Skip to content
This repository has been archived by the owner on Apr 17, 2024. It is now read-only.

Commit

Permalink
Use parametrized tests in JwkSetConverterTest.java.
Browse files Browse the repository at this point in the history
Also, remove debugging output.

PiperOrigin-RevId: 620046474
  • Loading branch information
juergw authored and copybara-github committed Mar 28, 2024
1 parent 0fdbac7 commit 40510c4
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 41 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,7 @@ java_test(
"//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
"//src/main/java/com/google/crypto/tink:key_templates",
"//src/main/java/com/google/crypto/tink:registry_cluster",
"//src/main/java/com/google/crypto/tink:registry_configuration",
"//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format",
"//src/main/java/com/google/crypto/tink:tink_proto_keyset_format",
"//src/main/java/com/google/crypto/tink/jwt:jwk_set_converter",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.KeyTemplates;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.RegistryConfiguration;
import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
import com.google.crypto.tink.TinkProtoKeysetFormat;
import com.google.crypto.tink.proto.KeyData;
Expand All @@ -41,11 +42,14 @@
import java.util.HashSet;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.theories.DataPoints;
import org.junit.experimental.theories.FromDataPoints;
import org.junit.experimental.theories.Theories;
import org.junit.experimental.theories.Theory;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

/** Unit tests for JwkSetConverter */
@RunWith(JUnit4.class)
@RunWith(Theories.class)
public final class JwkSetConverterTest {

@Before
Expand Down Expand Up @@ -551,12 +555,10 @@ public void jwkPs256WithKid_isImportedAsRaw() throws Exception {
KeysetHandle expected =
TinkJsonProtoKeysetFormat.parseKeyset(
PS256_JWK_SET_KID_TINK, InsecureSecretKeyAccess.get());
System.out.println(
TinkJsonProtoKeysetFormat.serializeKeyset(converted, InsecureSecretKeyAccess.get()));
// The KeyID is picked at random, hence we just compare the keys.
assertTrue(converted.getAt(0).getKey().equalsKey(expected.getAt(0).getKey()));
}

@Test
public void jwkWithEmptyKid_kidIsPreserved() throws Exception {
String esWithEmptyKid = ES256_JWK_SET_KID.replace("\"ENgjPA\"", "\"\"");
Expand Down Expand Up @@ -589,46 +591,49 @@ public void toPublicKeysetHandleSetsKeyIdsAndPrimaryKeyId() throws Exception {
assertThat(ketsetInfo.getPrimaryKeyId()).isIn(keyIdSet);
}

@Test
public void convertTinkToJwksTokenVerification_success() throws Exception {
@DataPoints("templatesNames")
public static final String[] TEMPLATE_NAMES =
new String[] {
"JWT_ES256",
"JWT_ES384",
"JWT_ES512",
"JWT_ES256_RAW",
"JWT_RS256_2048_F4",
"JWT_RS256_3072_F4",
"JWT_RS384_3072_F4",
"JWT_RS512_4096_F4",
"JWT_RS256_2048_F4_RAW",
"JWT_PS256_2048_F4",
"JWT_PS256_3072_F4",
"JWT_PS384_3072_F4",
"JWT_PS512_4096_F4",
"JWT_PS256_2048_F4_RAW",
};

@Theory
public void convertTinkToJwksTokenVerification_success(
@FromDataPoints("templatesNames") String templateName) throws Exception {
if (TestUtil.isTsan()) {
// KeysetHandle.generateNew is too slow in Tsan.
return;
}
// TODO(juerg): Use parametrized tests once b/26110951 is resolved.
String[] templateNames = new String[] {
"JWT_ES256",
"JWT_ES384",
"JWT_ES512",
"JWT_ES256_RAW",
"JWT_RS256_2048_F4",
"JWT_RS256_3072_F4",
"JWT_RS384_3072_F4",
"JWT_RS512_4096_F4",
"JWT_RS256_2048_F4_RAW",
"JWT_PS256_2048_F4",
"JWT_PS256_3072_F4",
"JWT_PS384_3072_F4",
"JWT_PS512_4096_F4",
"JWT_PS256_2048_F4_RAW",
};
for (String templateName : templateNames) {
KeysetHandle keysetHandle = KeysetHandle.generateNew(KeyTemplates.get(templateName));

String jwksString =
JwkSetConverter.fromPublicKeysetHandle(keysetHandle.getPublicKeysetHandle());

KeysetHandle publicKeysetHandle = JwkSetConverter.toPublicKeysetHandle(jwksString);

JwtPublicKeySign signer = keysetHandle.getPrimitive(JwtPublicKeySign.class);
JwtPublicKeyVerify verifier = publicKeysetHandle.getPrimitive(JwtPublicKeyVerify.class);

RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
String signedCompact = signer.signAndEncode(rawToken);
JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
VerifiedJwt verifiedToken = verifier.verifyAndDecode(signedCompact, validator);
assertThat(verifiedToken.getJwtId()).isEqualTo("jwtId");
}
KeysetHandle keysetHandle = KeysetHandle.generateNew(KeyTemplates.get(templateName));

String jwksString =
JwkSetConverter.fromPublicKeysetHandle(keysetHandle.getPublicKeysetHandle());

KeysetHandle publicKeysetHandle = JwkSetConverter.toPublicKeysetHandle(jwksString);

JwtPublicKeySign signer =
keysetHandle.getPrimitive(RegistryConfiguration.get(), JwtPublicKeySign.class);
JwtPublicKeyVerify verifier =
publicKeysetHandle.getPrimitive(RegistryConfiguration.get(), JwtPublicKeyVerify.class);

RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
String signedCompact = signer.signAndEncode(rawToken);
JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
VerifiedJwt verifiedToken = verifier.verifyAndDecode(signedCompact, validator);
assertThat(verifiedToken.getJwtId()).isEqualTo("jwtId");
}

@Test
Expand Down

0 comments on commit 40510c4

Please sign in to comment.