1 package jwt_test
2
3 import (
4 "os"
5 "reflect"
6 "strings"
7 "testing"
8
9 "github.com/golang-jwt/jwt/v5"
10 )
11
12 var hmacTestData = []struct {
13 name string
14 tokenString string
15 alg string
16 claims map[string]interface{}
17 valid bool
18 }{
19 {
20 "web sample",
21 "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
22 "HS256",
23 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
24 true,
25 },
26 {
27 "HS384",
28 "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.KWZEuOD5lbBxZ34g7F-SlVLAQ_r5KApWNWlZIIMyQVz5Zs58a7XdNzj5_0EcNoOy",
29 "HS384",
30 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
31 true,
32 },
33 {
34 "HS512",
35 "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.CN7YijRX6Aw1n2jyI2Id1w90ja-DEMYiWixhYCyHnrZ1VfJRaFQz1bEbjjA5Fn4CLYaUG432dEYmSbS4Saokmw",
36 "HS512",
37 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
38 true,
39 },
40 {
41 "web sample: invalid",
42 "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo",
43 "HS256",
44 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
45 false,
46 },
47 }
48
49
50 var hmacTestKey, _ = os.ReadFile("test/hmacTestKey")
51
52 func TestHMACVerify(t *testing.T) {
53 for _, data := range hmacTestData {
54 parts := strings.Split(data.tokenString, ".")
55
56 method := jwt.GetSigningMethod(data.alg)
57 err := method.Verify(strings.Join(parts[0:2], "."), decodeSegment(t, parts[2]), hmacTestKey)
58 if data.valid && err != nil {
59 t.Errorf("[%v] Error while verifying key: %v", data.name, err)
60 }
61 if !data.valid && err == nil {
62 t.Errorf("[%v] Invalid key passed validation", data.name)
63 }
64 }
65 }
66
67 func TestHMACSign(t *testing.T) {
68 for _, data := range hmacTestData {
69 if !data.valid {
70 continue
71 }
72 parts := strings.Split(data.tokenString, ".")
73 method := jwt.GetSigningMethod(data.alg)
74 sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey)
75 if err != nil {
76 t.Errorf("[%v] Error signing token: %v", data.name, err)
77 }
78 if !reflect.DeepEqual(sig, decodeSegment(t, parts[2])) {
79 t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", data.name, sig, parts[2])
80 }
81 }
82 }
83
84 func BenchmarkHS256Signing(b *testing.B) {
85 benchmarkSigning(b, jwt.SigningMethodHS256, hmacTestKey)
86 }
87
88 func BenchmarkHS384Signing(b *testing.B) {
89 benchmarkSigning(b, jwt.SigningMethodHS384, hmacTestKey)
90 }
91
92 func BenchmarkHS512Signing(b *testing.B) {
93 benchmarkSigning(b, jwt.SigningMethodHS512, hmacTestKey)
94 }
95
View as plain text