Google Git
Sign in
fuchsia / third_party / tink / 837cb690988e5ce1b929bfdf6fb4cafdb44a2531 / . / cc / jwt / jwt_key_templates_test.cc
blob: 62cc763e28b9f2dc01012f6219afcccbc31f12fb [file] [log] [blame]
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/jwt/jwt_key_templates.h"
#include "gtest/gtest.h"
#include "tink/jwt/jwt_mac.h"
#include "tink/jwt/jwt_public_key_sign.h"
#include "tink/jwt/jwt_public_key_verify.h"
#include "tink/jwt/jwt_mac_config.h"
#include "tink/jwt/jwt_signature_config.h"
#include "tink/jwt/jwt_validator.h"
#include "tink/jwt/raw_jwt.h"
#include "tink/jwt/verified_jwt.h"
#include "tink/util/status.h"
#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
using ::crypto::tink::test::IsOk;
using google::crypto::tink::KeyTemplate;
namespace crypto {
namespace tink {
namespace {
class JwtMacKeyTemplatesTest : public testing::TestWithParam<KeyTemplate> {
void SetUp() override { ASSERT_TRUE(JwtMacRegister().ok()); }
};
TEST_P(JwtMacKeyTemplatesTest, CreateComputeVerify) {
KeyTemplate key_template = GetParam();
auto handle_result = KeysetHandle::GenerateNew(key_template);
ASSERT_THAT(handle_result.status(), IsOk());
auto keyset_handle = std::move(handle_result.ValueOrDie());
auto jwt_mac_or = keyset_handle->GetPrimitive<JwtMac>();
ASSERT_THAT(jwt_mac_or.status(), IsOk());
std::unique_ptr<JwtMac> jwt_mac = std::move(jwt_mac_or.ValueOrDie());
auto raw_jwt_or = RawJwtBuilder().SetIssuer("issuer").Build();
ASSERT_THAT(raw_jwt_or.status(), IsOk());
RawJwt raw_jwt = raw_jwt_or.ValueOrDie();
util::StatusOr<std::string> compact_or =
jwt_mac->ComputeMacAndEncode(raw_jwt);
ASSERT_THAT(compact_or.status(), IsOk());
std::string compact = compact_or.ValueOrDie();
JwtValidator validator = JwtValidatorBuilder().Build();
util::StatusOr<VerifiedJwt> verified_jwt_or =
jwt_mac->VerifyMacAndDecode(compact, validator);
ASSERT_THAT(verified_jwt_or.status(), IsOk());
auto verified_jwt = verified_jwt_or.ValueOrDie();
EXPECT_THAT(verified_jwt.GetIssuer(), test::IsOkAndHolds("issuer"));
JwtValidator validator2 = JwtValidatorBuilder().SetIssuer("unknown").Build();
EXPECT_FALSE(jwt_mac->VerifyMacAndDecode(compact, validator2).ok());
}
INSTANTIATE_TEST_SUITE_P(JwtMacKeyTemplatesTest, JwtMacKeyTemplatesTest,
testing::Values(JwtHs256Template(), JwtHs384Template(),
JwtHs512Template()));
class JwtSignatureKeyTemplatesTest
: public testing::TestWithParam<KeyTemplate> {
void SetUp() override { ASSERT_TRUE(JwtSignatureRegister().ok()); }
};
TEST_P(JwtSignatureKeyTemplatesTest, CreateComputeVerify) {
KeyTemplate key_template = GetParam();
auto handle_result = KeysetHandle::GenerateNew(key_template);
ASSERT_THAT(handle_result.status(), IsOk());
auto keyset_handle = std::move(handle_result.ValueOrDie());
auto sign_or = keyset_handle->GetPrimitive<JwtPublicKeySign>();
ASSERT_THAT(sign_or.status(), IsOk());
std::unique_ptr<JwtPublicKeySign> sign = std::move(sign_or.ValueOrDie());
auto public_handle_or = keyset_handle->GetPublicKeysetHandle();
ASSERT_THAT(public_handle_or.status(), IsOk());
auto verify_or =
public_handle_or.ValueOrDie()->GetPrimitive<JwtPublicKeyVerify>();
ASSERT_THAT(verify_or.status(), IsOk());
std::unique_ptr<JwtPublicKeyVerify> verify =
std::move(verify_or.ValueOrDie());
auto raw_jwt_or = RawJwtBuilder().SetIssuer("issuer").Build();
ASSERT_THAT(raw_jwt_or.status(), IsOk());
RawJwt raw_jwt = raw_jwt_or.ValueOrDie();
util::StatusOr<std::string> compact_or = sign->SignAndEncode(raw_jwt);
ASSERT_THAT(compact_or.status(), IsOk());
std::string compact = compact_or.ValueOrDie();
JwtValidator validator = JwtValidatorBuilder().Build();
util::StatusOr<VerifiedJwt> verified_jwt_or =
verify->VerifyAndDecode(compact, validator);
ASSERT_THAT(verified_jwt_or.status(), IsOk());
auto verified_jwt = verified_jwt_or.ValueOrDie();
EXPECT_THAT(verified_jwt.GetIssuer(), test::IsOkAndHolds("issuer"));
JwtValidator validator2 = JwtValidatorBuilder().SetIssuer("unknown").Build();
EXPECT_FALSE(verify->VerifyAndDecode(compact, validator2).ok());
}
INSTANTIATE_TEST_SUITE_P(
JwtSignatureKeyTemplatesTest, JwtSignatureKeyTemplatesTest,
testing::Values(JwtEs256Template(), JwtEs384Template(), JwtEs512Template(),
JwtRs256_2048_F4_Template(), JwtRs256_3072_F4_Template(),
JwtRs384_3072_F4_Template(), JwtRs512_4096_F4_Template(),
JwtPs256_2048_F4_Template(), JwtPs256_3072_F4_Template(),
JwtPs384_3072_F4_Template(), JwtPs512_4096_F4_Template()));
} // namespace
} // namespace tink
} // namespace crypto