1package jwt_test
2
3import (
4	"github.com/dgrijalva/jwt-go"
5	"io/ioutil"
6	"strings"
7	"testing"
8)
9
10var hmacTestData = []struct {
11	name        string
12	tokenString string
13	alg         string
14	claims      map[string]interface{}
15	valid       bool
16}{
17	{
18		"web sample",
19		"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
20		"HS256",
21		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
22		true,
23	},
24	{
25		"HS384",
26		"eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.KWZEuOD5lbBxZ34g7F-SlVLAQ_r5KApWNWlZIIMyQVz5Zs58a7XdNzj5_0EcNoOy",
27		"HS384",
28		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
29		true,
30	},
31	{
32		"HS512",
33		"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.CN7YijRX6Aw1n2jyI2Id1w90ja-DEMYiWixhYCyHnrZ1VfJRaFQz1bEbjjA5Fn4CLYaUG432dEYmSbS4Saokmw",
34		"HS512",
35		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
36		true,
37	},
38	{
39		"web sample: invalid",
40		"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo",
41		"HS256",
42		map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
43		false,
44	},
45}
46
47// Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1
48var hmacTestKey, _ = ioutil.ReadFile("test/hmacTestKey")
49
50func TestHMACVerify(t *testing.T) {
51	for _, data := range hmacTestData {
52		parts := strings.Split(data.tokenString, ".")
53
54		method := jwt.GetSigningMethod(data.alg)
55		err := method.Verify(strings.Join(parts[0:2], "."), parts[2], hmacTestKey)
56		if data.valid && err != nil {
57			t.Errorf("[%v] Error while verifying key: %v", data.name, err)
58		}
59		if !data.valid && err == nil {
60			t.Errorf("[%v] Invalid key passed validation", data.name)
61		}
62	}
63}
64
65func TestHMACSign(t *testing.T) {
66	for _, data := range hmacTestData {
67		if data.valid {
68			parts := strings.Split(data.tokenString, ".")
69			method := jwt.GetSigningMethod(data.alg)
70			sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey)
71			if err != nil {
72				t.Errorf("[%v] Error signing token: %v", data.name, err)
73			}
74			if sig != parts[2] {
75				t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", data.name, sig, parts[2])
76			}
77		}
78	}
79}
80
81func BenchmarkHS256Signing(b *testing.B) {
82	benchmarkSigning(b, jwt.SigningMethodHS256, hmacTestKey)
83}
84
85func BenchmarkHS384Signing(b *testing.B) {
86	benchmarkSigning(b, jwt.SigningMethodHS384, hmacTestKey)
87}
88
89func BenchmarkHS512Signing(b *testing.B) {
90	benchmarkSigning(b, jwt.SigningMethodHS512, hmacTestKey)
91}
92