|
23 | 23 | import com.google.crypto.tink.InsecureSecretKeyAccess; |
24 | 24 | import com.google.crypto.tink.KeyTemplates; |
25 | 25 | import com.google.crypto.tink.KeysetHandle; |
| 26 | +import com.google.crypto.tink.RegistryConfiguration; |
26 | 27 | import com.google.crypto.tink.TinkJsonProtoKeysetFormat; |
27 | 28 | import com.google.crypto.tink.TinkProtoKeysetFormat; |
28 | 29 | import com.google.crypto.tink.proto.KeyData; |
|
41 | 42 | import java.util.HashSet; |
42 | 43 | import org.junit.Before; |
43 | 44 | import org.junit.Test; |
| 45 | +import org.junit.experimental.theories.DataPoints; |
| 46 | +import org.junit.experimental.theories.FromDataPoints; |
| 47 | +import org.junit.experimental.theories.Theories; |
| 48 | +import org.junit.experimental.theories.Theory; |
44 | 49 | import org.junit.runner.RunWith; |
45 | | -import org.junit.runners.JUnit4; |
46 | 50 |
|
47 | 51 | /** Unit tests for JwkSetConverter */ |
48 | | -@RunWith(JUnit4.class) |
| 52 | +@RunWith(Theories.class) |
49 | 53 | public final class JwkSetConverterTest { |
50 | 54 |
|
51 | 55 | @Before |
@@ -551,12 +555,10 @@ public void jwkPs256WithKid_isImportedAsRaw() throws Exception { |
551 | 555 | KeysetHandle expected = |
552 | 556 | TinkJsonProtoKeysetFormat.parseKeyset( |
553 | 557 | PS256_JWK_SET_KID_TINK, InsecureSecretKeyAccess.get()); |
554 | | - System.out.println( |
555 | | - TinkJsonProtoKeysetFormat.serializeKeyset(converted, InsecureSecretKeyAccess.get())); |
556 | 558 | // The KeyID is picked at random, hence we just compare the keys. |
557 | 559 | assertTrue(converted.getAt(0).getKey().equalsKey(expected.getAt(0).getKey())); |
558 | 560 | } |
559 | | - |
| 561 | + |
560 | 562 | @Test |
561 | 563 | public void jwkWithEmptyKid_kidIsPreserved() throws Exception { |
562 | 564 | String esWithEmptyKid = ES256_JWK_SET_KID.replace("\"ENgjPA\"", "\"\""); |
@@ -589,46 +591,49 @@ public void toPublicKeysetHandleSetsKeyIdsAndPrimaryKeyId() throws Exception { |
589 | 591 | assertThat(ketsetInfo.getPrimaryKeyId()).isIn(keyIdSet); |
590 | 592 | } |
591 | 593 |
|
592 | | - @Test |
593 | | - public void convertTinkToJwksTokenVerification_success() throws Exception { |
| 594 | + @DataPoints("templatesNames") |
| 595 | + public static final String[] TEMPLATE_NAMES = |
| 596 | + new String[] { |
| 597 | + "JWT_ES256", |
| 598 | + "JWT_ES384", |
| 599 | + "JWT_ES512", |
| 600 | + "JWT_ES256_RAW", |
| 601 | + "JWT_RS256_2048_F4", |
| 602 | + "JWT_RS256_3072_F4", |
| 603 | + "JWT_RS384_3072_F4", |
| 604 | + "JWT_RS512_4096_F4", |
| 605 | + "JWT_RS256_2048_F4_RAW", |
| 606 | + "JWT_PS256_2048_F4", |
| 607 | + "JWT_PS256_3072_F4", |
| 608 | + "JWT_PS384_3072_F4", |
| 609 | + "JWT_PS512_4096_F4", |
| 610 | + "JWT_PS256_2048_F4_RAW", |
| 611 | + }; |
| 612 | + |
| 613 | + @Theory |
| 614 | + public void convertTinkToJwksTokenVerification_success( |
| 615 | + @FromDataPoints("templatesNames") String templateName) throws Exception { |
594 | 616 | if (TestUtil.isTsan()) { |
595 | 617 | // KeysetHandle.generateNew is too slow in Tsan. |
596 | 618 | return; |
597 | 619 | } |
598 | | - // TODO(juerg): Use parametrized tests once b/26110951 is resolved. |
599 | | - String[] templateNames = new String[] { |
600 | | - "JWT_ES256", |
601 | | - "JWT_ES384", |
602 | | - "JWT_ES512", |
603 | | - "JWT_ES256_RAW", |
604 | | - "JWT_RS256_2048_F4", |
605 | | - "JWT_RS256_3072_F4", |
606 | | - "JWT_RS384_3072_F4", |
607 | | - "JWT_RS512_4096_F4", |
608 | | - "JWT_RS256_2048_F4_RAW", |
609 | | - "JWT_PS256_2048_F4", |
610 | | - "JWT_PS256_3072_F4", |
611 | | - "JWT_PS384_3072_F4", |
612 | | - "JWT_PS512_4096_F4", |
613 | | - "JWT_PS256_2048_F4_RAW", |
614 | | - }; |
615 | | - for (String templateName : templateNames) { |
616 | | - KeysetHandle keysetHandle = KeysetHandle.generateNew(KeyTemplates.get(templateName)); |
617 | | - |
618 | | - String jwksString = |
619 | | - JwkSetConverter.fromPublicKeysetHandle(keysetHandle.getPublicKeysetHandle()); |
620 | | - |
621 | | - KeysetHandle publicKeysetHandle = JwkSetConverter.toPublicKeysetHandle(jwksString); |
622 | | - |
623 | | - JwtPublicKeySign signer = keysetHandle.getPrimitive(JwtPublicKeySign.class); |
624 | | - JwtPublicKeyVerify verifier = publicKeysetHandle.getPrimitive(JwtPublicKeyVerify.class); |
625 | | - |
626 | | - RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build(); |
627 | | - String signedCompact = signer.signAndEncode(rawToken); |
628 | | - JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build(); |
629 | | - VerifiedJwt verifiedToken = verifier.verifyAndDecode(signedCompact, validator); |
630 | | - assertThat(verifiedToken.getJwtId()).isEqualTo("jwtId"); |
631 | | - } |
| 620 | + KeysetHandle keysetHandle = KeysetHandle.generateNew(KeyTemplates.get(templateName)); |
| 621 | + |
| 622 | + String jwksString = |
| 623 | + JwkSetConverter.fromPublicKeysetHandle(keysetHandle.getPublicKeysetHandle()); |
| 624 | + |
| 625 | + KeysetHandle publicKeysetHandle = JwkSetConverter.toPublicKeysetHandle(jwksString); |
| 626 | + |
| 627 | + JwtPublicKeySign signer = |
| 628 | + keysetHandle.getPrimitive(RegistryConfiguration.get(), JwtPublicKeySign.class); |
| 629 | + JwtPublicKeyVerify verifier = |
| 630 | + publicKeysetHandle.getPrimitive(RegistryConfiguration.get(), JwtPublicKeyVerify.class); |
| 631 | + |
| 632 | + RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build(); |
| 633 | + String signedCompact = signer.signAndEncode(rawToken); |
| 634 | + JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build(); |
| 635 | + VerifiedJwt verifiedToken = verifier.verifyAndDecode(signedCompact, validator); |
| 636 | + assertThat(verifiedToken.getJwtId()).isEqualTo("jwtId"); |
632 | 637 | } |
633 | 638 |
|
634 | 639 | @Test |
|
0 commit comments