-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy patha256cbc_hmac_test.go
92 lines (83 loc) · 2.33 KB
/
a256cbc_hmac_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package joseprimitives
import (
"crypto/ecdh"
"crypto/rand"
"encoding/base64"
"encoding/json"
"strings"
"testing"
"github.com/stretchr/testify/require"
)
func mustGenerateKey(t *testing.T, c ecdh.Curve) *ecdh.PrivateKey {
var (
priv *ecdh.PrivateKey
err error
)
switch c {
case ecdh.P256():
priv, err = ecdh.P256().GenerateKey(rand.Reader)
case ecdh.P384():
priv, err = ecdh.P384().GenerateKey(rand.Reader)
case ecdh.P521():
priv, err = ecdh.P521().GenerateKey(rand.Reader)
case ecdh.X25519():
priv, err = ecdh.X25519().GenerateKey(rand.Reader)
default:
require.Fail(t, "unsupported curve")
}
require.NoError(t, err)
return priv
}
func TestEncryptDecryptPxx(t *testing.T) {
tests := []struct {
name string
recipient *ecdh.PrivateKey
sender *ecdh.PrivateKey
plaintext string
encriptionOptions []encryptionOption
expectedHeaders map[string]interface{}
}{
{
name: "Valid encryption and decryption: P-384",
recipient: mustGenerateKey(t, ecdh.P384()),
sender: mustGenerateKey(t, ecdh.P384()),
plaintext: "plaintext",
encriptionOptions: []encryptionOption{
WithKid("kid"),
WithSkid("skid"),
},
expectedHeaders: map[string]interface{}{
HeaderKeyKid: "kid",
HeaderKeySkid: "skid",
},
},
{
name: "Valid encryption and decryption: x25519",
recipient: mustGenerateKey(t, ecdh.X25519()),
sender: mustGenerateKey(t, ecdh.X25519()),
plaintext: "plaintext",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
jweToken, err := Encrypt(
tt.recipient.PublicKey(), tt.sender, []byte(tt.plaintext), tt.encriptionOptions...)
require.NoError(t, err)
h := decodeHeaders(t, jweToken)
require.Equal(t, tt.expectedHeaders[HeaderKeyKid], h[HeaderKeyKid])
require.Equal(t, tt.expectedHeaders[HeaderKeySkid], h[HeaderKeySkid])
raw, err := Decrypt(tt.recipient, tt.sender.PublicKey(), jweToken)
require.NoError(t, err)
require.Equal(t, tt.plaintext, string(raw))
})
}
}
func decodeHeaders(t *testing.T, token string) map[string]interface{} {
var h map[string]interface{}
parts := strings.Split(token, ".")
require.Len(t, parts, 5)
headersBytes, err := base64.URLEncoding.DecodeString(parts[0])
require.NoError(t, err)
require.NoError(t, json.Unmarshal(headersBytes, &h))
return h
}