1package jwt_test
2
3import (
4	"io/ioutil"
5	"strings"
6	"testing"
7
8	"github.com/golang-jwt/jwt/v4"
9)
10
11var hmacTestData = []struct {
12	name        string
13	tokenString string
14	alg         string
15	claims      map[string]interface{}
16	valid       bool
17}{
18	{
19		"web sample",
20		"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
21		"HS256",
22		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
23		true,
24	},
25	{
26		"HS384",
27		"eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.KWZEuOD5lbBxZ34g7F-SlVLAQ_r5KApWNWlZIIMyQVz5Zs58a7XdNzj5_0EcNoOy",
28		"HS384",
29		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
30		true,
31	},
32	{
33		"HS512",
34		"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.CN7YijRX6Aw1n2jyI2Id1w90ja-DEMYiWixhYCyHnrZ1VfJRaFQz1bEbjjA5Fn4CLYaUG432dEYmSbS4Saokmw",
35		"HS512",
36		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
37		true,
38	},
39	{
40		"web sample: invalid",
41		"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo",
42		"HS256",
43		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
44		false,
45	},
46}
47
48// Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1
49var hmacTestKey, _ = ioutil.ReadFile("test/hmacTestKey")
50
51func TestHMACVerify(t *testing.T) {
52	for _, data := range hmacTestData {
53		parts := strings.Split(data.tokenString, ".")
54
55		method := jwt.GetSigningMethod(data.alg)
56		err := method.Verify(strings.Join(parts[0:2], "."), parts[2], hmacTestKey)
57		if data.valid && err != nil {
58			t.Errorf("[%v] Error while verifying key: %v", data.name, err)
59		}
60		if !data.valid && err == nil {
61			t.Errorf("[%v] Invalid key passed validation", data.name)
62		}
63	}
64}
65
66func TestHMACSign(t *testing.T) {
67	for _, data := range hmacTestData {
68		if data.valid {
69			parts := strings.Split(data.tokenString, ".")
70			method := jwt.GetSigningMethod(data.alg)
71			sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey)
72			if err != nil {
73				t.Errorf("[%v] Error signing token: %v", data.name, err)
74			}
75			if sig != parts[2] {
76				t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", data.name, sig, parts[2])
77			}
78		}
79	}
80}
81
82func BenchmarkHS256Signing(b *testing.B) {
83	benchmarkSigning(b, jwt.SigningMethodHS256, hmacTestKey)
84}
85
86func BenchmarkHS384Signing(b *testing.B) {
87	benchmarkSigning(b, jwt.SigningMethodHS384, hmacTestKey)
88}
89
90func BenchmarkHS512Signing(b *testing.B) {
91	benchmarkSigning(b, jwt.SigningMethodHS512, hmacTestKey)
92}
93