1 package jwt_test
2
3 import (
4 "os"
5 "strings"
6 "testing"
7
8 "github.com/golang-jwt/jwt/v4"
9 )
10
11 var rsaTestData = []struct {
12 name string
13 tokenString string
14 alg string
15 valid bool
16 }{
17 {
18 "Basic RS256",
19 "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.FhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
20 "RS256",
21 true,
22 },
23 {
24 "Basic RS384",
25 "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.W-jEzRfBigtCWsinvVVuldiuilzVdU5ty0MvpLaSaqK9PlAWWlDQ1VIQ_qSKzwL5IXaZkvZFJXT3yL3n7OUVu7zCNJzdwznbC8Z-b0z2lYvcklJYi2VOFRcGbJtXUqgjk2oGsiqUMUMOLP70TTefkpsgqDxbRh9CDUfpOJgW-dU7cmgaoswe3wjUAUi6B6G2YEaiuXC0XScQYSYVKIzgKXJV8Zw-7AN_DBUI4GkTpsvQ9fVVjZM9csQiEXhYekyrKu1nu_POpQonGd8yqkIyXPECNmmqH5jH4sFiF67XhD7_JpkvLziBpI-uh86evBUadmHhb9Otqw3uV3NTaXLzJw",
26 "RS384",
27 true,
28 },
29 {
30 "Basic RS512",
31 "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.zBlLlmRrUxx4SJPUbV37Q1joRcI9EW13grnKduK3wtYKmDXbgDpF1cZ6B-2Jsm5RB8REmMiLpGms-EjXhgnyh2TSHE-9W2gA_jvshegLWtwRVDX40ODSkTb7OVuaWgiy9y7llvcknFBTIg-FnVPVpXMmeV_pvwQyhaz1SSwSPrDyxEmksz1hq7YONXhXPpGaNbMMeDTNP_1oj8DZaqTIL9TwV8_1wb2Odt_Fy58Ke2RVFijsOLdnyEAjt2n9Mxihu9i3PhNBkkxa2GbnXBfq3kzvZ_xxGGopLdHhJjcGWXO-NiwI9_tiu14NRv4L2xC0ItD9Yz68v2ZIZEp_DuzwRQ",
32 "RS512",
33 true,
34 },
35 {
36 "basic invalid: foo => bar",
37 "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
38 "RS256",
39 false,
40 },
41 }
42
43 func TestRSAVerify(t *testing.T) {
44 keyData, _ := os.ReadFile("test/sample_key.pub")
45 key, _ := jwt.ParseRSAPublicKeyFromPEM(keyData)
46
47 for _, data := range rsaTestData {
48 parts := strings.Split(data.tokenString, ".")
49
50 method := jwt.GetSigningMethod(data.alg)
51 err := method.Verify(strings.Join(parts[0:2], "."), parts[2], key)
52 if data.valid && err != nil {
53 t.Errorf("[%v] Error while verifying key: %v", data.name, err)
54 }
55 if !data.valid && err == nil {
56 t.Errorf("[%v] Invalid key passed validation", data.name)
57 }
58 }
59 }
60
61 func TestRSASign(t *testing.T) {
62 keyData, _ := os.ReadFile("test/sample_key")
63 key, _ := jwt.ParseRSAPrivateKeyFromPEM(keyData)
64
65 for _, data := range rsaTestData {
66 if data.valid {
67 parts := strings.Split(data.tokenString, ".")
68 method := jwt.GetSigningMethod(data.alg)
69 sig, err := method.Sign(strings.Join(parts[0:2], "."), key)
70 if err != nil {
71 t.Errorf("[%v] Error signing token: %v", data.name, err)
72 }
73 if sig != parts[2] {
74 t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", data.name, sig, parts[2])
75 }
76 }
77 }
78 }
79
80 func TestRSAVerifyWithPreParsedPrivateKey(t *testing.T) {
81 key, _ := os.ReadFile("test/sample_key.pub")
82 parsedKey, err := jwt.ParseRSAPublicKeyFromPEM(key)
83 if err != nil {
84 t.Fatal(err)
85 }
86 testData := rsaTestData[0]
87 parts := strings.Split(testData.tokenString, ".")
88 err = jwt.SigningMethodRS256.Verify(strings.Join(parts[0:2], "."), parts[2], parsedKey)
89 if err != nil {
90 t.Errorf("[%v] Error while verifying key: %v", testData.name, err)
91 }
92 }
93
94 func TestRSAWithPreParsedPrivateKey(t *testing.T) {
95 key, _ := os.ReadFile("test/sample_key")
96 parsedKey, err := jwt.ParseRSAPrivateKeyFromPEM(key)
97 if err != nil {
98 t.Fatal(err)
99 }
100 testData := rsaTestData[0]
101 parts := strings.Split(testData.tokenString, ".")
102 sig, err := jwt.SigningMethodRS256.Sign(strings.Join(parts[0:2], "."), parsedKey)
103 if err != nil {
104 t.Errorf("[%v] Error signing token: %v", testData.name, err)
105 }
106 if sig != parts[2] {
107 t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", testData.name, sig, parts[2])
108 }
109 }
110
111 func TestRSAKeyParsing(t *testing.T) {
112 key, _ := os.ReadFile("test/sample_key")
113 secureKey, _ := os.ReadFile("test/privateSecure.pem")
114 pubKey, _ := os.ReadFile("test/sample_key.pub")
115 badKey := []byte("All your base are belong to key")
116
117
118 if _, e := jwt.ParseRSAPrivateKeyFromPEM(key); e != nil {
119 t.Errorf("Failed to parse valid private key: %v", e)
120 }
121
122 if k, e := jwt.ParseRSAPrivateKeyFromPEM(pubKey); e == nil {
123 t.Errorf("Parsed public key as valid private key: %v", k)
124 }
125
126 if k, e := jwt.ParseRSAPrivateKeyFromPEM(badKey); e == nil {
127 t.Errorf("Parsed invalid key as valid private key: %v", k)
128 }
129
130 if _, e := jwt.ParseRSAPrivateKeyFromPEMWithPassword(secureKey, "password"); e != nil {
131 t.Errorf("Failed to parse valid private key with password: %v", e)
132 }
133
134 if k, e := jwt.ParseRSAPrivateKeyFromPEMWithPassword(secureKey, "123132"); e == nil {
135 t.Errorf("Parsed private key with invalid password %v", k)
136 }
137
138
139 if _, e := jwt.ParseRSAPublicKeyFromPEM(pubKey); e != nil {
140 t.Errorf("Failed to parse valid public key: %v", e)
141 }
142
143 if k, e := jwt.ParseRSAPublicKeyFromPEM(key); e == nil {
144 t.Errorf("Parsed private key as valid public key: %v", k)
145 }
146
147 if k, e := jwt.ParseRSAPublicKeyFromPEM(badKey); e == nil {
148 t.Errorf("Parsed invalid key as valid private key: %v", k)
149 }
150
151 }
152
153 func BenchmarkRSAParsing(b *testing.B) {
154 key, _ := os.ReadFile("test/sample_key")
155
156 b.ReportAllocs()
157 b.ResetTimer()
158 b.RunParallel(func(pb *testing.PB) {
159 for pb.Next() {
160 if _, err := jwt.ParseRSAPrivateKeyFromPEM(key); err != nil {
161 b.Fatalf("Unable to parse RSA private key: %v", err)
162 }
163 }
164 })
165 }
166
167 func BenchmarkRS256Signing(b *testing.B) {
168 key, _ := os.ReadFile("test/sample_key")
169 parsedKey, err := jwt.ParseRSAPrivateKeyFromPEM(key)
170 if err != nil {
171 b.Fatal(err)
172 }
173
174 benchmarkSigning(b, jwt.SigningMethodRS256, parsedKey)
175 }
176
177 func BenchmarkRS384Signing(b *testing.B) {
178 key, _ := os.ReadFile("test/sample_key")
179 parsedKey, err := jwt.ParseRSAPrivateKeyFromPEM(key)
180 if err != nil {
181 b.Fatal(err)
182 }
183
184 benchmarkSigning(b, jwt.SigningMethodRS384, parsedKey)
185 }
186
187 func BenchmarkRS512Signing(b *testing.B) {
188 key, _ := os.ReadFile("test/sample_key")
189 parsedKey, err := jwt.ParseRSAPrivateKeyFromPEM(key)
190 if err != nil {
191 b.Fatal(err)
192 }
193
194 benchmarkSigning(b, jwt.SigningMethodRS512, parsedKey)
195 }
196
View as plain text