github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/security/crypto/encoder_test.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 18 package crypto 19 20 import ( 21 "testing" 22 23 "github.com/google/go-cmp/cmp" 24 _ "golang.org/x/crypto/blake2b" 25 ) 26 27 func TestToJWK(t *testing.T) { 28 priv, pub, err := generateKeyPair("rsa") 29 if err != nil { 30 t.Error("unable to generate rsa key") 31 return 32 } 33 34 tests := []struct { 35 name string 36 args interface{} 37 want string 38 wantErr bool 39 }{ 40 { 41 name: "nil", 42 args: nil, 43 wantErr: true, 44 }, 45 { 46 name: "private", 47 args: priv, 48 wantErr: false, 49 }, 50 { 51 name: "public", 52 args: pub, 53 wantErr: false, 54 }, 55 } 56 for _, tt := range tests { 57 t.Run(tt.name, func(t *testing.T) { 58 _, err := ToJWK(tt.args) 59 if (err != nil) != tt.wantErr { 60 t.Errorf("ToJWK() error = %v, wantErr %v", err, tt.wantErr) 61 return 62 } 63 }) 64 } 65 } 66 67 func TestToPEM(t *testing.T) { 68 rsaPriv, rsaPub, err := generateKeyPair("rsa") 69 if err != nil { 70 t.Error("unable to generate rsa key") 71 return 72 } 73 74 ecPriv, ecPub, err := generateKeyPair("ec") 75 if err != nil { 76 t.Error("unable to generate ec key") 77 return 78 } 79 80 edPriv, edPub, err := generateKeyPair("ssh") 81 if err != nil { 82 t.Error("unable to generate ssh key") 83 return 84 } 85 86 tests := []struct { 87 name string 88 args interface{} 89 want string 90 wantErr bool 91 }{ 92 { 93 name: "nil", 94 args: nil, 95 wantErr: true, 96 }, 97 { 98 name: "RSA private", 99 args: rsaPriv, 100 wantErr: false, 101 }, 102 { 103 name: "RSA public", 104 args: rsaPub, 105 wantErr: false, 106 }, 107 { 108 name: "EC private", 109 args: ecPriv, 110 wantErr: false, 111 }, 112 { 113 name: "EC public", 114 args: ecPub, 115 wantErr: false, 116 }, 117 { 118 name: "SSH private", 119 args: edPriv, 120 wantErr: false, 121 }, 122 { 123 name: "SSH public", 124 args: edPub, 125 wantErr: false, 126 }, 127 } 128 for _, tt := range tests { 129 t.Run(tt.name, func(t *testing.T) { 130 _, err := ToPEM(tt.args) 131 if (err != nil) != tt.wantErr { 132 t.Errorf("ToPEM() error = %v, wantErr %v", err, tt.wantErr) 133 return 134 } 135 }) 136 } 137 } 138 139 func TestEncryptPEM(t *testing.T) { 140 _, rsaPriv, err := generateKeyPair("rsa") 141 if err != nil { 142 t.Error("unable to generate rsa key") 143 return 144 } 145 146 rsaPrivPem, err := ToPEM(rsaPriv) 147 if err != nil { 148 t.Error("unable to generate rsa key PEM") 149 return 150 } 151 152 type args struct { 153 pemData string 154 passphrase string 155 } 156 tests := []struct { 157 name string 158 args args 159 want string 160 wantErr bool 161 }{ 162 { 163 name: "nil", 164 args: args{}, 165 wantErr: true, 166 }, 167 { 168 name: "nil pem data", 169 args: args{ 170 pemData: "", 171 passphrase: "foo", 172 }, 173 wantErr: true, 174 }, 175 { 176 name: "empty passphrase", 177 args: args{ 178 pemData: rsaPrivPem, 179 passphrase: "", 180 }, 181 wantErr: true, 182 }, 183 { 184 name: "passphrase too short", 185 args: args{ 186 pemData: rsaPrivPem, 187 passphrase: "foo", 188 }, 189 wantErr: true, 190 }, 191 { 192 name: "valid", 193 args: args{ 194 pemData: rsaPrivPem, 195 passphrase: "clash-cement-plywood-repeater-shrubbery-landscape-aghast-sulfur", 196 }, 197 wantErr: false, 198 }, 199 } 200 for _, tt := range tests { 201 t.Run(tt.name, func(t *testing.T) { 202 _, err := EncryptPEM(tt.args.pemData, tt.args.passphrase) 203 if (err != nil) != tt.wantErr { 204 t.Errorf("EncryptPEM() error = %v, wantErr %v", err, tt.wantErr) 205 return 206 } 207 }) 208 } 209 } 210 211 func TestToSSH(t *testing.T) { 212 rsaPub, rsaPriv, err := generateKeyPair("rsa") 213 if err != nil { 214 t.Error("unable to generate rsa key") 215 return 216 } 217 218 ecPub, ecPriv, err := generateKeyPair("ec") 219 if err != nil { 220 t.Error("unable to generate ec key") 221 return 222 } 223 224 edPub, edPriv, err := generateKeyPair("ssh") 225 if err != nil { 226 t.Error("unable to generate ssh key") 227 return 228 } 229 230 tests := []struct { 231 name string 232 args interface{} 233 want string 234 wantErr bool 235 }{ 236 { 237 name: "nil", 238 args: nil, 239 wantErr: true, 240 }, 241 { 242 name: "RSA private", 243 args: rsaPriv, 244 wantErr: false, 245 }, 246 { 247 name: "RSA public", 248 args: rsaPub, 249 wantErr: false, 250 }, 251 { 252 name: "EC private", 253 args: ecPriv, 254 wantErr: false, 255 }, 256 { 257 name: "EC public", 258 args: ecPub, 259 wantErr: false, 260 }, 261 { 262 name: "SSH private", 263 args: edPriv, 264 wantErr: false, 265 }, 266 { 267 name: "SSH public", 268 args: edPub, 269 wantErr: false, 270 }, 271 } 272 for _, tt := range tests { 273 t.Run(tt.name, func(t *testing.T) { 274 _, err := ToSSH(tt.args) 275 if (err != nil) != tt.wantErr { 276 t.Errorf("ToSSH() error = %v, wantErr %v", err, tt.wantErr) 277 return 278 } 279 }) 280 } 281 } 282 283 func TestFromJWK(t *testing.T) { 284 type args struct { 285 jwk string 286 } 287 tests := []struct { 288 name string 289 args args 290 want interface{} 291 wantErr bool 292 }{ 293 { 294 name: "blank", 295 wantErr: true, 296 }, 297 { 298 name: "valid - private", 299 args: args{ 300 jwk: `{ "kty": "EC", "d": "KtNle6xh0XBGhJbJEzP-5TiWdB6_dVkoWeWeo-VUVUI", "crv": "P-256", "x": "eoZzawRZk9sL9pkNYIKJJU34FyckdDAQg7LM2z0wez4", "y": "3Z6Z3vv1QQmQ3S5_4aeFnqrENhOBmBreXGYsbbLTLh8" }`, 301 }, 302 wantErr: false, 303 }, 304 { 305 name: "valid - public", 306 args: args{ 307 jwk: `{ "kty": "EC", "crv": "P-256", "x": "eoZzawRZk9sL9pkNYIKJJU34FyckdDAQg7LM2z0wez4", "y": "3Z6Z3vv1QQmQ3S5_4aeFnqrENhOBmBreXGYsbbLTLh8" }`, 308 }, 309 wantErr: false, 310 }, 311 } 312 for _, tt := range tests { 313 t.Run(tt.name, func(t *testing.T) { 314 _, err := FromJWK(tt.args.jwk) 315 if (err != nil) != tt.wantErr { 316 t.Errorf("FromJWK() error = %v, wantErr %v", err, tt.wantErr) 317 return 318 } 319 }) 320 } 321 } 322 323 func TestEncryptJWE(t *testing.T) { 324 type args struct { 325 key string 326 payload interface{} 327 } 328 tests := []struct { 329 name string 330 args args 331 want string 332 wantErr bool 333 }{ 334 { 335 name: "blank", 336 wantErr: false, 337 }, 338 { 339 name: "claims", 340 args: args{ 341 key: "test", 342 payload: map[string]interface{}{ 343 "sub": "test", 344 }, 345 }, 346 wantErr: false, 347 }, 348 } 349 for _, tt := range tests { 350 t.Run(tt.name, func(t *testing.T) { 351 _, err := EncryptJWE(tt.args.key, tt.args.payload) 352 if (err != nil) != tt.wantErr { 353 t.Errorf("EncryptJWE() error = %v, wantErr %v", err, tt.wantErr) 354 return 355 } 356 }) 357 } 358 } 359 360 func Test_EncryptDecryptJWE(t *testing.T) { 361 claims := map[string]interface{}{ 362 "sub": "test", 363 } 364 365 jwe, err := EncryptJWE("test", claims) 366 if err != nil { 367 t.Fatalf("unable to encrypt claims: %v", err) 368 } 369 370 got, err := DecryptJWE("test", jwe) 371 if err != nil { 372 t.Fatalf("unable to decrypt claims: %v", err) 373 } 374 375 if report := cmp.Diff(claims, got); report != "" { 376 t.Errorf("%s", report) 377 } 378 } 379 380 func TestToJWS(t *testing.T) { 381 _, ecPriv, err := generateKeyPair("ec") 382 if err != nil { 383 t.Error("unable to generate ec key") 384 return 385 } 386 387 type args struct { 388 payload interface{} 389 privkey interface{} 390 } 391 tests := []struct { 392 name string 393 args args 394 want string 395 wantErr bool 396 }{ 397 { 398 name: "blank", 399 args: args{ 400 privkey: ecPriv, 401 }, 402 wantErr: false, 403 }, 404 { 405 name: "claims", 406 args: args{ 407 privkey: ecPriv, 408 payload: map[string]interface{}{ 409 "sub": "test", 410 }, 411 }, 412 wantErr: false, 413 }, 414 } 415 for _, tt := range tests { 416 t.Run(tt.name, func(t *testing.T) { 417 _, err := ToJWS(tt.args.payload, tt.args.privkey) 418 if (err != nil) != tt.wantErr { 419 t.Errorf("ToJWS() error = %v, wantErr %v", err, tt.wantErr) 420 return 421 } 422 }) 423 } 424 }