-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdpop_nonce_test.go
More file actions
31 lines (28 loc) · 893 Bytes
/
Copy pathdpop_nonce_test.go
File metadata and controls
31 lines (28 loc) · 893 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
package aoa
import (
"context"
"net/http/httptest"
"testing"
)
func TestHMACNonce_CurrentIsValid(t *testing.T) {
ns := NewDPoPNonceSource([]byte("secret-key"))
r := httptest.NewRequest("POST", "https://mcp.example.com/mcp", nil)
n := ns.Current(context.Background(), r)
if n == "" {
t.Fatal("Current returned empty nonce")
}
if !ns.Valid(context.Background(), r, n) {
t.Error("freshly issued nonce rejected")
}
}
func TestHMACNonce_TamperedRejected(t *testing.T) {
ns := NewDPoPNonceSource([]byte("secret-key"))
r := httptest.NewRequest("POST", "https://mcp.example.com/mcp", nil)
if ns.Valid(context.Background(), r, "not-a-real-nonce") {
t.Error("garbage nonce accepted")
}
other := NewDPoPNonceSource([]byte("different-secret"))
if ns.Valid(context.Background(), r, other.Current(context.Background(), r)) {
t.Error("nonce from a different secret accepted")
}
}