go.etcd.io/etcd@v3.3.27+incompatible/auth/jwt_test.go (about) 1 // Copyright 2017 The etcd Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package auth 16 17 import ( 18 "context" 19 "fmt" 20 "testing" 21 ) 22 23 const ( 24 jwtPubKey = "../integration/fixtures/server.crt" 25 jwtPrivKey = "../integration/fixtures/server.key.insecure" 26 ) 27 28 func TestJWTInfo(t *testing.T) { 29 opts := map[string]string{ 30 "pub-key": jwtPubKey, 31 "priv-key": jwtPrivKey, 32 "sign-method": "RS256", 33 } 34 jwt, err := newTokenProviderJWT(opts) 35 if err != nil { 36 t.Fatal(err) 37 } 38 token, aerr := jwt.assign(context.TODO(), "abc", 123) 39 if aerr != nil { 40 t.Fatal(err) 41 } 42 ai, ok := jwt.info(context.TODO(), token, 123) 43 if !ok { 44 t.Fatalf("failed to authenticate with token %s", token) 45 } 46 if ai.Revision != 123 { 47 t.Fatalf("expected revision 123, got %d", ai.Revision) 48 } 49 ai, ok = jwt.info(context.TODO(), "aaa", 120) 50 if ok || ai != nil { 51 t.Fatalf("expected aaa to fail to authenticate, got %+v", ai) 52 } 53 } 54 55 func TestJWTBad(t *testing.T) { 56 opts := map[string]string{ 57 "pub-key": jwtPubKey, 58 "priv-key": jwtPrivKey, 59 "sign-method": "RS256", 60 } 61 // private key instead of public key 62 opts["pub-key"] = jwtPrivKey 63 if _, err := newTokenProviderJWT(opts); err == nil { 64 t.Fatalf("expected failure on missing public key") 65 } 66 opts["pub-key"] = jwtPubKey 67 68 // public key instead of private key 69 opts["priv-key"] = jwtPubKey 70 if _, err := newTokenProviderJWT(opts); err == nil { 71 t.Fatalf("expected failure on missing public key") 72 } 73 opts["priv-key"] = jwtPrivKey 74 75 // missing signing option 76 delete(opts, "sign-method") 77 if _, err := newTokenProviderJWT(opts); err == nil { 78 t.Fatal("expected error on missing option") 79 } 80 opts["sign-method"] = "RS256" 81 82 // bad file for pubkey 83 opts["pub-key"] = "whatever" 84 if _, err := newTokenProviderJWT(opts); err == nil { 85 t.Fatalf("expected failure on missing public key") 86 } 87 opts["pub-key"] = jwtPubKey 88 89 // bad file for private key 90 opts["priv-key"] = "whatever" 91 if _, err := newTokenProviderJWT(opts); err == nil { 92 t.Fatalf("expeceted failure on missing private key") 93 } 94 opts["priv-key"] = jwtPrivKey 95 } 96 97 // testJWTOpts is useful for passing to NewTokenProvider which requires a string. 98 func testJWTOpts() string { 99 return fmt.Sprintf("%s,pub-key=%s,priv-key=%s,sign-method=RS256", tokenTypeJWT, jwtPubKey, jwtPrivKey) 100 }