github.com/letsencrypt/boulder@v0.20251208.0/unpause/unpause_test.go (about) 1 package unpause 2 3 import ( 4 "testing" 5 "time" 6 7 "github.com/go-jose/go-jose/v4/jwt" 8 "github.com/jmhodges/clock" 9 10 "github.com/letsencrypt/boulder/cmd" 11 "github.com/letsencrypt/boulder/test" 12 ) 13 14 func TestUnpauseJWT(t *testing.T) { 15 fc := clock.NewFake() 16 17 signer, err := NewJWTSigner(cmd.HMACKeyConfig{KeyFile: "../test/secrets/sfe_unpause_key"}) 18 test.AssertNotError(t, err, "unexpected error from NewJWTSigner()") 19 20 config := cmd.HMACKeyConfig{KeyFile: "../test/secrets/sfe_unpause_key"} 21 hmacKey, err := config.Load() 22 test.AssertNotError(t, err, "unexpected error from Load()") 23 24 type args struct { 25 key []byte 26 version string 27 account int64 28 idents []string 29 lifetime time.Duration 30 clk clock.Clock 31 } 32 33 tests := []struct { 34 name string 35 args args 36 want JWTClaims 37 wantGenerateJWTErr bool 38 wantRedeemJWTErr bool 39 }{ 40 { 41 name: "valid one identifier", 42 args: args{ 43 key: hmacKey, 44 version: APIVersion, 45 account: 1234567890, 46 idents: []string{"example.com"}, 47 lifetime: time.Hour, 48 clk: fc, 49 }, 50 want: JWTClaims{ 51 Claims: jwt.Claims{ 52 Issuer: defaultIssuer, 53 Subject: "1234567890", 54 Audience: jwt.Audience{defaultAudience}, 55 Expiry: jwt.NewNumericDate(fc.Now().Add(time.Hour)), 56 }, 57 V: APIVersion, 58 I: "example.com", 59 }, 60 wantGenerateJWTErr: false, 61 wantRedeemJWTErr: false, 62 }, 63 { 64 name: "valid multiple identifiers", 65 args: args{ 66 key: hmacKey, 67 version: APIVersion, 68 account: 1234567890, 69 idents: []string{"example.com", "example.org", "example.net"}, 70 lifetime: time.Hour, 71 clk: fc, 72 }, 73 want: JWTClaims{ 74 Claims: jwt.Claims{ 75 Issuer: defaultIssuer, 76 Subject: "1234567890", 77 Audience: jwt.Audience{defaultAudience}, 78 Expiry: jwt.NewNumericDate(fc.Now().Add(time.Hour)), 79 }, 80 V: APIVersion, 81 I: "example.com,example.org,example.net", 82 }, 83 wantGenerateJWTErr: false, 84 wantRedeemJWTErr: false, 85 }, 86 { 87 name: "invalid no account", 88 args: args{ 89 key: hmacKey, 90 version: APIVersion, 91 account: 0, 92 idents: []string{"example.com"}, 93 lifetime: time.Hour, 94 clk: fc, 95 }, 96 want: JWTClaims{}, 97 wantGenerateJWTErr: false, 98 wantRedeemJWTErr: true, 99 }, 100 { 101 // This test is only testing the "key too small" case for RedeemJWT 102 // because the "key too small" case for GenerateJWT is handled when 103 // the key is loaded to initialize a signer. 104 name: "invalid key too small", 105 args: args{ 106 key: []byte("key"), 107 version: APIVersion, 108 account: 1234567890, 109 idents: []string{"example.com"}, 110 lifetime: time.Hour, 111 clk: fc, 112 }, 113 want: JWTClaims{}, 114 wantGenerateJWTErr: false, 115 wantRedeemJWTErr: true, 116 }, 117 { 118 name: "invalid no identifiers", 119 args: args{ 120 key: hmacKey, 121 version: APIVersion, 122 account: 1234567890, 123 idents: nil, 124 lifetime: time.Hour, 125 clk: fc, 126 }, 127 want: JWTClaims{}, 128 wantGenerateJWTErr: false, 129 wantRedeemJWTErr: true, 130 }, 131 } 132 for _, tt := range tests { 133 t.Run(tt.name, func(t *testing.T) { 134 135 token, err := GenerateJWT(signer, tt.args.account, tt.args.idents, tt.args.lifetime, tt.args.clk) 136 if tt.wantGenerateJWTErr { 137 test.AssertError(t, err, "expected error from GenerateJWT()") 138 return 139 } 140 test.AssertNotError(t, err, "unexpected error from GenerateJWT()") 141 142 got, err := RedeemJWT(token, tt.args.key, tt.args.version, tt.args.clk) 143 if tt.wantRedeemJWTErr { 144 test.AssertError(t, err, "expected error from RedeemJWT()") 145 return 146 } 147 test.AssertNotError(t, err, "unexpected error from RedeemJWT()") 148 test.AssertEquals(t, got.Issuer, tt.want.Issuer) 149 test.AssertEquals(t, got.Subject, tt.want.Subject) 150 test.AssertDeepEquals(t, got.Audience, tt.want.Audience) 151 test.Assert(t, got.Expiry.Time().Equal(tt.want.Expiry.Time()), "expected Expiry time to be equal") 152 test.AssertEquals(t, got.V, tt.want.V) 153 test.AssertEquals(t, got.I, tt.want.I) 154 }) 155 } 156 }