/
jwt_test.go
162 lines (136 loc) · 3.67 KB
/
jwt_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
package jwt
import (
"crypto"
"testing"
"time"
)
var (
publicKey = []byte(`-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMk7RZ9BjeiwiGcJl9nUqdnYYG
qSx0mnCP8XdB4DpCgLI+cKw00j7m6a1wkB61g9SmPYmLqoSzBHX7RkMpmyJ7Ib6D
T43/iPWxLesPTlAQYgOmKaT+a297cnOXs7GVz8lZSMc/JdzIgrKXivmDcTrxJZ5o
bAyxk9GQ/zVEVxaxxwIDAQAB
-----END PUBLIC KEY-----`)
privateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDMk7RZ9BjeiwiGcJl9nUqdnYYGqSx0mnCP8XdB4DpCgLI+cKw0
0j7m6a1wkB61g9SmPYmLqoSzBHX7RkMpmyJ7Ib6DT43/iPWxLesPTlAQYgOmKaT+
a297cnOXs7GVz8lZSMc/JdzIgrKXivmDcTrxJZ5obAyxk9GQ/zVEVxaxxwIDAQAB
AoGARO7kT4c7tgk9NyfL4JLWqKOCnM32Z9f+Y9Jmb/EhUHVTGk0XCblqbp6AzbQS
VPF1/wovRbuQeU3gf2neia93f1Esx4336xG2S38e4IvJVkuPDebU43gvlQrVkLqW
wAud4ay2QGbGlA6Sr5ZPVlqoNVZElE4SmZw42T/LvXzvCRECQQD7F6Dwk9irN3VA
lvEDqErkMySTHVDnqiqJKEA2UpHajhM2li6EWJY7z70srSzBVeIe0cYbkHBKqUVO
MtQQwxzpAkEA0JNUpHgvuiw1/5gf4jr2TDGonyhHUDHPDrVQpfaGFLfMYFmaYsQG
//cmW6rkWVxhthSy4mEzldlSO9rD61drLwJBAM3SU5mBB7Vps1JrqEqgNCuVBKEX
Ac+0fEOL2/7rdiWaGoO/XYgc+aEzq1Uo6yvb04wB1ouXvYRl9qqgHZdT6KkCQEnz
MpttkV5stmh8wzEuvoydPq/PVBl2z3bjikiNc1R9JhUzL6282s5+DjeKC5QzUOGB
zTq+Q8/pUWKvWa9jOzkCQD7yioMi2F6gAuPkg77d8/elGOOyBM4R4aj8/svto0wx
moz8u3wUm4HhD99vpIWzLXB2FCb9Bi2T7KQTCskyHac=
-----END RSA PRIVATE KEY-----`)
hmacKey = []byte("I am HMAC secret key.")
ttl = int64(3)
)
func newJwt() *JWT {
issuer := "CleverGo"
// Create a JWT manager.
jwt := NewJWT(issuer, ttl)
algorithms := map[string]crypto.Hash{
"HS256": crypto.SHA256,
"HS384": crypto.SHA384,
"HS512": crypto.SHA512,
"RS256": crypto.SHA256,
"RS384": crypto.SHA384,
"RS512": crypto.SHA512,
}
// Add RSAAlgorithms.
for name, hash := range algorithms {
a, err := NewRSAAlgorithm(hash, publicKey, privateKey)
if err != nil {
panic(err)
}
jwt.AddAlgorithm(name, a)
}
return jwt
}
func TestRSA(t *testing.T) {
jwt := newJwt()
// Create a new token using RS256.
token1, err := NewToken(jwt, "RS256", "Subject", "Audience")
if err != nil {
t.Error(err)
}
// Parse token.
err = token1.Parse()
if err != nil {
t.Error(err)
}
// Get token by raw token.
token2, err := NewTokenByRaw(
jwt,
token1.Raw.token,
)
if err != nil {
t.Error(err)
}
// Validate token2.
err = token2.Validate()
if err != nil {
t.Error(err)
}
// Check expiration time.
// Make sure that the token is expired.
time.Sleep(time.Duration(ttl+1) * time.Second)
err = token2.ValidateExpiration(time.Now())
if err == nil {
t.Error("The token show be invalid.")
}
}
func TestHMAC(t *testing.T) {
jwt := newJwt()
// Create a new token using HS256.
token, err := NewToken(jwt, "HS256", "Subject", "Audience")
if err != nil {
t.Error(err)
}
// Parse token.
err = token.Parse()
if err != nil {
t.Error(err)
}
// Get token by raw token.
token2, err := NewTokenByRaw(
jwt,
token.Raw.token,
)
if err != nil {
t.Error(err)
}
// Validate token2.
err = token2.Validate()
if err != nil {
t.Error(err)
}
// Check expiration time.
// Make sure that the token is expired.
time.Sleep(time.Duration(ttl+1) * time.Second)
err = token2.ValidateExpiration(time.Now())
if err == nil {
t.Error("It is impossible that token is valid.")
}
}
func TestNotBefore(t *testing.T) {
jwt := newJwt()
jwt.SetNotBefore(time.Now().Add(time.Duration(1) * time.Second))
token, err := NewToken(jwt, "HS256", "Subject", "Audience")
if err != nil {
t.Error(err)
}
// Check not before.
if err := token.ValidateNotBefore(time.Now()); err == nil {
t.Errorf("The token nbf should be invalid.")
}
// Make sure that the token is valid.
time.Sleep(time.Duration(1) * time.Second)
if err := token.ValidateNotBefore(time.Now()); err != nil {
t.Errorf("The token nbf should be valid.")
}
}