Increase code coverage

Erwin Jansen · Erwin Jansen · commit 2e66950a916d · 2016-04-29T15:59:54.000-07:00
- Add a set of unit tests
- Fix a set of small bugs
diff --git a/README.md b/README.md
@@ -47,6 +47,14 @@ cmake -DCMAKE_BUILD_TYPE=Debug ..
 make
 ```
 
+Running the tests with code coverage:
+```
+mkdir debug 
+cd debug 
+cmake -DCMAKE_BUILD_TYPE=Debug ..
+make cov_all_tests
+```
+
 
 ### Dependencies in linux
 
diff --git a/src/include/jwt/hmacvalidator.h b/src/include/jwt/hmacvalidator.h
@@ -36,7 +36,6 @@
  */
 class HMACValidator : public MessageSigner {
  public:
-  explicit HMACValidator(const char *algorithm);
   explicit HMACValidator(const char *algorithm, const EVP_MD *md, const std::string &key);
   virtual ~HMACValidator();
 
diff --git a/src/include/private/clock.h b/src/include/private/clock.h
@@ -37,8 +37,8 @@ class IClock {
 class UtcClock : public IClock {
  public:
     uint64_t Now() {
-      time_t rawtime;
-      struct tm ptm;
+      time_t rawtime = 0;
+      struct tm ptm = {0};
       time(&rawtime);
       gmtime_r(&rawtime, &ptm);
       return mktime(&ptm);
diff --git a/src/jwt/jwt.cpp b/src/jwt/jwt.cpp
@@ -132,6 +132,7 @@ JWT *JWT::Decode(const char *jws_token, size_t num_jws_token, MessageValidator *
   str_ptr dec_header(new char[num_dec_header]);
 
   if (Base64Encode::DecodeUrl(header, num_header, dec_header.get(), &num_dec_header) != 0) {
+    // This cannot happen, as we have checked for valid characters already..
     throw std::logic_error("validated header block has invalid characters");
   }
 
@@ -163,6 +164,7 @@ json_t *JWT::ExtractPayload(const char *payload, size_t num_payload) {
   str_ptr dec_payload(new char[num_dec_payload]);
 
   if (Base64Encode::DecodeUrl(payload, num_payload, dec_payload.get(), &num_dec_payload) != 0) {
+    // This cannot happen, as we have checked for valid characters already..
     throw std::logic_error("validated block has base64 error in payload");
   }
 
@@ -171,7 +173,7 @@ json_t *JWT::ExtractPayload(const char *payload, size_t num_payload) {
   json_error_t error;
   json_t *json = json_loads(dec_payload.get(), JSON_REJECT_DUPLICATES, &error);
   if (!json) {
-    throw TokenFormatError(std::string("header contains invalid json, ") += error.text);
+    throw TokenFormatError(std::string("payload contains invalid json, ") += error.text);
   }
   return json;
 }
@@ -205,6 +207,7 @@ bool JWT::VerifySignature(json_t *header_claims_, const char *header,
   }
 
   if (Base64Encode::DecodeUrl(signature, num_signature, dec_signature, &num_dec_signature)) {
+    // Shouldn't happen. At this point the token contains valid base64 chars.
     throw std::logic_error("validated block has base64 error in signature");
   }
 
diff --git a/src/validators/claims/claimvalidator.cpp b/src/validators/claims/claimvalidator.cpp
@@ -38,8 +38,7 @@ AllClaimValidator::AllClaimValidator(std::vector<ClaimValidator*> validators) :
 
 bool AllClaimValidator::IsValid(const json_t *claimset) const {
   for (auto validator : validators_) {
-      if (!validator->IsValid(claimset))
-        return false;
+      validator->IsValid(claimset);
   }
   return true;
 }
diff --git a/src/validators/claims/claimvalidatorfactory.cpp b/src/validators/claims/claimvalidatorfactory.cpp
@@ -82,9 +82,6 @@ ClaimValidator *ClaimValidatorFactory::Build(json_t *json) {
     } else if (json_object_get(json, "optional")) {
       json_t *val = json_object_get(json, "optional");
       ClaimValidator *inner = Build(val);
-      if (inner->property() == NULL) {
-        throw std::logic_error("optional property not defined for inner claim");
-      }
       constructed = new OptionalClaimValidator(inner);
     }
   } catch (std::exception &le) {
diff --git a/src/validators/hmacvalidator.cpp b/src/validators/hmacvalidator.cpp
@@ -26,9 +26,6 @@
 #include <sstream>
 #include <string>
 
-HMACValidator::HMACValidator(const char *algorithm) : algorithm_(algorithm), key_size_(0) {
-}
-
 HMACValidator::HMACValidator(const char *algorithm,
     const EVP_MD *md, const std::string &key) :
   md_(md), algorithm_(algorithm), key_size_(md->md_size), key_(key) {
diff --git a/src/validators/messagevalidatorfactory.cpp b/src/validators/messagevalidatorfactory.cpp
@@ -72,13 +72,13 @@ MessageSigner* MessageValidatorFactory::BuildSigner(std::string fromJson) {
     constructed.reset(new HS512Validator(ParseSecret("secret", json_object_get(json, "HS512"))));
   } else if (json_object_get(json, "RS256")) {
     constructed.reset(new RS256Validator(ParseSecret("public", json_object_get(json, "RS256")),
-        ParseSecret("public", json_object_get(json, "RS256"))));
+        ParseSecret("private", json_object_get(json, "RS256"))));
   } else if (json_object_get(json, "RS384")) {
-    constructed.reset(new RS384Validator(ParseSecret("public", json_object_get(json, "RS256")),
-        ParseSecret("public", json_object_get(json, "RS384"))));
+    constructed.reset(new RS384Validator(ParseSecret("public", json_object_get(json, "RS384")),
+        ParseSecret("private", json_object_get(json, "RS384"))));
   } else if (json_object_get(json, "RS512")) {
-    constructed.reset(new RS512Validator(ParseSecret("public", json_object_get(json, "RS256")),
-        ParseSecret("public", json_object_get(json, "RS512"))));
+    constructed.reset(new RS512Validator(ParseSecret("public", json_object_get(json, "RS512")),
+        ParseSecret("private", json_object_get(json, "RS512"))));
   }
 
   if (constructed.get() == nullptr) {
@@ -141,13 +141,10 @@ MessageValidator *MessageValidatorFactory::Build(json_t *json) {
 
   if (!constructed.get()) {
     char *fail = json_dumps(json, 0);
-    if (fail) {
-      std::ostringstream msg;
-      msg << "Missing property at: " << fail;
-      free(fail);
-      throw std::logic_error(msg.str());
-    }
-    throw std::logic_error("Missing property");
+    std::ostringstream msg;
+    msg << "Missing validator property at: " << fail;
+    free(fail);
+    throw std::logic_error(msg.str());
   }
 
   build_.push_back(constructed.get());
@@ -202,7 +199,11 @@ MessageValidator *MessageValidatorFactory::BuildKid(KidValidator *kid, json_t *k
 std::string MessageValidatorFactory::ParseSecret(const char *property, json_t *object) {
   json_t *secret = json_object_get(object, property);
   if (!secret) {
-    throw std::logic_error("There is no secret!");
+    std::ostringstream msg;
+    char* fail = object ? json_dumps(object, 0) : NULL;
+    msg <<  "parsing secret, property: " << property << " is missing from: " << fail;
+    free(fail);
+    throw std::logic_error(msg.str());
   }
 
   if (json_is_string(secret)) {
diff --git a/src/validators/rsavalidator.cpp b/src/validators/rsavalidator.cpp
@@ -124,16 +124,14 @@ std::string RSAValidator::toJson() const {
 
     if (private_key_) {
       msg << ", ";
+      BIO *out = BIO_new(BIO_s_mem());
+      PEM_write_bio_PrivateKey(out, private_key_, NULL, NULL, 0, 0, NULL);
+      uint64_t len = BIO_get_mem_data(out, &key);
+      std::string privkey = std::string(key, len);
+      msg << "\"private\" : \"" << std::regex_replace(privkey, newline, "\\n") << "\"";
+      BIO_free(out);
     }
   }
-  if (private_key_) {
-    BIO *out = BIO_new(BIO_s_mem());
-    PEM_write_bio_PUBKEY(out, private_key_);
-    uint64_t len = BIO_get_mem_data(out, &key);
-    std::string privkey = std::string(key, len);
-    msg << "\"private\" : \"" << std::regex_replace(privkey, newline, "\\n") << "\"";
-    BIO_free(out);
-  }
 
   msg << "} }";
   return msg.str();
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
@@ -34,7 +34,4 @@ ENDIF(ENABLE_GPERF_TOOLS MATCHES "ON")
 ADD_EXECUTABLE (all_tests all.cpp)
 SET_PROPERTY(TARGET all_tests PROPERTY CXX_STANDARD 11)
 TARGET_LINK_LIBRARIES (all_tests jwt gtest_main)
-
-IF(CMAKE_BUILD_TYPE MATCHES DEBUG)
-  SETUP_TARGET_FOR_COVERAGE("cov_all_tests" all_tests coverage)
-ENDIF(CMAKE_BUILD_TYPE MATCHES DEBUG)
+SETUP_TARGET_FOR_COVERAGE("cov_all_tests" all_tests coverage)
diff --git a/test/token/token_test.cpp b/test/token/token_test.cpp
@@ -43,6 +43,17 @@ TEST_F(TokenTest, bad_format_tokens) {
       "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ");
   BadHeader("foo");
   BadHeader("......");
+
+  // Bad JSON header
+  BadHeader("eyB7IGZvbyB9."
+      "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9."
+      "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ");
+
+  // Bad JSON payload
+  BadHeader("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
+      "eyB7IGZvbyB9."
+      "eyB7IGZvbyB9");
+
 }
 
 TEST_F(TokenTest, valid_hs256) {
@@ -73,13 +84,40 @@ TEST_F(TokenTest, encoded_token_has_duplicates) {
   ASSERT_THROW(JWT::Decode(token, &validator_, &lst_), InvalidTokenError);
 }
 
+TEST_F(TokenTest, token_with_large_wrong_signature) {
+
+  std::string token =
+    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
+    "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9."
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
+    "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQTJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
+    ASSERT_THROW(JWT::Decode(token, &validator_, &lst_), InvalidTokenError);
+}
+
 TEST_F(TokenTest, encoded_token_missing_alg) {
   std::string noAlg = "eyJmb28iOiJIUzI1NiJ9."
     "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9."
     "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
   ASSERT_THROW(JWT::Decode(noAlg, &validator_, &lst_), InvalidTokenError);
 }
 
+TEST_F(TokenTest, bad_alg) {
+  std::string badAlg = "eyJhbGciOiJCTEEiLCJ0eXAiOiJKV1QifQ."
+  "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9."
+  "Pmjzsg4UPL6vKXK2pFGqH60qudcr4YHQ1e9Ddsl_ONo";
+  ASSERT_THROW(JWT::Decode(badAlg, &validator_, &lst_), InvalidSignatureError);
+}
+
 TEST_F(TokenTest, encoded_token_has_custom_header) {
   json_ptr json(json_pack("{ss, ss, sb}", "sub", "1234567890", "name", "John Doe", "admin", true));
   json_ptr header(json_pack("{ss}", "foo", "bar"));
@@ -107,6 +145,7 @@ TEST_F(TokenTest, just_parse) {
   EXPECT_TRUE(token.get() != NULL);
 }
 
+
 TEST_F(TokenTest, parse_and_validate_bad_signature) {
   HS256Validator hs256("Not the right secret");
   ASSERT_THROW(JWT::Decode(validToken_, &hs256), InvalidSignatureError);
diff --git a/test/validators/claim_validators_factory_test.cpp b/test/validators/claim_validators_factory_test.cpp
@@ -33,11 +33,23 @@ TEST(parse_test, any_not_a_list) {
   ASSERT_THROW(ClaimValidatorFactory::Build(json), std::logic_error);
 }
 
+TEST(parse_test, iss_not_a_stringlist) {
+  std::string json = "{ \"iss\" : [ { \"foo\" : \"bar\" } , \"zz\" ]}";
+  ASSERT_THROW(ClaimValidatorFactory::Build(json), std::logic_error);
+}
+
 TEST(parse_test, optional_exp) {
   std::string json = "{ \"optional\" : { \"exp\" : { \"leeway\" : 32} } }";
   claim_ptr valid(ClaimValidatorFactory::Build(json));
   EXPECT_NE(nullptr, valid.get());
   EXPECT_STREQ("exp", valid->property());
+  json_ptr iat(json_pack("{si}", "iat", 9));
+  EXPECT_TRUE(valid->IsValid(iat.get()));
+}
+
+TEST(parse_test, optional_bad) {
+  std::string json = "{ \"optional\" : { \"foo\" : \"bar\" } }";
+  ASSERT_THROW(ClaimValidatorFactory::Build(json), std::logic_error);
 }
 
 TEST(parse_test, optional_empty) {
diff --git a/test/validators/claim_validators_test.cpp b/test/validators/claim_validators_test.cpp
@@ -5,15 +5,29 @@
 #include "jwt/claimvalidator.h"
 #include "jwt/listclaimvalidator.h"
 #include "jwt/timevalidator.h"
+#include <unistd.h>
 
 // Test for the various validators.
+TEST(clock, clock_test) {
+  UtcClock clk;
+  uint64_t now = clk.Now();
+  sleep(1);
+  uint64_t later = clk.Now();
+  EXPECT_LT(now, later);
+}
 
 TEST(iat_test, before) {
   json_ptr json(json_pack("{si}", "iat", 9));
   IatValidator iat(0, &fakeClock);
   EXPECT_TRUE(iat.IsValid(json.get()));
 }
 
+TEST(iat_test, negative) {
+  json_ptr json(json_pack("{si}", "iat", -9));
+  IatValidator iat(0, &fakeClock);
+  ASSERT_THROW(iat.IsValid(json.get()), InvalidClaimError);
+}
+
 TEST(iat_test, wrong_type) {
   json_ptr json(json_pack("{si}", "iat", "foo"));
   IatValidator iat(0, &fakeClock);
@@ -207,6 +221,17 @@ TEST(any_test, no_aud_no_sub) {
   ASSERT_THROW(any.IsValid(json.get()), InvalidClaimError);
 }
 
+TEST(all_test, has_sub_no_aud) {
+  json_ptr json(json_pack("{ss}", "sub", "foo"));
+  AudValidator aud(accepted, 2);
+  SubValidator sub(accepted, 2);
+
+  ClaimValidator *claims[] = {&aud, &sub};
+  AllClaimValidator all(claims, 2);
+
+  ASSERT_THROW(all.IsValid(json.get()), InvalidClaimError);
+}
+
 TEST(all_test, no_aud) {
   json_ptr json(json_pack("{ss}", "sub", "foo"));
   AudValidator aud(accepted, 2);
diff --git a/test/validators/validators_factory_test.cpp b/test/validators/validators_factory_test.cpp
diff --git a/test/validators/validators_test.cpp b/test/validators/validators_test.cpp

Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,7 @@ JWT JWT::Decode(const char jws_token, size_t num_jws_token, MessageValidator *`
`132`	`132`	`str_ptr dec_header(new char[num_dec_header]);`
`133`	`133`
`134`	`134`	`if (Base64Encode::DecodeUrl(header, num_header, dec_header.get(), &num_dec_header) != 0) {`
	`135`	`+ // This cannot happen, as we have checked for valid characters already..`
`135`	`136`	`throw std::logic_error("validated header block has invalid characters");`
`136`	`137`	`}`
`137`	`138`
`@@ -163,6 +164,7 @@ json_t JWT::ExtractPayload(const char payload, size_t num_payload) {`
`163`	`164`	`str_ptr dec_payload(new char[num_dec_payload]);`
`164`	`165`
`165`	`166`	`if (Base64Encode::DecodeUrl(payload, num_payload, dec_payload.get(), &num_dec_payload) != 0) {`
	`167`	`+ // This cannot happen, as we have checked for valid characters already..`
`166`	`168`	`throw std::logic_error("validated block has base64 error in payload");`
`167`	`169`	`}`
`168`	`170`
`@@ -171,7 +173,7 @@ json_t JWT::ExtractPayload(const char payload, size_t num_payload) {`
`171`	`173`	`json_error_t error;`
`172`	`174`	`json_t *json = json_loads(dec_payload.get(), JSON_REJECT_DUPLICATES, &error);`
`173`	`175`	`if (!json) {`
`174`		`- throw TokenFormatError(std::string("header contains invalid json, ") += error.text);`
	`176`	`+ throw TokenFormatError(std::string("payload contains invalid json, ") += error.text);`
`175`	`177`	`}`
`176`	`178`	`return json;`
`177`	`179`	`}`
`@@ -205,6 +207,7 @@ bool JWT::VerifySignature(json_t header_claims_, const char header,`
`205`	`207`	`}`
`206`	`208`
`207`	`209`	`if (Base64Encode::DecodeUrl(signature, num_signature, dec_signature, &num_dec_signature)) {`
	`210`	`+ // Shouldn't happen. At this point the token contains valid base64 chars.`
`208`	`211`	`throw std::logic_error("validated block has base64 error in signature");`
`209`	`212`	`}`
`210`	`213`
Original file line number	Diff line number	Diff line change
`@@ -38,8 +38,7 @@ AllClaimValidator::AllClaimValidator(std::vector<ClaimValidator*> validators) :`
`38`	`38`
`39`	`39`	`bool AllClaimValidator::IsValid(const json_t *claimset) const {`
`40`	`40`	`for (auto validator : validators_) {`
`41`		`- if (!validator->IsValid(claimset))`
`42`		`- return false;`
	`41`	`+ validator->IsValid(claimset);`
`43`	`42`	`}`
`44`	`43`	`return true;`
`45`	`44`	`}`