github.com/hyperledger/aries-framework-go@v0.3.2/pkg/doc/verifiable/credential_jws_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 SPDX-License-Identifier: Apache-2.0 4 */ 5 6 package verifiable 7 8 import ( 9 "crypto/rand" 10 "crypto/rsa" 11 "encoding/json" 12 "testing" 13 14 "github.com/go-jose/go-jose/v3" 15 "github.com/go-jose/go-jose/v3/jwt" 16 "github.com/stretchr/testify/require" 17 18 "github.com/hyperledger/aries-framework-go/pkg/doc/signature/verifier" 19 "github.com/hyperledger/aries-framework-go/pkg/kms" 20 ) 21 22 func TestJWTCredClaimsMarshalJWS(t *testing.T) { 23 signer, err := newCryptoSigner(kms.RSARS256Type) 24 require.NoError(t, err) 25 26 vc, err := parseTestCredential(t, []byte(validCredential)) 27 require.NoError(t, err) 28 29 jwtClaims, err := vc.JWTClaims(true) 30 require.NoError(t, err) 31 32 t.Run("Marshal signed JWT", func(t *testing.T) { 33 jws, err := jwtClaims.MarshalJWS(RS256, signer, "did:123#key1") 34 require.NoError(t, err) 35 36 vcBytes, err := decodeCredJWS(jws, true, func(issuerID, keyID string) (*verifier.PublicKey, error) { 37 return &verifier.PublicKey{ 38 Type: kms.RSARS256, 39 Value: signer.PublicKeyBytes(), 40 }, nil 41 }) 42 require.NoError(t, err) 43 44 vcRaw := new(rawCredential) 45 err = json.Unmarshal(vcBytes, &vcRaw) 46 require.NoError(t, err) 47 48 require.NoError(t, err) 49 require.Equal(t, vc.stringJSON(t), vcRaw.stringJSON(t)) 50 }) 51 } 52 53 type invalidCredClaims struct { 54 *jwt.Claims 55 56 Credential int `json:"vc,omitempty"` 57 } 58 59 func TestCredJWSDecoderUnmarshal(t *testing.T) { 60 signer, err := newCryptoSigner(kms.RSARS256Type) 61 require.NoError(t, err) 62 63 pkFetcher := func(_, _ string) (*verifier.PublicKey, error) { //nolint:unparam 64 return &verifier.PublicKey{ 65 Type: kms.RSARS256, 66 Value: signer.PublicKeyBytes(), 67 }, nil 68 } 69 70 validJWS := createRS256JWS(t, []byte(jwtTestCredential), signer, false) 71 72 t.Run("Successful JWS decoding", func(t *testing.T) { 73 vcBytes, err := decodeCredJWS(string(validJWS), true, pkFetcher) 74 require.NoError(t, err) 75 76 vcRaw := new(rawCredential) 77 err = json.Unmarshal(vcBytes, &vcRaw) 78 require.NoError(t, err) 79 80 vc, err := parseTestCredential(t, []byte(jwtTestCredential)) 81 require.NoError(t, err) 82 require.Equal(t, vc.stringJSON(t), vcRaw.stringJSON(t)) 83 }) 84 85 t.Run("Invalid serialized JWS", func(t *testing.T) { 86 jws, err := decodeCredJWS("invalid JWS", true, pkFetcher) 87 require.Error(t, err) 88 require.Contains(t, err.Error(), "unmarshal VC JWT claims") 89 require.Nil(t, jws) 90 }) 91 92 t.Run("Invalid format of \"vc\" claim", func(t *testing.T) { 93 privKey, err := rsa.GenerateKey(rand.Reader, 2048) 94 require.NoError(t, err) 95 96 key := jose.SigningKey{Algorithm: jose.RS256, Key: privKey} 97 98 signer, err := jose.NewSigner(key, &jose.SignerOptions{}) 99 require.NoError(t, err) 100 101 claims := &invalidCredClaims{ 102 Claims: &jwt.Claims{}, 103 Credential: 55, // "vc" claim of invalid format 104 } 105 106 jwtCompact, err := jwt.Signed(signer).Claims(claims).CompactSerialize() 107 require.NoError(t, err) 108 109 jws, err := decodeCredJWS(jwtCompact, true, pkFetcher) 110 require.Error(t, err) 111 require.Contains(t, err.Error(), "unmarshal VC JWT claims") 112 require.Nil(t, jws) 113 }) 114 115 t.Run("Invalid signature of JWS", func(t *testing.T) { 116 pkFetcherOther := func(issuerID, keyID string) (*verifier.PublicKey, error) { 117 // use public key of VC Holder (while expecting to use the ones of Issuer) 118 holderSigner, err := newCryptoSigner(kms.RSARS256Type) 119 require.NoError(t, err) 120 121 return &verifier.PublicKey{ 122 Type: kms.RSARS256, 123 Value: holderSigner.PublicKeyBytes(), 124 }, nil 125 } 126 127 jws, err := decodeCredJWS(string(validJWS), true, pkFetcherOther) 128 require.Error(t, err) 129 require.Contains(t, err.Error(), "unmarshal VC JWT claims") 130 require.Nil(t, jws) 131 }) 132 }