cc/examples/jwt/jwt_signature_cli_test.sh - platform/external/tink - Git at Google

 #!/bin/bash
 # Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ################################################################################

 set -euo pipefail

 #############################################################################
 # Tests for Tink C++ JWT signature example.
 #############################################################################

 : "${TEST_TMPDIR:=$(mktemp -d)}"

 readonly CLI_SIGN="$1"
 readonly GEN_PUBLIC_JWK_SET_CLI="$2"
 readonly CLI_VERIFY="$3"
 readonly PRIVATE_KEYSET_FILE="$4"
 readonly PUBLIC_KEYSET_FILE="$5"
 readonly PUBLIC_JWK_SET_FILE="${TEST_TMPDIR}/public_jwk_set.json"
 readonly TOKEN_FILE="${TEST_TMPDIR}/token.json"
 readonly TEST_NAME="TinkCcExamplesJwtSignatureTest"

 readonly AUDIENCE="JWT audience"

 #######################################
 # A helper function for getting the return code of a command that may fail.
 # Temporarily disables error safety and stores return value in TEST_STATUS.
 #
 # Globals:
 #   TEST_STATUS
 # Arguments:
 #   Command to execute.
 #######################################
 test_command() {
   set +e
   "$@"
   TEST_STATUS=$?
   set -e
 }

 #######################################
 # Asserts that the outcome of the latest test command is 0.
 #
 # If not, it terminates the test execution.
 #
 # Globals:
 #   TEST_STATUS
 #   TEST_NAME
 #   TEST_CASE
 #######################################
 assert_command_succeeded() {
   if (( TEST_STATUS != 0 )); then
     echo "[   FAILED ] ${TEST_NAME}.${TEST_CASE}"
     exit 1
   fi
 }

 #######################################
 # Asserts that the outcome of the latest test command is not 0.
 #
 # If not, it terminates the test execution.
 #
 # Globals:
 #   TEST_STATUS
 #   TEST_NAME
 #   TEST_CASE
 #######################################
 assert_command_failed() {
   if (( TEST_STATUS == 0 )); then
       echo "[   FAILED ] ${TEST_NAME}.${TEST_CASE}"
       exit 1
   fi
 }

 #######################################
 # Starts a new test case; records the test case name to TEST_CASE.
 #
 # Globals:
 #   TEST_NAME
 #   TEST_CASE
 # Arguments:
 #   test_case: The name of the test case.
 #######################################
 start_test_case() {
   TEST_CASE="$1"
   echo "[ RUN      ] ${TEST_NAME}.${TEST_CASE}"
 }

 #######################################
 # Ends a test case printing a success message.
 #
 # Globals:
 #   TEST_NAME
 #   TEST_CASE
 #######################################
 end_test_case() {
   echo "[       OK ] ${TEST_NAME}.${TEST_CASE}"
 }

 #############################################################################

 start_test_case "sign_verify_all_good"

 # Sign.
 test_command "${CLI_SIGN}" \
   --keyset_filename "${PRIVATE_KEYSET_FILE}" \
   --audience "${AUDIENCE}" \
   --token_filename "${TOKEN_FILE}"
 assert_command_succeeded

 # Convert to JWK set.
 test_command "${GEN_PUBLIC_JWK_SET_CLI}" \
   --public_keyset_filename "${PUBLIC_KEYSET_FILE}" \
   --public_jwk_set_filename "${PUBLIC_JWK_SET_FILE}"
 assert_command_succeeded

 # Verify.
 test_command "${CLI_VERIFY}" \
   --jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
   --audience "${AUDIENCE}" \
   --token_filename "${TOKEN_FILE}"
 assert_command_succeeded

 end_test_case

 #############################################################################

 start_test_case "verify_fails_with_invalid_token"

 # Sign.
 test_command "${CLI_SIGN}" \
   --keyset_filename "${PRIVATE_KEYSET_FILE}" \
   --audience "${AUDIENCE}" \
   --token_filename "${TOKEN_FILE}"
 assert_command_succeeded

 # Invalid token.
 echo "modified" >> "${TOKEN_FILE}"

 # Verify.
 test_command "${CLI_VERIFY}" \
   --jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
   --audience "${AUDIENCE}" \
   --token_filename "${TOKEN_FILE}"
 assert_command_failed

 end_test_case

 #############################################################################

 start_test_case "verify_fails_with_invalid_audience"

 # Sign.
 test_command "${CLI_SIGN}" \
   --keyset_filename "${PRIVATE_KEYSET_FILE}" \
   --audience "${AUDIENCE}" \
   --token_filename "${TOKEN_FILE}"
 assert_command_succeeded

 # Modify audience.
 readonly INVALID_AUDIENCE="invalid audience"

 # Verify.
 test_command "${CLI_VERIFY}" \
   --jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
   --audience "${INVALID_AUDIENCE}" \
   --token_filename "${TOKEN_FILE}"
 assert_command_failed

 end_test_case
	#!/bin/bash
	# Copyright 2021 Google LLC
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	################################################################################

	set -euo pipefail

	#############################################################################
	# Tests for Tink C++ JWT signature example.
	#############################################################################

	: "${TEST_TMPDIR:=$(mktemp -d)}"

	readonly CLI_SIGN="$1"
	readonly GEN_PUBLIC_JWK_SET_CLI="$2"
	readonly CLI_VERIFY="$3"
	readonly PRIVATE_KEYSET_FILE="$4"
	readonly PUBLIC_KEYSET_FILE="$5"
	readonly PUBLIC_JWK_SET_FILE="${TEST_TMPDIR}/public_jwk_set.json"
	readonly TOKEN_FILE="${TEST_TMPDIR}/token.json"
	readonly TEST_NAME="TinkCcExamplesJwtSignatureTest"

	readonly AUDIENCE="JWT audience"

	#######################################
	# A helper function for getting the return code of a command that may fail.
	# Temporarily disables error safety and stores return value in TEST_STATUS.
	#
	# Globals:
	# TEST_STATUS
	# Arguments:
	# Command to execute.
	#######################################
	test_command() {
	set +e
	"$@"
	TEST_STATUS=$?
	set -e
	}

	#######################################
	# Asserts that the outcome of the latest test command is 0.
	#
	# If not, it terminates the test execution.
	#
	# Globals:
	# TEST_STATUS
	# TEST_NAME
	# TEST_CASE
	#######################################
	assert_command_succeeded() {
	if (( TEST_STATUS != 0 )); then
	echo "[ FAILED ] ${TEST_NAME}.${TEST_CASE}"
	exit 1
	fi
	}

	#######################################
	# Asserts that the outcome of the latest test command is not 0.
	#
	# If not, it terminates the test execution.
	#
	# Globals:
	# TEST_STATUS
	# TEST_NAME
	# TEST_CASE
	#######################################
	assert_command_failed() {
	if (( TEST_STATUS == 0 )); then
	echo "[ FAILED ] ${TEST_NAME}.${TEST_CASE}"
	exit 1
	fi
	}

	#######################################
	# Starts a new test case; records the test case name to TEST_CASE.
	#
	# Globals:
	# TEST_NAME
	# TEST_CASE
	# Arguments:
	# test_case: The name of the test case.
	#######################################
	start_test_case() {
	TEST_CASE="$1"
	echo "[ RUN ] ${TEST_NAME}.${TEST_CASE}"
	}

	#######################################
	# Ends a test case printing a success message.
	#
	# Globals:
	# TEST_NAME
	# TEST_CASE
	#######################################
	end_test_case() {
	echo "[ OK ] ${TEST_NAME}.${TEST_CASE}"
	}

	#############################################################################

	start_test_case "sign_verify_all_good"

	# Sign.
	test_command "${CLI_SIGN}" \
	--keyset_filename "${PRIVATE_KEYSET_FILE}" \
	--audience "${AUDIENCE}" \
	--token_filename "${TOKEN_FILE}"
	assert_command_succeeded

	# Convert to JWK set.
	test_command "${GEN_PUBLIC_JWK_SET_CLI}" \
	--public_keyset_filename "${PUBLIC_KEYSET_FILE}" \
	--public_jwk_set_filename "${PUBLIC_JWK_SET_FILE}"
	assert_command_succeeded

	# Verify.
	test_command "${CLI_VERIFY}" \
	--jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
	--audience "${AUDIENCE}" \
	--token_filename "${TOKEN_FILE}"
	assert_command_succeeded

	end_test_case

	#############################################################################

	start_test_case "verify_fails_with_invalid_token"

	# Sign.
	test_command "${CLI_SIGN}" \
	--keyset_filename "${PRIVATE_KEYSET_FILE}" \
	--audience "${AUDIENCE}" \
	--token_filename "${TOKEN_FILE}"
	assert_command_succeeded

	# Invalid token.
	echo "modified" >> "${TOKEN_FILE}"

	# Verify.
	test_command "${CLI_VERIFY}" \
	--jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
	--audience "${AUDIENCE}" \
	--token_filename "${TOKEN_FILE}"
	assert_command_failed

	end_test_case

	#############################################################################

	start_test_case "verify_fails_with_invalid_audience"

	# Sign.
	test_command "${CLI_SIGN}" \
	--keyset_filename "${PRIVATE_KEYSET_FILE}" \
	--audience "${AUDIENCE}" \
	--token_filename "${TOKEN_FILE}"
	assert_command_succeeded

	# Modify audience.
	readonly INVALID_AUDIENCE="invalid audience"

	# Verify.
	test_command "${CLI_VERIFY}" \
	--jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
	--audience "${INVALID_AUDIENCE}" \
	--token_filename "${TOKEN_FILE}"
	assert_command_failed

	end_test_case