| 99 | } |
| 100 | |
| 101 | func TestRSAPSSSaltLengthCompatibility(t *testing.T) { |
| 102 | // Fails token verify, if salt length is auto. |
| 103 | ps256SaltLengthEqualsHash := &jwt.SigningMethodRSAPSS{ |
| 104 | SigningMethodRSA: jwt.SigningMethodPS256.SigningMethodRSA, |
| 105 | Options: &rsa.PSSOptions{ |
| 106 | SaltLength: rsa.PSSSaltLengthEqualsHash, |
| 107 | }, |
| 108 | } |
| 109 | |
| 110 | // Behaves as before https://github.com/dgrijalva/jwt-go/issues/285 fix. |
| 111 | ps256SaltLengthAuto := &jwt.SigningMethodRSAPSS{ |
| 112 | SigningMethodRSA: jwt.SigningMethodPS256.SigningMethodRSA, |
| 113 | Options: &rsa.PSSOptions{ |
| 114 | SaltLength: rsa.PSSSaltLengthAuto, |
| 115 | }, |
| 116 | } |
| 117 | if !verify(t, jwt.SigningMethodPS256, makeToken(ps256SaltLengthEqualsHash)) { |
| 118 | t.Error("SigningMethodPS256 should accept salt length that is defined in RFC") |
| 119 | } |
| 120 | if !verify(t, ps256SaltLengthEqualsHash, makeToken(jwt.SigningMethodPS256)) { |
| 121 | t.Error("Sign by SigningMethodPS256 should have salt length that is defined in RFC") |
| 122 | } |
| 123 | if !verify(t, jwt.SigningMethodPS256, makeToken(ps256SaltLengthAuto)) { |
| 124 | t.Error("SigningMethodPS256 should accept auto salt length to be compatible with previous versions") |
| 125 | } |
| 126 | if !verify(t, ps256SaltLengthAuto, makeToken(jwt.SigningMethodPS256)) { |
| 127 | t.Error("Sign by SigningMethodPS256 should be accepted by previous versions") |
| 128 | } |
| 129 | if verify(t, ps256SaltLengthEqualsHash, makeToken(ps256SaltLengthAuto)) { |
| 130 | t.Error("Auto salt length should be not accepted, when RFC salt length is required") |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | func makeToken(method jwt.SigningMethod) string { |
| 135 | token := jwt.NewWithClaims(method, jwt.RegisteredClaims{ |