Skip to content

Commit 217af05

Browse files
hzalazhzalaz
committed
Improve tests
1 parent 5ce3b8c commit 217af05

2 files changed

Lines changed: 35 additions & 5 deletions

File tree

src/test/java/com/auth0/jwt/JWTVerifierRsa256Test.java

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,16 @@
11
package com.auth0.jwt;
22

3+
import com.auth0.jwt.pem.X509CertUtils;
4+
import org.apache.commons.codec.binary.Base64;
35
import org.junit.Test;
46

7+
import java.io.File;
8+
import java.nio.file.Files;
59
import java.security.PublicKey;
610
import java.security.SignatureException;
11+
import java.security.cert.X509Certificate;
12+
import java.util.HashMap;
13+
import java.util.Map;
714

815
import static com.auth0.jwt.pem.PemReader.readPublicKey;
916
import static junit.framework.TestCase.assertNotNull;
@@ -13,10 +20,10 @@
1320
*/
1421
public class JWTVerifierRsa256Test {
1522

16-
public final static String RESOURCES_DIR = "src/test/resources/auth0-pem/";
17-
public final static String MISMATCHED_RESOURCES_DIR = "src/test/resources/test-pem/";
18-
public final static String PUBLIC_KEY_PEM_FILENAME = "key.pem";
19-
public final static String MISMATCHED_PUBLIC_KEY_PEM_FILENAME = "test-auth0.pem";
23+
private final static String RESOURCES_DIR = "src/test/resources/auth0-pem/";
24+
private final static String MISMATCHED_RESOURCES_DIR = "src/test/resources/test-pem/";
25+
private final static String PUBLIC_KEY_PEM_FILENAME = "key.pem";
26+
private final static String MISMATCHED_PUBLIC_KEY_PEM_FILENAME = "test-auth0.pem";
2027

2128

2229

@@ -67,7 +74,7 @@ public void shouldFailOnInvalidJWTTokenSignature() throws Exception {
6774

6875
/**
6976
* Here we modify the payload section on an otherwise legal JWT Token and check verification using the correct Public Key and
70-
* unaltered JWT signnature (which now doesn't match the payload) fails
77+
* unaltered JWT signature (which now doesn't match the payload) fails
7178
*/
7279
@Test(expected = SignatureException.class)
7380
public void shouldFailOnInvalidJWTTokenPayload() throws Exception {
@@ -81,5 +88,19 @@ public void shouldFailOnInvalidJWTTokenPayload() throws Exception {
8188
new JWTVerifier(publicKey, "audience").verifySignature(token.split("\\."), Algorithm.RS256);
8289
}
8390

91+
@Test(expected = IllegalStateException.class)
92+
public void shouldFailWithJwtThaHasTamperedAlgorithm() throws Exception {
93+
final File file = new File(RESOURCES_DIR + PUBLIC_KEY_PEM_FILENAME);
94+
final byte[] data = Files.readAllBytes(file.toPath());
95+
JWTSigner signer = new JWTSigner(data);
96+
Map<String, Object> claims = new HashMap<>();
97+
claims.put("sub", "userid");
98+
JWTSigner.Options options = new JWTSigner.Options();
99+
options.setAlgorithm(Algorithm.HS256);
100+
String jwt = signer.sign(claims, options);
101+
new JWTVerifier(data).verify(jwt);
102+
final PublicKey publicKey = readPublicKey(RESOURCES_DIR + PUBLIC_KEY_PEM_FILENAME);
103+
new JWTVerifier(publicKey).verify(jwt);
104+
}
84105
}
85106

src/test/java/com/auth0/jwt/JWTVerifierTest.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,15 @@ public void shouldVerifySignature() throws Exception {
103103
.verifySignature(jws.split("\\."), Algorithm.HS256);
104104
}
105105

106+
@Test
107+
public void shouldFailWithJwtThaHasTamperedAlgorithm() throws Exception {
108+
expectedException.expect(IllegalStateException.class);
109+
String tamperedAlg = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLCJleHAiOjEzMDA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.QRsN2SlYJ3EEn7P9dnZGsq9tjyv3giOWzZJzhy67zZs";
110+
byte[] secret = decoder.decode("AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow");
111+
JWTVerifier verifier = new JWTVerifier(secret);
112+
verifier.verify(tamperedAlg);
113+
}
114+
106115
@Test
107116
public void shouldFailWhenExpired1SecondAgo() throws Exception {
108117
expectedException.expect(JWTExpiredException.class);

0 commit comments

Comments
 (0)