diff options
Diffstat (limited to 'tests/dpop-proof-invalid-ath.scm')
-rw-r--r-- | tests/dpop-proof-invalid-ath.scm | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/tests/dpop-proof-invalid-ath.scm b/tests/dpop-proof-invalid-ath.scm new file mode 100644 index 0000000..e802ffe --- /dev/null +++ b/tests/dpop-proof-invalid-ath.scm @@ -0,0 +1,73 @@ +;; webid-oidc, implementation of the Solid specification +;; Copyright (C) 2021 Vivien Kraus + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU Affero General Public License as +;; published by the Free Software Foundation, either version 3 of the +;; License, or (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU Affero General Public License for more details. + +;; You should have received a copy of the GNU Affero General Public License +;; along with this program. If not, see <https://www.gnu.org/licenses/>. + +(use-modules (webid-oidc dpop-proof) + (webid-oidc access-token) + (webid-oidc jti) + (webid-oidc jwk) + (webid-oidc testing) + (webid-oidc errors) + ((webid-oidc stubs) #:prefix stubs:) + (web uri) + (srfi srfi-19) + (web response)) + +(with-test-environment + "dpop-proof-invalid-ath" + (lambda () + (define jwk (generate-key #:n-size 2048)) + (define idp-key (generate-key #:n-size 2048)) + (define cnf (jkt jwk)) + (define blacklist (make-jti-list)) + (define access-token + (issue-access-token + idp-key + #:alg 'RS256 + #:webid "https://data.provider/subject" + #:iss "https://identity.provider" + #:iat 10 + #:exp 3610 + #:client-key jwk + #:client-id "https://client")) + (define proof + (issue-dpop-proof + jwk + #:alg 'RS256 + #:htm 'GET + #:htu (string->uri "https://example.com/res?query") + #:iat (time-utc->date (make-time time-utc 0 0)) + #:access-token "aaaaaaaaaaaaaaa")) + (with-exception-handler + (lambda (error) + (let ((cause + ((record-accessor &cannot-decode-dpop-proof 'cause) error))) + (unless (dpop-invalid-access-token-hash? cause) + (raise-exception error)) + (unless (and (equal? (dpop-invalid-access-token-hash-hash cause) + (stubs:hash 'SHA-256 "aaaaaaaaaaaaaaa")) + (equal? (dpop-invalid-access-token-hash-access-token cause) access-token)) + (exit 1)))) + (lambda () + (dpop-proof-decode (time-utc->date (make-time time-utc 0 10)) + blacklist + 'GET + (string->uri "https://example.com/res?query") + proof + cnf + #:access-token access-token) + (exit 2)) + #:unwind? #t + #:unwind-for-type &cannot-decode-dpop-proof))) |