1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package gdch
16
17 import (
18 "context"
19 "encoding/base64"
20 "encoding/json"
21 "fmt"
22 "net/http"
23 "net/http/httptest"
24 "os"
25 "strings"
26 "testing"
27
28 "cloud.google.com/go/auth/internal"
29 "cloud.google.com/go/auth/internal/credsfile"
30 "cloud.google.com/go/auth/internal/jwt"
31 )
32
33 func TestTokenProvider(t *testing.T) {
34 aud := "http://sampele-aud.com/"
35 b, err := os.ReadFile("../../../internal/testdata/gdch.json")
36 if err != nil {
37 t.Fatal(err)
38 }
39 f, err := credsfile.ParseGDCHServiceAccount(b)
40 if err != nil {
41 t.Fatal(err)
42 }
43 ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
44 if r.Method != "POST" {
45 t.Errorf("unexpected request method: %v", r.Method)
46 }
47 if err := r.ParseForm(); err != nil {
48 t.Error(err)
49 }
50 parts := strings.Split(r.FormValue("subject_token"), ".")
51 var header jwt.Header
52 var claims jwt.Claims
53 b, err = base64.RawURLEncoding.DecodeString(parts[0])
54 if err != nil {
55 t.Fatal(err)
56 }
57 if err := json.Unmarshal(b, &header); err != nil {
58 t.Fatal(err)
59 }
60 b, err = base64.RawURLEncoding.DecodeString(parts[1])
61 if err != nil {
62 t.Fatal(err)
63 }
64 if err := json.Unmarshal(b, &claims); err != nil {
65 t.Fatal(err)
66 }
67
68 if got := r.FormValue("audience"); got != aud {
69 t.Errorf("got audience %v, want %v", got, GrantType)
70 }
71 if want := jwt.HeaderAlgRSA256; header.Algorithm != want {
72 t.Errorf("got alg %q, want %q", header.Algorithm, want)
73 }
74 if want := jwt.HeaderType; header.Type != want {
75 t.Errorf("got typ %q, want %q", header.Type, want)
76 }
77 if want := "abcdef1234567890"; header.KeyID != want {
78 t.Errorf("got kid %q, want %q", header.KeyID, want)
79 }
80
81 if want := "system:serviceaccount:fake_project:sa_name"; claims.Iss != want {
82 t.Errorf("got iss %q, want %q", claims.Iss, want)
83 }
84 if want := "system:serviceaccount:fake_project:sa_name"; claims.Sub != want {
85 t.Errorf("got sub %q, want %q", claims.Sub, want)
86 }
87 if want := fmt.Sprintf("http://%s", r.Host); claims.Aud != want {
88 t.Errorf("got aud %q, want %q", claims.Aud, want)
89 }
90 w.Write([]byte(`{
91 "access_token": "a_fake_token",
92 "token_type": "Bearer",
93 "expires_in": 60
94 }`))
95 }))
96 f.TokenURL = ts.URL
97 f.CertPath = "../../../internal/testdata/cert.pem"
98 b, err = json.Marshal(&f)
99 if err != nil {
100 t.Fatal(err)
101 }
102
103 if _, err := NewTokenProvider(f, &Options{}); err == nil {
104 t.Fatal("STSAudience should be required")
105 }
106
107 cred, err := NewTokenProvider(f, &Options{
108 STSAudience: aud,
109 Client: internal.CloneDefaultClient(),
110 })
111 if err != nil {
112 t.Fatal(err)
113 }
114
115 tok, err := cred.Token(context.Background())
116 if err != nil {
117 t.Fatal(err)
118 }
119 if want := "a_fake_token"; tok.Value != want {
120 t.Fatalf("got AccessToken %q, want %q", tok.Value, want)
121 }
122 if want := internal.TokenTypeBearer; tok.Type != want {
123 t.Fatalf("got TokenType %q, want %q", tok.Type, want)
124 }
125 }
126
View as plain text