xref: /aosp_15_r20/external/tink/cc/examples/jwt/jwt_signature_cli_test.sh (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1#!/bin/bash
2# Copyright 2021 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15################################################################################
16
17set -euo pipefail
18
19#############################################################################
20# Tests for Tink C++ JWT signature example.
21#############################################################################
22
23: "${TEST_TMPDIR:=$(mktemp -d)}"
24
25readonly CLI_SIGN="$1"
26readonly GEN_PUBLIC_JWK_SET_CLI="$2"
27readonly CLI_VERIFY="$3"
28readonly PRIVATE_KEYSET_FILE="$4"
29readonly PUBLIC_KEYSET_FILE="$5"
30readonly PUBLIC_JWK_SET_FILE="${TEST_TMPDIR}/public_jwk_set.json"
31readonly TOKEN_FILE="${TEST_TMPDIR}/token.json"
32readonly TEST_NAME="TinkCcExamplesJwtSignatureTest"
33
34readonly AUDIENCE="JWT audience"
35
36#######################################
37# A helper function for getting the return code of a command that may fail.
38# Temporarily disables error safety and stores return value in TEST_STATUS.
39#
40# Globals:
41#   TEST_STATUS
42# Arguments:
43#   Command to execute.
44#######################################
45test_command() {
46  set +e
47  "$@"
48  TEST_STATUS=$?
49  set -e
50}
51
52#######################################
53# Asserts that the outcome of the latest test command is 0.
54#
55# If not, it terminates the test execution.
56#
57# Globals:
58#   TEST_STATUS
59#   TEST_NAME
60#   TEST_CASE
61#######################################
62assert_command_succeeded() {
63  if (( TEST_STATUS != 0 )); then
64    echo "[   FAILED ] ${TEST_NAME}.${TEST_CASE}"
65    exit 1
66  fi
67}
68
69#######################################
70# Asserts that the outcome of the latest test command is not 0.
71#
72# If not, it terminates the test execution.
73#
74# Globals:
75#   TEST_STATUS
76#   TEST_NAME
77#   TEST_CASE
78#######################################
79assert_command_failed() {
80  if (( TEST_STATUS == 0 )); then
81      echo "[   FAILED ] ${TEST_NAME}.${TEST_CASE}"
82      exit 1
83  fi
84}
85
86#######################################
87# Starts a new test case; records the test case name to TEST_CASE.
88#
89# Globals:
90#   TEST_NAME
91#   TEST_CASE
92# Arguments:
93#   test_case: The name of the test case.
94#######################################
95start_test_case() {
96  TEST_CASE="$1"
97  echo "[ RUN      ] ${TEST_NAME}.${TEST_CASE}"
98}
99
100#######################################
101# Ends a test case printing a success message.
102#
103# Globals:
104#   TEST_NAME
105#   TEST_CASE
106#######################################
107end_test_case() {
108  echo "[       OK ] ${TEST_NAME}.${TEST_CASE}"
109}
110
111#############################################################################
112
113start_test_case "sign_verify_all_good"
114
115# Sign.
116test_command "${CLI_SIGN}" \
117  --keyset_filename "${PRIVATE_KEYSET_FILE}" \
118  --audience "${AUDIENCE}" \
119  --token_filename "${TOKEN_FILE}"
120assert_command_succeeded
121
122# Convert to JWK set.
123test_command "${GEN_PUBLIC_JWK_SET_CLI}" \
124  --public_keyset_filename "${PUBLIC_KEYSET_FILE}" \
125  --public_jwk_set_filename "${PUBLIC_JWK_SET_FILE}"
126assert_command_succeeded
127
128# Verify.
129test_command "${CLI_VERIFY}" \
130  --jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
131  --audience "${AUDIENCE}" \
132  --token_filename "${TOKEN_FILE}"
133assert_command_succeeded
134
135end_test_case
136
137#############################################################################
138
139start_test_case "verify_fails_with_invalid_token"
140
141# Sign.
142test_command "${CLI_SIGN}" \
143  --keyset_filename "${PRIVATE_KEYSET_FILE}" \
144  --audience "${AUDIENCE}" \
145  --token_filename "${TOKEN_FILE}"
146assert_command_succeeded
147
148# Invalid token.
149echo "modified" >> "${TOKEN_FILE}"
150
151# Verify.
152test_command "${CLI_VERIFY}" \
153  --jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
154  --audience "${AUDIENCE}" \
155  --token_filename "${TOKEN_FILE}"
156assert_command_failed
157
158end_test_case
159
160#############################################################################
161
162start_test_case "verify_fails_with_invalid_audience"
163
164# Sign.
165test_command "${CLI_SIGN}" \
166  --keyset_filename "${PRIVATE_KEYSET_FILE}" \
167  --audience "${AUDIENCE}" \
168  --token_filename "${TOKEN_FILE}"
169assert_command_succeeded
170
171# Modify audience.
172readonly INVALID_AUDIENCE="invalid audience"
173
174# Verify.
175test_command "${CLI_VERIFY}" \
176  --jwk_set_filename "${PUBLIC_JWK_SET_FILE}" \
177  --audience "${INVALID_AUDIENCE}" \
178  --token_filename "${TOKEN_FILE}"
179assert_command_failed
180
181end_test_case
182
183