mirror of
https://github.com/golang/oauth2.git
synced 2025-07-21 00:00:09 +08:00
a870243201
The Raw (unpadded) version of URL encoding was introduced in Go 1.5. Since we no longer need to support Go 1.4 (and indeed, Go 1.4 won't work because of our dependency on golang.org/x/net/context), we can simplify the base64 encoding/decoding to use this directly. Fixes golang/oauth2#190. Change-Id: Ic2676edf5fe5b4d1680409fd9c02bd1c287ca39f Reviewed-on: https://go-review.googlesource.com/25000 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
92 lines
2.4 KiB
Go
92 lines
2.4 KiB
Go
// Copyright 2016 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package google
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"encoding/pem"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"golang.org/x/oauth2/jws"
|
|
)
|
|
|
|
func TestJWTAccessTokenSourceFromJSON(t *testing.T) {
|
|
// Generate a key we can use in the test data.
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Encode the key and substitute into our example JSON.
|
|
enc := pem.EncodeToMemory(&pem.Block{
|
|
Type: "PRIVATE KEY",
|
|
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
|
|
})
|
|
enc, err = json.Marshal(string(enc))
|
|
if err != nil {
|
|
t.Fatalf("json.Marshal: %v", err)
|
|
}
|
|
jsonKey := bytes.Replace(jwtJSONKey, []byte(`"super secret key"`), enc, 1)
|
|
|
|
ts, err := JWTAccessTokenSourceFromJSON(jsonKey, "audience")
|
|
if err != nil {
|
|
t.Fatalf("JWTAccessTokenSourceFromJSON: %v\nJSON: %s", err, string(jsonKey))
|
|
}
|
|
|
|
tok, err := ts.Token()
|
|
if err != nil {
|
|
t.Fatalf("Token: %v", err)
|
|
}
|
|
|
|
if got, want := tok.TokenType, "Bearer"; got != want {
|
|
t.Errorf("TokenType = %q, want %q", got, want)
|
|
}
|
|
if got := tok.Expiry; tok.Expiry.Before(time.Now()) {
|
|
t.Errorf("Expiry = %v, should not be expired", got)
|
|
}
|
|
|
|
err = jws.Verify(tok.AccessToken, &privateKey.PublicKey)
|
|
if err != nil {
|
|
t.Errorf("jws.Verify on AccessToken: %v", err)
|
|
}
|
|
|
|
claim, err := jws.Decode(tok.AccessToken)
|
|
if err != nil {
|
|
t.Fatalf("jws.Decode on AccessToken: %v", err)
|
|
}
|
|
|
|
if got, want := claim.Iss, "gopher@developer.gserviceaccount.com"; got != want {
|
|
t.Errorf("Iss = %q, want %q", got, want)
|
|
}
|
|
if got, want := claim.Sub, "gopher@developer.gserviceaccount.com"; got != want {
|
|
t.Errorf("Sub = %q, want %q", got, want)
|
|
}
|
|
if got, want := claim.Aud, "audience"; got != want {
|
|
t.Errorf("Aud = %q, want %q", got, want)
|
|
}
|
|
|
|
// Finally, check the header private key.
|
|
parts := strings.Split(tok.AccessToken, ".")
|
|
hdrJSON, err := base64.RawURLEncoding.DecodeString(parts[0])
|
|
if err != nil {
|
|
t.Fatalf("base64 DecodeString: %v\nString: %q", err, parts[0])
|
|
}
|
|
var hdr jws.Header
|
|
if err := json.Unmarshal([]byte(hdrJSON), &hdr); err != nil {
|
|
t.Fatalf("json.Unmarshal: %v (%q)", err)
|
|
}
|
|
|
|
if got, want := hdr.KeyID, "268f54e43a1af97cfc71731688434f45aca15c8b"; got != want {
|
|
t.Errorf("Header KeyID = %q, want %q", got, want)
|
|
}
|
|
}
|