github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/value/signature/paseto/transformer_test.go

github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/value/signature/paseto/transformer_test.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  
    18  package paseto
    19  
    20  import (
    21  	"context"
    22  	"encoding/json"
    23  	"reflect"
    24  	"testing"
    25  
    26  	"github.com/stretchr/testify/assert"
    27  	"gopkg.in/square/go-jose.v2"
    28  )
    29  
    30  func mustDecodeJWK(input []byte) *jose.JSONWebKey {
    31  	var jwk jose.JSONWebKey
    32  	if err := json.Unmarshal(input, &jwk); err != nil {
    33  		panic(err)
    34  	}
    35  
    36  	return &jwk
    37  }
    38  
    39  func Test_pasetoTransformer_To(t *testing.T) {
    40  	type fields struct {
    41  		key interface{}
    42  	}
    43  	type args struct {
    44  		ctx   context.Context
    45  		input []byte
    46  	}
    47  	tests := []struct {
    48  		name    string
    49  		fields  fields
    50  		args    args
    51  		want    []byte
    52  		wantErr bool
    53  	}{
    54  		{
    55  			name:    "nil",
    56  			wantErr: true,
    57  		},
    58  		{
    59  			name: "nil key",
    60  			fields: fields{
    61  				key: nil,
    62  			},
    63  			wantErr: true,
    64  		},
    65  		{
    66  			name: "invalid key",
    67  			fields: fields{
    68  				key: nil,
    69  			},
    70  			args: args{
    71  				ctx:   context.Background(),
    72  				input: []byte("test"),
    73  			},
    74  			wantErr: true,
    75  		},
    76  		{
    77  			name: "public key",
    78  			fields: fields{
    79  				key: mustDecodeJWK(ed25519PrivateJWK).Public().Key,
    80  			},
    81  			args: args{
    82  				ctx:   context.Background(),
    83  				input: []byte("test"),
    84  			},
    85  			wantErr: true,
    86  		},
    87  		// ---------------------------------------------------------------------
    88  		{
    89  			name: "valid - v4",
    90  			fields: fields{
    91  				key: mustDecodeJWK(ed25519PrivateJWK).Key,
    92  			},
    93  			args: args{
    94  				ctx:   context.Background(),
    95  				input: []byte("test"),
    96  			},
    97  			wantErr: false,
    98  			want:    []byte("v4.public.dGVzdAFYwDsZk_qaPetgB1JoOKeti0f87J2ZUWZlmE1d4TQgrbxYqhNYO7pf8H_5RtpILRUi6E1WJXchECtI1-9-Nwk"),
    99  		},
   100  		{
   101  			name: "valid - v3",
   102  			fields: fields{
   103  				key: mustDecodeJWK(p384PrivateJWK).Key,
   104  			},
   105  			args: args{
   106  				ctx:   context.Background(),
   107  				input: []byte("test"),
   108  			},
   109  			wantErr: false,
   110  			want:    []byte("v3.public.dGVzdMaYCiv2p7mNiMmPpHSyZYTuzsGuudFfsjrZsN2j7FErediyHHqnTJdc4DrpDNpupfSc3Q0GreKbX4JNr_FrhV4UFaLEFw_Z3ZPcs_4I-pn3o9DwvlU9fmWqMd9m5QxFZw"),
   111  		},
   112  	}
   113  	for _, tt := range tests {
   114  		t.Run(tt.name, func(t *testing.T) {
   115  			d := &pasetoTransformer{
   116  				key: tt.fields.key,
   117  			}
   118  			got, err := d.To(tt.args.ctx, tt.args.input)
   119  			if (err != nil) != tt.wantErr {
   120  				t.Errorf("pasetoTransformer.To() error = %v, wantErr %v", err, tt.wantErr)
   121  				return
   122  			}
   123  			if !reflect.DeepEqual(got, tt.want) {
   124  				t.Errorf("pasetoTransformer.To() = %v, want %v", string(got), tt.want)
   125  			}
   126  		})
   127  	}
   128  }
   129  
   130  func Test_pasetoTransformer_Roundtrip(t *testing.T) {
   131  	testcases := []struct {
   132  		name               string
   133  		privateKey         *jose.JSONWebKey
   134  		signatureAlgorithm jose.SignatureAlgorithm
   135  	}{
   136  		{
   137  			name:               "ed25519",
   138  			privateKey:         mustDecodeJWK(ed25519PrivateJWK),
   139  			signatureAlgorithm: jose.EdDSA,
   140  		},
   141  		{
   142  			name:               "p384",
   143  			privateKey:         mustDecodeJWK(p384PrivateJWK),
   144  			signatureAlgorithm: jose.ES384,
   145  		},
   146  	}
   147  	for _, tt := range testcases {
   148  		t.Run(tt.name, func(t *testing.T) {
   149  			signer := &pasetoTransformer{
   150  				key: tt.privateKey.Key,
   151  			}
   152  
   153  			verifier := &pasetoTransformer{
   154  				key: tt.privateKey.Public().Key,
   155  			}
   156  
   157  			// Prepare context
   158  			ctx := context.Background()
   159  			input := []byte("test")
   160  
   161  			signed, err := signer.To(ctx, input)
   162  			assert.NoError(t, err)
   163  
   164  			payload, err := verifier.From(ctx, signed)
   165  			assert.NoError(t, err)
   166  
   167  			assert.Equal(t, input, payload)
   168  		})
   169  	}
   170  }