1# Copyright 2021 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14"""Tests for tink.python.tink.jwt._jwt_key_templates.""" 15 16from absl.testing import absltest 17from absl.testing import parameterized 18 19import tink 20from tink import jwt 21 22 23def setUpModule(): 24 jwt.register_jwt_mac() 25 jwt.register_jwt_signature() 26 27 28class JwtKeyTemplatesTest(parameterized.TestCase): 29 30 @parameterized.named_parameters([ 31 ('JWT_HS256', jwt.jwt_hs256_template()), 32 ('JWT_HS256_RAW', jwt.raw_jwt_hs256_template()), 33 ('JWT_HS384', jwt.jwt_hs384_template()), 34 ('JWT_HS384_RAW', jwt.raw_jwt_hs384_template()), 35 ('JWT_HS512', jwt.jwt_hs512_template()), 36 ('JWT_HS512_RAW', jwt.raw_jwt_hs512_template()), 37 ]) 38 def test_mac_success(self, key_template): 39 keyset_handle = tink.new_keyset_handle(key_template) 40 jwt_hmac = keyset_handle.primitive(jwt.JwtMac) 41 token = jwt.new_raw_jwt( 42 issuer='issuer', subject='subject', without_expiration=True) 43 compact = jwt_hmac.compute_mac_and_encode(token) 44 output_token = jwt_hmac.verify_mac_and_decode( 45 compact, 46 jwt.new_validator( 47 expected_issuer='issuer', 48 allow_missing_expiration=True)) 49 self.assertEqual(output_token.issuer(), token.issuer()) 50 self.assertEqual(output_token.subject(), token.subject()) 51 52 @parameterized.named_parameters([ 53 ('JWT_ES256', jwt.jwt_es256_template()), 54 ('JWT_ES256_RAW', jwt.raw_jwt_es256_template()), 55 ('JWT_ES384', jwt.jwt_es384_template()), 56 ('JWT_ES384_RAW', jwt.raw_jwt_es384_template()), 57 ('JWT_ES512', jwt.jwt_es512_template()), 58 ('JWT_ES512_RAW', jwt.raw_jwt_es512_template()), 59 ('JWT_RS256_2048_F4', jwt.jwt_rs256_2048_f4_template()), 60 ('JWT_RS256_2048_F4_RAW', jwt.raw_jwt_rs256_2048_f4_template()), 61 ('JWT_RS256_3072_F4', jwt.jwt_rs256_3072_f4_template()), 62 ('JWT_RS256_3072_F4_RAW', jwt.raw_jwt_rs256_3072_f4_template()), 63 ('JWT_RS384_3072_F4', jwt.jwt_rs384_3072_f4_template()), 64 ('JWT_RS384_3072_F4_RAW', jwt.raw_jwt_rs384_3072_f4_template()), 65 ('JWT_RS512_4096_F4', jwt.jwt_rs512_4096_f4_template()), 66 ('JWT_RS512_4096_F4_RAW', jwt.raw_jwt_rs512_4096_f4_template()), 67 ('JWT_PS256_2048_F4', jwt.jwt_ps256_2048_f4_template()), 68 ('JWT_PS256_2048_F4_RAW', jwt.raw_jwt_ps256_2048_f4_template()), 69 ('JWT_PS256_3072_F4', jwt.jwt_ps256_3072_f4_template()), 70 ('JWT_PS256_3072_F4_RAW', jwt.raw_jwt_ps256_3072_f4_template()), 71 ('JWT_PS384_3072_F4', jwt.jwt_ps384_3072_f4_template()), 72 ('JWT_PS384_3072_F4_RAW', jwt.raw_jwt_ps384_3072_f4_template()), 73 ('JWT_PS512_4096_F4', jwt.jwt_ps512_4096_f4_template()), 74 ('JWT_PS512_4096_F4_RAW', jwt.raw_jwt_ps512_4096_f4_template()), 75 ]) 76 def test_new_keydata_primitive_success(self, template): 77 private_handle = tink.new_keyset_handle(template) 78 sign = private_handle.primitive(jwt.JwtPublicKeySign) 79 verify = private_handle.public_keyset_handle().primitive( 80 jwt.JwtPublicKeyVerify) 81 raw_jwt = jwt.new_raw_jwt( 82 issuer='issuer', subject='subject', without_expiration=True) 83 compact = sign.sign_and_encode(raw_jwt) 84 verified_jwt = verify.verify_and_decode( 85 compact, 86 jwt.new_validator( 87 expected_issuer='issuer', 88 allow_missing_expiration=True)) 89 self.assertEqual(verified_jwt.issuer(), 'issuer') 90 self.assertEqual(verified_jwt.subject(), 'subject') 91 92if __name__ == '__main__': 93 absltest.main() 94