Added a few more tests

ThalesGroup · Nov 12, 2019 · 5e7aba5 · 5e7aba5
1 parent 664b120
commit 5e7aba5
Show file tree

Hide file tree

Showing 2 changed files with 212 additions and 2 deletions.
diff --git a/helpers_test.go b/helpers_test.go
@@ -25,6 +25,7 @@ import (
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/rsa"
+	"math/big"
 	"regexp"
 	"testing"
 
@@ -33,7 +34,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestGenerateKID(t *testing.T) {
+func TestGenerateKidRSA(t *testing.T) {
 	// Setup
 	var jwk jose.PublicRsaKey
 	jwk.N.SetBytes([]byte("12345678"))
@@ -47,7 +48,21 @@ func TestGenerateKID(t *testing.T) {
 	assert.Regexp(t, regexp.MustCompile("^[a-z0-9]{64}$"), uid)
 }
 
-func TestPrivateKeySerializeationAndDeserialization(t *testing.T) {
+func TestGenerateKidEC(t *testing.T) {
+	// Setup
+	var jwk jose.PublicEcKey
+	jwk.X.SetBytes([]byte("12345678"))
+	jwk.Y.SetBytes([]byte("87654321"))
+
+	// Act
+	uid, err := CalculateKeyID(&jwk)
+
+	// Assert
+	assert.NoError(t, err)
+	assert.Regexp(t, regexp.MustCompile("^[a-z0-9]{64}$"), uid)
+}
+
+func TestPrivateKeySerializationAndDeserialization(t *testing.T) {
 	// Setup
 	expectedOps := []jose.KeyOps{jose.KeyOpsSign}
 	originalKey, err := rsa.GenerateKey(rand.Reader, 2048)
@@ -134,6 +149,9 @@ func TestAESKeySerializationAndDeserialization(t *testing.T) {
 	assert.NoError(t, err)
 	jwk32, err = JwkFromSymmetric(key32, jose.AlgA256GCM)
 	assert.NoError(t, err)
+	jwkNil, err := JwkFromSymmetric(key32, "Illegal")
+	assert.Nil(t, jwkNil)
+	assert.Error(t, err, ErrUnsupportedKeyType)
 
 	var out16, out24, out32 []byte
 	out16, err = loadSymmetricBytes(jwk16, nil)
@@ -289,3 +307,70 @@ func TestRsaBitsToAlg(t *testing.T) {
 		assert.Equal(t, test.expected, result)
 	}
 }
+
+func TestFromBase64(t *testing.T) {
+
+	expected := big.NewInt(210)
+
+	result, err := fromBase64("0g")
+
+	assert.Equal(t, expected, result)
+	assert.Nil(t, err)
+
+}
+
+func TestFromBase64Fail(t *testing.T) {
+
+	result, err := fromBase64("uic%^&")
+
+	assert.Nil(t, result)
+	assert.NotNil(t, err)
+
+}
+
+func TestEcBitsToAlg(t *testing.T) {
+
+	testCases := []struct {
+		input    int
+		expected jose.Alg
+	}{
+		{
+			input:    256,
+			expected: jose.AlgES256,
+		},
+		{
+			input:    384,
+			expected: jose.AlgES384,
+		},
+		{
+			input:    521,
+			expected: jose.AlgES512,
+		},
+		{
+			input:    1024,
+			expected: jose.Alg("Unsupported"),
+		},
+
+	}
+	// Act + Assert
+	for _, test := range testCases {
+		result := ecBitsToAlg(test.input)
+		assert.Equal(t, test.expected, result)
+	}
+}
+
+func TestJwkToString(t *testing.T) {
+	// Setup
+	expectedOps := []jose.KeyOps{jose.KeyOpsVerify}
+	originalKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	require.NoError(t, err)
+
+	// Act
+	jwk, err := JwkFromPublicKey(originalKey.Public(), expectedOps, nil)
+	require.NoError(t, err)
+
+	jwkString, err := JwkToString(jwk)
+
+	assert.Nil(t, err)
+	assert.Regexp(t, regexp.MustCompile(`{"key_ops":\["verify\"\],"alg":"PS256","kid":"[a-f0-9]{64}","n":"[a-zA-Z0-9-_]+","e":"[0-9A-Z]{4}","kty":"RSA"}`), jwkString)
+}
diff --git a/keystore_test.go b/keystore_test.go
@@ -58,3 +58,128 @@ func TestNewTrustKeyStore(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotNil(t, store)
 }
+
+func TestNewTrustKeyStoreNoKid(t *testing.T) {
+	// Setup
+	keys := map[string]jose.Jwk{
+		"issuer": &jose.PublicRsaKey{},
+	}
+
+	// Act
+	store, err := NewTrustKeyStore(keys)
+
+	// Assert
+	assert.Error(t, err, ErrInvalidKey)
+	assert.Nil(t, store)
+}
+
+func TestAddExisting(t *testing.T) {
+	// Setup
+	keys := map[string]jose.Jwk{
+		"issuer": &jose.PublicRsaKey{},
+	}
+	for _, key := range keys {
+		key.SetKid("123456")
+	}
+	// Act
+	store, err := NewTrustKeyStore(keys)
+
+	// Assert
+	assert.NoError(t, err)
+	assert.NotNil(t, store)
+
+	for issuer, jwk := range keys {
+		err = store.Add(issuer, jwk)
+	}
+
+	// Assert
+	assert.NoError(t, err)
+
+}
+
+func TestRemove(t *testing.T) {
+	// Setup
+	keys := map[string]jose.Jwk{
+		"issuer": &jose.PublicRsaKey{},
+	}
+	for _, key := range keys {
+		key.SetKid("123456")
+	}
+	// Act
+	store, err := NewTrustKeyStore(keys)
+
+	// Assert
+	assert.NoError(t, err)
+	assert.NotNil(t, store)
+
+	for issuer, jwk := range keys {
+		result := store.Remove(issuer, jwk.Kid())
+		assert.True(t, result)
+	}
+
+}
+
+func TestRemoveNoKey(t *testing.T) {
+	// Setup
+	keys := map[string]jose.Jwk{
+		"issuer": &jose.PublicRsaKey{},
+	}
+	for _, key := range keys {
+		key.SetKid("123456")
+	}
+	// Act
+	store, err := NewTrustKeyStore(keys)
+
+	// Assert
+	assert.NoError(t, err)
+	assert.NotNil(t, store)
+
+	result := store.Remove("invalid", "98765")
+	assert.False(t, result)
+
+}
+
+func TestGet(t *testing.T) {
+	// Setup
+	keys := map[string]jose.Jwk{
+		"issuer": &jose.PublicRsaKey{},
+	}
+	for _, key := range keys {
+		key.SetKid("123456")
+		key.SetAlg(jose.AlgRS512)
+		key.SetOps(validVerificationOps)
+	}
+	// Act
+	store, err := NewTrustKeyStore(keys)
+
+	// Assert
+	assert.NoError(t, err)
+	assert.NotNil(t, store)
+
+	key := store.Get("issuer", "123456")
+	assert.NotNil(t, key)
+
+}
+
+func TestGetFail(t *testing.T) {
+	// Setup
+	keys := map[string]jose.Jwk{
+		"issuer": &jose.PublicRsaKey{},
+	}
+	for _, key := range keys {
+		key.SetKid("123456")
+		key.SetAlg(jose.AlgRS512)
+		key.SetOps(validVerificationOps)
+	}
+	// Act
+	store, err := NewTrustKeyStore(keys)
+
+	// Assert
+	assert.NoError(t, err)
+	assert.NotNil(t, store)
+
+	key := store.Get("unknown", "98765")
+	assert.Nil(t, key)
+
+}
+