Completed
Push — master ( b3d39b...4bb3f1 )
by Luís
16s queued 12s
created

builderShouldRaiseExceptionWhenKeyIsInvalid()   A

Complexity

Conditions 1
Paths 1

Size

Total Lines 12
Code Lines 8

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 1
eloc 8
c 1
b 0
f 0
nc 1
nop 0
dl 0
loc 12
rs 10
1
<?php
2
declare (strict_types=1);
3
4
namespace Lcobucci\JWT\FunctionalTests;
5
6
use InvalidArgumentException;
7
use Lcobucci\JWT\Configuration;
8
use Lcobucci\JWT\Keys;
9
use Lcobucci\JWT\Signer\Ecdsa\Sha256;
10
use Lcobucci\JWT\Signer\Ecdsa\Sha512;
11
use Lcobucci\JWT\Signer\Key;
12
use Lcobucci\JWT\Token;
13
use Lcobucci\JWT\Validation\Constraint\SignedWith;
14
use Lcobucci\JWT\Validation\InvalidToken;
15
use PHPUnit\Framework\TestCase;
16
17
class ES512TokenTest extends TestCase
18
{
19
    use Keys;
20
21
    /**
22
     * @var Configuration
23
     */
24
    private $config;
25
26
    /**
27
     * @before
28
     */
29
    public function createConfiguration(): void
30
    {
31
        $this->config = Configuration::forAsymmetricSigner(
32
            Sha512::create(),
33
            static::$ecdsaKeys['private_ec512'],
34
            static::$ecdsaKeys['public_ec512']
35
        );
36
    }
37
38
    /**
39
     * @test
40
     *
41
     * @covers \Lcobucci\JWT\Configuration
42
     * @covers \Lcobucci\JWT\Token\Builder
43
     * @covers \Lcobucci\JWT\Token\Plain
44
     * @covers \Lcobucci\JWT\Token\DataSet
45
     * @covers \Lcobucci\JWT\Token\Signature
46
     * @covers \Lcobucci\JWT\Signer\Key
47
     * @covers \Lcobucci\JWT\Signer\Ecdsa
48
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
49
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha256
50
     * @covers \Lcobucci\JWT\Signer\OpenSSL
51
     */
52
    public function builderShouldRaiseExceptionWhenKeyIsInvalid(): void
53
    {
54
        $builder = $this->config->createBuilder();
55
56
        $this->expectException(InvalidArgumentException::class);
57
        $this->expectExceptionMessage('It was not possible to parse your key, reason:');
58
59
        $builder->identifiedBy('1')
60
            ->permittedFor('http://client.abc.com')
61
            ->issuedBy('http://api.abc.com')
62
            ->withClaim('user', ['name' => 'testing', 'email' => '[email protected]'])
63
            ->getToken($this->config->getSigner(), new Key('testing'));
64
    }
65
66
    /**
67
     * @test
68
     *
69
     * @covers \Lcobucci\JWT\Configuration
70
     * @covers \Lcobucci\JWT\Token\Builder
71
     * @covers \Lcobucci\JWT\Token\Plain
72
     * @covers \Lcobucci\JWT\Token\DataSet
73
     * @covers \Lcobucci\JWT\Token\Signature
74
     * @covers \Lcobucci\JWT\Signer\Key
75
     * @covers \Lcobucci\JWT\Signer\Ecdsa
76
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
77
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha256
78
     * @covers \Lcobucci\JWT\Signer\OpenSSL
79
     */
80
    public function builderShouldRaiseExceptionWhenKeyIsNotEcdsaCompatible(): void
81
    {
82
        $builder = $this->config->createBuilder();
83
84
        $this->expectException(InvalidArgumentException::class);
85
        $this->expectExceptionMessage('This key is not compatible with this signer');
86
87
        $builder->identifiedBy('1')
88
            ->permittedFor('http://client.abc.com')
89
            ->issuedBy('http://api.abc.com')
90
            ->withClaim('user', ['name' => 'testing', 'email' => '[email protected]'])
91
            ->getToken($this->config->getSigner(), static::$rsaKeys['private']);
92
    }
93
94
    /**
95
     * @test
96
     *
97
     * @covers \Lcobucci\JWT\Configuration
98
     * @covers \Lcobucci\JWT\Token\Builder
99
     * @covers \Lcobucci\JWT\Token\Plain
100
     * @covers \Lcobucci\JWT\Token\DataSet
101
     * @covers \Lcobucci\JWT\Token\Signature
102
     * @covers \Lcobucci\JWT\Signer\Key
103
     * @covers \Lcobucci\JWT\Signer\Ecdsa
104
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
105
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512
106
     * @covers \Lcobucci\JWT\Signer\OpenSSL
107
     */
108
    public function builderCanGenerateAToken(): Token
109
    {
110
        $user    = ['name' => 'testing', 'email' => '[email protected]'];
111
        $builder = $this->config->createBuilder();
112
113
        $token = $builder->identifiedBy('1')
114
            ->permittedFor('http://client.abc.com')
115
            ->permittedFor('http://client2.abc.com')
116
            ->issuedBy('http://api.abc.com')
117
            ->withClaim('user', $user)
118
            ->withHeader('jki', '1234')
119
            ->getToken($this->config->getSigner(), $this->config->getSigningKey());
120
121
        self::assertEquals('1234', $token->headers()->get('jki'));
122
        self::assertEquals('http://api.abc.com', $token->claims()->get(Token\RegisteredClaims::ISSUER));
123
        self::assertEquals($user, $token->claims()->get('user'));
124
125
        self::assertEquals(
126
            ['http://client.abc.com', 'http://client2.abc.com'],
127
            $token->claims()->get(Token\RegisteredClaims::AUDIENCE)
128
        );
129
130
        return $token;
131
    }
132
133
    /**
134
     * @test
135
     * @depends builderCanGenerateAToken
136
     *
137
     * @covers \Lcobucci\JWT\Configuration
138
     * @covers \Lcobucci\JWT\Token\Builder
139
     * @covers \Lcobucci\JWT\Token\Parser
140
     * @covers \Lcobucci\JWT\Token\Plain
141
     * @covers \Lcobucci\JWT\Token\DataSet
142
     * @covers \Lcobucci\JWT\Token\Signature
143
     * @covers \Lcobucci\JWT\Signer\Ecdsa
144
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
145
     * @covers \Lcobucci\JWT\Signer\OpenSSL
146
     */
147
    public function parserCanReadAToken(Token $generated): void
148
    {
149
        /** @var Token\Plain $read */
150
        $read = $this->config->getParser()->parse((string) $generated);
151
152
        self::assertEquals($generated, $read);
153
        self::assertEquals('testing', $read->claims()->get('user')['name']);
154
    }
155
156
    /**
157
     * @test
158
     * @depends builderCanGenerateAToken
159
     *
160
     * @covers \Lcobucci\JWT\Configuration
161
     * @covers \Lcobucci\JWT\Token\Builder
162
     * @covers \Lcobucci\JWT\Token\Parser
163
     * @covers \Lcobucci\JWT\Token\Plain
164
     * @covers \Lcobucci\JWT\Token\DataSet
165
     * @covers \Lcobucci\JWT\Token\Signature
166
     * @covers \Lcobucci\JWT\Signer\Key
167
     * @covers \Lcobucci\JWT\Signer\Ecdsa
168
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
169
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512
170
     * @covers \Lcobucci\JWT\Signer\OpenSSL
171
     * @covers \Lcobucci\JWT\Validation\Validator
172
     * @covers \Lcobucci\JWT\Validation\InvalidToken
173
     * @covers \Lcobucci\JWT\Validation\Constraint\SignedWith
174
     */
175
    public function signatureAssertionShouldRaiseExceptionWhenKeyIsNotRight(Token $token): void
176
    {
177
        $this->expectException(InvalidToken::class);
178
        $this->expectExceptionMessage('The token violates some mandatory constraints');
179
180
        $this->config->getValidator()->assert(
181
            $token,
182
            new SignedWith(
183
                $this->config->getSigner(),
184
                self::$ecdsaKeys['public2_ec512']
185
            )
186
        );
187
    }
188
189
    /**
190
     * @test
191
     * @depends builderCanGenerateAToken
192
     *
193
     * @covers \Lcobucci\JWT\Configuration
194
     * @covers \Lcobucci\JWT\Token\Builder
195
     * @covers \Lcobucci\JWT\Token\Parser
196
     * @covers \Lcobucci\JWT\Token\Plain
197
     * @covers \Lcobucci\JWT\Token\DataSet
198
     * @covers \Lcobucci\JWT\Token\Signature
199
     * @covers \Lcobucci\JWT\Signer\Key
200
     * @covers \Lcobucci\JWT\Signer\Ecdsa
201
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
202
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha256
203
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512
204
     * @covers \Lcobucci\JWT\Signer\OpenSSL
205
     * @covers \Lcobucci\JWT\Validation\Validator
206
     * @covers \Lcobucci\JWT\Validation\InvalidToken
207
     * @covers \Lcobucci\JWT\Validation\Constraint\SignedWith
208
     */
209
    public function signatureAssertionShouldRaiseExceptionWhenAlgorithmIsDifferent(Token $token): void
210
    {
211
        $this->expectException(InvalidToken::class);
212
        $this->expectExceptionMessage('The token violates some mandatory constraints');
213
214
        $this->config->getValidator()->assert(
215
            $token,
216
            new SignedWith(
217
                Sha256::create(),
218
                self::$ecdsaKeys['public_ec512']
219
            )
220
        );
221
    }
222
223
    /**
224
     * @test
225
     * @depends builderCanGenerateAToken
226
     *
227
     * @covers \Lcobucci\JWT\Configuration
228
     * @covers \Lcobucci\JWT\Token\Builder
229
     * @covers \Lcobucci\JWT\Token\Parser
230
     * @covers \Lcobucci\JWT\Token\Plain
231
     * @covers \Lcobucci\JWT\Token\DataSet
232
     * @covers \Lcobucci\JWT\Token\Signature
233
     * @covers \Lcobucci\JWT\Signer\Key
234
     * @covers \Lcobucci\JWT\Signer\Ecdsa
235
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
236
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512
237
     * @covers \Lcobucci\JWT\Signer\OpenSSL
238
     * @covers \Lcobucci\JWT\Validation\Validator
239
     * @covers \Lcobucci\JWT\Validation\InvalidToken
240
     * @covers \Lcobucci\JWT\Validation\Constraint\SignedWith
241
     */
242
    public function signatureAssertionShouldRaiseExceptionWhenKeyIsNotEcdsaCompatible(Token $token): void
243
    {
244
        $this->expectException(InvalidArgumentException::class);
245
        $this->expectExceptionMessage('This key is not compatible with this signer');
246
247
        $this->config->getValidator()->assert(
248
            $token,
249
            new SignedWith($this->config->getSigner(), self::$rsaKeys['public'])
250
        );
251
    }
252
253
    /**
254
     * @test
255
     * @depends builderCanGenerateAToken
256
     *
257
     * @covers \Lcobucci\JWT\Configuration
258
     * @covers \Lcobucci\JWT\Token\Builder
259
     * @covers \Lcobucci\JWT\Token\Parser
260
     * @covers \Lcobucci\JWT\Token\Plain
261
     * @covers \Lcobucci\JWT\Token\DataSet
262
     * @covers \Lcobucci\JWT\Token\Signature
263
     * @covers \Lcobucci\JWT\Signer\Key
264
     * @covers \Lcobucci\JWT\Signer\Ecdsa
265
     * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter
266
     * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512
267
     * @covers \Lcobucci\JWT\Signer\OpenSSL
268
     * @covers \Lcobucci\JWT\Validation\Validator
269
     * @covers \Lcobucci\JWT\Validation\Constraint\SignedWith
270
     */
271
    public function signatureValidationShouldSucceedWhenKeyIsRight(Token $token): void
272
    {
273
        $constraint = new SignedWith(
274
            $this->config->getSigner(),
275
            $this->config->getVerificationKey()
276
        );
277
278
        self::assertTrue($this->config->getValidator()->validate($token, $constraint));
279
    }
280
}
281