From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 3 Dec 2020 14:37:55 +0000 (+0200)
Subject: lib-oauth2: test-oauth2-jwt - Add tests for HS384 and HS512
X-Git-Tag: 2.3.14.rc1~230
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ba0954ca0b804daf8fefc196ffa29e62527426f;p=thirdparty%2Fdovecot%2Fcore.git

lib-oauth2: test-oauth2-jwt - Add tests for HS384 and HS512
---

diff --git a/src/lib-oauth2/test-oauth2-jwt.c b/src/lib-oauth2/test-oauth2-jwt.c
index f4c186736f..4cfba64e9d 100644
--- a/src/lib-oauth2/test-oauth2-jwt.c
+++ b/src/lib-oauth2/test-oauth2-jwt.c
@@ -243,16 +243,58 @@ static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
 			 sig->data, sig->used, tokenbuf);
 }
 
+static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
+{
+	i_assert(key != NULL);
+	buffer_t *sig = t_hmac_buffer(&hash_method_sha384, key->data, key->used,
+				      tokenbuf);
+	buffer_append(tokenbuf, ".", 1);
+	base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
+			 sig->data, sig->used, tokenbuf);
+}
+
+static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
+{
+	i_assert(key != NULL);
+	buffer_t *sig = t_hmac_buffer(&hash_method_sha512, key->data, key->used,
+				      tokenbuf);
+	buffer_append(tokenbuf, ".", 1);
+	base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
+			 sig->data, sig->used, tokenbuf);
+}
+
 static void test_jwt_hs_token(void)
 {
 	test_begin("JWT HMAC token");
 
+	buffer_t *sign_key_384 = t_buffer_create(384/8);
+	void *ptr = buffer_append_space_unsafe(sign_key_384, 384/8);
+	random_fill(ptr, 384/8);
+	buffer_t *b64_key = t_base64_encode(0, SIZE_MAX,
+					    sign_key_384->data,
+					    sign_key_384->used);
+	save_key_to("HS384", "default", str_c(b64_key));
+	buffer_t *sign_key_512 = t_buffer_create(512/8);
+	ptr = buffer_append_space_unsafe(sign_key_512, 512/8);
+	random_fill(ptr, 512/8);
+	b64_key = t_base64_encode(0, SIZE_MAX,
+				  sign_key_512->data,
+				  sign_key_512->used);
+	save_key_to("HS512", "default", str_c(b64_key));
 	/* make a token */
 	buffer_t *tokenbuf = create_jwt_token("HS256");
 	/* sign it */
 	sign_jwt_token_hs256(tokenbuf, hs_sign_key);
 	test_jwt_token(str_c(tokenbuf));
 
+	tokenbuf = create_jwt_token("HS384");
+	sign_jwt_token_hs384(tokenbuf, sign_key_384);
+	test_jwt_token(str_c(tokenbuf));
+
+	tokenbuf = create_jwt_token("HS512");
+	sign_jwt_token_hs512(tokenbuf, sign_key_512);
+	test_jwt_token(str_c(tokenbuf));
+
 	test_end();
 }