Google Git
Sign in
chromium / external / github.com / google / tink / 8b1b36149c339b83385339954da1d27cf7b1fc43 / . / cc / jwt / internal / jwt_format_test.cc
blob: 8d17b5b228fb50c28a5a5cbdfa4ec39c92c4b873 [file] [log] [blame]
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/jwt/internal/jwt_format.h"
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "tink/jwt/internal/json_util.h"
#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
using ::crypto::tink::test::IsOk;
using testing::Eq;
namespace crypto {
namespace tink {
namespace jwt_internal {
TEST(JwtFormat, EncodeDecodeHeader) {
std::string header = R"({"alg":"HS256"})";
std::string output;
ASSERT_TRUE(DecodeHeader(EncodeHeader(header), &output));
EXPECT_THAT(output, Eq(header));
}
TEST(JwtFormat, EncodeFixedHeader) {
// Null-terminted example from https://tools.ietf.org/html/rfc7519#section-3.1
char header[] = {123, 34, 116, 121, 112, 34, 58, 34, 74, 87,
84, 34, 44, 13, 10, 32, 34, 97, 108, 103,
34, 58, 34, 72, 83, 50, 53, 54, 34, 125, 0};
EXPECT_THAT(EncodeHeader(header),
Eq("eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"));
}
TEST(JwtFormat, DecodedHeaderWithLineFeedFails) {
std::string output;
ASSERT_FALSE(
DecodeHeader("eyJ0eXAiOiJKV1Qi\nLA0KICJhbGciOiJIUzI1NiJ9", &output));
}
TEST(JwtFormat, EncodeDecodePayload) {
std::string payload = R"({"iss":"issuer"})";
std::string output;
ASSERT_TRUE(DecodePayload(EncodePayload(payload), &output));
EXPECT_THAT(output, Eq(payload));
}
TEST(JwtFormat, EncodeFixedPayload) {
// Null-terminted example from https://tools.ietf.org/html/rfc7519#section-3.1
char payload[] = {123, 34, 105, 115, 115, 34, 58, 34, 106, 111, 101, 34,
44, 13, 10, 32, 34, 101, 120, 112, 34, 58, 49, 51,
48, 48, 56, 49, 57, 51, 56, 48, 44, 13, 10, 32,
34, 104, 116, 116, 112, 58, 47, 47, 101, 120, 97, 109,
112, 108, 101, 46, 99, 111, 109, 47, 105, 115, 95, 114,
111, 111, 116, 34, 58, 116, 114, 117, 101, 125, 0};
EXPECT_THAT(EncodeHeader(payload),
Eq("eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0"
"dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"));
}
TEST(JwtFormat, DecodeInvalidPayload_fails) {
std::string output;
ASSERT_FALSE(DecodePayload("eyJmb28iO?JiYXIifQ", &output));
}
TEST(JwtFormat, DecodeAndValidateFixedHeaderHS256) {
// Example from https://tools.ietf.org/html/rfc7515#appendix-A.1
std::string encoded_header = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9";
std::string json_header;
ASSERT_TRUE(DecodeHeader(encoded_header, &json_header));
EXPECT_THAT(json_header, Eq("{\"typ\":\"JWT\",\r\n \"alg\":\"HS256\"}"));
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_THAT(ValidateHeader(header_or.ValueOrDie(), "HS256"), IsOk());
EXPECT_FALSE(ValidateHeader(header_or.ValueOrDie(), "RS256").ok());
}
TEST(JwtFormat, DecodeAndValidateFixedHeaderRS256) {
// Example from https://tools.ietf.org/html/rfc7515#appendix-A.2
std::string encoded_header = "eyJhbGciOiJSUzI1NiJ9";
std::string json_header;
ASSERT_TRUE(DecodeHeader(encoded_header, &json_header));
EXPECT_THAT(json_header, Eq(R"({"alg":"RS256"})"));
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_THAT(ValidateHeader(header_or.ValueOrDie(), "RS256"), IsOk());
EXPECT_FALSE(ValidateHeader(header_or.ValueOrDie(), "HS256").ok());
}
TEST(JwtFormat, CreateValidateHeader) {
std::string encoded_header = CreateHeader("PS384", absl::nullopt);
std::string json_header;
ASSERT_TRUE(DecodeHeader(encoded_header, &json_header));
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_THAT(ValidateHeader(header_or.ValueOrDie(), "PS384"), IsOk());
EXPECT_FALSE(ValidateHeader(header_or.ValueOrDie(), "HS256").ok());
}
TEST(JwtFormat, CreateValidateHeaderWithType) {
std::string encoded_header = CreateHeader("PS384", "JWT");
std::string json_header;
ASSERT_TRUE(DecodeHeader(encoded_header, &json_header));
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_THAT(ValidateHeader(header_or.ValueOrDie(), "PS384"), IsOk());
EXPECT_FALSE(ValidateHeader(header_or.ValueOrDie(), "HS256").ok());
}
TEST(JwtFormat, ValidateEmptyHeaderFails) {
google::protobuf::Struct empty_header;
EXPECT_FALSE(ValidateHeader(empty_header, "HS256").ok());
}
TEST(JwtFormat, ValidateHeaderWithUnknownTypeOk) {
std::string json_header = R"({"alg":"HS256","typ":"unknown"})";
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_THAT(ValidateHeader(header_or.ValueOrDie(), "HS256"), IsOk());
}
TEST(JwtFormat, ValidateHeaderRejectsCrit) {
std::string json_header =
R"({"alg":"HS256","crit":["http://example.invalid/UNDEFINED"],)"
R"("http://example.invalid/UNDEFINED":true})";
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_FALSE(ValidateHeader(header_or.ValueOrDie(), "HS256").ok());
}
TEST(JwtFormat, ValidateHeaderWithUnknownEntry) {
std::string json_header = R"({"alg":"HS256","unknown":"header"})";
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_THAT(ValidateHeader(header_or.ValueOrDie(), "HS256"), IsOk());
}
TEST(JwtFormat, ValidateHeaderWithInvalidAlgTypFails) {
std::string json_header = R"({"alg":true})";
util::StatusOr<google::protobuf::Struct> header_or =
JsonStringToProtoStruct(json_header);
EXPECT_THAT(header_or.status(), IsOk());
EXPECT_FALSE(ValidateHeader(header_or.ValueOrDie(), "HS256").ok());
}
TEST(JwtFormat, DecodeFixedPayload) {
// Example from https://tools.ietf.org/html/rfc7519#section-3.1
std::string encoded_payload =
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0"
"dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ";
std::string expected =
"{\"iss\":\"joe\",\r\n \"exp\":1300819380,\r\n "
"\"http://example.com/is_root\":true}";
std::string output;
ASSERT_TRUE(DecodePayload(encoded_payload, &output));
EXPECT_THAT(output, Eq(expected));
}
TEST(JwtFormat, DecodePayloadWithLineFeedFails) {
// A linefeed as part of the payload (as in test DecodeFixedPayload) is fine,
// but a linefeed in the encoded payload is not.
std::string encoded_header_with_line_feed =
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0\n"
"dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ";
std::string output;
ASSERT_FALSE(
DecodePayload(encoded_header_with_line_feed, &output));
}
TEST(JwtFormat, EncodeFixedSignature) {
std::string encoded_signature = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
std::string signature;
ASSERT_TRUE(DecodeSignature(encoded_signature, &signature));
EXPECT_THAT(EncodeSignature(signature), Eq(encoded_signature));
}
TEST(JwtFormat, DecodeSignatureWithLineFeedFails) {
std::string output;
ASSERT_FALSE(
DecodePayload("dBjftJeZ4CVP-mB92K2\n7uhbUJU1p1r_wW1gFWFOEjXk", &output));
}
} // namespace jwt_internal
} // namespace tink
} // namespace crypto