JSON Web Token tests
Test Encodings
A simple JSON object is correctly converted to Base64url.
$ jwt.base64urlencode(joeStr); // note absence of padding == at end of string
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
$ jwt.base64urldecode(jwt.base64urlencode(joeStr)) == joeStr;
true
An HS256 algorithm element is correctly converted to Base64url.
$ jwt.base64urlencode(hs256);
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"
An ES256 algorithm element is correctly converted to Base64url.
$ jwt.base64urlencode(es256);
"eyJhbGciOiJFUzI1NiJ9"
An RS256 algorithm element is correctly converted to Base64url.
$ jwt.base64urlencode(rs256);
"eyJhbGciOiJSUzI1NiJ9"
Test Digest Functions
SHA256 implementation appears to be correct:
$ sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash("Hello World"));
"a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e"
$ sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash("ABCDEFGHIJKLMNOPQRSTUVWXYZ"));
"d6ec6898de87ddac6e5b3611708a7aa1c2d298293349cc1a6c299a1db7149d38"
$ sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890./="));
"f250c33ac399835034a17e00afcc2fae03fd90389eef40f11e5123f154e1f9ca"
Test Signature Generation
Test creation of an HMAC-SHA256 signature.
$ var token = new jwt.WebToken(joeStr, hs256);
$ var signed = token.serialize(hmacKey)
$ var split = signed.split("\.")
$ split.length
3
$ split[0]
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"
$ split[1]
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
$ split[2] // correct value generated by OpenSSL; see make_samples.sh
"AF9JZKWRn2omJDrJrWeoVQyjR3PcGFiAe0_dC04hwyE"
Test creation of an RSA-SHA256 signature.
$ var token = new jwt.WebToken(joeStr, rs256);
$ var signed = token.serialize(rsKeyPEM)
$ var split = signed.split("\.")
$ split.length
3
$ split[0]
"eyJhbGciOiJSUzI1NiJ9"
$ split[1]
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
$ split[2] // correct value generated by OpenSSL; see make_samples.sh
"PD3-BJR3UrF6del98ffZ8d8Vu3RMLhqj117r6LQNpM5eMImCKarEpqf6j1cu2FZZ9zQzusXPkBYPTUE1SKg8lzJmHbgSAaSunxxprS_XNYbFg8y9twxYBHh3umyJ0JTBWx5OciLQuapX8fKCZXINUXl1ytR1CCw4tSwD3ekMddLlAkmqdn7gYpIswaAO7bMOqrszXM5QAh7AMCwoisFBvUDFCrzs0alLIcPButn6vXo0p7vhakXXUPy7vRgTMsf3kSJcvJzLtxlcV0K1LiiR3wR_dcxSeRNkm075uIggTmSXhtUm7cswEr1u5YVN7F2v1pjg_KYwnhtRkP8AGU-k9g"
RSA-SHA384 is unsupported.
$ var token = new jwt.WebToken(joeStr, rs384);
$ token.serialize(rsKeyPEM);
Error: RSA-SHA384 not yet implemented
RSA-SHA512 is unsupported.
$ var token = new jwt.WebToken(joeStr, rs512);
$ token.serialize(rsKeyPEM);
Error: RSA-SHA512 not yet implemented
HMAC-SHA384 is unsupported.
$ var token = new jwt.WebToken(joeStr, hs384);
$ token.serialize(hmacKey);
Error: HMAC-SHA384 not yet implemented
HMAC-SHA512 is unsupported.
$ var token = new jwt.WebToken(joeStr, hs512);
$ token.serialize(hmacKey);
Error: HMAC-SHA512 not yet implemented
ECDSA-SHA384 is unsupported.
$ var token = new jwt.WebToken(joeStr, es384);
$ token.serialize(hmacKey);
Error: ECDSA-SHA384 not yet implemented
ECDSA-SHA512 is unsupported.
$ var token = new jwt.WebToken(joeStr, es512);
$ token.serialize(hmacKey);
Error: ECDSA-SHA512 not yet implemented
Test Signature Verification
Test verification of an HMAC-SHA256 signature.
$ var token = jwt.WebTokenParser.parse(sampleHS256);
$ token.verify(hmacKey)
true
Test verification of an RSA-SHA256 signature.
$ var token = jwt.WebTokenParser.parse(sampleRS256);
$ var pubKey = new RSAKey();
$ pubKey.setPublic(rsPubKeyModulus, rsPubKeyExponent);
$ token.verify(pubKey)
true
Test verification of an EDSA Signature according to Draft 01.
$ var ec256Token = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q";
$ var x = [127, 205, 206, 39, 112, 246, 196, 93, 65, 131, 203, 238, 111, 219, 75, 123, 88, 7, 51, 53, 123, 233, 239, 19, 186, 207, 110, 60, 123, 209, 84, 69];
$ var y = [199, 241, 68, 205, 27, 189, 155, 126, 135, 44, 223, 237, 185, 238, 185, 244, 179, 105, 93, 110, 169, 11, 36, 173, 138, 70, 35, 40, 133, 136, 229, 173];
$ var token = jwt.WebTokenParser.parse(ec256Token);
$ token.verify(x, y);
true