-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsigner_test.go
73 lines (63 loc) · 1.45 KB
/
signer_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// SPDX-FileCopyrightText: 2025 Comcast Cable Communications Management, LLC
// SPDX-License-Identifier: Apache-2.0
package jwskeychain
import (
"crypto/x509"
"errors"
"testing"
"github.com/lestrrat-go/jwx/v2/jwa"
"github.com/stretchr/testify/require"
"github.com/xmidt-org/jwskeychain/keychaintest"
)
func TestSigner(t *testing.T) {
unknownErr := errors.New("unknown error")
chain, err := keychaintest.New(keychaintest.Desc("leaf<-ica<-root"))
require.NoError(t, err)
require.NotNil(t, chain)
tests := []struct {
desc string
alg jwa.SignatureAlgorithm
private any
certs []keychaintest.Node
err error
}{
{
desc: "empty chain",
alg: jwa.ES256,
err: ErrInvalidx509Chain,
}, {
desc: "root cert",
alg: jwa.ES256,
certs: chain,
}, {
desc: "invalid symmetric alg",
alg: jwa.HS256,
certs: chain,
err: ErrInvalidAlg,
}, {
desc: "invalid symmetric alg",
alg: jwa.NoSignature,
certs: chain,
err: ErrInvalidAlg,
},
}
for _, tc := range tests {
t.Run(tc.desc, func(t *testing.T) {
certs := make([]*x509.Certificate, len(tc.certs))
for i := range tc.certs {
certs[i] = tc.certs[i].Public
}
got, err := Signer(tc.alg, tc.private, certs)
if tc.err != nil {
require.Error(t, err)
require.Nil(t, got)
if !errors.Is(tc.err, unknownErr) {
require.ErrorIs(t, err, tc.err)
}
return
}
require.NoError(t, err)
require.NotNil(t, got)
})
}
}