jose

Summary #

5 suites · 45 scenarios

Contents #

jose CLI surface #

Source: test/e2e/tools/jose/cli.atago.yaml

Scenario: root help prints usage with no arguments #

When #

jose

Then #

  • exit code is 0
  • stdout contains JSON Object Signing and Encryption, Available Commands:, jwk, jws, jwe

Scenario: root help prints usage with –help #

When #

jose --help

Then #

  • exit code is 0
  • stdout contains Usage:, jwa

Scenario: version prints the version #

When #

jose version

Then #

  • exit code is 0
  • stdout contains jose version, MIT LICENSE

Scenario: unknown command fails and reports the unknown command #

When #

jose frobnicate

Then #

  • exit code is not 0
  • stderr contains unknown command

Scenario: jwa lists the key types #

When #

jose jwa --key-type

Then #

  • exit code is 0
  • stdout contains RSA, oct

Scenario: jwa lists only key types jose can generate #

When #

jose jwa --key-type

Then #

  • exit code is 0
  • stdout does not contain AKP

Scenario: jwa lists only signature algorithms jose accepts #

When #

jose jwa --signature

Then #

  • exit code is 0
  • stdout contains EdDSA
  • stdout does not contain Ed25519, none

Scenario: jwa lists only elliptic curves jose can generate #

When #

jose jwa --elliptic-curve

Then #

  • exit code is 0
  • stdout contains X25519
  • stdout does not contain X448

Scenario: jwa lists only key encryption algorithms jose accepts #

When #

jose jwa --key-encryption

Then #

  • exit code is 0
  • stdout contains RSA-OAEP
  • stdout does not contain RSA-OAEP-384, HPKE

Scenario: jwa fails when no option is given #

When #

jose jwa

Then #

  • exit code is not 0
  • stderr is not empty

jose completion #

Source: test/e2e/tools/jose/completion.atago.yaml

Scenario: writes a bash completion script to stdout #

When #

jose completion bash

Then #

  • exit code is 0
  • stdout contains bash completion

Scenario: writes a zsh completion script to stdout #

When #

jose completion zsh

Then #

  • exit code is 0
  • stdout contains compdef

Scenario: writes a fish completion script to stdout #

When #

jose completion fish

Then #

  • exit code is 0
  • stdout contains fish

Scenario: requires a shell argument #

When #

jose completion

Then #

  • exit code is not 0
  • stderr is not empty

Scenario: rejects an unknown shell #

When #

jose completion powershell

Then #

  • exit code is not 0
  • stderr is not empty

Scenario: does not create files in the working directory #

When #

jose completion zsh > /dev/null
ls -A

Then #

  • exit code is 0
  • stdout is empty

jose jwe #

Source: test/e2e/tools/jose/jwe.atago.yaml

Scenario: round-trips a payload through encrypt and decrypt #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null

jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \
  --content-encryption A256GCM payload.json > secret.jwe
jose jwe decrypt --key ec.jwk secret.jwe

Then #

  • after jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \ --content-encryption A256GCM payload.json > secret.jwe jose jwe decrypt --key ec.jwk secret.jwe :
    • exit code is 0
    • stdout equals an exact value

Scenario: round-trips a payload piped through stdin #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null

cat payload.json | jose jwe encrypt --key ec.jwk \
  --key-encryption ECDH-ES --content-encryption A256GCM > secret.jwe
cat secret.jwe | jose jwe decrypt --key ec.jwk

Then #

  • after cat payload.json | jose jwe encrypt --key ec.jwk \ --key-encryption ECDH-ES --content-encryption A256GCM > secret.jwe cat secret.jwe | jose jwe decrypt --key ec.jwk :
    • exit code is 0
    • stdout equals an exact value

Scenario: round-trips with compression enabled #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null

jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \
  --content-encryption A256GCM --compress payload.json > secret.jwe
jose jwe decrypt --key ec.jwk secret.jwe

Then #

  • after jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES \ --content-encryption A256GCM --compress payload.json > secret.jwe jose jwe decrypt --key ec.jwk secret.jwe :
    • exit code is 0
    • stdout equals an exact value

Scenario: fails to encrypt without a key #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null

jose jwe encrypt --key-encryption ECDH-ES --content-encryption A256GCM payload.json

Then #

  • after jose jwe encrypt --key-encryption ECDH-ES --content-encryption A256GCM payload.json:
    • exit code is not 0
    • stderr contains key file required

Scenario: fails to encrypt with an invalid content encryption #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null

jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES --content-encryption BOGUS payload.json

Then #

  • after jose jwe encrypt --key ec.jwk --key-encryption ECDH-ES --content-encryption BOGUS payload.json:
    • exit code is not 0
    • stderr contains content encryption

jose jwk generate #

Source: test/e2e/tools/jose/jwk.atago.yaml

Scenario: generates an RSA key as JSON #

When #

jose jwk generate --type RSA --size 2048

Then #

  • exit code is 0
  • stdout contains "kty", RSA

Scenario: generates an EC key in PEM format #

When #

jose jwk generate --type EC --curve P-256 --output-format pem

Then #

  • exit code is 0
  • stdout contains BEGIN, PRIVATE KEY

Scenario: generates an OKP Ed25519 key #

When #

jose jwk generate --type OKP --curve Ed25519

Then #

  • exit code is 0
  • stdout contains OKP

Scenario: generates an oct key #

When #

jose jwk generate --type oct --size 256

Then #

  • exit code is 0
  • stdout contains oct

Scenario: emits a public key without private fields #

When #

jose jwk generate --type EC --curve P-256 --public-key

Then #

  • exit code is 0
  • stdout contains "kty"
  • stdout does not contain "d"

Scenario: rejects the unsupported OKP X448 curve #

When #

jose jwk generate --type OKP --curve X448

Then #

  • exit code is not 0
  • stderr contains OKP supports

Scenario: rejects the unsupported OKP Ed448 curve #

When #

jose jwk generate --type OKP --curve Ed448

Then #

  • exit code is not 0
  • stderr contains OKP supports

Scenario: requires a curve for EC keys #

When #

jose jwk generate --type EC

Then #

  • exit code is not 0
  • stderr contains require --curve

Scenario: rejects PEM output for oct keys #

When #

jose jwk generate --type oct --size 256 --output-format pem

Then #

  • exit code is not 0
  • stderr contains oct, json

Scenario: rejects –public-key for oct keys #

When #

jose jwk generate --type oct --size 256 --public-key

Then #

  • exit code is not 0
  • stderr contains public key

Scenario: leaves a parseable EC key after overwriting a longer RSA key #

When #

jose jwk generate --type RSA --size 4096 --output key.jwk
jose jwk generate --type EC --curve P-256 --output key.jwk
printf 'hello' > msg.txt
jose jws sign --algorithm ES256 --key key.jwk msg.txt

Then #

  • exit code is 0
  • stdout is not empty

jose jws #

Source: test/e2e/tools/jose/jws.atago.yaml

Scenario: sign requires an algorithm #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws sign --key ec.jwk payload.json

Then #

  • after jose jws sign --key ec.jwk payload.json:
    • exit code is not 0
    • stderr contains signature algorithm

Scenario: sign signs a payload into a compact JWS #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws sign --algorithm ES256 --key ec.jwk payload.json

Then #

  • after jose jws sign --algorithm ES256 --key ec.jwk payload.json:
    • exit code is 0
    • stdout contains .

Scenario: sign signs a payload read from stdin via a pipe #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

cat payload.json | jose jws sign --algorithm ES256 --key ec.jwk

Then #

  • after cat payload.json | jose jws sign --algorithm ES256 --key ec.jwk:
    • exit code is 0
    • stdout contains .

Scenario: verify verifies and prints the payload #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws verify --algorithm ES256 --key ec.jwk token.jws

Then #

  • after jose jws verify --algorithm ES256 --key ec.jwk token.jws:
    • exit code is 0
    • stdout equals an exact value

Scenario: verify verifies a token passed directly as an argument #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws verify --algorithm ES256 --key ec.jwk "$(cat token.jws)"

Then #

  • after jose jws verify --algorithm ES256 --key ec.jwk "$(cat token.jws)":
    • exit code is 0
    • stdout equals an exact value

Scenario: verify verifies a token read from stdin via a pipe #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

cat token.jws | jose jws verify --algorithm ES256 --key ec.jwk

Then #

  • after cat token.jws | jose jws verify --algorithm ES256 --key ec.jwk:
    • exit code is 0
    • stdout equals an exact value

Scenario: verify reports a missing file instead of a parse error #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws verify --algorithm ES256 --key ec.jwk does-not-exist.jws

Then #

  • after jose jws verify --algorithm ES256 --key ec.jwk does-not-exist.jws:
    • exit code is not 0
    • stderr contains failed to open file

Scenario: verify fails with the wrong key #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jwk generate --type EC --curve P-256 --output other.jwk
jose jws verify --algorithm ES256 --key other.jwk token.jws

Then #

  • after jose jws verify --algorithm ES256 --key other.jwk token.jws:
    • exit code is not 0
    • stderr contains verify

Scenario: parse prints the payload from a file #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws parse token.jws

Then #

  • after jose jws parse token.jws:
    • exit code is 0
    • stdout equals an exact value

Scenario: parse prints the payload from an inline token argument #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws parse "$(cat token.jws)"

Then #

  • after jose jws parse "$(cat token.jws)":
    • exit code is 0
    • stdout equals an exact value

Scenario: parse prints the payload from stdin #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

cat token.jws | jose jws parse -

Then #

  • after cat token.jws | jose jws parse -:
    • exit code is 0
    • stdout equals an exact value

Scenario: parse prints all parts with –all #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws parse --all token.jws

Then #

  • after jose jws parse --all token.jws:
    • exit code is 0
    • stdout contains Payload:, Signature 0:

Scenario: parse reports a missing file instead of a parse error #

When #

printf '{"sub":"alice"}' > payload.json
jose jwk generate --type EC --curve P-256 --output ec.jwk >/dev/null
jose jws sign --algorithm ES256 --key ec.jwk payload.json > token.jws

jose jws parse does-not-exist.jws

Then #

  • after jose jws parse does-not-exist.jws:
    • exit code is not 0
    • stderr contains failed to open file