1# Copyright 2021 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13"""Tests for tink.python.tink.jwt._verified_jwt.""" 14 15import datetime 16 17from absl.testing import absltest 18from tink import jwt 19 20ISSUED_AT = datetime.datetime.fromtimestamp(1582230020, datetime.timezone.utc) 21NOT_BEFORE = datetime.datetime.fromtimestamp(1893553445, datetime.timezone.utc) 22EXPIRATION = datetime.datetime.fromtimestamp(2218027244, datetime.timezone.utc) 23 24 25class VerifiedJwtTest(absltest.TestCase): 26 27 def test_empty(self): 28 token = jwt.VerifiedJwt._create(jwt.new_raw_jwt(without_expiration=True)) 29 with self.assertRaises(KeyError): 30 token.type_header() 31 with self.assertRaises(KeyError): 32 token.issuer() 33 with self.assertRaises(KeyError): 34 token.subject() 35 with self.assertRaises(KeyError): 36 token.jwt_id() 37 with self.assertRaises(KeyError): 38 token.audiences() 39 with self.assertRaises(KeyError): 40 token.expiration() 41 with self.assertRaises(KeyError): 42 token.issued_at() 43 with self.assertRaises(KeyError): 44 token.not_before() 45 with self.assertRaises(KeyError): 46 token.custom_claim('unknown') 47 self.assertFalse(token.has_issuer()) 48 self.assertFalse(token.has_subject()) 49 self.assertFalse(token.has_jwt_id()) 50 self.assertFalse(token.has_audiences()) 51 self.assertFalse(token.has_expiration()) 52 self.assertFalse(token.has_issued_at()) 53 self.assertFalse(token.has_not_before()) 54 55 def test_full(self): 56 token = jwt.VerifiedJwt._create( 57 jwt.new_raw_jwt( 58 type_header='TypeHeader', 59 issuer='Issuer', 60 subject='Subject', 61 jwt_id='JWT ID', 62 audiences=['bob', 'eve'], 63 expiration=EXPIRATION, 64 issued_at=ISSUED_AT, 65 not_before=NOT_BEFORE)) 66 self.assertTrue(token.has_type_header()) 67 self.assertEqual(token.type_header(), 'TypeHeader') 68 self.assertTrue(token.has_issuer()) 69 self.assertEqual(token.issuer(), 'Issuer') 70 self.assertTrue(token.has_subject()) 71 self.assertEqual(token.subject(), 'Subject') 72 self.assertTrue(token.has_jwt_id()) 73 self.assertEqual(token.jwt_id(), 'JWT ID') 74 self.assertTrue(token.has_audiences()) 75 self.assertEqual(token.audiences(), ['bob', 'eve']) 76 self.assertTrue(token.has_expiration()) 77 self.assertEqual(token.expiration(), EXPIRATION) 78 self.assertTrue(token.has_issued_at()) 79 self.assertEqual(token.issued_at(), ISSUED_AT) 80 self.assertTrue(token.has_not_before()) 81 self.assertEqual(token.not_before(), NOT_BEFORE) 82 83 def test_custom_claims(self): 84 custom_claims = {'string': 'value', 85 'boolean': True, 86 'number': 123.456, 87 'integer': 123, 88 'null': None, 89 'array': [1, None, 'Bob', 2.2, {'foo': 'bar'}], 90 'object': {'one': {'two': 3}}} 91 token = token = jwt.VerifiedJwt._create( 92 jwt.new_raw_jwt(custom_claims=custom_claims, without_expiration=True)) 93 self.assertCountEqual( 94 token.custom_claim_names(), 95 {'string', 'boolean', 'number', 'integer', 'null', 'array', 'object'}) 96 self.assertEqual(token.custom_claim('string'), 'value') 97 self.assertEqual(token.custom_claim('boolean'), True) 98 self.assertEqual(token.custom_claim('number'), 123.456) 99 self.assertEqual(token.custom_claim('integer'), 123) 100 self.assertIsNone(token.custom_claim('null')) 101 self.assertEqual( 102 token.custom_claim('array'), 103 [1, None, 'Bob', 2.2, {'foo': 'bar'}]) 104 self.assertEqual(token.custom_claim('object'), {'one': {'two': 3}}) 105 106 107if __name__ == '__main__': 108 absltest.main() 109