Add more tests

mtmk · mtmk · commit ffb599e25154 · 2025-04-02T18:11:41.000+01:00
diff --git a/tests/NATS.Jwt.Tests/ValidationTests.cs b/tests/NATS.Jwt.Tests/ValidationTests.cs
@@ -7,7 +7,7 @@
 
 namespace NATS.Jwt.Tests;
 
-public class DecodeClaimsTests(ITestOutputHelper output)
+public class ValidationTests(ITestOutputHelper output)
 {
     [Fact]
     public void Invalid_jwt_when_its_too_short()
@@ -95,6 +95,43 @@ public void Verify_version_1()
         Assert.Equal(1, claims.AuthorizationRequest.Version);
     }
 
+    [Fact]
+    public void Verify_version_1_from_type()
+    {
+        var kp = KeyPair.CreatePair(PrefixByte.Server);
+        var part1 = EncodingUtils.ToBase64UrlEncoded(Encoding.ASCII.GetBytes("""{"typ":"JWT","alg":"ed25519-nkey"}"""));
+        var part2 = EncodingUtils.ToBase64UrlEncoded(Encoding.ASCII.GetBytes($$$"""{"type":"authorization_request","iss":"{{{kp.GetPublicKey()}}}","nats":{}}"""));
+        var sig = new byte[64];
+        kp.Sign(Encoding.ASCII.GetBytes(part2), sig);
+        var part3 = EncodingUtils.ToBase64UrlEncoded(sig);
+        var token = $"{part1}.{part2}.{part3}";
+        var jwt = new NatsJwt();
+        var claims = jwt.DecodeClaims<NatsAuthorizationRequestClaims>(token);
+        output.WriteLine($"claims:{claims}");
+        Assert.Equal(kp.GetPublicKey(), claims.Issuer);
+    }
+
+    [Theory]
+    [InlineData("""{"type":"","iss":"@@PublicKey@@","X":{}}""", "Failed to get nats element")]
+    [InlineData("""{"type":"","iss":"@@PublicKey@@","nats":{"X":2}}""", "Failed to get nats.version element")]
+    [InlineData("""{"type":"","iss":"@@PublicKey@@","nats":{"version":2.2}}""", "Failed to get nats.version as integer")]
+    [InlineData("""{"type":"","iss":"@@PublicKey@@","nats":{"version":2, "X":"X"}}""", "Failed to get nats.type element")]
+    [InlineData("""{"type":"","iss":"@@PublicKey@@","nats":{"version":2, "type":""}}""", "Failed to get nats.type element as non-empty string")]
+    [InlineData("""{"type":"","iss":"@@PublicKey@@","nats":{"version":2, "type":" "}}""", "Failed to get nats.type element as non-empty string")]
+    public void Verify_version_and_type_check(string json, string error)
+    {
+        var kp = KeyPair.CreatePair(PrefixByte.Server);
+        var part1 = EncodingUtils.ToBase64UrlEncoded(Encoding.ASCII.GetBytes("""{"typ":"JWT","alg":"ed25519-nkey"}"""));
+        var part2 = EncodingUtils.ToBase64UrlEncoded(Encoding.ASCII.GetBytes(json.Replace("@@PublicKey@@", kp.GetPublicKey())));
+        var sig = new byte[64];
+        kp.Sign(Encoding.ASCII.GetBytes(part2), sig);
+        var part3 = EncodingUtils.ToBase64UrlEncoded(sig);
+        var token = $"{part1}.{part2}.{part3}";
+        var jwt = new NatsJwt();
+        var exception = Assert.Throws<NatsJwtException>(() => jwt.DecodeClaims<NatsAuthorizationRequestClaims>(token));
+        Assert.Equal(error, exception.Message);
+    }
+
     [Fact]
     public void Verify_decode_encode_subject_is_not_set()
     {
@@ -134,4 +171,61 @@ public void Verify_decode_encode_invalid_signing_key()
         output.WriteLine($"Error: '{exception.Message}'");
         Assert.Equal("Invalid signing key of 'Account': expected one of 'Server'", exception.Message);
     }
+
+    [Theory]
+    [InlineData("X", "", "Invalid JWT header: not supported type X")]
+    [InlineData("JWT", "X", "Invalid JWT header: unexpected X algorithm")]
+    public void Header_validation(string type, string algo, string error)
+    {
+        var header = new JwtHeader { Type = type, Algorithm = algo };
+        var exception = Assert.Throws<NatsJwtException>(() => header.Validate());
+        Assert.Equal(error, exception.Message);
+    }
+
+    [Fact]
+    public void Prefix_validation()
+    {
+        /*func (a *AccountClaims) ExpectedPrefixes() []nkeys.PrefixByte {
+	        return []nkeys.PrefixByte{nkeys.PrefixByteAccount, nkeys.PrefixByteOperator}
+        }*/
+        Assert.Equal([PrefixByte.Account, PrefixByte.Operator], new NatsAccountClaims().ExpectedPrefixes());
+
+        /*func (a *ActivationClaims) ExpectedPrefixes() []nkeys.PrefixByte {
+	        return []nkeys.PrefixByte{nkeys.PrefixByteAccount, nkeys.PrefixByteOperator}
+        }*/
+        Assert.Equal([PrefixByte.Account, PrefixByte.Operator], new NatsActivationClaims().ExpectedPrefixes());
+
+        /*func (gc *GenericClaims) ExpectedPrefixes() []nkeys.PrefixByte {
+	        return nil
+        }*/
+        Assert.Equal([], new NatsGenericClaims().ExpectedPrefixes());
+
+        /*func (oc *OperatorClaims) ExpectedPrefixes() []nkeys.PrefixByte {
+	        return []nkeys.PrefixByte{nkeys.PrefixByteOperator}
+        }*/
+        Assert.Equal([PrefixByte.Operator], new NatsOperatorClaims().ExpectedPrefixes());
+
+        /*func (u *UserClaims) ExpectedPrefixes() []nkeys.PrefixByte {
+	        return []nkeys.PrefixByte{nkeys.PrefixByteAccount}
+        }*/
+        Assert.Equal([PrefixByte.Account], new NatsUserClaims().ExpectedPrefixes());
+
+        /*func (ac *AuthorizationRequestClaims) ExpectedPrefixes() []nkeys.PrefixByte {
+	        return []nkeys.PrefixByte{nkeys.PrefixByteServer}
+        }*/
+        Assert.Equal([PrefixByte.Server], new NatsAuthorizationRequestClaims().ExpectedPrefixes());
+
+        /*func (ar *AuthorizationResponseClaims) ExpectedPrefixes() []nkeys.PrefixByte {
+	        return []nkeys.PrefixByte{nkeys.PrefixByteAccount}
+        }*/
+        Assert.Equal([PrefixByte.Account], new NatsAuthorizationResponseClaims().ExpectedPrefixes());
+    }
+
+    [Fact]
+    public void Prefix_validation_non_existent()
+    {
+        var claims = new JwtClaimsData();
+        var exception = Assert.Throws<NatsJwtException>(() => claims.ExpectedPrefixes());
+        Assert.Equal("Can't find prefixes for JwtClaimsData", exception.Message);
+    }
 }
