forked from hyperledger-archives/aries-framework-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcredential_jws_test.go
132 lines (103 loc) · 3.54 KB
/
credential_jws_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/*
Copyright SecureKey Technologies Inc. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package verifiable
import (
"crypto/rand"
"crypto/rsa"
"encoding/json"
"testing"
"github.com/square/go-jose/v3"
"github.com/square/go-jose/v3/jwt"
"github.com/stretchr/testify/require"
"github.com/hyperledger/aries-framework-go/pkg/doc/signature/verifier"
"github.com/hyperledger/aries-framework-go/pkg/kms"
)
func TestJWTCredClaimsMarshalJWS(t *testing.T) {
signer, err := newCryptoSigner(kms.RSARS256Type)
require.NoError(t, err)
vc, err := parseTestCredential(t, []byte(validCredential))
require.NoError(t, err)
jwtClaims, err := vc.JWTClaims(true)
require.NoError(t, err)
t.Run("Marshal signed JWT", func(t *testing.T) {
jws, err := jwtClaims.MarshalJWS(RS256, signer, "any")
require.NoError(t, err)
vcBytes, err := decodeCredJWS(jws, true, func(issuerID, keyID string) (*verifier.PublicKey, error) {
return &verifier.PublicKey{
Type: kms.RSARS256,
Value: signer.PublicKeyBytes(),
}, nil
})
require.NoError(t, err)
vcRaw := new(rawCredential)
err = json.Unmarshal(vcBytes, &vcRaw)
require.NoError(t, err)
require.NoError(t, err)
require.Equal(t, vc.stringJSON(t), vcRaw.stringJSON(t))
})
}
type invalidCredClaims struct {
*jwt.Claims
Credential int `json:"vc,omitempty"`
}
func TestCredJWSDecoderUnmarshal(t *testing.T) {
signer, err := newCryptoSigner(kms.RSARS256Type)
require.NoError(t, err)
pkFetcher := func(_, _ string) (*verifier.PublicKey, error) { //nolint:unparam
return &verifier.PublicKey{
Type: kms.RSARS256,
Value: signer.PublicKeyBytes(),
}, nil
}
validJWS := createRS256JWS(t, []byte(jwtTestCredential), signer, false)
t.Run("Successful JWS decoding", func(t *testing.T) {
vcBytes, err := decodeCredJWS(string(validJWS), true, pkFetcher)
require.NoError(t, err)
vcRaw := new(rawCredential)
err = json.Unmarshal(vcBytes, &vcRaw)
require.NoError(t, err)
vc, err := parseTestCredential(t, []byte(jwtTestCredential))
require.NoError(t, err)
require.Equal(t, vc.stringJSON(t), vcRaw.stringJSON(t))
})
t.Run("Invalid serialized JWS", func(t *testing.T) {
jws, err := decodeCredJWS("invalid JWS", true, pkFetcher)
require.Error(t, err)
require.Contains(t, err.Error(), "unmarshal VC JWT claims")
require.Nil(t, jws)
})
t.Run("Invalid format of \"vc\" claim", func(t *testing.T) {
privKey, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err)
key := jose.SigningKey{Algorithm: jose.RS256, Key: privKey}
signer, err := jose.NewSigner(key, &jose.SignerOptions{})
require.NoError(t, err)
claims := &invalidCredClaims{
Claims: &jwt.Claims{},
Credential: 55, // "vc" claim of invalid format
}
jwtCompact, err := jwt.Signed(signer).Claims(claims).CompactSerialize()
require.NoError(t, err)
jws, err := decodeCredJWS(jwtCompact, true, pkFetcher)
require.Error(t, err)
require.Contains(t, err.Error(), "unmarshal VC JWT claims")
require.Nil(t, jws)
})
t.Run("Invalid signature of JWS", func(t *testing.T) {
pkFetcherOther := func(issuerID, keyID string) (*verifier.PublicKey, error) {
// use public key of VC Holder (while expecting to use the ones of Issuer)
holderSigner, err := newCryptoSigner(kms.RSARS256Type)
require.NoError(t, err)
return &verifier.PublicKey{
Type: kms.RSARS256,
Value: holderSigner.PublicKeyBytes(),
}, nil
}
jws, err := decodeCredJWS(string(validJWS), true, pkFetcherOther)
require.Error(t, err)
require.Contains(t, err.Error(), "unmarshal VC JWT claims")
require.Nil(t, jws)
})
}