Google Git
Sign in
android / platform / external / tink / 4ca829d14be45a48c255031c314a469802495218 / . / cc / jwt / jwt_key_templates_test.cc
blob: d85c4506c2e60e0640eed89c1686941606b4933c [file] [log] [blame]
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/jwt/jwt_key_templates.h"
#include <memory>
#include <string>
#include <utility>
#include "gtest/gtest.h"
#include "tink/jwt/jwt_mac.h"
#include "tink/jwt/jwt_mac_config.h"
#include "tink/jwt/jwt_public_key_sign.h"
#include "tink/jwt/jwt_public_key_verify.h"
#include "tink/jwt/jwt_signature_config.h"
#include "tink/jwt/jwt_validator.h"
#include "tink/jwt/raw_jwt.h"
#include "tink/jwt/verified_jwt.h"
#include "tink/util/status.h"
#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
using ::crypto::tink::test::IsOk;
using google::crypto::tink::KeyTemplate;
namespace crypto {
namespace tink {
namespace {
class JwtMacKeyTemplatesTest : public testing::TestWithParam<KeyTemplate> {
void SetUp() override { ASSERT_TRUE(JwtMacRegister().ok()); }
};
TEST_P(JwtMacKeyTemplatesTest, CreateComputeVerify) {
KeyTemplate key_template = GetParam();
util::StatusOr<std::unique_ptr<crypto::tink::KeysetHandle>> keyset_handle =
KeysetHandle::GenerateNew(key_template);
ASSERT_THAT(keyset_handle, IsOk());
util::StatusOr<std::unique_ptr<crypto::tink::JwtMac>> jwt_mac =
(*keyset_handle)->GetPrimitive<JwtMac>();
ASSERT_THAT(jwt_mac, IsOk());
util::StatusOr<RawJwt> raw_jwt =
RawJwtBuilder().SetIssuer("issuer").WithoutExpiration().Build();
ASSERT_THAT(raw_jwt, IsOk());
util::StatusOr<std::string> compact =
(*jwt_mac)->ComputeMacAndEncode(*raw_jwt);
ASSERT_THAT(compact, IsOk());
util::StatusOr<JwtValidator> validator = JwtValidatorBuilder()
.ExpectIssuer("issuer")
.AllowMissingExpiration()
.Build();
ASSERT_THAT(validator, IsOk());
util::StatusOr<VerifiedJwt> verified_jwt =
(*jwt_mac)->VerifyMacAndDecode(*compact, *validator);
ASSERT_THAT(verified_jwt, IsOk());
EXPECT_THAT(verified_jwt->GetIssuer(), test::IsOkAndHolds("issuer"));
util::StatusOr<JwtValidator> validator2 = JwtValidatorBuilder()
.ExpectIssuer("unknown")
.AllowMissingExpiration()
.Build();
ASSERT_THAT(validator2, IsOk());
EXPECT_FALSE((*jwt_mac)->VerifyMacAndDecode(*compact, *validator2).ok());
}
INSTANTIATE_TEST_SUITE_P(JwtMacKeyTemplatesTest, JwtMacKeyTemplatesTest,
testing::Values(JwtHs256Template(), JwtHs384Template(),
JwtHs512Template()));
class JwtSignatureKeyTemplatesTest
: public testing::TestWithParam<KeyTemplate> {
void SetUp() override { ASSERT_TRUE(JwtSignatureRegister().ok()); }
};
TEST_P(JwtSignatureKeyTemplatesTest, CreateComputeVerify) {
KeyTemplate key_template = GetParam();
util::StatusOr<std::unique_ptr<KeysetHandle>> private_handle =
KeysetHandle::GenerateNew(key_template);
ASSERT_THAT(private_handle, IsOk());
util::StatusOr<std::unique_ptr<JwtPublicKeySign>> sign =
(*private_handle)->GetPrimitive<JwtPublicKeySign>();
ASSERT_THAT(sign, IsOk());
util::StatusOr<std::unique_ptr<KeysetHandle>> public_handle =
(*private_handle)->GetPublicKeysetHandle();
ASSERT_THAT(public_handle, IsOk());
util::StatusOr<std::unique_ptr<JwtPublicKeyVerify>> verify =
(*public_handle)->GetPrimitive<JwtPublicKeyVerify>();
ASSERT_THAT(verify, IsOk());
util::StatusOr<RawJwt> raw_jwt =
RawJwtBuilder().SetIssuer("issuer").WithoutExpiration().Build();
ASSERT_THAT(raw_jwt, IsOk());
util::StatusOr<std::string> compact = (*sign)->SignAndEncode(*raw_jwt);
ASSERT_THAT(compact, IsOk());
util::StatusOr<JwtValidator> validator = JwtValidatorBuilder()
.ExpectIssuer("issuer")
.AllowMissingExpiration()
.Build();
ASSERT_THAT(validator, IsOk());
util::StatusOr<VerifiedJwt> verified_jwt =
(*verify)->VerifyAndDecode(*compact, *validator);
ASSERT_THAT(verified_jwt, IsOk());
EXPECT_THAT(verified_jwt->GetIssuer(), test::IsOkAndHolds("issuer"));
util::StatusOr<JwtValidator> validator2 = JwtValidatorBuilder()
.ExpectIssuer("unknown")
.AllowMissingExpiration()
.Build();
ASSERT_THAT(validator, IsOk());
EXPECT_FALSE((*verify)->VerifyAndDecode(*compact, *validator2).ok());
}
INSTANTIATE_TEST_SUITE_P(
JwtSignatureKeyTemplatesTest, JwtSignatureKeyTemplatesTest,
testing::Values(JwtEs256Template(), JwtEs384Template(), JwtEs512Template(),
RawJwtEs256Template(), JwtRs256_2048_F4_Template(),
JwtRs256_3072_F4_Template(), JwtRs384_3072_F4_Template(),
JwtRs512_4096_F4_Template(), RawJwtRs256_2048_F4_Template(),
JwtPs256_2048_F4_Template(), JwtPs256_3072_F4_Template(),
JwtPs384_3072_F4_Template(), JwtPs512_4096_F4_Template(),
RawJwtPs256_2048_F4_Template()));
} // namespace
} // namespace tink
} // namespace crypto