Google Git
Sign in
fuchsia / third_party / tink / 1f4cd38874ec0be85f5aa55ba86d95d18c3fd965 / . / cc / jwt / jwt_hmac_parameters_test.cc
blob: 0b25889ff047213a0aa371c8656f9b9c909a7e26 [file] [log] [blame]
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/jwt/jwt_hmac_parameters.h"
#include <tuple>
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "absl/status/status.h"
#include "tink/util/statusor.h"
#include "tink/util/test_matchers.h"
namespace crypto {
namespace tink {
namespace {
using ::crypto::tink::test::IsOk;
using ::crypto::tink::test::StatusIs;
using ::testing::Combine;
using ::testing::Eq;
using ::testing::HasSubstr;
using ::testing::TestWithParam;
using ::testing::Values;
struct KidStrategyTuple {
JwtHmacParameters::KidStrategy kid_strategy;
bool allowed_kid_absent;
bool has_id_requirement;
};
using JwtHmacParametersTest = TestWithParam<
std::tuple<int, KidStrategyTuple, JwtHmacParameters::Algorithm>>;
INSTANTIATE_TEST_SUITE_P(
JwtHmacParametersTestSuite, JwtHmacParametersTest,
Combine(Values(16, 32),
Values(
KidStrategyTuple{
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
/*allowed_kid_absent=*/false, /*has_id_requirement=*/true},
KidStrategyTuple{JwtHmacParameters::KidStrategy::kCustom,
/*allowed_kid_absent=*/true,
/*has_id_requirement=*/false},
KidStrategyTuple{JwtHmacParameters::KidStrategy::kIgnored,
/*allowed_kid_absent=*/true,
/*has_id_requirement=*/false}),
Values(JwtHmacParameters::Algorithm::kHs256,
JwtHmacParameters::Algorithm::kHs384,
JwtHmacParameters::Algorithm::kHs512)));
TEST_P(JwtHmacParametersTest, Create) {
int key_size_in_bytes;
KidStrategyTuple tuple;
JwtHmacParameters::Algorithm algorithm;
std::tie(key_size_in_bytes, tuple, algorithm) = GetParam();
util::StatusOr<JwtHmacParameters> parameters = JwtHmacParameters::Create(
key_size_in_bytes, tuple.kid_strategy, algorithm);
ASSERT_THAT(parameters, IsOk());
EXPECT_THAT(parameters->KeySizeInBytes(), Eq(key_size_in_bytes));
EXPECT_THAT(parameters->GetKidStrategy(), Eq(tuple.kid_strategy));
EXPECT_THAT(parameters->AllowKidAbsent(), Eq(tuple.allowed_kid_absent));
EXPECT_THAT(parameters->HasIdRequirement(), Eq(tuple.has_id_requirement));
EXPECT_THAT(parameters->GetAlgorithm(), Eq(algorithm));
}
TEST(JwtHmacParametersTest, CreateWithInvalidKidStrategyFails) {
EXPECT_THAT(JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::
kDoNotUseInsteadUseDefaultWhenWritingSwitchStatements,
JwtHmacParameters::Algorithm::kHs512)
.status(),
StatusIs(absl::StatusCode::kInvalidArgument,
HasSubstr("unknown kid strategy")));
}
TEST(JwtHmacParametersTest, CreateWithInvalidAlgorithmFails) {
EXPECT_THAT(JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::
kDoNotUseInsteadUseDefaultWhenWritingSwitchStatements)
.status(),
StatusIs(absl::StatusCode::kInvalidArgument,
HasSubstr("unknown algorithm")));
}
TEST(JwtHmacParametersTest, CreateWithInvalidKeySizeFails) {
EXPECT_THAT(JwtHmacParameters::Create(
/*key_size_in_bytes=*/15,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs512)
.status(),
StatusIs(absl::StatusCode::kInvalidArgument,
HasSubstr("Key size should be at least 16 bytes")));
}
TEST(JwtHmacParametersTest, CopyConstructor) {
util::StatusOr<JwtHmacParameters> parameters = JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs512);
ASSERT_THAT(parameters, IsOk());
JwtHmacParameters copy(*parameters);
EXPECT_THAT(copy.KeySizeInBytes(), Eq(parameters->KeySizeInBytes()));
EXPECT_THAT(copy.GetKidStrategy(), Eq(parameters->GetKidStrategy()));
EXPECT_THAT(copy.GetAlgorithm(), Eq(parameters->GetAlgorithm()));
EXPECT_THAT(copy.AllowKidAbsent(), Eq(parameters->AllowKidAbsent()));
EXPECT_THAT(copy.HasIdRequirement(), Eq(parameters->HasIdRequirement()));
}
TEST(JwtHmacParametersTest, CopyAssignment) {
util::StatusOr<JwtHmacParameters> parameters = JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs512);
ASSERT_THAT(parameters, IsOk());
JwtHmacParameters copy = *parameters;
EXPECT_THAT(copy.KeySizeInBytes(), Eq(parameters->KeySizeInBytes()));
EXPECT_THAT(copy.GetKidStrategy(), Eq(parameters->GetKidStrategy()));
EXPECT_THAT(copy.GetAlgorithm(), Eq(parameters->GetAlgorithm()));
EXPECT_THAT(copy.AllowKidAbsent(), Eq(parameters->AllowKidAbsent()));
EXPECT_THAT(copy.HasIdRequirement(), Eq(parameters->HasIdRequirement()));
}
TEST_P(JwtHmacParametersTest, ParametersEquals) {
int key_size_in_bytes;
KidStrategyTuple tuple;
JwtHmacParameters::Algorithm algorithm;
std::tie(key_size_in_bytes, tuple, algorithm) = GetParam();
util::StatusOr<JwtHmacParameters> parameters = JwtHmacParameters::Create(
key_size_in_bytes, tuple.kid_strategy, algorithm);
ASSERT_THAT(parameters, IsOk());
util::StatusOr<JwtHmacParameters> other_parameters =
JwtHmacParameters::Create(key_size_in_bytes, tuple.kid_strategy,
algorithm);
ASSERT_THAT(other_parameters, IsOk());
EXPECT_TRUE(*parameters == *other_parameters);
EXPECT_TRUE(*other_parameters == *parameters);
EXPECT_FALSE(*parameters != *other_parameters);
EXPECT_FALSE(*other_parameters != *parameters);
}
TEST(JwtHmacParametersTest, KeySizeNotEqual) {
util::StatusOr<JwtHmacParameters> parameters = JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs256);
ASSERT_THAT(parameters, IsOk());
util::StatusOr<JwtHmacParameters> other_parameters =
JwtHmacParameters::Create(
/*key_size_in_bytes=*/32,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs256);
ASSERT_THAT(other_parameters, IsOk());
EXPECT_TRUE(*parameters != *other_parameters);
EXPECT_FALSE(*parameters == *other_parameters);
}
TEST(JwtHmacParametersTest, KidStrategyNotEqual) {
util::StatusOr<JwtHmacParameters> parameters = JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs256);
ASSERT_THAT(parameters, IsOk());
util::StatusOr<JwtHmacParameters> other_parameters =
JwtHmacParameters::Create(
/*key_size_in_bytes=*/16, JwtHmacParameters::KidStrategy::kCustom,
JwtHmacParameters::Algorithm::kHs256);
ASSERT_THAT(other_parameters, IsOk());
EXPECT_TRUE(*parameters != *other_parameters);
EXPECT_FALSE(*parameters == *other_parameters);
}
TEST(JwtHmacParametersTest, AlgorithmNotEqual) {
util::StatusOr<JwtHmacParameters> parameters = JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs256);
ASSERT_THAT(parameters, IsOk());
util::StatusOr<JwtHmacParameters> other_parameters =
JwtHmacParameters::Create(
/*key_size_in_bytes=*/16,
JwtHmacParameters::KidStrategy::kBase64EncodedKeyId,
JwtHmacParameters::Algorithm::kHs384);
ASSERT_THAT(other_parameters, IsOk());
EXPECT_TRUE(*parameters != *other_parameters);
EXPECT_FALSE(*parameters == *other_parameters);
}
} // namespace
} // namespace tink
} // namespace crypto