MCPcopy
hub / github.com/golang-jwt/jwt / TestRSAPSSSaltLengthCompatibility

Function TestRSAPSSSaltLengthCompatibility

rsa_pss_test.go:101–132  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

99}
100
101func TestRSAPSSSaltLengthCompatibility(t *testing.T) {
102 // Fails token verify, if salt length is auto.
103 ps256SaltLengthEqualsHash := &jwt.SigningMethodRSAPSS{
104 SigningMethodRSA: jwt.SigningMethodPS256.SigningMethodRSA,
105 Options: &rsa.PSSOptions{
106 SaltLength: rsa.PSSSaltLengthEqualsHash,
107 },
108 }
109
110 // Behaves as before https://github.com/dgrijalva/jwt-go/issues/285 fix.
111 ps256SaltLengthAuto := &jwt.SigningMethodRSAPSS{
112 SigningMethodRSA: jwt.SigningMethodPS256.SigningMethodRSA,
113 Options: &rsa.PSSOptions{
114 SaltLength: rsa.PSSSaltLengthAuto,
115 },
116 }
117 if !verify(t, jwt.SigningMethodPS256, makeToken(ps256SaltLengthEqualsHash)) {
118 t.Error("SigningMethodPS256 should accept salt length that is defined in RFC")
119 }
120 if !verify(t, ps256SaltLengthEqualsHash, makeToken(jwt.SigningMethodPS256)) {
121 t.Error("Sign by SigningMethodPS256 should have salt length that is defined in RFC")
122 }
123 if !verify(t, jwt.SigningMethodPS256, makeToken(ps256SaltLengthAuto)) {
124 t.Error("SigningMethodPS256 should accept auto salt length to be compatible with previous versions")
125 }
126 if !verify(t, ps256SaltLengthAuto, makeToken(jwt.SigningMethodPS256)) {
127 t.Error("Sign by SigningMethodPS256 should be accepted by previous versions")
128 }
129 if verify(t, ps256SaltLengthEqualsHash, makeToken(ps256SaltLengthAuto)) {
130 t.Error("Auto salt length should be not accepted, when RFC salt length is required")
131 }
132}
133
134func makeToken(method jwt.SigningMethod) string {
135 token := jwt.NewWithClaims(method, jwt.RegisteredClaims{

Callers

nothing calls this directly

Calls 3

verifyFunction · 0.85
makeTokenFunction · 0.85
ErrorMethod · 0.80

Tested by

no test coverage detected