1package jwt_test 2 3import ( 4 "io/ioutil" 5 "strings" 6 "testing" 7 8 "github.com/golang-jwt/jwt/v4" 9) 10 11var hmacTestData = []struct { 12 name string 13 tokenString string 14 alg string 15 claims map[string]interface{} 16 valid bool 17}{ 18 { 19 "web sample", 20 "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk", 21 "HS256", 22 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, 23 true, 24 }, 25 { 26 "HS384", 27 "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.KWZEuOD5lbBxZ34g7F-SlVLAQ_r5KApWNWlZIIMyQVz5Zs58a7XdNzj5_0EcNoOy", 28 "HS384", 29 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, 30 true, 31 }, 32 { 33 "HS512", 34 "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.CN7YijRX6Aw1n2jyI2Id1w90ja-DEMYiWixhYCyHnrZ1VfJRaFQz1bEbjjA5Fn4CLYaUG432dEYmSbS4Saokmw", 35 "HS512", 36 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, 37 true, 38 }, 39 { 40 "web sample: invalid", 41 "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo", 42 "HS256", 43 map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true}, 44 false, 45 }, 46} 47 48// Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1 49var hmacTestKey, _ = ioutil.ReadFile("test/hmacTestKey") 50 51func TestHMACVerify(t *testing.T) { 52 for _, data := range hmacTestData { 53 parts := strings.Split(data.tokenString, ".") 54 55 method := jwt.GetSigningMethod(data.alg) 56 err := method.Verify(strings.Join(parts[0:2], "."), parts[2], hmacTestKey) 57 if data.valid && err != nil { 58 t.Errorf("[%v] Error while verifying key: %v", data.name, err) 59 } 60 if !data.valid && err == nil { 61 t.Errorf("[%v] Invalid key passed validation", data.name) 62 } 63 } 64} 65 66func TestHMACSign(t *testing.T) { 67 for _, data := range hmacTestData { 68 if data.valid { 69 parts := strings.Split(data.tokenString, ".") 70 method := jwt.GetSigningMethod(data.alg) 71 sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey) 72 if err != nil { 73 t.Errorf("[%v] Error signing token: %v", data.name, err) 74 } 75 if sig != parts[2] { 76 t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", data.name, sig, parts[2]) 77 } 78 } 79 } 80} 81 82func BenchmarkHS256Signing(b *testing.B) { 83 benchmarkSigning(b, jwt.SigningMethodHS256, hmacTestKey) 84} 85 86func BenchmarkHS384Signing(b *testing.B) { 87 benchmarkSigning(b, jwt.SigningMethodHS384, hmacTestKey) 88} 89 90func BenchmarkHS512Signing(b *testing.B) { 91 benchmarkSigning(b, jwt.SigningMethodHS512, hmacTestKey) 92} 93