libcrypto/test/jwt.test.ts

import {beforeAll, describe, expect, setSystemTime, test} from 'bun:test'
import {JWTcontext} from '../src/jwt'

let c!: JWTcontext

beforeAll(async () => {
  c = await JWTcontext.new_random()
})

test('Base case', async () => {
  let payload = {
    yeet: 'yaat',
    lol: 'yes'
  }

  const jwt = await c.sign(payload, true, '2 days', 'pascal', 'server')
  const verified = await c.verify(jwt, 'pascal', 'server')
  expect(verified).toEqual(payload)
})

describe('Audience verification', () => {
  const cases: [string | string[] | undefined, string | string[] | undefined, boolean][] = [
    // undefined at verify means we don't enforce that field
    [undefined, undefined, true],
    ['value', undefined, true],
    [['value', 'other'], undefined, true],

    [undefined, 'value', false],
    [undefined, ['value', 'other'], false],

    ['value', 'value', true],
    ['value', ['value', 'other'], true],
    ['value', 'yeet', false],
    ['value', ['yeet', 'other'], false],

    [['value', 'other'], 'value', true],
    [['value', 'other'], ['value', 'yeet'], true],
    [['value', 'other'], ['value', 'other'], true],
    [['yeet', 'other'], 'value', false],
    [['value', 'other'], ['yeet', 'yaat'], false]
  ]

  for (const [at_sign, at_verify, result] of cases) {
    test(`${at_sign} and ${at_verify} ${result ? 'should' : "shouldn't"} work`, async () => {
      const message = 'Yeet'

      const jwt = await c.sign(message, false, undefined, at_sign)
      const res = await c.verify<string>(jwt, at_verify)
      if (result) {
        expect(res).toBe(message)
      } else {
        expect(res).toBeNull()
      }
    })
  }
})
describe('Issuer verification', () => {
  const cases: [string | undefined, string | string[] | undefined, boolean][] = [
    // undefined at verify means don't enforce the field
    [undefined, undefined, true],
    ['value', undefined, true],

    [undefined, 'value', false],
    [undefined, ['value', 'other'], false],

    ['value', 'value', true],
    ['value', ['value', 'other'], true],
    ['value', 'yeet', false],
    ['value', ['yeet', 'other'], false]
  ]

  for (const [at_sign, at_verify, result] of cases) {
    test(`${at_sign} and ${at_verify} ${result ? 'should' : "shouldn't"} work`, async () => {
      const message = 'Yaat'

      const jwt = await c.sign(message, false, undefined, undefined, at_sign)
      const res = await c.verify<string>(jwt, undefined, at_verify)
      if (result) {
        expect(res).toBe(message)
      } else {
        expect(res).toBeNull()
      }
    })
  }
})
test('Expired JWT is rejected', async () => {
  const message = 'yeet'

  const jwt = await c.sign(message, false, '5min')

  const today = new Date()
  today.setDate(today.getDate() + 1)
  setSystemTime(today)

  const res = await c.verify<string>(jwt)
  expect(res).toBeNull()
})
test("Wrong key won't decrypt", async () => {
  const c2 = await JWTcontext.new_random()

  const message = 'yeet'
  const jwt = await c.sign(message)
  const res = await c2.verify<string>(jwt)

  expect(res).toBeNull()
})
test('tampered JWT are rejected', async () => {
  const message = 'yeet'
  let jwt = await c.sign(message)

  if (jwt[0] === 'a') jwt = 'b' + jwt.substring(1)
  else jwt = 'a' + jwt.substring(1)

  const res = await c.verify<string>(jwt)
  expect(res).toBeNull()
})