internal/configuration/validator/util_test.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

package validator

import (
	"crypto/elliptic"
	"crypto/rsa"
	"testing"

	"github.com/stretchr/testify/assert"

	"github.com/authelia/authelia/v4/internal/configuration/schema"
	"github.com/authelia/authelia/v4/internal/oidc"
)

func TestMiscMissingCoverage(t *testing.T) {
	kid, err := jwkCalculateKID(struct{}{}, nil, "")
	assert.NoError(t, err)
	assert.Equal(t, "", kid)
}

func TestIsCookieDomainValid(t *testing.T) {
	testCases := []struct {
		domain   string
		expected bool
	}{
		{"example.com", false},
		{".example.com", false},
		{"*.example.com", false},
		{"authelia.com", false},
		{"duckdns.org", true},
		{".duckdns.org", true},
		{"example.duckdns.org", false},
		{"shiftcrypto.dev", false},
		{"192.168.2.1", false},
		{"localhost", true},
		{"com", true},
		{"randomnada", true},
	}

	for _, tc := range testCases {
		name := "ShouldFail"

		if tc.expected {
			name = "ShouldPass"
		}

		t.Run(tc.domain, func(t *testing.T) {
			t.Run(name, func(t *testing.T) {
				assert.Equal(t, tc.expected, isCookieDomainAPublicSuffix(tc.domain))
			})
		})
	}
}

func TestSchemaJWKGetPropertiesMissingTests(t *testing.T) {
	props, err := schemaJWKGetProperties(schema.JWK{Key: keyECDSAP224})

	assert.NoError(t, err)
	assert.Equal(t, oidc.KeyUseSignature, props.Use)
	assert.Equal(t, "", props.Algorithm)
	assert.Equal(t, elliptic.P224(), props.Curve)
	assert.Equal(t, -1, props.Bits)

	props, err = schemaJWKGetProperties(schema.JWK{Key: keyECDSAP224.Public()})

	assert.NoError(t, err)
	assert.Equal(t, oidc.KeyUseSignature, props.Use)
	assert.Equal(t, "", props.Algorithm)
	assert.Equal(t, elliptic.P224(), props.Curve)
	assert.Equal(t, -1, props.Bits)

	rsa := &rsa.PrivateKey{}

	*rsa = *keyRSA2048
	rsa.PublicKey.N = nil

	props, err = schemaJWKGetProperties(schema.JWK{Key: rsa})

	assert.NoError(t, err)
	assert.Equal(t, oidc.KeyUseSignature, props.Use)
	assert.Equal(t, oidc.SigningAlgRSAUsingSHA256, props.Algorithm)
	assert.Equal(t, nil, props.Curve)
	assert.Equal(t, 0, props.Bits)
}

func TestGetResponseObjectAlgFromKID(t *testing.T) {
	c := &schema.IdentityProvidersOpenIDConnect{
		JSONWebKeys: []schema.JWK{
			{KeyID: "abc", Algorithm: "EX256"},
			{KeyID: "123", Algorithm: "EX512"},
		},
	}

	assert.Equal(t, "EX256", getResponseObjectAlgFromKID(c, "abc", "not"))
	assert.Equal(t, "EX512", getResponseObjectAlgFromKID(c, "123", "not"))
	assert.Equal(t, "not", getResponseObjectAlgFromKID(c, "111111", "not"))
}