File: jwk_spec.rb

package info (click to toggle)
ruby-json-jwt 1.6.2-1%2Bdeb9u1
links: PTS, VCS
area: main
in suites: stretch
size: 292 kB
sloc: ruby: 2,120; makefile: 3
file content (188 lines) | stat: -rw-r--r-- 5,491 bytes
require 'spec_helper'

describe JSON::JWK do
  describe '#initialize' do
    let(:jwk) { JSON::JWK.new key }
    subject { jwk }

    shared_examples_for :jwk_with_kid do
      it { should be_instance_of JSON::JWK }
      describe 'kid' do
        subject { jwk[:kid] }
        it { should == jwk.thumbprint }
      end
    end

    shared_examples_for :jwk_without_kid do
      it { should be_instance_of JSON::JWK }
      describe 'kid' do
        subject { jwk[:kid] }
        it { should be_blank }
      end
    end

    context 'with OpenSSL::PKey::RSA' do
      let(:key) { public_key }
      it_behaves_like :jwk_with_kid
    end

    context 'with OpenSSL::PKey::EC' do
      let(:key) { public_key :ecdsa }
      it_behaves_like :jwk_with_kid
    end

    context 'with String' do
      let(:key) { 'secret' }
      it_behaves_like :jwk_with_kid
    end

    context 'with JSON::JWK' do
      let(:key) do
        JSON::JWK.new(
          k: 'secret',
          kty: :oct
        )
      end
      it_behaves_like :jwk_with_kid
    end

    context 'with Hash' do
      let(:key) do
        {
          k: 'secret',
          kty: :oct
        }
      end
      it_behaves_like :jwk_with_kid
    end

    context 'with nothing' do
      let(:jwk) { JSON::JWK.new }
      it_behaves_like :jwk_without_kid
    end
  end

  describe '#content_type' do
    let(:jwk) { JSON::JWK.new public_key }
    it do
      jwk.content_type.should == 'application/jwk+json'
    end
  end

  context 'when RSA public key given' do
    let(:jwk) { JSON::JWK.new public_key }
    it { jwk.keys.collect(&:to_sym).should include :kty, :e, :n }
    its(:kty) { jwk[:kty].should == :RSA }
    its(:e) { jwk[:e].should == UrlSafeBase64.encode64(public_key.e.to_s(2)) }
    its(:n) { jwk[:n].should == UrlSafeBase64.encode64(public_key.n.to_s(2)) }

    context 'when kid/use options given' do
      let(:jwk) { JSON::JWK.new public_key, kid: '12345', use: :sig }
      it { jwk.keys.collect(&:to_sym).should include :kid, :use }
      its(:kid) { jwk[:kid].should == '12345' }
      its(:use) { jwk[:use].should == :sig }
    end

    describe '#thumbprint' do
      context 'using default hash function' do
        subject { jwk.thumbprint }
        it { should == 'nuBTimkcSt_AuEsD8Yv3l8CoGV31bu_3gsRDGN1iVKA' }
      end

      context 'using SHA512 hash function' do
        subject { jwk.thumbprint :SHA512 }
        it { should == '6v7pXTnQLMiQgvJlPJUdhAUSuGLzgF8C1r3ABAMFet6bc53ea-Pq4ZGbGu3RoAFsNRT1-RhTzDqtqXuLU6NOtw' }
      end
    end

    describe '#to_key' do
      it { jwk.to_key.should be_instance_of OpenSSL::PKey::RSA }
    end
  end

  context 'when EC public key given' do
    let(:jwk) { JSON::JWK.new public_key(:ecdsa) }
    let(:expected_coordinates) do
      {
        256 => {
          x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
          y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
        },
        384 => {
          x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
          y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
        },
        512 => {
          x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
          y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
        }
      }
    end

    [256, 384, 512].each do |digest_length|
      describe "EC#{digest_length}" do
        let(:jwk) { JSON::JWK.new public_key(:ecdsa, digest_length: digest_length) }
        it { jwk.keys.collect(&:to_sym).should include :kty, :crv, :x, :y }
        its(:kty) { jwk[:kty].should == :EC }
        its(:x) { jwk[:x].should == expected_coordinates[digest_length][:x] }
        its(:y) { jwk[:y].should == expected_coordinates[digest_length][:y] }
      end
    end

    describe 'unknown curve' do
      it do
        key = OpenSSL::PKey::EC.new('secp112r2').generate_key
        expect do
          JSON::JWK.new key
        end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown EC Curve'
      end
    end

    describe '#thumbprint' do
      context 'using default hash function' do
        subject { jwk.thumbprint }
        it { should == '-egRpLjyZCqxBh4OOfd8JSvXwayHmNFAUNkbi8exfhc' }
      end

      context 'using SHA512 hash function' do
        subject { jwk.thumbprint :SHA512 }
        it { should == 'B_yXDZJ9doudaVCj5q5vqxshvVtW2IFnz_ypvRt5O60gemkDAhO78L6YMyTWH0ZRm15cO2_laTSaNO9yZQFsvQ' }
      end
    end

    describe '#to_key' do
      it { jwk.to_key.should be_instance_of OpenSSL::PKey::EC }
    end
  end

  context 'when shared secret given' do
    let(:jwk) { JSON::JWK.new 'secret' }
    its(:kty) { jwk[:kty].should == :oct }
    its(:x) { jwk[:k].should == 'secret' }

    describe '#thumbprint' do
      context 'using default hash function' do
        subject { jwk.thumbprint }
        it { should == 'XZPWsTEZFIerowAF9GHzBtq5CkAOcVvIBnkMu0IIQH0' }
      end

      context 'using SHA512 hash function' do
        subject { jwk.thumbprint :SHA512 }
        it { should == 'rK7EtcEe9Xr0kryR9lNnyOTRe7Vb_BglbTBtbcVG2LzvL26_PFaMCwOtiUiXWfCK-wV8vcxjmvbcvV4ZxDE0FQ' }
      end
    end

    describe '#to_key' do
      it { jwk.to_key.should be_instance_of String }
    end
  end

  describe 'unknown key type' do
    it do
      key = OpenSSL::PKey::DSA.generate 256
      expect do
        JSON::JWK.new key
      end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
    end
  end
end