vendor/gopkg.in/square/go-jose.v2/jwt/validation_test.go - cloudstack-kubernetes-provider - Git at Google

 /*-
  * Copyright 2016 Zbigniew Mandziejewicz
  * Copyright 2016 Square, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package jwt

 import (
 	"testing"
 	"time"

 	"github.com/stretchr/testify/assert"
 )

 func TestFieldsMatch(t *testing.T) {
 	c := Claims{
 		Issuer:   "issuer",
 		Subject:  "subject",
 		Audience: []string{"a1", "a2"},
 		ID:       "42",
 	}

 	valid := []Expected{
 		{Issuer: "issuer"},
 		{Subject: "subject"},
 		{Audience: Audience{"a1", "a2"}},
 		{Audience: Audience{"a2", "a1"}},
 		{ID: "42"},
 	}

 	for _, v := range valid {
 		assert.NoError(t, c.Validate(v))
 	}

 	invalid := []struct {
 		Expected Expected
 		Error    error
 	}{
 		{Expected{Issuer: "invalid-issuer"}, ErrInvalidIssuer},
 		{Expected{Subject: "invalid-subject"}, ErrInvalidSubject},
 		{Expected{Audience: Audience{"invalid-audience"}}, ErrInvalidAudience},
 		{Expected{ID: "invalid-id"}, ErrInvalidID},
 	}

 	for _, v := range invalid {
 		assert.Equal(t, v.Error, c.Validate(v.Expected))
 	}
 }

 func TestExpiryAndNotBefore(t *testing.T) {
 	now := time.Date(2016, 1, 1, 12, 0, 0, 0, time.UTC)
 	twelveHoursAgo := now.Add(-12 * time.Hour)

 	c := Claims{
 		IssuedAt:  NewNumericDate(twelveHoursAgo),
 		NotBefore: NewNumericDate(twelveHoursAgo),
 		Expiry:    NewNumericDate(now),
 	}

 	// expired - default leeway (1 minute)
 	assert.NoError(t, c.Validate(Expected{Time: now}))
 	err := c.Validate(Expected{Time: now.Add(2 * DefaultLeeway)})
 	if assert.Error(t, err) {
 		assert.Equal(t, err, ErrExpired)
 	}

 	// expired - no leeway
 	assert.NoError(t, c.ValidateWithLeeway(Expected{Time: now}, 0))
 	err = c.ValidateWithLeeway(Expected{Time: now.Add(1 * time.Second)}, 0)
 	if assert.Error(t, err) {
 		assert.Equal(t, err, ErrExpired)
 	}

 	// not before - default leeway (1 minute)
 	assert.NoError(t, c.Validate(Expected{Time: twelveHoursAgo}))
 	err = c.Validate(Expected{Time: twelveHoursAgo.Add(-2 * DefaultLeeway)})
 	if assert.Error(t, err) {
 		assert.Equal(t, err, ErrNotValidYet)
 	}
 }
	/*-
	* Copyright 2016 Zbigniew Mandziejewicz
	* Copyright 2016 Square, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package jwt

	import (
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
	)

	func TestFieldsMatch(t *testing.T) {
	c := Claims{
	Issuer: "issuer",
	Subject: "subject",
	Audience: []string{"a1", "a2"},
	ID: "42",
	}

	valid := []Expected{
	{Issuer: "issuer"},
	{Subject: "subject"},
	{Audience: Audience{"a1", "a2"}},
	{Audience: Audience{"a2", "a1"}},
	{ID: "42"},
	}

	for _, v := range valid {
	assert.NoError(t, c.Validate(v))
	}

	invalid := []struct {
	Expected Expected
	Error error
	}{
	{Expected{Issuer: "invalid-issuer"}, ErrInvalidIssuer},
	{Expected{Subject: "invalid-subject"}, ErrInvalidSubject},
	{Expected{Audience: Audience{"invalid-audience"}}, ErrInvalidAudience},
	{Expected{ID: "invalid-id"}, ErrInvalidID},
	}

	for _, v := range invalid {
	assert.Equal(t, v.Error, c.Validate(v.Expected))
	}
	}

	func TestExpiryAndNotBefore(t *testing.T) {
	now := time.Date(2016, 1, 1, 12, 0, 0, 0, time.UTC)
	twelveHoursAgo := now.Add(-12 * time.Hour)

	c := Claims{
	IssuedAt: NewNumericDate(twelveHoursAgo),
	NotBefore: NewNumericDate(twelveHoursAgo),
	Expiry: NewNumericDate(now),
	}

	// expired - default leeway (1 minute)
	assert.NoError(t, c.Validate(Expected{Time: now}))
	err := c.Validate(Expected{Time: now.Add(2 * DefaultLeeway)})
	if assert.Error(t, err) {
	assert.Equal(t, err, ErrExpired)
	}

	// expired - no leeway
	assert.NoError(t, c.ValidateWithLeeway(Expected{Time: now}, 0))
	err = c.ValidateWithLeeway(Expected{Time: now.Add(1 * time.Second)}, 0)
	if assert.Error(t, err) {
	assert.Equal(t, err, ErrExpired)
	}

	// not before - default leeway (1 minute)
	assert.NoError(t, c.Validate(Expected{Time: twelveHoursAgo}))
	err = c.Validate(Expected{Time: twelveHoursAgo.Add(-2 * DefaultLeeway)})
	if assert.Error(t, err) {
	assert.Equal(t, err, ErrNotValidYet)
	}
	}