Skip to content

Commit 6951014

Browse files
frncmxfrncmx
committed
test: ensure RFC compliance
Assumed: jwt builtin signers meet RFC. Check that the algorithm is reported correctly, and the token can be verified.
1 parent 3fa10fa commit 6951014

File tree

1 file changed

+14
-0
lines changed

1 file changed

+14
-0
lines changed

ksmjwt_localstack_test.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import (
1010
"github.com/aws/aws-sdk-go-v2/credentials"
1111
"github.com/aws/aws-sdk-go-v2/service/kms"
1212
"github.com/aws/aws-sdk-go-v2/service/kms/types"
13+
"github.com/golang-jwt/jwt/v4"
1314
"github.com/stretchr/testify/assert"
1415
"github.com/stretchr/testify/require"
1516

@@ -42,6 +43,19 @@ func TestWithLocalStack(t *testing.T) {
4243
err = signer.Verify(in, signature, ctx)
4344
assert.NoError(t, err, "verify")
4445
})
46+
47+
t.Run("RFC compliance", func(t *testing.T) {
48+
signer := kmsjwt.New(client.KMS, keyID)
49+
50+
signature, err := signer.Sign(in, ctx)
51+
require.NoError(t, err, "sign")
52+
53+
builtinSigner := jwt.GetSigningMethod(signer.Alg())
54+
require.NotNil(t, builtinSigner, "unknown algorithm")
55+
56+
err = builtinSigner.Verify(in, signature, publicKey)
57+
assert.NoError(t, err, "verify")
58+
})
4559
}
4660

4761
func newClient(t *testing.T, ctx context.Context) Client {

0 commit comments

Comments
 (0)