Skip to content
This repository has been archived by the owner on Apr 17, 2024. It is now read-only.

Commit

Permalink
Add validation test with duplicated 'issuer' claim, and with invalid …
Browse files Browse the repository at this point in the history 
…UTF-16 encoded claim name.

PiperOrigin-RevId: 466362093
  • Loading branch information
@juergw @copybara-github
juergw authored and copybara-github committed Aug 9, 2022
1 parent 76008a2 commit dbb5ca7
Showing 1 changed file with 26 additions and 0 deletions.
26 changes: 26 additions & 0 deletions testing/cross_language/jwt_validation_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,6 +380,24 @@ def test_verify_issuer(self, lang):
with self.assertRaises(tink.TinkError):
jwt_mac.verify_mac_and_decode(token, val4)

@parameterized.parameters(SUPPORTED_LANGUAGES)
def test_duplicated_issuer(self, lang):
token = generate_token('{"alg":"HS256"}', '{"iss":"joe", "iss":"jane"}')
jwt_mac = testing_servers.jwt_mac(lang, KEYSET)

if lang != 'java' and lang != 'python':
validator_with_second_issuer = jwt.new_validator(
ignore_issuer=True, allow_missing_expiration=True)
with self.assertRaises(tink.TinkError):
jwt_mac.verify_mac_and_decode(token, validator_with_second_issuer)
else:
# Currently, this is accepted in Java and Python, and always the last
# entry is used.
# TODO(b/241828611): This should be rejected.
validator_with_second_issuer = jwt.new_validator(
expected_issuer='jane', allow_missing_expiration=True)
jwt_mac.verify_mac_and_decode(token, validator_with_second_issuer)

@parameterized.parameters(SUPPORTED_LANGUAGES)
def test_verify_empty_string_issuer(self, lang):
token = generate_token('{"alg":"HS256"}', '{"iss":""}')
Expand Down Expand Up @@ -438,6 +456,14 @@ def test_verify_with_invalid_json_escaped_utf16_in_payload(self, lang):
with self.assertRaises(tink.TinkError):
jwt_mac.verify_mac_and_decode(token, EMPTY_VALIDATOR)

@parameterized.parameters(SUPPORTED_LANGUAGES)
def test_verify_with_invalid_json_escaped_utf16_in_claim_name(self, lang):
token = generate_token('{"alg":"HS256"}',
'{"\\uD800\\uD800claim":"value"}')
jwt_mac = testing_servers.jwt_mac(lang, KEYSET)
with self.assertRaises(tink.TinkError):
jwt_mac.verify_mac_and_decode(token, EMPTY_VALIDATOR)

@parameterized.parameters(SUPPORTED_LANGUAGES)
def test_verify_audience(self, lang):
token = generate_token('{"alg":"HS256"}', '{"aud":["joe", "jane"]}')
Expand Down

0 comments on commit dbb5ca7

Please sign in to comment.