github.com/hyperledger/aries-framework-go@v0.3.2/pkg/doc/verifiable/presentation_jws_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 SPDX-License-Identifier: Apache-2.0 4 */ 5 6 package verifiable 7 8 import ( 9 "crypto/rand" 10 "crypto/rsa" 11 "testing" 12 13 "github.com/go-jose/go-jose/v3" 14 "github.com/go-jose/go-jose/v3/jwt" 15 "github.com/stretchr/testify/require" 16 17 "github.com/hyperledger/aries-framework-go/pkg/doc/signature/verifier" 18 "github.com/hyperledger/aries-framework-go/pkg/kms" 19 ) 20 21 func TestJWTPresClaims_MarshalJWS(t *testing.T) { 22 vp, err := newTestPresentation(t, []byte(validPresentation)) 23 require.NoError(t, err) 24 25 signer, err := newCryptoSigner(kms.RSARS256Type) 26 require.NoError(t, err) 27 28 jws := createCredJWS(t, vp, signer) 29 30 _, rawVC, err := decodeVPFromJWS(jws, true, holderPublicKeyFetcher(signer.PublicKeyBytes())) 31 32 require.NoError(t, err) 33 require.Equal(t, vp.stringJSON(t), rawVC.stringJSON(t)) 34 } 35 36 type invalidPresClaims struct { 37 *jwt.Claims 38 39 Presentation int `json:"vp,omitempty"` 40 } 41 42 func TestUnmarshalPresJWSClaims(t *testing.T) { 43 holderSigner, err := newCryptoSigner(kms.RSARS256Type) 44 require.NoError(t, err) 45 46 testFetcher := holderPublicKeyFetcher(holderSigner.PublicKeyBytes()) 47 48 t.Run("Successful JWS decoding", func(t *testing.T) { 49 vp, err := newTestPresentation(t, []byte(validPresentation)) 50 require.NoError(t, err) 51 52 jws := createCredJWS(t, vp, holderSigner) 53 54 claims, err := unmarshalPresJWSClaims(jws, true, testFetcher) 55 require.NoError(t, err) 56 require.Equal(t, vp.stringJSON(t), claims.Presentation.stringJSON(t)) 57 }) 58 59 t.Run("Invalid serialized JWS", func(t *testing.T) { 60 claims, err := unmarshalPresJWSClaims("invalid JWS", true, testFetcher) 61 require.Error(t, err) 62 require.Contains(t, err.Error(), "parse JWT") 63 require.Nil(t, claims) 64 }) 65 66 t.Run("Invalid format of \"vp\" claim", func(t *testing.T) { 67 privKey, err := rsa.GenerateKey(rand.Reader, 2048) 68 require.NoError(t, err) 69 70 key := jose.SigningKey{Algorithm: jose.RS256, Key: privKey} 71 72 signer, err := jose.NewSigner(key, &jose.SignerOptions{}) 73 require.NoError(t, err) 74 75 claims := &invalidPresClaims{ 76 Claims: &jwt.Claims{}, 77 Presentation: 55, // "vp" claim of invalid format 78 } 79 80 token, err := jwt.Signed(signer).Claims(claims).CompactSerialize() 81 require.NoError(t, err) 82 83 uc, err := unmarshalPresJWSClaims(token, true, testFetcher) 84 require.Error(t, err) 85 require.Contains(t, err.Error(), "parse JWT") 86 require.Nil(t, uc) 87 }) 88 89 t.Run("Invalid signature of JWS", func(t *testing.T) { 90 vp, err := newTestPresentation(t, []byte(validPresentation)) 91 require.NoError(t, err) 92 93 jws := createCredJWS(t, vp, holderSigner) 94 95 uc, err := unmarshalPresJWSClaims(jws, true, func(issuerID, keyID string) (*verifier.PublicKey, error) { 96 // use public key of VC Issuer (while expecting to use the ones of VP Holder) 97 issuerSigner, errSigner := newCryptoSigner(kms.RSARS256Type) 98 require.NoError(t, errSigner) 99 100 return &verifier.PublicKey{ 101 Type: kms.RSARS256, 102 Value: issuerSigner.PublicKeyBytes(), 103 }, nil 104 }) 105 require.Error(t, err) 106 require.Contains(t, err.Error(), "parse JWT") 107 require.Nil(t, uc) 108 }) 109 } 110 111 func createCredJWS(t *testing.T, vp *Presentation, signer Signer) string { 112 claims, err := newJWTPresClaims(vp, []string{}, false) 113 require.NoError(t, err) 114 require.NotNil(t, claims) 115 116 jws, err := claims.MarshalJWS(RS256, signer, "did:123#key1") 117 require.NoError(t, err) 118 119 return jws 120 } 121 122 func holderPublicKeyFetcher(pubKeyBytes []byte) PublicKeyFetcher { 123 return func(issuerID, keyID string) (*verifier.PublicKey, error) { 124 return &verifier.PublicKey{ 125 Type: kms.RSARS256, 126 Value: pubKeyBytes, 127 }, nil 128 } 129 }