...

Source file src/github.com/ory/fosite/token/hmac/hmacsha_test.go

Documentation: github.com/ory/fosite/token/hmac 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package hmac
    23  
    24  import (
    25  	"crypto/sha512"
    26  	"testing"
    27  
    28  	"github.com/ory/fosite"
    29  
    30  	"github.com/stretchr/testify/assert"
    31  	"github.com/stretchr/testify/require"
    32  )
    33  
    34  func TestGenerateFailsWithShortCredentials(t *testing.T) {
    35  	cg := HMACStrategy{GlobalSecret: []byte("foo")}
    36  	challenge, signature, err := cg.Generate()
    37  	require.Error(t, err)
    38  	require.Empty(t, challenge)
    39  	require.Empty(t, signature)
    40  }
    41  
    42  func TestGenerate(t *testing.T) {
    43  	for _, c := range []struct {
    44  		globalSecret []byte
    45  		tokenEntropy int
    46  	}{
    47  		{
    48  			globalSecret: []byte("1234567890123456789012345678901234567890"),
    49  			tokenEntropy: 32,
    50  		},
    51  		{
    52  			globalSecret: []byte("1234567890123456789012345678901234567890"),
    53  			tokenEntropy: 64,
    54  		},
    55  	} {
    56  		cg := HMACStrategy{
    57  			GlobalSecret: c.globalSecret,
    58  			TokenEntropy: c.tokenEntropy,
    59  		}
    60  
    61  		token, signature, err := cg.Generate()
    62  		require.NoError(t, err)
    63  		require.NotEmpty(t, token)
    64  		require.NotEmpty(t, signature)
    65  		t.Logf("Token: %s\n Signature: %s", token, signature)
    66  
    67  		err = cg.Validate(token)
    68  		require.NoError(t, err)
    69  
    70  		validateSignature := cg.Signature(token)
    71  		assert.Equal(t, signature, validateSignature)
    72  
    73  		cg.GlobalSecret = []byte("baz")
    74  		err = cg.Validate(token)
    75  		require.Error(t, err)
    76  	}
    77  }
    78  
    79  func TestValidateSignatureRejects(t *testing.T) {
    80  	var err error
    81  	cg := HMACStrategy{
    82  		GlobalSecret: []byte("1234567890123456789012345678901234567890"),
    83  	}
    84  	for k, c := range []string{
    85  		"",
    86  		" ",
    87  		"foo.bar",
    88  		"foo.",
    89  		".foo",
    90  	} {
    91  		err = cg.Validate(c)
    92  		assert.Error(t, err)
    93  		t.Logf("Passed test case %d", k)
    94  	}
    95  }
    96  
    97  func TestValidateWithRotatedKey(t *testing.T) {
    98  	old := HMACStrategy{
    99  		GlobalSecret: []byte("1234567890123456789012345678901234567890"),
   100  	}
   101  	now := HMACStrategy{
   102  		GlobalSecret: []byte("0000000090123456789012345678901234567890"),
   103  		RotatedGlobalSecrets: [][]byte{
   104  			[]byte("abcdefgh90123456789012345678901234567890"),
   105  			[]byte("1234567890123456789012345678901234567890"),
   106  		},
   107  	}
   108  
   109  	token, _, err := old.Generate()
   110  	require.NoError(t, err)
   111  
   112  	require.EqualError(t, now.Validate("thisisatoken.withaninvalidsignature"), fosite.ErrTokenSignatureMismatch.Error())
   113  	require.NoError(t, now.Validate(token))
   114  }
   115  
   116  func TestValidateWithRotatedKeyInvalid(t *testing.T) {
   117  	old := HMACStrategy{
   118  		GlobalSecret: []byte("1234567890123456789012345678901234567890"),
   119  	}
   120  	now := HMACStrategy{
   121  		GlobalSecret: []byte("0000000090123456789012345678901234567890"),
   122  		RotatedGlobalSecrets: [][]byte{
   123  			[]byte("abcdefgh90123456789012345678901"),
   124  			[]byte("1234567890123456789012345678901234567890"),
   125  		},
   126  	}
   127  
   128  	token, _, err := old.Generate()
   129  	require.NoError(t, err)
   130  
   131  	require.EqualError(t, now.Validate(token), "secret for signing HMAC-SHA512/256 is expected to be 32 byte long, got 31 byte")
   132  
   133  	require.EqualError(t, new(HMACStrategy).Validate(token), "a secret for signing HMAC-SHA512/256 is expected to be defined, but none were")
   134  }
   135  
   136  func TestCustomHMAC(t *testing.T) {
   137  	def := HMACStrategy{
   138  		GlobalSecret: []byte("1234567890123456789012345678901234567890"),
   139  	}
   140  	sha512 := HMACStrategy{
   141  		GlobalSecret: []byte("1234567890123456789012345678901234567890"),
   142  		Hash:         sha512.New,
   143  	}
   144  
   145  	token, _, err := def.Generate()
   146  	require.NoError(t, err)
   147  	require.EqualError(t, sha512.Validate(token), fosite.ErrTokenSignatureMismatch.Error())
   148  
   149  	token512, _, err := sha512.Generate()
   150  	require.NoError(t, err)
   151  	require.NoError(t, sha512.Validate(token512))
   152  	require.EqualError(t, def.Validate(token512), fosite.ErrTokenSignatureMismatch.Error())
   153  }
   154  

View as plain text