forked from oauth2-proxy/mockoidc
-
Notifications
You must be signed in to change notification settings - Fork 1
/
encryption_test.go
92 lines (74 loc) · 2.18 KB
/
encryption_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package mockoidc_test
import (
"crypto/x509"
"encoding/base64"
"fmt"
"testing"
"time"
"github.com/golang-jwt/jwt"
"github.com/oauth2-proxy/mockoidc"
"github.com/stretchr/testify/assert"
)
const (
audience = "mockoidc"
issuer = "https://github.com/oauth2-proxy/mockoidc/"
defaultKid = "dHXTSCyouq6DiWaQwlXtNP54-C75mw3IcoYkERfl3fQ"
)
var (
standardClaims = &jwt.StandardClaims{
Audience: audience,
ExpiresAt: time.Now().Add(time.Duration(1) * time.Hour).Unix(),
Id: "0123456789abcdef",
IssuedAt: time.Now().Unix(),
Issuer: issuer,
NotBefore: 0,
Subject: "123456789",
}
)
func TestDefaultKeypair(t *testing.T) {
keypair, err := mockoidc.DefaultKeypair()
assert.NoError(t, err)
keyBytes := x509.MarshalPKCS1PrivateKey(keypair.PrivateKey)
assert.Equal(t, mockoidc.DefaultKey, base64.RawURLEncoding.EncodeToString(keyBytes))
kid, err := keypair.KeyID()
assert.NoError(t, err)
assert.Equal(t, kid, defaultKid)
}
func TestKeypair_JWKS(t *testing.T) {
keypair, err := mockoidc.DefaultKeypair()
assert.NoError(t, err)
_, err = keypair.JWKS()
assert.NoError(t, err)
}
func TestKeypair_SignJWTVerifyJWT(t *testing.T) {
for _, size := range []int{512, 1024, 2048} {
t.Run(fmt.Sprintf("%d", size), func(t *testing.T) {
alice, err := mockoidc.RandomKeypair(size)
assert.NoError(t, err)
bob, err := mockoidc.RandomKeypair(size)
assert.NoError(t, err)
assert.NotEqual(t, alice.PrivateKey.N, bob.PrivateKey.N)
tokenStr, err := alice.SignJWT(standardClaims)
assert.NoError(t, err)
_, err = bob.VerifyJWT(tokenStr)
assert.Error(t, err)
token, err := alice.VerifyJWT(tokenStr)
assert.NoError(t, err)
assert.True(t, token.Valid)
claims, ok := token.Claims.(jwt.MapClaims)
assert.True(t, ok)
assert.Equal(t, audience, claims["aud"])
assert.Equal(t, issuer, claims["iss"])
alice.Kid = "WRONG"
_, err = alice.VerifyJWT(tokenStr)
assert.Error(t, err)
const customKid = "USER_DEFINED"
bob.Kid = customKid
kidTokenStr, err := bob.SignJWT(standardClaims)
assert.NoError(t, err)
kidToken, err := bob.VerifyJWT(kidTokenStr)
assert.NoError(t, err)
assert.Equal(t, customKid, kidToken.Header["kid"])
})
}
}