SdJwtUtilsTest.java
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.sdjwt;
import static org.junit.Assert.assertEquals;
import java.io.IOException;
import org.junit.Test;
import org.keycloak.jose.jws.crypto.HashUtils;
/**
* @author <a href="mailto:francis.pouatcha@adorsys.com">Francis Pouatcha</a>
*/
public class SdJwtUtilsTest {
/**
* Verify hash production and base 64 url encoding
* Verify algorithm denomination for keycloak encoding.
*/
@Test
public void testHashDisclosure() {
String expected = "uutlBuYeMDyjLLTpf6Jxi7yNkEF35jdyWMn9U7b_RYY";
byte[] hash = HashUtils.hash("SHA-256", "WyI2cU1RdlJMNWhhaiIsICJmYW1pbHlfbmFtZSIsICJNw7ZiaXVzIl0".getBytes());
assertEquals(expected, SdJwtUtils.encodeNoPad(hash));
}
/**
* Verify hash production and base 64 url encoding
* Verify algorithm denomination for keycloak encoding.
*/
@Test
public void testHashDisclosure2() {
String expected = "w0I8EKcdCtUPkGCNUrfwVp2xEgNjtoIDlOxc9-PlOhs";
byte[] hash = HashUtils.hash("SHA-256", "WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgIkZSIl0".getBytes());
assertEquals(expected, SdJwtUtils.encodeNoPad(hash));
}
/**
* Test the base64 URL encoding of this json string from the spec,
* with whitespace between array elements.
*
* ["_26bc4LT-ac6q2KI6cBW5es", "family_name", "M��bius"]
*
* shall produce
* WyJfMjZiYzRMVC1hYzZxMktJNmNCVzVlcyIsICJmYW1pbHlfbmFtZSIsICJNw7ZiaXVzIl0
*
* There is no padding in the expected string.
*
* see
* https://drafts.oauth.net/oauth-selective-disclosure-jwt/draft-ietf-oauth-selective-disclosure-jwt.html#section-5.2.1
*
* @throws IOException
*/
@Test
public void testBase64urlEncodedObjectWhiteSpacedJsonArray() {
String input = "[\"_26bc4LT-ac6q2KI6cBW5es\", \"family_name\", \"M��bius\"]";
// Expected Base64 URL encoded string
String expected = "WyJfMjZiYzRMVC1hYzZxMktJNmNCVzVlcyIsICJmYW1pbHlfbmFtZSIsICJNw7ZiaXVzIl0";
// Assert that the base64 URL encoded string from the object matches the
// expected string
assertEquals(expected, SdJwtUtils.encodeNoPad(input.getBytes()));
}
/**
* As we are expexting json serializer to behave differently
*
* https://drafts.oauth.net/oauth-selective-disclosure-jwt/draft-ietf-oauth-selective-disclosure-jwt.html#section-5.2.1
*
* @throws IOException
*/
@Test
public void testBase64urlEncodedObjectNoWhiteSpacedJsonArray() {
// Test the base64 URL encoding of this json string from the spec,
// no whitespace between array elements
String input = "[\"_26bc4LT-ac6q2KI6cBW5es\",\"family_name\",\"M��bius\"]";
// Expected Base64 URL encoded string
String expected = "WyJfMjZiYzRMVC1hYzZxMktJNmNCVzVlcyIsImZhbWlseV9uYW1lIiwiTcO2Yml1cyJd";
// Assert that the base64 URL encoded string from the object matches the
// expected string
assertEquals(expected, SdJwtUtils.encodeNoPad(input.getBytes()));
}
@Test
public void testBase64urlEncodedArrayElementWhiteSpacedJsonArray() {
String input = "[\"lklxF5jMYlGTPUovMNIvCA\", \"FR\"]";
// Expected Base64 URL encoded string
String expected = "WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgIkZSIl0";
// Assert that the base64 URL encoded string from the object matches the
// expected string
assertEquals(expected, SdJwtUtils.encodeNoPad(input.getBytes()));
}
@Test
public void testBase64urlEncodedArrayElementNoWhiteSpacedJsonArray() {
String input = "[\"lklxF5jMYlGTPUovMNIvCA\",\"FR\"]";
// Expected Base64 URL encoded string
String expected = "WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwiRlIiXQ";
// Assert that the base64 URL encoded string from the object matches the
// expected string
assertEquals(expected, SdJwtUtils.encodeNoPad(input.getBytes()));
}
}