1 package jwt_test
2
3 import (
4 "os"
5 "strings"
6 "testing"
7
8 "github.com/golang-jwt/jwt/v5"
9 )
10
11 var ed25519TestData = []struct {
12 name string
13 keys map[string]string
14 tokenString string
15 alg string
16 claims map[string]interface{}
17 valid bool
18 }{
19 {
20 "Basic Ed25519",
21 map[string]string{"private": "test/ed25519-private.pem", "public": "test/ed25519-public.pem"},
22 "eyJhbGciOiJFRDI1NTE5IiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIifQ.ESuVzZq1cECrt9Od_gLPVG-_6uRP_8Nq-ajx6CtmlDqRJZqdejro2ilkqaQgSL-siE_3JMTUW7UwAorLaTyFCw",
23 "EdDSA",
24 map[string]interface{}{"foo": "bar"},
25 true,
26 },
27 {
28 "Basic Ed25519",
29 map[string]string{"private": "test/ed25519-private.pem", "public": "test/ed25519-public.pem"},
30 "eyJhbGciOiJFRDI1NTE5IiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXoifQ.ESuVzZq1cECrt9Od_gLPVG-_6uRP_8Nq-ajx6CtmlDqRJZqdejro2ilkqaQgSL-siE_3JMTUW7UwAorLaTyFCw",
31 "EdDSA",
32 map[string]interface{}{"foo": "bar"},
33 false,
34 },
35 }
36
37 func TestEd25519Verify(t *testing.T) {
38 for _, data := range ed25519TestData {
39 var err error
40
41 key, _ := os.ReadFile(data.keys["public"])
42
43 ed25519Key, err := jwt.ParseEdPublicKeyFromPEM(key)
44 if err != nil {
45 t.Errorf("Unable to parse Ed25519 public key: %v", err)
46 }
47
48 parts := strings.Split(data.tokenString, ".")
49
50 method := jwt.GetSigningMethod(data.alg)
51
52 err = method.Verify(strings.Join(parts[0:2], "."), decodeSegment(t, parts[2]), ed25519Key)
53 if data.valid && err != nil {
54 t.Errorf("[%v] Error while verifying key: %v", data.name, err)
55 }
56 if !data.valid && err == nil {
57 t.Errorf("[%v] Invalid key passed validation", data.name)
58 }
59 }
60 }
61
62 func TestEd25519Sign(t *testing.T) {
63 for _, data := range ed25519TestData {
64 var err error
65 key, _ := os.ReadFile(data.keys["private"])
66
67 ed25519Key, err := jwt.ParseEdPrivateKeyFromPEM(key)
68 if err != nil {
69 t.Errorf("Unable to parse Ed25519 private key: %v", err)
70 }
71
72 parts := strings.Split(data.tokenString, ".")
73
74 method := jwt.GetSigningMethod(data.alg)
75
76 sig, err := method.Sign(strings.Join(parts[0:2], "."), ed25519Key)
77 if err != nil {
78 t.Errorf("[%v] Error signing token: %v", data.name, err)
79 }
80
81 ssig := encodeSegment(sig)
82 if ssig == parts[2] && !data.valid {
83 t.Errorf("[%v] Identical signatures\nbefore:\n%v\nafter:\n%v", data.name, parts[2], ssig)
84 }
85 }
86 }
87
View as plain text