tests: added additional test cases

Author: someone1

iam_test.go

@@ -185,21 +185,30 @@ func TestSigningMethodIAM_Override(t *testing.T) {
 }
 
 func TestSigningMethodIAM_Sign(t *testing.T) {
+	ctx, err := newContextFunc()
+	if err != nil {
+		t.Errorf("could not get context: %v", err)
+		return
+	}
 	type args struct {
 		signingString string
 		key           interface{}
 	}
 	tests := []struct {
-		name    string
-		args    args
-		wantErr error
+		name       string
+		args       args
+		method     *SigningMethodIAM
+		wantErr    bool
+		compareErr error
 	}{
 		{
 			"InvalidKey",
 			args{
 				"",
 				"",
 			},
+			SigningMethodIAMJWT,
+			true,
 			jwt.ErrInvalidKey,
 		},
 		{
@@ -208,14 +217,35 @@ func TestSigningMethodIAM_Sign(t *testing.T) {
 				"",
 				context.Background(),
 			},
+			SigningMethodIAMJWT,
+			true,
 			ErrMissingConfig,
 		},
+		{
+			"InvalidServiceAccountJWT",
+			args{
+				"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ",
+				NewIAMContext(ctx, &IAMConfig{ServiceAccount: "invalid"}),
+			},
+			SigningMethodIAMJWT,
+			true,
+			nil,
+		},
+		{
+			"InvalidServiceAccountBlob",
+			args{
+				"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ",
+				NewIAMContext(ctx, &IAMConfig{ServiceAccount: "invalid"}),
+			},
+			SigningMethodIAMBlob,
+			true,
+			nil,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_, err := SigningMethodIAMJWT.Sign(tt.args.signingString, tt.args.key)
-			if err != tt.wantErr {
-				t.Errorf("SigningMethodIAM.Sign() error = %v, wantErr %v", err, tt.wantErr)
+			if _, gotErr := tt.method.Sign(tt.args.signingString, tt.args.key); (gotErr != nil) != tt.wantErr || (tt.compareErr != nil && tt.compareErr != gotErr) {
+				t.Errorf("%T.Sign() error = %v, wantErr %v, compareErr %v", tt.method, gotErr, tt.wantErr, tt.compareErr)
 				return
 			}
 		})
@@ -271,6 +301,23 @@ func TestIAMVerfiyKeyfunc(t *testing.T) {
 			},
 			true,
 		},
+		{
+			"InvalidServiceAccount",
+			args{
+				ctx,
+				&IAMConfig{
+					ServiceAccount: "invalid",
+				},
+				&jwt.Token{
+					Method: SigningMethodIAMJWT,
+					Header: map[string]interface{}{
+						"alg": SigningMethodIAMJWT.Alg(),
+						"kid": "invalid",
+					},
+				},
+			},
+			true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

kms_test.go

@@ -279,3 +279,77 @@ func TestSigningMethodKMS_Hash(t *testing.T) {
 		})
 	}
 }
+
+func TestKMSVerfiyKeyfunc(t *testing.T) {
+	ctx, err := newContextFunc()
+	if err != nil {
+		t.Errorf("could not get context: %v", err)
+		return
+	}
+	testKeys, err := readKeys()
+	if err != nil {
+		t.Errorf("could not read keys: %v", err)
+		return
+	}
+	if len(testKeys) < 1 {
+		t.Errorf("no keys to test with")
+		return
+	}
+	type args struct {
+		ctx    context.Context
+		config *KMSConfig
+		token  *jwt.Token
+	}
+	tests := []struct {
+		name           string
+		args           args
+		wantKeyFuncErr bool
+		wantErr        bool
+	}{
+		{
+			"WrongMethod",
+			args{
+				ctx,
+				&KMSConfig{
+					KeyPath: testKeys[0].KeyPath,
+				},
+				&jwt.Token{
+					Method: jwt.SigningMethodPS256,
+					Header: map[string]interface{}{
+						"alg": "PS256",
+					},
+				},
+			},
+			false,
+			true,
+		},
+		{
+			"InvalidKeyPath",
+			args{
+				ctx,
+				&KMSConfig{
+					KeyPath: "invalid",
+				},
+				&jwt.Token{
+					Method: SigningMethodKMSES256,
+					Header: map[string]interface{}{
+						"alg": SigningMethodKMSES256.Alg(),
+					},
+				},
+			},
+			true,
+			true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if keyFunc, gotErr := KMSVerfiyKeyfunc(tt.args.ctx, tt.args.config); (gotErr != nil) != tt.wantKeyFuncErr {
+				t.Errorf("VerifyKeyfunc() error = %v, wantErr %v", gotErr, tt.wantKeyFuncErr)
+			} else if gotErr == nil {
+				if _, gotErr = keyFunc(tt.args.token); (gotErr != nil) != tt.wantErr {
+					t.Errorf("VerifyKeyfunc().Keyfunc() error = %v, wantErr %v", gotErr, tt.wantErr)
+				}
+			}
+		})
+	}
+}