pomerium/internal/cryptutil/sign_test.go

package cryptutil // import "github.com/pomerium/pomerium/internal/cryptutil"

import (
	"encoding/base64"
	"testing"
)

func TestES256Signer(t *testing.T) {
	signer, err := NewES256Signer(base64.StdEncoding.EncodeToString([]byte(pemECPrivateKeyP256)), "destination-url")
	if err != nil {
		t.Fatal(err)
	}
	if signer == nil {
		t.Fatal("signer should not be nil")
	}
	rawJwt, err := signer.SignJWT("joe-user", "joe-user@example.com", "group1,group2")
	if err != nil {
		t.Fatal(err)
	}
	if rawJwt == "" {
		t.Fatal("jwt should not be nil")
	}
}

func TestNewES256Signer(t *testing.T) {
	t.Parallel()
	tests := []struct {
		name     string
		privKey  string
		audience string
		wantErr  bool
	}{
		{"working example", base64.StdEncoding.EncodeToString([]byte(pemECPrivateKeyP256)), "some-domain.com", false},
		{"bad private key", base64.StdEncoding.EncodeToString([]byte(garbagePEM)), "some-domain.com", true},
		{"bad base64 key", garbagePEM, "some-domain.com", true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			_, err := NewES256Signer(tt.privKey, tt.audience)
			if (err != nil) != tt.wantErr {
				t.Errorf("NewES256Signer() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
		})
	}
}