t.Fatalf("ParseKey: %v", err)
2021-10-29 23:37:05 +02:00
}
kk, ok := k.([]byte)
if !ok || len(kk) != 32 {
2022-02-20 01:16:26 +01:00
t.Errorf("ParseKey: got %v", kk)
2021-10-29 23:37:05 +02:00
}
}
func TestES256(t *testing.T) {
key := `{
"kty":"EC",
"alg":"ES256",
"crv":"P-256",
"x":"dElK9qBNyCpRXdvJsn4GdjrFzScSzpkz_I0JhKbYC88",
"y":"pBhVb37haKvwEoleoW3qxnT4y5bK35_RTP7_RmFKR6Q"
}`
var j map[string]interface{}
err := json.Unmarshal([]byte(key), &j)
if err != nil {
t.Fatalf("Unmarshal: %v", err)
}
2022-02-20 01:16:26 +01:00
k, err := ParseKey(j)
2021-10-29 23:37:05 +02:00
if err != nil {
2022-02-20 01:16:26 +01:00
t.Fatalf("ParseKey: %v", err)
2021-10-29 23:37:05 +02:00
}
kk, ok := k.(*ecdsa.PublicKey)
if !ok || kk.Params().Name != "P-256" {
2022-02-20 01:16:26 +01:00
t.Errorf("ParseKey: got %v", kk)
2021-10-29 23:37:05 +02:00
}
if !kk.IsOnCurve(kk.X, kk.Y) {
t.Errorf("point is not on curve")
}
}
2022-02-18 16:08:44 +01:00
func TestValid(t *testing.T) {
key := `{"alg":"HS256","k":"H7pCkktUl5KyPCZ7CKw09y1j460tfIv4dRcS1XstUKY","key_ops":["sign","verify"],"kty":"oct"}`
2022-02-18 16:08:44 +01:00
var k map[string]interface{}
err := json.Unmarshal([]byte(key), &k)
if err != nil {
t.Fatalf("Unmarshal: %v", err)
}
keys := []map[string]interface{}{k}
goodToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6WyJwcmVzZW50Il0sImlhdCI6MTY0NTMxMDI5NCwiZXhwIjoyOTA2NzUwMjk0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjEyMzQvIn0.6xXpgBkBMn4PSBpnwYHb-gRn_Q97Yq9DoKkAf2_6iwc"
2022-02-18 16:08:44 +01:00
sub, aud, perms, err := Valid(goodToken, keys)
2022-02-18 16:08:44 +01:00
if err != nil {
t.Errorf("Token invalid: %v", err)
} else {
if sub != "john" {
t.Errorf("Unexpected sub: %v", sub)
}
2022-02-18 16:08:44 +01:00
if !reflect.DeepEqual(aud, []string{"https://galene.org:8443/group/auth/"}) {
t.Errorf("Unexpected aud: %v", aud)
}
if !reflect.DeepEqual(perms, []string{"present"}) {
2022-02-18 16:08:44 +01:00
t.Errorf("Unexpected perms: %v", perms)
}
}
badToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6WyJwcmVzZW50Il0sImlhdCI6MTY0NTMxMDQ2OSwiZXhwIjoyOTA2NzUwNDY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjEyMzQvIn0."
2022-02-18 16:08:44 +01:00
_, _, _, err = Valid(badToken, keys)
2022-02-18 16:08:44 +01:00
var verr *jwt.ValidationError
if !errors.As(err, &verr) {
t.Errorf("Token should fail")
}
expiredToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6WyJwcmVzZW50Il0sImlhdCI6MTY0NTMxMDMyMiwiZXhwIjoxNjQ1MzEwMzUyLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjEyMzQvIn0.jyqRhoV6iK54SvlP33Fy630aDo-sLNmKKi1kcfqs378"
2022-02-18 16:08:44 +01:00
_, _, _, err = Valid(expiredToken, keys)
2022-02-18 16:08:44 +01:00
if !errors.As(err, &verr) {
t.Errorf("Token should be expired")
}
noneToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6WyJwcmVzZW50Il0sImlhdCI6MTY0NTMxMDQwMSwiZXhwIjoxNjQ1MzEwNDMxLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjEyMzQvIn0."
_, _, _, err = Valid(noneToken, keys)
2022-02-18 16:08:44 +01:00
if err == nil {
t.Errorf("Unsigned token should fail")
}
}