-
Notifications
You must be signed in to change notification settings - Fork 70
/
vapid_test.go
102 lines (84 loc) · 2.23 KB
/
vapid_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package webpush
import (
"encoding/base64"
"fmt"
"strings"
"testing"
"time"
"github.com/golang-jwt/jwt"
)
func TestVAPID(t *testing.T) {
s := getStandardEncodedTestSubscription()
sub := "[email protected]"
// Generate vapid keys
vapidPrivateKey, vapidPublicKey, err := GenerateVAPIDKeys()
if err != nil {
t.Fatal(err)
}
// Get authentication header
vapidAuthHeader, err := getVAPIDAuthorizationHeader(
s.Endpoint,
sub,
vapidPublicKey,
vapidPrivateKey,
time.Now().Add(time.Hour*12),
)
if err != nil {
t.Fatal(err)
}
// Validate the token in the Authorization header
tokenString := getTokenFromAuthorizationHeader(vapidAuthHeader, t)
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodECDSA); !ok {
t.Fatal("Wrong validation method need ECDSA!")
}
// To decode the token it needs the VAPID public key
b64 := base64.RawURLEncoding
decodedVapidPrivateKey, err := b64.DecodeString(vapidPrivateKey)
if err != nil {
t.Fatal("Could not decode VAPID private key")
}
privKey := generateVAPIDHeaderKeys(decodedVapidPrivateKey)
return privKey.Public(), nil
})
// Check the claims on the token
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
expectedSub := fmt.Sprintf("mailto:%s", sub)
if expectedSub != claims["sub"] {
t.Fatalf(
"Incorreect mailto, expected=%s, got=%s",
expectedSub,
claims["sub"],
)
}
if claims["aud"] == "" {
t.Fatal("Audience should not be empty")
}
} else {
t.Fatal(err)
}
}
func TestVAPIDKeys(t *testing.T) {
privateKey, publicKey, err := GenerateVAPIDKeys()
if err != nil {
t.Fatal(err)
}
if len(privateKey) != 43 {
t.Fatal("Generated incorrect VAPID private key")
}
if len(publicKey) != 87 {
t.Fatal("Generated incorrect VAPID public key")
}
}
// Helper function for extracting the token from the Authorization header
func getTokenFromAuthorizationHeader(tokenHeader string, t *testing.T) string {
hsplit := strings.Split(tokenHeader, " ")
if len(hsplit) < 3 {
t.Fatal("Failed to auth split header")
}
tsplit := strings.Split(hsplit[1], "=")
if len(tsplit) < 2 {
t.Fatal("Failed to t split header on =")
}
return tsplit[1][:len(tsplit[1])-1]
}