github.com/nats-io/jwt/v2@v2.5.6/v1compat/cluster_claims_test.go (about) 1 /* 2 * Copyright 2018 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package jwt 17 18 import ( 19 "testing" 20 "time" 21 22 "github.com/nats-io/nkeys" 23 ) 24 25 func TestNewClusterClaims(t *testing.T) { 26 ckp := createClusterNKey(t) 27 skp := createClusterNKey(t) 28 29 uc := NewClusterClaims(publicKey(skp, t)) 30 uc.Expires = time.Now().Add(time.Duration(time.Hour)).Unix() 31 uJwt := encode(uc, ckp, t) 32 33 uc2, err := DecodeClusterClaims(uJwt) 34 if err != nil { 35 t.Fatal("failed to decode", err) 36 } 37 38 AssertEquals(uc.String(), uc2.String(), t) 39 40 AssertEquals(uc.Claims() != nil, true, t) 41 AssertEquals(uc.Payload() != nil, true, t) 42 } 43 44 func TestClusterClaimsIssuer(t *testing.T) { 45 ckp := createClusterNKey(t) 46 skp := createClusterNKey(t) 47 48 uc := NewClusterClaims(publicKey(skp, t)) 49 uc.Expires = time.Now().Add(time.Duration(time.Hour)).Unix() 50 uJwt := encode(uc, ckp, t) 51 52 temp, err := DecodeGeneric(uJwt) 53 if err != nil { 54 t.Fatal("failed to decode", err) 55 } 56 57 type kpInputs struct { 58 name string 59 kp nkeys.KeyPair 60 ok bool 61 } 62 63 inputs := []kpInputs{ 64 {"account", createAccountNKey(t), false}, 65 {"user", createUserNKey(t), false}, 66 {"operator", createOperatorNKey(t), true}, 67 {"server", createServerNKey(t), false}, 68 {"cluster", createClusterNKey(t), true}, 69 } 70 71 for _, i := range inputs { 72 bad := encode(temp, i.kp, t) 73 _, err = DecodeClusterClaims(bad) 74 if i.ok && err != nil { 75 t.Fatalf("unexpected error for %q: %v", i.name, err) 76 } 77 if !i.ok && err == nil { 78 t.Logf("should have failed to decode cluster signed by %q", i.name) 79 t.Fail() 80 } 81 } 82 } 83 84 func TestClusterSubjects(t *testing.T) { 85 type kpInputs struct { 86 name string 87 kp nkeys.KeyPair 88 ok bool 89 } 90 91 inputs := []kpInputs{ 92 {"account", createAccountNKey(t), false}, 93 {"server", createServerNKey(t), false}, 94 {"operator", createOperatorNKey(t), false}, 95 {"cluster", createClusterNKey(t), true}, 96 {"user", createUserNKey(t), false}, 97 } 98 99 for _, i := range inputs { 100 c := NewClusterClaims(publicKey(i.kp, t)) 101 _, err := c.Encode(createOperatorNKey(t)) 102 if i.ok && err != nil { 103 t.Fatalf("unexpected error for %q: %v", i.name, err) 104 } 105 if !i.ok && err == nil { 106 t.Logf("should have failed to encode cluster with with %q subject", i.name) 107 t.Fail() 108 } 109 } 110 } 111 112 func TestNewNilClusterClaims(t *testing.T) { 113 v := NewClusterClaims("") 114 if v != nil { 115 t.Fatal("expected nil user claim") 116 } 117 } 118 119 func TestClusterType(t *testing.T) { 120 c := NewClusterClaims(publicKey(createClusterNKey(t), t)) 121 s := encode(c, createClusterNKey(t), t) 122 u, err := DecodeClusterClaims(s) 123 if err != nil { 124 t.Fatalf("failed to decode cluster claim: %v", err) 125 } 126 127 if ClusterClaim != u.Type { 128 t.Fatalf("type is unexpected %q (wanted cluster)", u.Type) 129 } 130 131 }