Skip to content

Commit

Permalink
fix header tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@lbalmaceda
lbalmaceda committed Feb 24, 2017
1 parent c9090a0 commit d5ce251
Show file tree
Hide file tree
Showing 4 changed files with 232 additions and 45 deletions.
3 changes: 3 additions & 0 deletions lib/src/main/java/com/auth0/jwt/JWTCreator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
import com.auth0.jwt.impl.PayloadSerializer;
import com.auth0.jwt.impl.PublicClaims;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.MapperFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationConfig;
import com.fasterxml.jackson.databind.module.SimpleModule;
import org.apache.commons.codec.binary.Base64;

Expand All @@ -33,6 +35,7 @@ private JWTCreator(Algorithm algorithm, Map<String, Object> headerClaims, Map<St
SimpleModule module = new SimpleModule();
module.addSerializer(ClaimsHolder.class, new PayloadSerializer());
mapper.registerModule(module);
mapper.configure(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY, true);
headerJson = mapper.writeValueAsString(headerClaims);
payloadJson = mapper.writeValueAsString(new ClaimsHolder(payloadClaims));
} catch (JsonProcessingException e) {
Expand Down
55 changes: 37 additions & 18 deletions lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
package com.auth0.jwt;

import com.auth0.jwt.algorithms.Algorithm;
import org.apache.commons.codec.binary.Base64;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
Expand All @@ -28,15 +30,17 @@ public void shouldThrowWhenRequestingSignWithoutAlgorithm() throws Exception {

@SuppressWarnings("Convert2Diamond")
@Test
public void shouldAddHeader() throws Exception {
public void shouldAddHeaderClaim() throws Exception {
Map<String, Object> header = new HashMap<String, Object>();
header.put("asd", 123);
String signed = JWTCreator.init()
.withHeader(header)
.sign(Algorithm.HMAC256("secret"));

assertThat(signed, is(notNullValue()));
assertThat(TokenUtils.splitToken(signed)[0], is("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImFzZCI6MTIzfQ"));
String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("asd", 123));
}

@Test
Expand All @@ -46,7 +50,9 @@ public void shouldAddKeyId() throws Exception {
.sign(Algorithm.HMAC256("secret"));

assertThat(signed, is(notNullValue()));
assertThat(TokenUtils.splitToken(signed)[0], is("eyJraWQiOiI1NmE4YmQ0NGRhNDM1MzAwMDEwMDAwMDE1ZjVlZCIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0"));
String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("kid", "56a8bd44da435300010000015f5ed"));
}

@Test
Expand Down Expand Up @@ -144,7 +150,20 @@ public void shouldSetCorrectAlgorithmInTheHeader() throws Exception {
.sign(Algorithm.HMAC256("secret"));

assertThat(signed, is(notNullValue()));
assertThat(TokenUtils.splitToken(signed)[0], is("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9"));
String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS256"));
}

@Test
public void shouldSetCorrectTypeInTheHeader() throws Exception {
String signed = JWTCreator.init()
.sign(Algorithm.HMAC256("secret"));

assertThat(signed, is(notNullValue()));
String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
}

@Test
Expand All @@ -168,43 +187,43 @@ public void shouldAcceptCustomClaimOfTypeString() throws Exception {
String jwt = JWTCreator.init()
.withClaim("name", "value")
.sign(Algorithm.HMAC256("secret"));
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoidmFsdWUifQ.eR3DUeX142NjueZjkqCn_NqxJpb5k-Y55Oo0N-ap3rI";

assertThat(jwt, is(notNullValue()));
assertThat(jwt, is(token));
String[] parts = jwt.split("\\.");
assertThat(parts[1], is("eyJuYW1lIjoidmFsdWUifQ"));
}

@Test
public void shouldAcceptCustomClaimOfTypeInteger() throws Exception {
String jwt = JWTCreator.init()
.withClaim("name", 123)
.sign(Algorithm.HMAC256("secret"));
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoxMjN9.7Diqx9FPPuaw9ESwkZOHL2BARjqQz00qrHYOm0lKcgQ";

assertThat(jwt, is(notNullValue()));
assertThat(jwt, is(token));
String[] parts = jwt.split("\\.");
assertThat(parts[1], is("eyJuYW1lIjoxMjN9"));
}

@Test
public void shouldAcceptCustomClaimOfTypeDouble() throws Exception {
String jwt = JWTCreator.init()
.withClaim("name", 23.45)
.sign(Algorithm.HMAC256("secret"));
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoyMy40NX0.VwOI-xjYFthgT43b9EYcaOSIpGSD6PVLSCPuGzDuEnQ";

assertThat(jwt, is(notNullValue()));
assertThat(jwt, is(token));
String[] parts = jwt.split("\\.");
assertThat(parts[1], is("eyJuYW1lIjoyMy40NX0"));
}

@Test
public void shouldAcceptCustomClaimOfTypeBoolean() throws Exception {
String jwt = JWTCreator.init()
.withClaim("name", true)
.sign(Algorithm.HMAC256("secret"));
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjp0cnVlfQ.8L_Td4EtEAUuQeNCU0fuJEu78SS8K3Y5OOkFzYA81g8";

assertThat(jwt, is(notNullValue()));
assertThat(jwt, is(token));
String[] parts = jwt.split("\\.");
assertThat(parts[1], is("eyJuYW1lIjp0cnVlfQ"));
}

@Test
Expand All @@ -213,31 +232,31 @@ public void shouldAcceptCustomClaimOfTypeDate() throws Exception {
String jwt = JWTCreator.init()
.withClaim("name", date)
.sign(Algorithm.HMAC256("secret"));
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoxNDc4ODkxNTIxfQ.0esDU87VaYbx6KQDWhFrRPNzq3rl3vcHO8T21fao28U";

assertThat(jwt, is(notNullValue()));
assertThat(jwt, is(token));
String[] parts = jwt.split("\\.");
assertThat(parts[1], is("eyJuYW1lIjoxNDc4ODkxNTIxfQ"));
}

@Test
public void shouldAcceptCustomArrayClaimOfTypeString() throws Exception {
String jwt = JWTCreator.init()
.withArrayClaim("name", new String[]{"text", "123", "true"})
.sign(Algorithm.HMAC256("secret"));
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjpbInRleHQiLCIxMjMiLCJ0cnVlIl19.TTP2tJjVdoOzKfIgDcn_MSP7XQpafeVCKVNE2Y3-0Hk";

assertThat(jwt, is(notNullValue()));
assertThat(jwt, is(token));
String[] parts = jwt.split("\\.");
assertThat(parts[1], is("eyJuYW1lIjpbInRleHQiLCIxMjMiLCJ0cnVlIl19"));
}

@Test
public void shouldAcceptCustomArrayClaimOfTypeInteger() throws Exception {
String jwt = JWTCreator.init()
.withArrayClaim("name", new Integer[]{1, 2, 3})
.sign(Algorithm.HMAC256("secret"));
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjpbMSwyLDNdfQ.1AdYaNBWR8lPB0yOxUtnQjuOU7tzD4LWz2AWrziPUqA";

assertThat(jwt, is(notNullValue()));
assertThat(jwt, is(token));
String[] parts = jwt.split("\\.");
assertThat(parts[1], is("eyJuYW1lIjpbMSwyLDNdfQ"));
}
}
83 changes: 56 additions & 27 deletions lib/src/test/java/com/auth0/jwt/JWTTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,14 @@
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Clock;
import com.auth0.jwt.interfaces.DecodedJWT;
import org.apache.commons.codec.binary.Base64;
import org.hamcrest.collection.IsCollectionWithSize;
import org.hamcrest.core.IsCollectionContaining;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

import java.nio.charset.StandardCharsets;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.util.Date;
Expand Down Expand Up @@ -353,11 +355,14 @@ public void shouldGetCustomClaims() throws Exception {

@Test
public void shouldCreateAnEmptyHMAC256SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e30.";

String signed = JWT.create().sign(Algorithm.HMAC256("secret"));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS256"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.HMAC256("secret"))
.build();
Expand All @@ -366,11 +371,14 @@ public void shouldCreateAnEmptyHMAC256SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyHMAC384SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzM4NCJ9.e30.";

String signed = JWT.create().sign(Algorithm.HMAC384("secret"));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS384"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.HMAC384("secret"))
.build();
Expand All @@ -379,11 +387,14 @@ public void shouldCreateAnEmptyHMAC384SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyHMAC512SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.e30.";

String signed = JWT.create().sign(Algorithm.HMAC512("secret"));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS512"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.HMAC512("secret"))
.build();
Expand All @@ -392,11 +403,14 @@ public void shouldCreateAnEmptyHMAC512SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyRSA256SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.e30.";

String signed = JWT.create().sign(Algorithm.RSA256((RSAKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA")));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "RS256"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.RSA256((RSAKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_RSA, "RSA")))
.build();
Expand All @@ -405,11 +419,14 @@ public void shouldCreateAnEmptyRSA256SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyRSA384SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.e30.";

String signed = JWT.create().sign(Algorithm.RSA384((RSAKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA")));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "RS384"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.RSA384((RSAKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_RSA, "RSA")))
.build();
Expand All @@ -418,11 +435,14 @@ public void shouldCreateAnEmptyRSA384SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyRSA512SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.e30.";

String signed = JWT.create().sign(Algorithm.RSA512((RSAKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA")));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "RS512"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.RSA512((RSAKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_RSA, "RSA")))
.build();
Expand All @@ -431,11 +451,14 @@ public void shouldCreateAnEmptyRSA512SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyECDSA256SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.e30.";

String signed = JWT.create().sign(Algorithm.ECDSA256((ECKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_256, "EC")));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "ES256"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.ECDSA256((ECKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_EC_256, "EC")))
.build();
Expand All @@ -444,11 +467,14 @@ public void shouldCreateAnEmptyECDSA256SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyECDSA384SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzM4NCJ9.e30.";

String signed = JWT.create().sign(Algorithm.ECDSA384((ECKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_384, "EC")));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "ES384"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.ECDSA384((ECKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_EC_384, "EC")))
.build();
Expand All @@ -457,11 +483,14 @@ public void shouldCreateAnEmptyECDSA384SignedToken() throws Exception {

@Test
public void shouldCreateAnEmptyECDSA512SignedToken() throws Exception {
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzUxMiJ9.e30.";

String signed = JWT.create().sign(Algorithm.ECDSA512((ECKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_512, "EC")));
assertThat(signed, is(notNullValue()));
assertThat(signed, startsWith(headerAndPayload));

String[] parts = signed.split("\\.");
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
assertThat(headerJson, JsonMatcher.hasEntry("alg", "ES512"));
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
assertThat(parts[1], is("e30"));

JWTVerifier verified = JWT.require(Algorithm.ECDSA512((ECKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_EC_512, "EC")))
.build();
Expand Down
Loading

0 comments on commit d5ce251

Please sign in to comment.