2 --luacheck: ignore 631 |
2 --luacheck: ignore 631 |
3 |
3 |
4 describe("util.paseto", function () |
4 describe("util.paseto", function () |
5 local paseto = require "util.paseto"; |
5 local paseto = require "util.paseto"; |
6 local json = require "util.json"; |
6 local json = require "util.json"; |
7 |
7 local hex = require "util.hex"; |
8 local function parse_test_cases(json_test_cases) |
8 |
9 local input_cases = json.decode(json_test_cases); |
9 describe("v3.local", function () |
10 local output_cases = {}; |
10 local function parse_test_cases(json_test_cases) |
11 for _, case in ipairs(input_cases) do |
11 local input_cases = json.decode(json_test_cases); |
12 assert.is_string(case.name, "Bad test case: expected name"); |
12 local output_cases = {}; |
13 assert.is_nil(output_cases[case.name], "Bad test case: duplicate name"); |
13 for _, case in ipairs(input_cases) do |
14 output_cases[case.name] = function () |
14 assert.is_string(case.name, "Bad test case: expected name"); |
15 local verify_key = paseto.v4_public.import_public_key(case["public-key-pem"]); |
15 assert.is_nil(output_cases[case.name], "Bad test case: duplicate name"); |
16 local payload, err = paseto.v4_public.verify(case.token, verify_key, case.footer, case["implicit-assertion"]); |
16 output_cases[case.name] = function () |
17 if case["expect-fail"] then |
17 local key = hex.decode(case.key); |
18 assert.is_nil(payload); |
18 local payload, err = paseto.v3_local.decrypt(case.token, key, case.footer, case["implicit-assertion"]); |
19 else |
19 if case["expect-fail"] then |
20 assert.is_nil(err); |
20 assert.is_nil(payload); |
21 assert.same(json.decode(case.payload), payload); |
21 else |
22 end |
22 assert.is_nil(err); |
23 end; |
23 assert.same(json.decode(case.payload), payload); |
24 end |
24 end |
25 return output_cases; |
25 end; |
26 end |
26 end |
|
27 return output_cases; |
|
28 end |
|
29 |
|
30 local test_cases = parse_test_cases [=[[ |
|
31 { |
|
32 "name": "3-E-1", |
|
33 "expect-fail": false, |
|
34 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
35 "nonce": "0000000000000000000000000000000000000000000000000000000000000000", |
|
36 "token": "v3.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbfcIURX_0pVZVU1mAESUzrKZAsRm2EsD6yBoZYn6cpVZNzSJOhSDN-sRaWjfLU-yn9OJH1J_B8GKtOQ9gSQlb8yk9Iza7teRdkiR89ZFyvPPsVjjFiepFUVcMa-LP18zV77f_crJrVXWa5PDNRkCSeHfBBeg", |
|
37 "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
38 "footer": "", |
|
39 "implicit-assertion": "" |
|
40 }, |
|
41 { |
|
42 "name": "3-E-2", |
|
43 "expect-fail": false, |
|
44 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
45 "nonce": "0000000000000000000000000000000000000000000000000000000000000000", |
|
46 "token": "v3.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbfcIURX_0pVZVU1mAESUzrKZAqhWxBMDgyBoZYn6cpVZNzSJOhSDN-sRaWjfLU-yn9OJH1J_B8GKtOQ9gSQlb8yk9IzZfaZpReVpHlDSwfuygx1riVXYVs-UjcrG_apl9oz3jCVmmJbRuKn5ZfD8mHz2db0A", |
|
47 "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
48 "footer": "", |
|
49 "implicit-assertion": "" |
|
50 }, |
|
51 { |
|
52 "name": "3-E-3", |
|
53 "expect-fail": false, |
|
54 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
55 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
56 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlxnt5xyhQjFJomwnt7WW_7r2VT0G704ifult011-TgLCyQ2X8imQhniG_hAQ4BydM", |
|
57 "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
58 "footer": "", |
|
59 "implicit-assertion": "" |
|
60 }, |
|
61 { |
|
62 "name": "3-E-4", |
|
63 "expect-fail": false, |
|
64 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
65 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
66 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlBZa_gOpVj4gv0M9lV6Pwjp8JS_MmaZaTA1LLTULXybOBZ2S4xMbYqYmDRhh3IgEk", |
|
67 "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
68 "footer": "", |
|
69 "implicit-assertion": "" |
|
70 }, |
|
71 { |
|
72 "name": "3-E-5", |
|
73 "expect-fail": false, |
|
74 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
75 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
76 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlkYSIbXOgVuIQL65UMdW9WcjOpmqvjqD40NNzed-XPqn1T3w-bJvitYpUJL_rmihc.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9", |
|
77 "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
78 "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}", |
|
79 "implicit-assertion": "" |
|
80 }, |
|
81 { |
|
82 "name": "3-E-6", |
|
83 "expect-fail": false, |
|
84 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
85 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
86 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJmSeEMphEWHiwtDKJftg41O1F8Hat-8kQ82ZIAMFqkx9q5VkWlxZke9ZzMBbb3Znfo.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9", |
|
87 "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
88 "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}", |
|
89 "implicit-assertion": "" |
|
90 }, |
|
91 { |
|
92 "name": "3-E-7", |
|
93 "expect-fail": false, |
|
94 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
95 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
96 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJkzWACWAIoVa0bz7EWSBoTEnS8MvGBYHHo6t6mJunPrFR9JKXFCc0obwz5N-pxFLOc.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9", |
|
97 "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
98 "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}", |
|
99 "implicit-assertion": "{\"test-vector\":\"3-E-7\"}" |
|
100 }, |
|
101 { |
|
102 "name": "3-E-8", |
|
103 "expect-fail": false, |
|
104 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
105 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
106 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJmZHSSKYR6AnPYJV6gpHtx6dLakIG_AOPhu8vKexNyrv5_1qoom6_NaPGecoiz6fR8.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9", |
|
107 "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
108 "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}", |
|
109 "implicit-assertion": "{\"test-vector\":\"3-E-8\"}" |
|
110 }, |
|
111 { |
|
112 "name": "3-E-9", |
|
113 "expect-fail": false, |
|
114 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
115 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
116 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlk1nli0_wijTH_vCuRwckEDc82QWK8-lG2fT9wQF271sgbVRVPjm0LwMQZkvvamqU.YXJiaXRyYXJ5LXN0cmluZy10aGF0LWlzbid0LWpzb24", |
|
117 "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}", |
|
118 "footer": "arbitrary-string-that-isn't-json", |
|
119 "implicit-assertion": "{\"test-vector\":\"3-E-9\"}" |
|
120 }, |
|
121 { |
|
122 "name": "3-F-3", |
|
123 "expect-fail": true, |
|
124 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
125 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
126 "token": "v4.local.1JgN1UG8TFAYS49qsx8rxlwh-9E4ONUm3slJXYi5EibmzxpF0Q-du6gakjuyKCBX8TvnSLOKqCPu8Yh3WSa5yJWigPy33z9XZTJF2HQ9wlLDPtVn_Mu1pPxkTU50ZaBKblJBufRA.YXJiaXRyYXJ5LXN0cmluZy10aGF0LWlzbid0LWpzb24", |
|
127 "payload": null, |
|
128 "footer": "arbitrary-string-that-isn't-json", |
|
129 "implicit-assertion": "{\"test-vector\":\"3-F-3\"}" |
|
130 }, |
|
131 { |
|
132 "name": "3-F-4", |
|
133 "expect-fail": true, |
|
134 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
135 "nonce": "0000000000000000000000000000000000000000000000000000000000000000", |
|
136 "token": "v3.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbfcIURX_0pVZVU1mAESUzrKZAsRm2EsD6yBoZYn6cpVZNzSJOhSDN-sRaWjfLU-yn9OJH1J_B8GKtOQ9gSQlb8yk9Iza7teRdkiR89ZFyvPPsVjjFiepFUVcMa-LP18zV77f_crJrVXWa5PDNRkCSeHfBBeh", |
|
137 "payload": null, |
|
138 "footer": "", |
|
139 "implicit-assertion": "" |
|
140 }, |
|
141 { |
|
142 "name": "3-F-5", |
|
143 "expect-fail": true, |
|
144 "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2", |
|
145 "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", |
|
146 "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlkYSIbXOgVuIQL65UMdW9WcjOpmqvjqD40NNzed-XPqn1T3w-bJvitYpUJL_rmihc=.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9", |
|
147 "payload": null, |
|
148 "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}", |
|
149 "implicit-assertion": "" |
|
150 } |
|
151 ]]=]; |
|
152 for name, test in pairs(test_cases) do |
|
153 it("test case "..name, test); |
|
154 end |
|
155 |
|
156 describe("basic sign/verify", function () |
|
157 local key = paseto.v3_local.new_key(); |
|
158 local sign, verify = paseto.v3_local.init(key); |
|
159 |
|
160 local key2 = paseto.v3_local.new_key(); |
|
161 local sign2, verify2 = paseto.v3_local.init(key2); |
|
162 |
|
163 it("works", function () |
|
164 local payload = { foo = "hello world", b = { 1, 2, 3 } }; |
|
165 |
|
166 local tok = sign(payload); |
|
167 assert.same(payload, verify(tok)); |
|
168 assert.is_nil(verify2(tok)); |
|
169 end); |
|
170 |
|
171 it("rejects tokens if implicit assertion fails", function () |
|
172 local payload = { foo = "hello world", b = { 1, 2, 3 } }; |
|
173 local tok = sign(payload, nil, "my-custom-assertion"); |
|
174 assert.is_nil(verify(tok, nil, "my-incorrect-assertion")); |
|
175 assert.is_nil(verify(tok, nil, nil)); |
|
176 assert.same(payload, verify(tok, nil, "my-custom-assertion")); |
|
177 end); |
|
178 end); |
|
179 end); |
27 |
180 |
28 describe("v4.public", function () |
181 describe("v4.public", function () |
|
182 local function parse_test_cases(json_test_cases) |
|
183 local input_cases = json.decode(json_test_cases); |
|
184 local output_cases = {}; |
|
185 for _, case in ipairs(input_cases) do |
|
186 assert.is_string(case.name, "Bad test case: expected name"); |
|
187 assert.is_nil(output_cases[case.name], "Bad test case: duplicate name"); |
|
188 output_cases[case.name] = function () |
|
189 local verify_key = paseto.v4_public.import_public_key(case["public-key-pem"]); |
|
190 local payload, err = paseto.v4_public.verify(case.token, verify_key, case.footer, case["implicit-assertion"]); |
|
191 if case["expect-fail"] then |
|
192 assert.is_nil(payload); |
|
193 else |
|
194 assert.is_nil(err); |
|
195 assert.same(json.decode(case.payload), payload); |
|
196 end |
|
197 end; |
|
198 end |
|
199 return output_cases; |
|
200 end |
|
201 |
29 local test_cases = parse_test_cases [=[[ |
202 local test_cases = parse_test_cases [=[[ |
30 { |
203 { |
31 "name": "4-S-1", |
204 "name": "4-S-1", |
32 "expect-fail": false, |
205 "expect-fail": false, |
33 "public-key": "1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2", |
206 "public-key": "1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2", |