github.com/hyperledger/aries-framework-go@v0.3.2/pkg/wallet/jwt_test.go

github.com/hyperledger/aries-framework-go@v0.3.2/pkg/wallet/jwt_test.go (about)

     1  /*
     2  Copyright Avast Software. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package wallet
     8  
     9  import (
    10  	"crypto/ed25519"
    11  	"fmt"
    12  	"strings"
    13  	"testing"
    14  
    15  	"github.com/btcsuite/btcutil/base58"
    16  	"github.com/google/uuid"
    17  	"github.com/stretchr/testify/require"
    18  
    19  	"github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto"
    20  	"github.com/hyperledger/aries-framework-go/pkg/doc/did"
    21  	"github.com/hyperledger/aries-framework-go/pkg/doc/util/jwkkid"
    22  	vdrapi "github.com/hyperledger/aries-framework-go/pkg/framework/aries/api/vdr"
    23  	"github.com/hyperledger/aries-framework-go/pkg/kms"
    24  	mockvdr "github.com/hyperledger/aries-framework-go/pkg/mock/vdr"
    25  	"github.com/hyperledger/aries-framework-go/pkg/vdr/key"
    26  )
    27  
    28  const (
    29  	defaultKID = "#key-1"
    30  	defaultDID = "did:test:foo"
    31  )
    32  
    33  func TestWallet_SignJWT(t *testing.T) {
    34  	user := uuid.New().String()
    35  
    36  	staticDIDDocs := map[string]*did.Doc{}
    37  
    38  	customVDR := &mockvdr.MockVDRegistry{
    39  		ResolveFunc: func(didID string, opts ...vdrapi.DIDMethodOption) (*did.DocResolution, error) {
    40  			if strings.HasPrefix(didID, "did:key:") {
    41  				k := key.New()
    42  
    43  				d, e := k.Read(didID)
    44  				if e != nil {
    45  					return nil, e
    46  				}
    47  
    48  				return d, nil
    49  			} else if doc, ok := staticDIDDocs[didID]; ok {
    50  				return &did.DocResolution{DIDDocument: doc}, nil
    51  			}
    52  
    53  			return nil, fmt.Errorf("did not found")
    54  		},
    55  	}
    56  
    57  	mockctx := newMockProvider(t)
    58  	mockctx.VDRegistryValue = customVDR
    59  
    60  	var e error
    61  	mockctx.CryptoValue, e = tinkcrypto.New()
    62  	require.NoError(t, e)
    63  
    64  	e = CreateProfile(user, mockctx, WithPassphrase(samplePassPhrase))
    65  	require.NoError(t, e)
    66  
    67  	testClaims := map[string]interface{}{
    68  		"foo": "bar",
    69  		"baz": []string{"a", "b", "c"},
    70  	}
    71  
    72  	t.Run("success", func(t *testing.T) {
    73  		walletInstance, err := New(user, mockctx)
    74  		require.NotEmpty(t, walletInstance)
    75  		require.NoError(t, err)
    76  
    77  		// unlock wallet
    78  		authToken, err := walletInstance.Open(WithUnlockByPassphrase(samplePassPhrase))
    79  		require.NoError(t, err)
    80  		require.NotEmpty(t, authToken)
    81  
    82  		defer walletInstance.Close()
    83  
    84  		// import keys manually
    85  		session, err := sessionManager().getSession(authToken)
    86  		require.NotEmpty(t, session)
    87  		require.NoError(t, err)
    88  
    89  		kmgr := session.KeyManager
    90  		require.NotEmpty(t, kmgr)
    91  
    92  		edPriv := ed25519.PrivateKey(base58.Decode(pkBase58))
    93  
    94  		edPub, ok := edPriv.Public().(ed25519.PublicKey)
    95  		require.True(t, ok)
    96  
    97  		kmsKID, err := jwkkid.CreateKID(edPub, kms.ED25519Type)
    98  		require.NoError(t, err)
    99  
   100  		// nolint: errcheck, gosec
   101  		kmgr.ImportPrivateKey(edPriv, kms.ED25519, kms.WithKeyID(kmsKID))
   102  
   103  		result, err := walletInstance.SignJWT(authToken, nil, testClaims, sampleVerificationMethod)
   104  		require.NoError(t, err)
   105  		require.NotEmpty(t, result)
   106  
   107  		err = walletInstance.VerifyJWT(result)
   108  		require.NoError(t, err)
   109  	})
   110  
   111  	t.Run("failure", func(t *testing.T) {
   112  		t.Run("wallet locked", func(t *testing.T) {
   113  			walletInstance, err := New(user, mockctx)
   114  			require.NotEmpty(t, walletInstance)
   115  			require.NoError(t, err)
   116  
   117  			result, err := walletInstance.SignJWT("not auth token", nil, testClaims, defaultDID+defaultKID)
   118  			require.Error(t, err)
   119  			require.ErrorIs(t, err, ErrWalletLocked)
   120  			require.Equal(t, "", result)
   121  		})
   122  
   123  		t.Run("didsignjwt handler error", func(t *testing.T) {
   124  			walletInstance, err := New(user, mockctx)
   125  			require.NotEmpty(t, walletInstance)
   126  			require.NoError(t, err)
   127  
   128  			// unlock wallet
   129  			authToken, err := walletInstance.Open(WithUnlockByPassphrase(samplePassPhrase))
   130  			require.NoError(t, err)
   131  			require.NotEmpty(t, authToken)
   132  
   133  			defer walletInstance.Close()
   134  
   135  			_, err = walletInstance.SignJWT(authToken, nil, testClaims, "did:foo:bar#keyID#extraKeyID")
   136  			require.Error(t, err)
   137  			require.Contains(t, err.Error(), "invalid verification method format")
   138  		})
   139  
   140  		t.Run("verification failure", func(t *testing.T) {
   141  			walletInstance, err := New(user, mockctx)
   142  			require.NotEmpty(t, walletInstance)
   143  			require.NoError(t, err)
   144  
   145  			err = walletInstance.VerifyJWT("foo.bar.baz")
   146  			require.Error(t, err)
   147  			require.Contains(t, err.Error(), "jwt verification failed")
   148  		})
   149  	})
   150  }