jose
Summary #
5 suites · 45 scenarios
Contents #
- jose CLI surface — 10 scenarios
- root help prints usage with no arguments
- root help prints usage with –help
- version prints the version
- unknown command fails and reports the unknown command
- jwa lists the key types
- jwa lists only key types jose can generate
- jwa lists only signature algorithms jose accepts
- jwa lists only elliptic curves jose can generate
- jwa lists only key encryption algorithms jose accepts
- jwa fails when no option is given
- jose completion — 6 scenarios
- jose jwe — 5 scenarios
- jose jwk generate — 11 scenarios
- generates an RSA key as JSON
- generates an EC key in PEM format
- generates an OKP Ed25519 key
- generates an oct key
- emits a public key without private fields
- rejects the unsupported OKP X448 curve
- rejects the unsupported OKP Ed448 curve
- requires a curve for EC keys
- rejects PEM output for oct keys
- rejects –public-key for oct keys
- leaves a parseable EC key after overwriting a longer RSA key
- jose jws — 13 scenarios
- sign requires an algorithm
- sign signs a payload into a compact JWS
- sign signs a payload read from stdin via a pipe
- verify verifies and prints the payload
- verify verifies a token passed directly as an argument
- verify verifies a token read from stdin via a pipe
- verify reports a missing file instead of a parse error
- verify fails with the wrong key
- parse prints the payload from a file
- parse prints the payload from an inline token argument
- parse prints the payload from stdin
- parse prints all parts with –all
- parse reports a missing file instead of a parse error
jose CLI surface #
Source: test/e2e/tools/jose/cli.atago.yaml
Scenario: root help prints usage with no arguments #
When #
jose
Then #
- exit code is
0 - stdout contains
JSON Object Signing and Encryption,Available Commands:,jwk,jws,jwe
Scenario: root help prints usage with –help #
When #
jose --help
Then #
- exit code is
0 - stdout contains
Usage:,jwa
Scenario: version prints the version #
When #
jose version
Then #
- exit code is
0 - stdout contains
jose version,MIT LICENSE
Scenario: unknown command fails and reports the unknown command #
When #
jose frobnicate
Then #
- exit code is not
0 - stderr contains
unknown command
Scenario: jwa lists the key types #
When #
jose jwa --key-type
Then #
- exit code is
0 - stdout contains
RSA,oct
Scenario: jwa lists only key types jose can generate #
When #
jose jwa --key-type
Then #
- exit code is
0 - stdout does not contain
AKP
Scenario: jwa lists only signature algorithms jose accepts #
When #
jose jwa --signature
Then #
- exit code is
0 - stdout contains
EdDSA - stdout does not contain
Ed25519,none
Scenario: jwa lists only elliptic curves jose can generate #
When #
jose jwa --elliptic-curve
Then #
- exit code is
0 - stdout contains
X25519 - stdout does not contain
X448
Scenario: jwa lists only key encryption algorithms jose accepts #
When #
jose jwa --key-encryption
Then #
- exit code is
0 - stdout contains
RSA-OAEP - stdout does not contain
RSA-OAEP-384,HPKE
Scenario: jwa fails when no option is given #
When #
jose jwa
Then #
- exit code is not
0 - stderr is not empty
jose completion #
Source: test/e2e/tools/jose/completion.atago.yaml
Scenario: writes a bash completion script to stdout #
When #
jose completion bash
Then #
- exit code is
0 - stdout contains
bash completion
Scenario: writes a zsh completion script to stdout #
When #
jose completion zsh
Then #
- exit code is
0 - stdout contains
compdef
Scenario: writes a fish completion script to stdout #
When #
jose completion fish
Then #
- exit code is
0 - stdout contains
fish
Scenario: requires a shell argument #
When #
jose completion
Then #
- exit code is not
0 - stderr is not empty
Scenario: rejects an unknown shell #
When #
jose completion powershell
Then #
- exit code is not
0 - stderr is not empty
Scenario: does not create files in the working directory #
When #
jose completion zsh > /dev/null
ls -A
Then #
- exit code is
0 - stdout is empty
jose jwe #
Source: test/e2e/tools/jose/jwe.atago.yaml
Scenario: round-trips a payload through encrypt and decrypt #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \
--content-encryption A256GCM payload.json > secret.jwe
jose jwe decrypt --key ec.jwk secret.jwe
Then #
- after
jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \ --content-encryption A256GCM payload.json > secret.jwe jose jwe decrypt --key ec.jwk secret.jwe:- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: round-trips a payload piped through stdin #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
cat payload.json | jose jwe encrypt --key ec.jwk \
--key-encryption ECDH-ES --content-encryption A256GCM > secret.jwe
cat secret.jwe | jose jwe decrypt --key ec.jwk
Then #
- after
cat payload.json | jose jwe encrypt --key ec.jwk \ --key-encryption ECDH-ES --content-encryption A256GCM > secret.jwe cat secret.jwe | jose jwe decrypt --key ec.jwk:- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: round-trips with compression enabled #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \
--content-encryption A256GCM --compress payload.json > secret.jwe
jose jwe decrypt --key ec.jwk secret.jwe
Then #
- after
jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \ --content-encryption A256GCM --compress payload.json > secret.jwe jose jwe decrypt --key ec.jwk secret.jwe:- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: fails to encrypt without a key #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jwe encrypt --key-encryption ECDH-ES --content-encryption A256GCM payload.json
Then #
- after
jose jwe encrypt --key-encryption ECDH-ES --content-encryption A256GCM payload.json:- exit code is not
0 - stderr contains
key file required
- exit code is not
Scenario: fails to encrypt with an invalid content encryption #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES --content-encryption BOGUS payload.json
Then #
- after
jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES --content-encryption BOGUS payload.json:- exit code is not
0 - stderr contains
content encryption
- exit code is not
jose jwk generate #
Source: test/e2e/tools/jose/jwk.atago.yaml
Scenario: generates an RSA key as JSON #
When #
jose jwk generate --type RSA --size 2048
Then #
- exit code is
0 - stdout contains
"kty",RSA
Scenario: generates an EC key in PEM format #
When #
jose jwk generate --type EC --curve P-256 --output-format pem
Then #
- exit code is
0 - stdout contains
BEGIN,PRIVATE KEY
Scenario: generates an OKP Ed25519 key #
When #
jose jwk generate --type OKP --curve Ed25519
Then #
- exit code is
0 - stdout contains
OKP
Scenario: generates an oct key #
When #
jose jwk generate --type oct --size 256
Then #
- exit code is
0 - stdout contains
oct
Scenario: emits a public key without private fields #
When #
jose jwk generate --type EC --curve P-256 --public-key
Then #
- exit code is
0 - stdout contains
"kty" - stdout does not contain
"d"
Scenario: rejects the unsupported OKP X448 curve #
When #
jose jwk generate --type OKP --curve X448
Then #
- exit code is not
0 - stderr contains
OKP supports
Scenario: rejects the unsupported OKP Ed448 curve #
When #
jose jwk generate --type OKP --curve Ed448
Then #
- exit code is not
0 - stderr contains
OKP supports
Scenario: requires a curve for EC keys #
When #
jose jwk generate --type EC
Then #
- exit code is not
0 - stderr contains
require --curve
Scenario: rejects PEM output for oct keys #
When #
jose jwk generate --type oct --size 256 --output-format pem
Then #
- exit code is not
0 - stderr contains
oct,json
Scenario: rejects –public-key for oct keys #
When #
jose jwk generate --type oct --size 256 --public-key
Then #
- exit code is not
0 - stderr contains
public key
Scenario: leaves a parseable EC key after overwriting a longer RSA key #
When #
jose jwk generate --type RSA --size 4096 --output key.jwk
jose jwk generate --type EC --curve P-256 --output key.jwk
printf 'hello' > msg.txt
jose jws sign --algorithm ES256 --key key.jwk msg.txt
Then #
- exit code is
0 - stdout is not empty
jose jws #
Source: test/e2e/tools/jose/jws.atago.yaml
Scenario: sign requires an algorithm #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws sign --key ec.jwk payload.json
Then #
- after
jose jws sign --key ec.jwk payload.json:- exit code is not
0 - stderr contains
signature algorithm
- exit code is not
Scenario: sign signs a payload into a compact JWS #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws sign --algorithm ES256 --key ec.jwk payload.json
Then #
- after
jose jws sign --algorithm ES256 --key ec.jwk payload.json:- exit code is
0 - stdout contains
.
- exit code is
Scenario: sign signs a payload read from stdin via a pipe #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
cat payload.json | jose jws sign --algorithm ES256 --key ec.jwk
Then #
- after
cat payload.json | jose jws sign --algorithm ES256 --key ec.jwk:- exit code is
0 - stdout contains
.
- exit code is
Scenario: verify verifies and prints the payload #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws verify --algorithm ES256 --key ec.jwk token.jws
Then #
- after
jose jws verify --algorithm ES256 --key ec.jwk token.jws:- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: verify verifies a token passed directly as an argument #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws verify --algorithm ES256 --key ec.jwk "$(cat token.jws)"
Then #
- after
jose jws verify --algorithm ES256 --key ec.jwk "$(cat token.jws)":- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: verify verifies a token read from stdin via a pipe #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
cat token.jws | jose jws verify --algorithm ES256 --key ec.jwk
Then #
- after
cat token.jws | jose jws verify --algorithm ES256 --key ec.jwk:- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: verify reports a missing file instead of a parse error #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws verify --algorithm ES256 --key ec.jwk does-not-exist.jws
Then #
- after
jose jws verify --algorithm ES256 --key ec.jwk does-not-exist.jws:- exit code is not
0 - stderr contains
failed to open file
- exit code is not
Scenario: verify fails with the wrong key #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jwk generate --type EC --curve P-256 --output other.jwk
jose jws verify --algorithm ES256 --key other.jwk token.jws
Then #
- after
jose jws verify --algorithm ES256 --key other.jwk token.jws:- exit code is not
0 - stderr contains
verify
- exit code is not
Scenario: parse prints the payload from a file #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws parse token.jws
Then #
- after
jose jws parse token.jws:- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: parse prints the payload from an inline token argument #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws parse "$(cat token.jws)"
Then #
- after
jose jws parse "$(cat token.jws)":- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: parse prints the payload from stdin #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
cat token.jws | jose jws parse -
Then #
- after
cat token.jws | jose jws parse -:- exit code is
0 - stdout equals an exact value
- exit code is
Scenario: parse prints all parts with –all #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws parse --all token.jws
Then #
- after
jose jws parse --all token.jws:- exit code is
0 - stdout contains
Payload:,Signature 0:
- exit code is
Scenario: parse reports a missing file instead of a parse error #
When #
printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws
jose jws parse does-not-exist.jws
Then #
- after
jose jws parse does-not-exist.jws:- exit code is not
0 - stderr contains
failed to open file
- exit code is not