github.com/nats-io/jwt/v2@v2.5.6/v1compat/server_claims_test.go (about) 1 /* 2 * Copyright 2018 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package jwt 17 18 import ( 19 "testing" 20 "time" 21 22 "github.com/nats-io/nkeys" 23 ) 24 25 func TestNewServerClaims(t *testing.T) { 26 ckp := createClusterNKey(t) 27 skp := createServerNKey(t) 28 29 uc := NewServerClaims(publicKey(skp, t)) 30 uc.Expires = time.Now().Add(time.Duration(time.Hour)).Unix() 31 uJwt := encode(uc, ckp, t) 32 33 uc2, err := DecodeServerClaims(uJwt) 34 if err != nil { 35 t.Fatal("failed to decode", err) 36 } 37 38 AssertEquals(uc.String(), uc2.String(), t) 39 40 AssertEquals(uc.Claims() != nil, true, t) 41 AssertEquals(uc.Payload() != nil, true, t) 42 } 43 44 func TestServerClaimsIssuer(t *testing.T) { 45 ckp := createClusterNKey(t) 46 skp := createServerNKey(t) 47 48 uc := NewServerClaims(publicKey(skp, t)) 49 uc.Expires = time.Now().Add(time.Duration(time.Hour)).Unix() 50 uJwt := encode(uc, ckp, t) 51 52 temp, err := DecodeGeneric(uJwt) 53 if err != nil { 54 t.Fatal("failed to decode", err) 55 } 56 57 type kpInputs struct { 58 name string 59 kp nkeys.KeyPair 60 ok bool 61 } 62 63 inputs := []kpInputs{ 64 {"account", createAccountNKey(t), false}, 65 {"user", createUserNKey(t), false}, 66 {"operator", createOperatorNKey(t), true}, 67 {"server", createServerNKey(t), false}, 68 {"cluster", createClusterNKey(t), true}, 69 } 70 71 for _, i := range inputs { 72 bad := encode(temp, i.kp, t) 73 _, err = DecodeServerClaims(bad) 74 if i.ok && err != nil { 75 t.Fatalf("unexpected error for %q: %v", i.name, err) 76 } 77 if !i.ok && err == nil { 78 t.Logf("should have failed to decode server signed by %q", i.name) 79 t.Fail() 80 } 81 } 82 } 83 84 func TestServerSubjects(t *testing.T) { 85 type kpInputs struct { 86 name string 87 kp nkeys.KeyPair 88 ok bool 89 } 90 91 inputs := []kpInputs{ 92 {"account", createAccountNKey(t), false}, 93 {"cluster", createClusterNKey(t), false}, 94 {"operator", createOperatorNKey(t), false}, 95 {"server", createServerNKey(t), true}, 96 {"user", createUserNKey(t), false}, 97 } 98 99 for _, i := range inputs { 100 c := NewServerClaims(publicKey(i.kp, t)) 101 _, err := c.Encode(createOperatorNKey(t)) 102 if i.ok && err != nil { 103 t.Fatalf("unexpected error for %q: %v", i.name, err) 104 } 105 if !i.ok && err == nil { 106 t.Logf("should have failed to encode server with with %q subject", i.name) 107 t.Fail() 108 } 109 } 110 } 111 112 func TestNewNilServerClaims(t *testing.T) { 113 v := NewServerClaims("") 114 if v != nil { 115 t.Fatal("expected nil user claim") 116 } 117 } 118 119 func TestServerType(t *testing.T) { 120 c := NewServerClaims(publicKey(createServerNKey(t), t)) 121 s := encode(c, createClusterNKey(t), t) 122 u, err := DecodeServerClaims(s) 123 if err != nil { 124 t.Fatalf("failed to decode server claim: %v", err) 125 } 126 127 if ServerClaim != u.Type { 128 t.Fatalf("type is unexpected %q (wanted server)", u.Type) 129 } 130 131 }