mirror of https://github.com/ory/hydra
211 lines
9.1 KiB
Go
211 lines
9.1 KiB
Go
// Copyright © 2022 Ory Corp
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package jwk_test
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/go-jose/go-jose/v3"
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/pkg/errors"
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/ory/hydra/v2/jwk"
|
|
"github.com/ory/hydra/v2/x"
|
|
)
|
|
|
|
func TestKeyManagerStrategy(t *testing.T) {
|
|
t.Parallel()
|
|
ctrl := gomock.NewController(t)
|
|
softwareKeyManager := NewMockManager(ctrl)
|
|
hardwareKeyManager := NewMockManager(ctrl)
|
|
keyManager := jwk.NewManagerStrategy(hardwareKeyManager, softwareKeyManager)
|
|
defer ctrl.Finish()
|
|
hwKeySet := &jose.JSONWebKeySet{
|
|
Keys: []jose.JSONWebKey{{
|
|
KeyID: "hwKeyID",
|
|
}},
|
|
}
|
|
swKeySet := &jose.JSONWebKeySet{
|
|
Keys: []jose.JSONWebKey{{
|
|
KeyID: "swKeyID",
|
|
}},
|
|
}
|
|
|
|
t.Run("GenerateAndPersistKeySet_WithResult", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GenerateAndPersistKeySet(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1"), gomock.Any(), gomock.Any()).Return(hwKeySet, nil)
|
|
resultKeySet, err := keyManager.GenerateAndPersistKeySet(context.TODO(), "set1", "kid1", "RS256", "sig")
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, hwKeySet, resultKeySet)
|
|
})
|
|
|
|
t.Run("GenerateAndPersistKeySet_WithError", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GenerateAndPersistKeySet(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1"), gomock.Any(), gomock.Any()).Return(nil, errors.New("test"))
|
|
resultKeySet, err := keyManager.GenerateAndPersistKeySet(context.TODO(), "set1", "kid1", "RS256", "sig")
|
|
assert.Error(t, err, "test")
|
|
assert.Nil(t, resultKeySet)
|
|
})
|
|
|
|
t.Run("AddKey", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().AddKey(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(nil)
|
|
err := keyManager.AddKey(context.TODO(), "set1", nil)
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("AddKey_WithError", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().AddKey(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(errors.New("test"))
|
|
err := keyManager.AddKey(context.TODO(), "set1", nil)
|
|
assert.Error(t, err, "test")
|
|
})
|
|
|
|
t.Run("AddKeySet", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().AddKeySet(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(nil)
|
|
err := keyManager.AddKeySet(context.TODO(), "set1", nil)
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("AddKeySet_WithError", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().AddKeySet(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(errors.New("test"))
|
|
err := keyManager.AddKeySet(context.TODO(), "set1", nil)
|
|
assert.Error(t, err, "test")
|
|
})
|
|
|
|
t.Run("UpdateKey", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().UpdateKey(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(nil)
|
|
err := keyManager.UpdateKey(context.TODO(), "set1", nil)
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("UpdateKey_WithError", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().UpdateKey(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(errors.New("test"))
|
|
err := keyManager.UpdateKey(context.TODO(), "set1", nil)
|
|
assert.Error(t, err, "test")
|
|
})
|
|
|
|
t.Run("UpdateKeySet", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().UpdateKeySet(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(nil)
|
|
err := keyManager.UpdateKeySet(context.TODO(), "set1", nil)
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("UpdateKeySet_WithError", func(t *testing.T) {
|
|
softwareKeyManager.EXPECT().UpdateKeySet(gomock.Any(), gomock.Eq("set1"), gomock.Any()).Return(errors.New("test"))
|
|
err := keyManager.UpdateKeySet(context.TODO(), "set1", nil)
|
|
assert.Error(t, err, "test")
|
|
})
|
|
|
|
t.Run("GetKey_WithResultFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(hwKeySet, nil)
|
|
resultKeySet, err := keyManager.GetKey(context.TODO(), "set1", "kid1")
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, hwKeySet, resultKeySet)
|
|
})
|
|
|
|
t.Run("GetKey_WithErrorFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(nil, errors.New("test"))
|
|
resultKeySet, err := keyManager.GetKey(context.TODO(), "set1", "kid1")
|
|
assert.Error(t, err, "test")
|
|
assert.Nil(t, resultKeySet)
|
|
})
|
|
|
|
t.Run("GetKey_WithErrNotFoundFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(nil, errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().GetKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(swKeySet, nil)
|
|
resultKeySet, err := keyManager.GetKey(context.TODO(), "set1", "kid1")
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, swKeySet, resultKeySet)
|
|
})
|
|
|
|
t.Run("GetKey_WithErrNotFoundFromSoftwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(nil, errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().GetKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(nil, errors.WithStack(x.ErrNotFound))
|
|
resultKeySet, err := keyManager.GetKey(context.TODO(), "set1", "kid1")
|
|
assert.Error(t, err, "Not Found")
|
|
assert.Nil(t, resultKeySet)
|
|
})
|
|
|
|
t.Run("GetKeySet_WithResultFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKeySet(gomock.Any(), gomock.Eq("set1")).Return(hwKeySet, nil)
|
|
resultKeySet, err := keyManager.GetKeySet(context.TODO(), "set1")
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, hwKeySet, resultKeySet)
|
|
})
|
|
|
|
t.Run("GetKeySet_WithErrorFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKeySet(gomock.Any(), gomock.Eq("set1")).Return(nil, errors.New("test"))
|
|
resultKeySet, err := keyManager.GetKeySet(context.TODO(), "set1")
|
|
assert.Error(t, err, "test")
|
|
assert.Nil(t, resultKeySet)
|
|
})
|
|
|
|
t.Run("GetKeySet_WithErrNotFoundFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKeySet(gomock.Any(), gomock.Eq("set1")).Return(nil, errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().GetKeySet(gomock.Any(), gomock.Eq("set1")).Return(swKeySet, nil)
|
|
resultKeySet, err := keyManager.GetKeySet(context.TODO(), "set1")
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, swKeySet, resultKeySet)
|
|
})
|
|
|
|
t.Run("GetKeySet_WithErrNotFoundFromSoftwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().GetKeySet(gomock.Any(), gomock.Eq("set1")).Return(nil, errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().GetKeySet(gomock.Any(), gomock.Eq("set1")).Return(nil, errors.WithStack(x.ErrNotFound))
|
|
resultKeySet, err := keyManager.GetKeySet(context.TODO(), "set1")
|
|
assert.Error(t, err, "Not Found")
|
|
assert.Nil(t, resultKeySet)
|
|
})
|
|
|
|
t.Run("DeleteKey_FromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(nil)
|
|
err := keyManager.DeleteKey(context.TODO(), "set1", "kid1")
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("DeleteKey_WithErrorFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(errors.New("test"))
|
|
err := keyManager.DeleteKey(context.TODO(), "set1", "kid1")
|
|
assert.Error(t, err, "test")
|
|
})
|
|
|
|
t.Run("DeleteKey_WithErrNotFoundFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().DeleteKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(nil)
|
|
err := keyManager.DeleteKey(context.TODO(), "set1", "kid1")
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("DeleteKey_WithErrNotFoundFromSoftwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().DeleteKey(gomock.Any(), gomock.Eq("set1"), gomock.Eq("kid1")).Return(errors.WithStack(x.ErrNotFound))
|
|
err := keyManager.DeleteKey(context.TODO(), "set1", "kid1")
|
|
assert.Error(t, err, "Not Found")
|
|
})
|
|
|
|
t.Run("DeleteKeySet_FromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKeySet(gomock.Any(), gomock.Eq("set1")).Return(nil)
|
|
err := keyManager.DeleteKeySet(context.TODO(), "set1")
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("DeleteKeySet_WithErrorFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKeySet(gomock.Any(), gomock.Eq("set1")).Return(errors.New("test"))
|
|
err := keyManager.DeleteKeySet(context.TODO(), "set1")
|
|
assert.Error(t, err, "test")
|
|
})
|
|
|
|
t.Run("DeleteKeySet_WithErrNotFoundFromHardwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKeySet(gomock.Any(), gomock.Eq("set1")).Return(errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().DeleteKeySet(gomock.Any(), gomock.Eq("set1")).Return(nil)
|
|
err := keyManager.DeleteKeySet(context.TODO(), "set1")
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
t.Run("DeleteKeySet_WithErrNotFoundFromSoftwareKeyManager", func(t *testing.T) {
|
|
hardwareKeyManager.EXPECT().DeleteKeySet(gomock.Any(), gomock.Eq("set1")).Return(errors.WithStack(x.ErrNotFound))
|
|
softwareKeyManager.EXPECT().DeleteKeySet(gomock.Any(), gomock.Eq("set1")).Return(errors.WithStack(x.ErrNotFound))
|
|
err := keyManager.DeleteKeySet(context.TODO(), "set1")
|
|
assert.Error(t, err, "Not Found")
|
|
})
|
|
}
|