mjwt/mjwt_test.go

package mjwt

import (
	"crypto/rand"
	"crypto/rsa"
	"fmt"
	"github.com/stretchr/testify/assert"
	"testing"
	"time"
)

var mt_ExtraKID = "tester"

type testClaims struct{ TestValue string }

func (t testClaims) Valid() error {
	if t.TestValue != "hello" && t.TestValue != "world" {
		return fmt.Errorf("TestValue should be hello")
	}
	return nil
}

func (t testClaims) Type() string { return "testClaims" }

type testClaims2 struct{ TestValue2 string }

func (t testClaims2) Valid() error {
	if t.TestValue2 != "world" {
		return fmt.Errorf("TestValue2 should be world")
	}
	return nil
}

func (t testClaims2) Type() string { return "testClaims2" }

func setupTestKeyStoreMJWT(t *testing.T) (ks KeyStore, a, b, c *rsa.PrivateKey) {
	ks = NewMJwtKeyStore()
	var err error

	a, err = rsa.GenerateKey(rand.Reader, 2048)
	assert.NoError(t, err)
	ks.SetKey("key1", a)

	b, err = rsa.GenerateKey(rand.Reader, 2048)
	assert.NoError(t, err)
	ks.SetKey("key2", b)

	c, err = rsa.GenerateKey(rand.Reader, 2048)
	assert.NoError(t, err)
	ks.SetKey("key3", c)

	return
}

func TestExtractClaims(t *testing.T) {
	t.Parallel()
	kStore, key, _, _ := setupTestKeyStoreMJWT(t)

	t.Run("TestNoKID", func(t *testing.T) {
		t.Parallel()
		s := NewMJwtSigner("mjwt.test", key)
		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
		assert.NoError(t, err)

		m := NewMJwtVerifier(&key.PublicKey)
		_, _, err = ExtractClaims[testClaims](m, token)
		assert.NoError(t, err)
	})

	t.Run("TestKID", func(t *testing.T) {
		t.Parallel()
		s := NewMJwtSignerWithKeyStore("mjwt.test", key, kStore)
		token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
		assert.NoError(t, err)
		token2, err := s.GenerateJwtWithKID("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"}, "key2")
		assert.NoError(t, err)

		m := NewMJwtVerifierWithKeyStore(&key.PublicKey, kStore)
		_, _, err = ExtractClaims[testClaims](m, token1)
		assert.NoError(t, err)
		_, _, err = ExtractClaims[testClaims](m, token2)
		assert.NoError(t, err)
	})
}

func TestExtractClaimsFail(t *testing.T) {
	t.Parallel()
	kStore, key, key2, _ := setupTestKeyStoreMJWT(t)

	t.Run("TestInvalidClaims", func(t *testing.T) {
		t.Parallel()
		s := NewMJwtSigner("mjwt.test", key)
		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
		assert.NoError(t, err)

		m := NewMJwtVerifier(&key.PublicKey)
		_, _, err = ExtractClaims[testClaims2](m, token)
		assert.Error(t, err)
		assert.ErrorIs(t, err, ErrClaimTypeMismatch)
	})

	t.Run("TestDefaultKeyNoKID", func(t *testing.T) {
		t.Parallel()
		s := NewMJwtSignerWithKeyStore("mjwt.test", key, kStore)
		token, err := s.GenerateJwtWithKID("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"}, "key1")
		assert.NoError(t, err)

		m := NewMJwtVerifier(&key.PublicKey)
		_, _, err = ExtractClaims[testClaims](m, token)
		assert.Error(t, err)
		assert.ErrorIs(t, err, ErrNoPublicKeyFound)
	})

	t.Run("TestNoDefaultKey", func(t *testing.T) {
		t.Parallel()
		s := NewMJwtSignerWithKeyStore("mjwt.test", key, kStore)
		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
		assert.NoError(t, err)

		m := NewMJwtVerifierWithKeyStore(nil, kStore)
		_, _, err = ExtractClaims[testClaims](m, token)
		assert.Error(t, err)
		assert.ErrorIs(t, err, ErrNoPublicKeyFound)
	})

	t.Run("TestKIDNonExist", func(t *testing.T) {
		t.Parallel()
		kStore.SetKey(mt_ExtraKID, key2)
		assert.Contains(t, kStore.ListKeys(), mt_ExtraKID)

		s := NewMJwtSignerWithKeyStore("mjwt.test", key, kStore)
		token, err := s.GenerateJwtWithKID("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"}, mt_ExtraKID)
		assert.NoError(t, err)

		kStore.RemoveKey(mt_ExtraKID)
		assert.NotContains(t, kStore.ListKeys(), mt_ExtraKID)

		m := NewMJwtVerifierWithKeyStore(&key.PublicKey, kStore)
		_, _, err = ExtractClaims[testClaims](m, token)
		assert.Error(t, err)
		assert.ErrorIs(t, err, ErrNoPublicKeyFound)
	})
}