Skip to content

Commit d5ce251

Browse files
lbalmacedalbalmaceda
committed
fix header tests
1 parent c9090a0 commit d5ce251

File tree

4 files changed

+232
-45
lines changed

4 files changed

+232
-45
lines changed

lib/src/main/java/com/auth0/jwt/JWTCreator.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,9 @@
77
import com.auth0.jwt.impl.PayloadSerializer;
88
import com.auth0.jwt.impl.PublicClaims;
99
import com.fasterxml.jackson.core.JsonProcessingException;
10+
import com.fasterxml.jackson.databind.MapperFeature;
1011
import com.fasterxml.jackson.databind.ObjectMapper;
12+
import com.fasterxml.jackson.databind.SerializationConfig;
1113
import com.fasterxml.jackson.databind.module.SimpleModule;
1214
import org.apache.commons.codec.binary.Base64;
1315

@@ -33,6 +35,7 @@ private JWTCreator(Algorithm algorithm, Map<String, Object> headerClaims, Map<St
3335
SimpleModule module = new SimpleModule();
3436
module.addSerializer(ClaimsHolder.class, new PayloadSerializer());
3537
mapper.registerModule(module);
38+
mapper.configure(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY, true);
3639
headerJson = mapper.writeValueAsString(headerClaims);
3740
payloadJson = mapper.writeValueAsString(new ClaimsHolder(payloadClaims));
3841
} catch (JsonProcessingException e) {

lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java

Lines changed: 37 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,12 @@
11
package com.auth0.jwt;
22

33
import com.auth0.jwt.algorithms.Algorithm;
4+
import org.apache.commons.codec.binary.Base64;
45
import org.junit.Rule;
56
import org.junit.Test;
67
import org.junit.rules.ExpectedException;
78

9+
import java.nio.charset.StandardCharsets;
810
import java.util.Date;
911
import java.util.HashMap;
1012
import java.util.Map;
@@ -28,15 +30,17 @@ public void shouldThrowWhenRequestingSignWithoutAlgorithm() throws Exception {
2830

2931
@SuppressWarnings("Convert2Diamond")
3032
@Test
31-
public void shouldAddHeader() throws Exception {
33+
public void shouldAddHeaderClaim() throws Exception {
3234
Map<String, Object> header = new HashMap<String, Object>();
3335
header.put("asd", 123);
3436
String signed = JWTCreator.init()
3537
.withHeader(header)
3638
.sign(Algorithm.HMAC256("secret"));
3739

3840
assertThat(signed, is(notNullValue()));
39-
assertThat(TokenUtils.splitToken(signed)[0], is("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImFzZCI6MTIzfQ"));
41+
String[] parts = signed.split("\\.");
42+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
43+
assertThat(headerJson, JsonMatcher.hasEntry("asd", 123));
4044
}
4145

4246
@Test
@@ -46,7 +50,9 @@ public void shouldAddKeyId() throws Exception {
4650
.sign(Algorithm.HMAC256("secret"));
4751

4852
assertThat(signed, is(notNullValue()));
49-
assertThat(TokenUtils.splitToken(signed)[0], is("eyJraWQiOiI1NmE4YmQ0NGRhNDM1MzAwMDEwMDAwMDE1ZjVlZCIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0"));
53+
String[] parts = signed.split("\\.");
54+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
55+
assertThat(headerJson, JsonMatcher.hasEntry("kid", "56a8bd44da435300010000015f5ed"));
5056
}
5157

5258
@Test
@@ -144,7 +150,20 @@ public void shouldSetCorrectAlgorithmInTheHeader() throws Exception {
144150
.sign(Algorithm.HMAC256("secret"));
145151

146152
assertThat(signed, is(notNullValue()));
147-
assertThat(TokenUtils.splitToken(signed)[0], is("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9"));
153+
String[] parts = signed.split("\\.");
154+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
155+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS256"));
156+
}
157+
158+
@Test
159+
public void shouldSetCorrectTypeInTheHeader() throws Exception {
160+
String signed = JWTCreator.init()
161+
.sign(Algorithm.HMAC256("secret"));
162+
163+
assertThat(signed, is(notNullValue()));
164+
String[] parts = signed.split("\\.");
165+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
166+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
148167
}
149168

150169
@Test
@@ -168,43 +187,43 @@ public void shouldAcceptCustomClaimOfTypeString() throws Exception {
168187
String jwt = JWTCreator.init()
169188
.withClaim("name", "value")
170189
.sign(Algorithm.HMAC256("secret"));
171-
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoidmFsdWUifQ.eR3DUeX142NjueZjkqCn_NqxJpb5k-Y55Oo0N-ap3rI";
172190

173191
assertThat(jwt, is(notNullValue()));
174-
assertThat(jwt, is(token));
192+
String[] parts = jwt.split("\\.");
193+
assertThat(parts[1], is("eyJuYW1lIjoidmFsdWUifQ"));
175194
}
176195

177196
@Test
178197
public void shouldAcceptCustomClaimOfTypeInteger() throws Exception {
179198
String jwt = JWTCreator.init()
180199
.withClaim("name", 123)
181200
.sign(Algorithm.HMAC256("secret"));
182-
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoxMjN9.7Diqx9FPPuaw9ESwkZOHL2BARjqQz00qrHYOm0lKcgQ";
183201

184202
assertThat(jwt, is(notNullValue()));
185-
assertThat(jwt, is(token));
203+
String[] parts = jwt.split("\\.");
204+
assertThat(parts[1], is("eyJuYW1lIjoxMjN9"));
186205
}
187206

188207
@Test
189208
public void shouldAcceptCustomClaimOfTypeDouble() throws Exception {
190209
String jwt = JWTCreator.init()
191210
.withClaim("name", 23.45)
192211
.sign(Algorithm.HMAC256("secret"));
193-
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoyMy40NX0.VwOI-xjYFthgT43b9EYcaOSIpGSD6PVLSCPuGzDuEnQ";
194212

195213
assertThat(jwt, is(notNullValue()));
196-
assertThat(jwt, is(token));
214+
String[] parts = jwt.split("\\.");
215+
assertThat(parts[1], is("eyJuYW1lIjoyMy40NX0"));
197216
}
198217

199218
@Test
200219
public void shouldAcceptCustomClaimOfTypeBoolean() throws Exception {
201220
String jwt = JWTCreator.init()
202221
.withClaim("name", true)
203222
.sign(Algorithm.HMAC256("secret"));
204-
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjp0cnVlfQ.8L_Td4EtEAUuQeNCU0fuJEu78SS8K3Y5OOkFzYA81g8";
205223

206224
assertThat(jwt, is(notNullValue()));
207-
assertThat(jwt, is(token));
225+
String[] parts = jwt.split("\\.");
226+
assertThat(parts[1], is("eyJuYW1lIjp0cnVlfQ"));
208227
}
209228

210229
@Test
@@ -213,31 +232,31 @@ public void shouldAcceptCustomClaimOfTypeDate() throws Exception {
213232
String jwt = JWTCreator.init()
214233
.withClaim("name", date)
215234
.sign(Algorithm.HMAC256("secret"));
216-
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoxNDc4ODkxNTIxfQ.0esDU87VaYbx6KQDWhFrRPNzq3rl3vcHO8T21fao28U";
217235

218236
assertThat(jwt, is(notNullValue()));
219-
assertThat(jwt, is(token));
237+
String[] parts = jwt.split("\\.");
238+
assertThat(parts[1], is("eyJuYW1lIjoxNDc4ODkxNTIxfQ"));
220239
}
221240

222241
@Test
223242
public void shouldAcceptCustomArrayClaimOfTypeString() throws Exception {
224243
String jwt = JWTCreator.init()
225244
.withArrayClaim("name", new String[]{"text", "123", "true"})
226245
.sign(Algorithm.HMAC256("secret"));
227-
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjpbInRleHQiLCIxMjMiLCJ0cnVlIl19.TTP2tJjVdoOzKfIgDcn_MSP7XQpafeVCKVNE2Y3-0Hk";
228246

229247
assertThat(jwt, is(notNullValue()));
230-
assertThat(jwt, is(token));
248+
String[] parts = jwt.split("\\.");
249+
assertThat(parts[1], is("eyJuYW1lIjpbInRleHQiLCIxMjMiLCJ0cnVlIl19"));
231250
}
232251

233252
@Test
234253
public void shouldAcceptCustomArrayClaimOfTypeInteger() throws Exception {
235254
String jwt = JWTCreator.init()
236255
.withArrayClaim("name", new Integer[]{1, 2, 3})
237256
.sign(Algorithm.HMAC256("secret"));
238-
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjpbMSwyLDNdfQ.1AdYaNBWR8lPB0yOxUtnQjuOU7tzD4LWz2AWrziPUqA";
239257

240258
assertThat(jwt, is(notNullValue()));
241-
assertThat(jwt, is(token));
259+
String[] parts = jwt.split("\\.");
260+
assertThat(parts[1], is("eyJuYW1lIjpbMSwyLDNdfQ"));
242261
}
243262
}

lib/src/test/java/com/auth0/jwt/JWTTest.java

Lines changed: 56 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,14 @@
33
import com.auth0.jwt.algorithms.Algorithm;
44
import com.auth0.jwt.interfaces.Clock;
55
import com.auth0.jwt.interfaces.DecodedJWT;
6+
import org.apache.commons.codec.binary.Base64;
67
import org.hamcrest.collection.IsCollectionWithSize;
78
import org.hamcrest.core.IsCollectionContaining;
89
import org.junit.Rule;
910
import org.junit.Test;
1011
import org.junit.rules.ExpectedException;
1112

13+
import java.nio.charset.StandardCharsets;
1214
import java.security.interfaces.ECKey;
1315
import java.security.interfaces.RSAKey;
1416
import java.util.Date;
@@ -353,11 +355,14 @@ public void shouldGetCustomClaims() throws Exception {
353355

354356
@Test
355357
public void shouldCreateAnEmptyHMAC256SignedToken() throws Exception {
356-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e30.";
357-
358358
String signed = JWT.create().sign(Algorithm.HMAC256("secret"));
359359
assertThat(signed, is(notNullValue()));
360-
assertThat(signed, startsWith(headerAndPayload));
360+
361+
String[] parts = signed.split("\\.");
362+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
363+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS256"));
364+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
365+
assertThat(parts[1], is("e30"));
361366

362367
JWTVerifier verified = JWT.require(Algorithm.HMAC256("secret"))
363368
.build();
@@ -366,11 +371,14 @@ public void shouldCreateAnEmptyHMAC256SignedToken() throws Exception {
366371

367372
@Test
368373
public void shouldCreateAnEmptyHMAC384SignedToken() throws Exception {
369-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzM4NCJ9.e30.";
370-
371374
String signed = JWT.create().sign(Algorithm.HMAC384("secret"));
372375
assertThat(signed, is(notNullValue()));
373-
assertThat(signed, startsWith(headerAndPayload));
376+
377+
String[] parts = signed.split("\\.");
378+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
379+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS384"));
380+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
381+
assertThat(parts[1], is("e30"));
374382

375383
JWTVerifier verified = JWT.require(Algorithm.HMAC384("secret"))
376384
.build();
@@ -379,11 +387,14 @@ public void shouldCreateAnEmptyHMAC384SignedToken() throws Exception {
379387

380388
@Test
381389
public void shouldCreateAnEmptyHMAC512SignedToken() throws Exception {
382-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.e30.";
383-
384390
String signed = JWT.create().sign(Algorithm.HMAC512("secret"));
385391
assertThat(signed, is(notNullValue()));
386-
assertThat(signed, startsWith(headerAndPayload));
392+
393+
String[] parts = signed.split("\\.");
394+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
395+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS512"));
396+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
397+
assertThat(parts[1], is("e30"));
387398

388399
JWTVerifier verified = JWT.require(Algorithm.HMAC512("secret"))
389400
.build();
@@ -392,11 +403,14 @@ public void shouldCreateAnEmptyHMAC512SignedToken() throws Exception {
392403

393404
@Test
394405
public void shouldCreateAnEmptyRSA256SignedToken() throws Exception {
395-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.e30.";
396-
397406
String signed = JWT.create().sign(Algorithm.RSA256((RSAKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA")));
398407
assertThat(signed, is(notNullValue()));
399-
assertThat(signed, startsWith(headerAndPayload));
408+
409+
String[] parts = signed.split("\\.");
410+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
411+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "RS256"));
412+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
413+
assertThat(parts[1], is("e30"));
400414

401415
JWTVerifier verified = JWT.require(Algorithm.RSA256((RSAKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_RSA, "RSA")))
402416
.build();
@@ -405,11 +419,14 @@ public void shouldCreateAnEmptyRSA256SignedToken() throws Exception {
405419

406420
@Test
407421
public void shouldCreateAnEmptyRSA384SignedToken() throws Exception {
408-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.e30.";
409-
410422
String signed = JWT.create().sign(Algorithm.RSA384((RSAKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA")));
411423
assertThat(signed, is(notNullValue()));
412-
assertThat(signed, startsWith(headerAndPayload));
424+
425+
String[] parts = signed.split("\\.");
426+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
427+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "RS384"));
428+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
429+
assertThat(parts[1], is("e30"));
413430

414431
JWTVerifier verified = JWT.require(Algorithm.RSA384((RSAKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_RSA, "RSA")))
415432
.build();
@@ -418,11 +435,14 @@ public void shouldCreateAnEmptyRSA384SignedToken() throws Exception {
418435

419436
@Test
420437
public void shouldCreateAnEmptyRSA512SignedToken() throws Exception {
421-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.e30.";
422-
423438
String signed = JWT.create().sign(Algorithm.RSA512((RSAKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA")));
424439
assertThat(signed, is(notNullValue()));
425-
assertThat(signed, startsWith(headerAndPayload));
440+
441+
String[] parts = signed.split("\\.");
442+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
443+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "RS512"));
444+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
445+
assertThat(parts[1], is("e30"));
426446

427447
JWTVerifier verified = JWT.require(Algorithm.RSA512((RSAKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_RSA, "RSA")))
428448
.build();
@@ -431,11 +451,14 @@ public void shouldCreateAnEmptyRSA512SignedToken() throws Exception {
431451

432452
@Test
433453
public void shouldCreateAnEmptyECDSA256SignedToken() throws Exception {
434-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.e30.";
435-
436454
String signed = JWT.create().sign(Algorithm.ECDSA256((ECKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_256, "EC")));
437455
assertThat(signed, is(notNullValue()));
438-
assertThat(signed, startsWith(headerAndPayload));
456+
457+
String[] parts = signed.split("\\.");
458+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
459+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "ES256"));
460+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
461+
assertThat(parts[1], is("e30"));
439462

440463
JWTVerifier verified = JWT.require(Algorithm.ECDSA256((ECKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_EC_256, "EC")))
441464
.build();
@@ -444,11 +467,14 @@ public void shouldCreateAnEmptyECDSA256SignedToken() throws Exception {
444467

445468
@Test
446469
public void shouldCreateAnEmptyECDSA384SignedToken() throws Exception {
447-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzM4NCJ9.e30.";
448-
449470
String signed = JWT.create().sign(Algorithm.ECDSA384((ECKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_384, "EC")));
450471
assertThat(signed, is(notNullValue()));
451-
assertThat(signed, startsWith(headerAndPayload));
472+
473+
String[] parts = signed.split("\\.");
474+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
475+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "ES384"));
476+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
477+
assertThat(parts[1], is("e30"));
452478

453479
JWTVerifier verified = JWT.require(Algorithm.ECDSA384((ECKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_EC_384, "EC")))
454480
.build();
@@ -457,11 +483,14 @@ public void shouldCreateAnEmptyECDSA384SignedToken() throws Exception {
457483

458484
@Test
459485
public void shouldCreateAnEmptyECDSA512SignedToken() throws Exception {
460-
String headerAndPayload = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzUxMiJ9.e30.";
461-
462486
String signed = JWT.create().sign(Algorithm.ECDSA512((ECKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_512, "EC")));
463487
assertThat(signed, is(notNullValue()));
464-
assertThat(signed, startsWith(headerAndPayload));
488+
489+
String[] parts = signed.split("\\.");
490+
String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
491+
assertThat(headerJson, JsonMatcher.hasEntry("alg", "ES512"));
492+
assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT"));
493+
assertThat(parts[1], is("e30"));
465494

466495
JWTVerifier verified = JWT.require(Algorithm.ECDSA512((ECKey) PemUtils.readPublicKeyFromFile(PUBLIC_KEY_FILE_EC_512, "EC")))
467496
.build();

0 commit comments

Comments
 (0)