mirror of
https://github.com/oven-sh/bun
synced 2026-02-10 02:48:50 +00:00
35109160ca
* oops * createSecretKey but weird error * use the right prototype, do not add a function called export lol * HMAC JWT export + base64 fix * Fix Equals, Fix Get KeySize, add complete export RSA * fix RSA export * add EC exports * X25519 and ED25519 export + fixes * fix default exports * better asymmetricKeyType * fix private exports * fix symmetricKeySize * createPublicKey validations + refactor * jwt + der fixes * oopsies * add PEM into createPublicKey * cleanup * WIP * bunch of fixes * public from private + private OKP * encrypted keys fixes * oops * fix clear tls error, add some support to jwk and other formats on publicEncrypt/publicDecrypt * more fixes and tests working * more fixes more tests * more clear hmac errors * more tests and fixes * add generateKeyPair * more tests passing, some skips * fix EC key from private * fix OKP JWK * nodejs ignores ext and key_ops on KeyObject.exports * add EC sign verify test * some fixes * add crypto.generateKeyPairSync(type, options) * more fixes and more tests * fix hmac tests * jsonwebtoken tests * oops * oops2 * generated files * revert package.json * vm tests * todos instead of failues * toBunString -> toString * undo simdutf * improvements * unlikely * cleanup * cleanup 2 * oops * move _generateKeyPairSync checks to native
50 lines
1.6 KiB
JavaScript
50 lines
1.6 KiB
JavaScript
var PS_SUPPORTED = true;
|
|
import jwt from "jsonwebtoken";
|
|
import { expect, describe, it } from "bun:test";
|
|
import path from "path";
|
|
import fs from "fs";
|
|
|
|
var pub = fs.readFileSync(path.join(__dirname, "pub.pem"), "utf8");
|
|
// priv is never used
|
|
// var priv = fs.readFileSync(path.join(__dirname, 'priv.pem'));
|
|
|
|
var TOKEN =
|
|
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIiLCJpYXQiOjE0MjY1NDY5MTl9.ETgkTn8BaxIX4YqvUWVFPmum3moNZ7oARZtSBXb_vP4";
|
|
|
|
describe("when setting a wrong `header.alg`", function () {
|
|
describe("signing with pub key as symmetric", function () {
|
|
it("should not verify", function () {
|
|
expect(function () {
|
|
jwt.verify(TOKEN, pub);
|
|
}).toThrow(/invalid algorithm/);
|
|
});
|
|
});
|
|
|
|
describe("signing with pub key as HS256 and whitelisting only RS256", function () {
|
|
it("should not verify", function () {
|
|
expect(function () {
|
|
jwt.verify(TOKEN, pub, { algorithms: ["RS256"] });
|
|
}).toThrow(/invalid algorithm/);
|
|
});
|
|
});
|
|
|
|
if (PS_SUPPORTED) {
|
|
describe("signing with pub key as HS256 and whitelisting only PS256", function () {
|
|
it("should not verify", function () {
|
|
expect(function () {
|
|
jwt.verify(TOKEN, pub, { algorithms: ["PS256"] });
|
|
}).toThrow(/invalid algorithm/);
|
|
});
|
|
});
|
|
}
|
|
|
|
describe("signing with HS256 and checking with HS384", function () {
|
|
it("should not verify", function () {
|
|
expect(function () {
|
|
var token = jwt.sign({ foo: "bar" }, "secret", { algorithm: "HS256" });
|
|
jwt.verify(token, "some secret", { algorithms: ["HS384"] });
|
|
}).toThrow(/invalid algorithm/);
|
|
});
|
|
});
|
|
});
|