fpc/packages/fcl-web/tests/tcjwt.pp

unit tcjwt;

{$mode objfpc}{$H+}

interface

uses
  Classes, SysUtils, fpcunit, testregistry, DateUtils, fprsa, fphashutils,
  fpjwt, fpjwarsa;

type

  { TMyClaims }

  TMyClaims = Class(TClaims)
  private
    FAdmin: Boolean;
    FName: string;
  Published
    Property Name : string Read FName Write FName;
    Property admin : Boolean Read FAdmin Write FAdmin;
  end;

  { TMyJWT }

  TMyJWT = Class(TJWT)
    Function CreateClaims : TClaims; override;
  end;

  { TTestJWT }

  TTestJWT= class(TTestCase)
  private
    FJWT: TJWT;
    FKey : TJWTKey;
    FVerifyResult : TJWT;
  protected
    procedure SetUp; override;
    procedure TearDown; override;
    Property JWT : TJWT Read FJWT;
    Property Key : TJWTKey Read FKey;
    procedure GetTestPEM(out aPrivateKeyPEM, aPublicKeyPEM: string);
    procedure TestVerifyRSAPem(SignerClass: TJWTSignerClass); virtual;
  published
    procedure TestSignNone;
    procedure TestVerifyNone;

    // SHA
    procedure TestSignSHA256;
    procedure TestVerifySHA256;
    procedure TestSignSHA512;
    procedure TestVerifySHA512;
    procedure TestSignSHA384;
    procedure TestVerifySHA384;

    // ES
    procedure TestSignES256;
    procedure TestVerifyES256;
    procedure TestVerifyES256Pem;

    // RSA
    procedure TestVerifyRS256Pem;
    procedure TestVerifyRS384Pem;
    procedure TestVerifyRS512Pem;
    procedure TestVerifyRS256_rfc7515;
    procedure TestI2OSP;
    procedure TestMGF1SHA1;
    procedure TestMGF1SHA256;
    procedure TestVerifyPS256;
    procedure TestVerifyPS256Pem;
    procedure TestVerifyPS384Pem;
    procedure TestVerifyPS512Pem;
  end;

implementation

uses
  basenenc, fpsha256, fpjwasha256, fpsha512, fpjwasha512, fpjwasha384, fpjwaes256, fpecc, fppem;

{ TMyJWT }

function TMyJWT.CreateClaims: TClaims;
begin
  Result:=TMyClaims.Create;
end;

procedure TTestJWT.TestSignNone;

Var
  P1,P2 : String;

begin
  P1:=FJWT.JOSE.AsEncodedString;
  P2:=FJWT.Claims.AsEncodedString;
  AssertEquals('Signed with none',P1+'.'+P2+'.',FJWT.Sign(TJWTKey.Empty));
end;

procedure TTestJWT.TestVerifyNone;

Var
  aJWT : String;

begin
  aJWT:=FJWT.AsEncodedString;
  FVerifyResult:=TJWT.ValidateJWT(aJWT,TJWTKey.Empty,TMyJWT);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
end;

procedure TTestJWT.TestSignSHA256;

Var
  Sign,P1,P2 : UTF8String;
  aDigest : TSHA256Digest;
  B : TBytes;

begin
  FJWT.JOSE.alg:='HS256';
//  Writeln('JOSE: ',FJWT.JOSE.AsString);
//  Writeln('Claims: ',FJWT.Claims.AsString);
  P1:=FJWT.JOSE.AsEncodedString;
  P2:=FJWT.Claims.AsEncodedString;
  B:=TEncoding.UTF8.GetAnsiBytes(P1+'.'+P2);
  if not TSHA256.HMAC(FKey.AsPointer,FKey.Length,PByte(B),Length(B),aDigest{%H-}) then
    Fail('Could not HMAC');
  Sign:=Base64URL.Encode(@aDigest[0],Length(aDigest),False);
//  Writeln('Signed: ',P1+'.'+P2+'.'+Sign);
  AssertEquals('Signed with SHA256',P1+'.'+P2+'.'+Sign,FJWT.Sign(FKey));
end;

procedure TTestJWT.TestVerifySHA256;

Const
  JWTText ='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.'+
           'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.'+
           'SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';


begin
  FKey.AsString:='your-256-bit-secret';
  FVerifyResult:=TJWT.ValidateJWT(JWTText,FKey);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Have correct algorithm','HS256',FVerifyResult.JOSE.Alg);
  AssertEquals('Have correct typ','JWT',FVerifyResult.JOSE.typ);
  AssertEquals('Have correct sub','1234567890',FVerifyResult.Claims.sub);
end;

procedure TTestJWT.TestSignSHA512;
Var
  Sign,P1,P2 : UTF8String;
  aDigest : TSHA512Digest;
  B : TBytes;

begin
  FJWT.JOSE.alg:='HS512';
//  Writeln('JOSE: ',FJWT.JOSE.AsString);
//  Writeln('Claims: ',FJWT.Claims.AsString);
  P1:=FJWT.JOSE.AsEncodedString;
  P2:=FJWT.Claims.AsEncodedString;
  B:=TEncoding.UTF8.GetAnsiBytes(P1+'.'+P2);
  if not TSHA512.HMAC(FKey.AsPointer,FKey.Length,PByte(B),Length(B),aDigest{%H-}) then
    Fail('Could not HMAC');
  Sign:=Base64URL.Encode(@aDigest[0],Length(aDigest),False);
//  Writeln('Signed: ',P1+'.'+P2+'.'+Sign);
  AssertEquals('Signed with SHA512',P1+'.'+P2+'.'+Sign,FJWT.Sign(FKey));
end;

procedure TTestJWT.TestVerifySHA512;

Const
  JWTText = 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.'+
            'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.'+
            'FEBOl5fjgnPe4gcc5ElXrHDl0jWsshiJ9rS0hlehItc-PKQEzwRKbhcz69V8kwRCUM2rDtuwaXK6DJfO1VOZdw';

begin
  FVerifyResult:=TMyJWT.ValidateJWT(JWTText,FKey);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
  AssertNotNull('Have result.claims',FVerifyResult.Claims);
  AssertEquals('Correct claims class',TMyClaims,FVerifyResult.Claims.ClassType);
  AssertEquals('Have correct algorithm','HS512',FVerifyResult.JOSE.Alg);
  AssertEquals('Have correct typ','JWT',FVerifyResult.JOSE.typ);
  AssertEquals('Have correct sub','1234567890',FVerifyResult.Claims.sub);
  AssertEquals('Have correct name','John Doe',(TMyJWT(FVerifyResult).Claims as TMyClaims).Name);
  AssertEquals('Have correct admin',true,(TMyJWT(FVerifyResult).Claims as TMyClaims).Admin);
end;

procedure TTestJWT.TestSignSHA384;
Var
  Sign,P1,P2 : UTF8String;
  aDigest : TSHA384Digest;
  B : TBytes;

begin
  FJWT.JOSE.alg:='HS384';
//  Writeln('JOSE: ',FJWT.JOSE.AsString);
//  Writeln('Claims: ',FJWT.Claims.AsString);
  P1:=FJWT.JOSE.AsEncodedString;
  P2:=FJWT.Claims.AsEncodedString;
  B:=TEncoding.UTF8.GetAnsiBytes(P1+'.'+P2);
  if not TSHA384.HMAC(FKey.AsPointer,FKey.Length,PByte(B),Length(B),aDigest) then
    Fail('Could not HMAC');
  Sign:=Base64URL.Encode(@aDigest[0],Length(aDigest),False);
  // Writeln('Signed: ',P1+'.'+P2+'.'+Sign);
  AssertEquals('Signed with SHA384',P1+'.'+P2+'.'+Sign,FJWT.Sign(FKey));
end;

procedure TTestJWT.TestVerifySHA384;

Const
  JWTText =
     'eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.'+
     'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.'+
     '8XBKpuFoIEyTxqiP7Rw32VkkxSPGrujBw2ZiKgcX5ZgjH3M8OmTWfYeRDAR6NRVB';

begin
  FVerifyResult:=TMyJWT.ValidateJWT(JWTText,FKey);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
  AssertNotNull('Have result.claims',FVerifyResult.Claims);
  AssertEquals('Correct claims class',TMyClaims,FVerifyResult.Claims.ClassType);
  AssertEquals('Have correct algorithm','HS384',FVerifyResult.JOSE.Alg);
  AssertEquals('Have correct typ','JWT',FVerifyResult.JOSE.typ);
  AssertEquals('Have correct sub','1234567890',FVerifyResult.Claims.sub);
  AssertEquals('Have correct name','John Doe',(TMyJWT(FVerifyResult).Claims as TMyClaims).Name);
  AssertEquals('Have correct admin',true,(TMyJWT(FVerifyResult).Claims as TMyClaims).Admin);
end;

procedure TTestJWT.TestVerifyES256;
Const
  // from JWT.IO
  aJWT =
     'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.'+
     'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.'+
     'tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA';

Var
  aPrivateKey2: TEccPrivateKey = ($7a,$f6,$73,$2f,$58,$1d,$00,$5a,$fc,$f2,$16,$f6,$38,$5f,$f6,
                $37,$10,$29,$24,$2c,$c6,$08,$40,$dd,$7d,$2a,$7a,$55,$03,$b7,
                $d2,$1c);


begin
  FKey:=TJWTKey.Create(@aPrivateKey2,SizeOf(TEccPrivateKey));
  FVerifyResult:=TMyJWT.ValidateJWT(aJWT,FKey);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
  AssertNotNull('Have result.claims',FVerifyResult.Claims);
  AssertEquals('Correct claims class',TMyClaims,FVerifyResult.Claims.ClassType);
  AssertEquals('Have correct algorithm','ES256',FVerifyResult.JOSE.Alg);
  AssertEquals('Have correct typ','JWT',FVerifyResult.JOSE.typ);
  AssertEquals('Have correct sub','1234567890',FVerifyResult.Claims.sub);
  AssertEquals('Have correct name','John Doe',(TMyJWT(FVerifyResult).Claims as TMyClaims).Name);
  AssertEquals('Have correct admin',true,(TMyJWT(FVerifyResult).Claims as TMyClaims).Admin);
end;

procedure TTestJWT.TestVerifyES256Pem;

Const
  aInput =
    'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.' +
    'eyJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MTUxNjI0OTAyMiwiaXNzIjoiRGVscGhpIEpPU0UgYW5kIEpXVCBMaWJyYXJ5In0.'+
    '4QDMKAvHwb6pA5fN0oQjlzuKmPIlNpmIQ8vPH7zy4fjZdtcPVJMtfiVhztwQldQL9A5yzBKI8q2puVygm-2Adw';

// Private key in PEM format
Const APrivateKeyPem =
    '-----BEGIN EC PRIVATE KEY-----'+ #10+
    'MHcCAQEEIFzS3/5bCnrlpa4902/zkYzURF6E2D8pazgnJu4smhpQoAoGCCqGSM49'+ #10+
    'AwEHoUQDQgAEqTjyg2z65i+zbyUZW8BQ+K87DNsICRaEH7Fy7Rm3MseXy9ItSCQU'+ #10+
    'VeJbtO6kYUA00mx7bKoC1sx5sbtFExnYPQ=='+ #10+
    '-----END EC PRIVATE KEY-----';


Var
  S : TStringStream;
  aPrivateKey : TEccPrivateKey;
  aPublicKey : TEccPublicKey;
  X,Y : AnsiString;

begin
  S:=TStringStream.Create(aPrivateKeyPem);
  try
    PemLoadECDSA(S,aPrivateKey,aPublicKey,X,Y);
  finally
    S.Free;
  end;
  FKey:=TJWTKey.Create(@aPrivateKey,SizeOf(TEccPrivateKey));
  FVerifyResult:=TMyJWT.ValidateJWT(aInput,FKey);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
  AssertNotNull('Have result.claims',FVerifyResult.Claims);
  AssertEquals('Correct claims class',TMyClaims,FVerifyResult.Claims.ClassType);
  AssertEquals('Have correct algorithm','ES256',FVerifyResult.JOSE.Alg);
  AssertEquals('Have correct typ','JWT',FVerifyResult.JOSE.typ);
  AssertEquals('Have correct sub','',FVerifyResult.Claims.sub);
  AssertEquals('Have correct name','',(TMyJWT(FVerifyResult).Claims as TMyClaims).Name);
  AssertEquals('Have correct admin',False,(TMyJWT(FVerifyResult).Claims as TMyClaims).Admin);
end;

procedure TTestJWT.TestSignES256;
// Private key in PEM format
Const APrivateKeyPem =
    '-----BEGIN EC PRIVATE KEY-----'+ #10+
    'MHcCAQEEIFzS3/5bCnrlpa4902/zkYzURF6E2D8pazgnJu4smhpQoAoGCCqGSM49'+ #10+
    'AwEHoUQDQgAEqTjyg2z65i+zbyUZW8BQ+K87DNsICRaEH7Fy7Rm3MseXy9ItSCQU'+ #10+
    'VeJbtO6kYUA00mx7bKoC1sx5sbtFExnYPQ=='+ #10+
    '-----END EC PRIVATE KEY-----';


Var
  S : TStringStream;
  aPrivateKey : TEccPrivateKey;
  aPublicKey : TEccPublicKey;
  X,Y : AnsiString;
begin
  S:=TStringStream.Create(aPrivateKeyPem);
  try
    PemLoadECDSA(S,aPrivateKey,aPublicKey,X,Y);
  finally
    S.Free;
  end;
  FKey:=TJWTKey.Create(@aPrivateKey,SizeOf(TEccPrivateKey));
  FJWT.JOSE.alg:='ES256';
  //Writeln('JOSE: ',FJWT.JOSE.AsString);
  //Writeln('Claims: ',FJWT.Claims.AsString);

  FJWT.Sign(FKey);
  //WriteLn('Signature: ',FJWT.Signature);
  //WriteLn('JWT: ',FJWT.AsEncodedString);

  FVerifyResult := TMyJWT.ValidateJWT(FJWT.AsEncodedString, FKey);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
  AssertNotNull('Have result.claims',FVerifyResult.Claims);
  AssertEquals('Correct claims class',TMyClaims,FVerifyResult.Claims.ClassType);
end;

procedure TTestJWT.TestVerifyRS256Pem;
begin
  TestVerifyRSAPem(TJWTSignerRS256);
end;

procedure TTestJWT.TestVerifyRS384Pem;
begin
  TestVerifyRSAPem(TJWTSignerRS384);
end;

procedure TTestJWT.TestVerifyRS512Pem;
begin
  TestVerifyRSAPem(TJWTSignerRS512);
end;

procedure TTestJWT.TestVerifyRS256_rfc7515;
const
  // values from RFC 7515
  HeaderJSON = '{"alg":"RS256"}';
  HeaderExpected = 'eyJhbGciOiJSUzI1NiJ9';

  PayloadJSON = '{"iss":"joe",'#13#10+
                ' "exp":1300819380,'#13#10+
                ' "http://example.com/is_root":true}';
  PayloadExpected = 'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ';

  SignInputExpected: TBytes =
    (101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73,
     49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105,
     74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72,
     65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68,
     65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76,
     121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118,
     98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48,
     99, 110, 86, 108, 102, 81);

  RSA_n = 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx'+
          'HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs'+
          'D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH'+
          'SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV'+
          'MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8'+
          'NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ';
  RSA_e = 'AQAB';
  RSA_d = 'Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I'+
          'jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0'+
          'BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn'+
          '439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT'+
          'CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh'+
          'BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ';
  RSA_p = '4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi'+
          'YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG'+
          'BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc';
  RSA_q = 'uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa'+
          'ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA'+
          '-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc';
  RSA_dp = 'BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q'+
          'CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb'+
          '34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0';
  RSA_dq = 'h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa'+
          '7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky'+
          'NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU';
  RSA_qi = 'IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o'+
          'y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU'+
          'W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U';

  Signature ='cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7'+
             'AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4'+
             'BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K'+
             '0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv'+
             'hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB'+
             'p0igcN_IoypGlUPQGe77Rw';

var
  HeaderEncoded, PayloadEncoded, SignInput, aInput: String;
  X509RSAPrivateKey: TX509RSAPrivateKey;
  X509RSAPublicKey: TX509RSAPublicKey;
  RSA: TRSA;
begin
  HeaderEncoded:=Base64URL.Encode(HeaderJSON,false);
  AssertEquals('Header',HeaderExpected,HeaderEncoded);

  PayloadEncoded:=Base64URL.Encode(PayloadJSON,false);
  AssertEquals('Payload',PayloadExpected,PayloadEncoded);

  SignInput:=HeaderEncoded+'.'+PayloadEncoded;
  if (length(SignInput)<>length(SignInputExpected))
      or not CompareMem(@SignInput[1],@SignInputExpected[0],length(SignInput)) then
    Fail('SignInput');

  X509RSAPrivateKey.InitWithBase64UrlEncoded(RSA_n,RSA_e,RSA_d,RSA_p,RSA_q,RSA_dp,RSA_dq,RSA_qi);
  X509RSAPublicKey.InitWithBase64UrlEncoded(RSA_n,RSA_e);

  RSACreate(RSA);
  try
    RSAInitFromPublicKey(RSA,X509RSAPublicKey);
    FKey.AsBytes:=X509RSAPublicKey.AsDER;

    aInput:=SignInput+'.'+Signature;
    // verify
    FVerifyResult:=TMyJWT.ValidateJWT(aInput,FKey);
    AssertNotNull('Have result',FVerifyResult);
    AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
    AssertNotNull('Have result.claims',FVerifyResult.Claims);
    AssertEquals('Correct claims class',TMyClaims,FVerifyResult.Claims.ClassType);
    AssertEquals('Have correct algorithm','RS256',FVerifyResult.JOSE.Alg);
    AssertEquals('Have correct typ','',FVerifyResult.JOSE.typ);
    AssertEquals('Have correct iss','joe',FVerifyResult.Claims.iss);
    AssertEquals('Have correct exp',1300819380,FVerifyResult.Claims.exp);

  finally
    RSAFree(RSA);
  end;
end;

procedure TTestJWT.TestI2OSP;

  procedure t(c: DWord; Len: integer; const Expected: string);
  var
    Actual: String;
  begin
    Actual:=I2OSP(c,Len);
    if Actual<>Expected then
      Fail('I2OSP('+IntToStr(c)+','+IntToStr(Len)+') expected "'+StringToHex(Expected)+'", but got "'+StringToHex(Actual)+'"');
  end;

begin
  t(0,0,'');
  t(0,1,#0);
  t(1,1,#1);
  t(1,2,#0#1);
  t(258,2,#1#2);
  t($10203,3,#1#2#3);
  t($1020304,4,#1#2#3#4);
  t($ffffffff,4,#255#255#255#255);
end;

procedure TTestJWT.TestMGF1SHA1;

  procedure t(const InputStr: string; Len: integer; const ExpectedHex: String);
  var
    ActualHex: string;
  begin
    ActualHex:=StringToHex(MGF1SHA1(InputStr,Len));
    if ActualHex<>ExpectedHex then
      Fail('MGF1SHA1('+StringToHex(InputStr)+','+IntToStr(Len)+') expected "'+ExpectedHex+'", but got "'+ActualHex+'"');
  end;

begin
  t('foo',3,'1AC907');
  t('foo',5,'1AC9075CD4');
  t('bar',5,'BC0C655E01');
  t('bar',50,'BC0C655E016BC2931D85A2E675181ADCEF7F581F76DF2739DA74FAAC41627BE2F7F415C89E983FD0CE80CED9878641CB4876');
end;

procedure TTestJWT.TestMGF1SHA256;

  procedure t(const InputStr: string; Len: integer; const ExpectedHex: String);
  var
    ActualHex: string;
  begin
    ActualHex:=StringToHex(MGF1SHA256(InputStr,Len));
    if ActualHex<>ExpectedHex then
      Fail('MGF1SHA256('+StringToHex(InputStr)+','+IntToStr(Len)+') expected "'+ExpectedHex+'", but got "'+ActualHex+'"');
  end;

begin
  t('bar',1,'38');
  t('bar',50,'382576A7841021CC28FC4C0948753FB8312090CEA942EA4C4E735D10DC724B155F9F6069F289D61DACA0CB814502EF04EAE1');
end;

procedure TTestJWT.TestVerifyPS256;
const
  HeaderJSON = '{"alg":"PS256"}';
  HeaderExpected = 'eyJhbGciOiJQUzI1NiJ9';

  PayloadJSON = 'In our village, folks say God crumbles up the old moon into stars.';
  PayloadExpected = 'SW4gb3VyIHZpbGxhZ2UsIGZvbGtzIHNheSBHb2QgY3J1bWJsZXMgdXAgdGhlIG9sZCBtb29uIGludG8gc3RhcnMu';

  RSA_n = 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx'+
          'HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs'+
          'D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH'+
          'SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV'+
          'MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8'+
          'NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ';
  RSA_e = 'AQAB';

  SignatureEncoded =
     'TRWhwRo5dMv9-8OzrInfJTwmUGYgjLfHk8lqF072ND-FmLWEBnUTOpY8oJXp'
    +'8FdWw2SalbdOeNlrtlJjwk4XK8Ql2iJ_2qMCtxsvLPhKBOqFoAF4aBvTOEDV'
    +'JDxf0DaBSiydEEtfTVV2iwBcjWabu5J2XieR5y7QZQtuHsn7T3qKBvCcCejN'
    +'3Y2oqAT3qMHvu1fTms1r_91wBn_K7Wjd9UkZ1n02qQcUHJznR_OF2BgN7_KW'
    +'IDAF9ZS9keoju2NPpPelO4yxa2XUPnehY3G7dHKoCxUEQR4d2Xc5voqDASTV'
    +'CDqQS4PVOZdvT3Ein6-SanAlCwbWBbkvT8g6-5PImQ';
var
  X509RSAPublicKey: TX509RSAPublicKey;
  RSA: TRSA;
  HeaderEncoded, PayloadEncoded, SignInput: String;
  r: Int64;
  Signature: TBytes;
begin
  // RSASSA-PSS using SHA-256 and MGF1 with SHA-256

  HeaderEncoded:=Base64URL.Encode(HeaderJSON,false);
  AssertEquals('Header',HeaderExpected,HeaderEncoded);

  PayloadEncoded:=Base64URL.Encode(PayloadJSON,false);
  AssertEquals('Payload',PayloadExpected,PayloadEncoded);

  SignInput:=HeaderEncoded+'.'+PayloadEncoded;

  // load public key
  X509RSAPublicKey.InitWithBase64UrlEncoded(RSA_n,RSA_e);

  RSACreate(RSA);
  try
    RSAInitFromPublicKey(RSA,X509RSAPublicKey);
    AssertEquals('RSA.ModulusLen',256,RSA.ModulusLen);
    AssertEquals('RSA.ModulusBits',2048,RSA.ModulusBits);

    Signature:=Base64URL.Decode(SignatureEncoded,false);
    AssertEquals('length(Signature)',RSA.ModulusLen,length(Signature));

    r:=RSASSA_PS256_Verify(RSA,@SignInput[1],length(SignInput),@Signature[0]);
    AssertEquals('RSASSA_PS256_Verify',0,r);

  finally
    RSAFree(RSA);
  end;
end;

procedure TTestJWT.TestVerifyPS256Pem;
begin
  TestVerifyRSAPem(TJWTSignerPS256);
end;

procedure TTestJWT.TestVerifyPS384Pem;
begin
  TestVerifyRSAPem(TJWTSignerPS384);
end;

procedure TTestJWT.TestVerifyPS512Pem;
begin
  TestVerifyRSAPem(TJWTSignerPS512);
end;

procedure TTestJWT.SetUp;
begin
  Inherited;
  FKey:=TJWTKey.Create('mysecretkey');
  FJWT:=TMyJWT.Create;
  FJWT.JOSE.alg:='none';
  FJWT.JOSE.typ:='JWT';
  FJWT.Claims.sub:='1234567890';
  FJWT.Claims.iat:=1516239022;
  (FJWT.Claims as TMyClaims).Name:='John Doe';
end;

procedure TTestJWT.TearDown;
begin
  FreeAndNil(FJWT);
  FreeAndNil(FVerifyResult);
  Inherited;
end;

procedure TTestJWT.GetTestPEM(out aPrivateKeyPEM, aPublicKeyPEM: string);
const
  // generated with
  //   openssl genrsa -out private.pem 2048
  PrivateKeyPem =
    '-----BEGIN RSA PRIVATE KEY-----'#10+
    'MIIEpQIBAAKCAQEAvkRfGW8psCZ3G4+hBA6W/CR/FHhBLB3k3QLypamPbRFlFBxL'#10+
    'tOK2NblBybY22vUiMLZbb5x8OoOj/IhOrJAlTqhtbTWLy/0K3qbG09vLm8V40kEK'#10+
    '8/p0STrp3UmsxHNkccj9MRSKk7pOyEvxSCY6K5JGK1VTsMuDCS7DCYk6Vqr3zjX7'#10+
    'qedF1PVM+Z5t0B+f//kt3oBETNlic4IooEpG/PN2GUQ0oZpa16DDtfgGu7wT3X3Q'#10+
    'EZFWLJYQTvGc82NpachBIUvqNdIt1npbK38MXU4IPHVrSN/HdK2nQPSMLdKnTV+E'#10+
    'h/HcxpfjBjarg+VjgDqlmqJ9bkosOVn35vsg8wIDAQABAoIBAQCZxVwujB7fFFdS'#10+
    '2QPC6Z+w7DYgbwgNBaP/0vAUXzNhbJuKY0v0Rv4H8U9wHGm9EDyvrdG8JHZqPBX+'#10+
    'dJNQ97aPGaRGjO4M0NdGFve+JXcqz6/UDWkywYnV3V1A0NhmdPQK2et3DSjqN7qQ'#10+
    'OoAoVWzR5gf74Zwf2Hpwo3BRdqzFeUYVDOH7e7q1SOf2QeU54kVUG21saJR0wsyH'#10+
    'oSX8BMU2kmg1Un8ET4FM5xEwhdTZzgFTJVZhc6EfOKVbQt6cKmW3aER3c9vR7M3l'#10+
    'N6Oq73vqrfmy+jFMwz1SoPObQQ7UAnr7YUowaX0AzxHpYm/afyVm+Toym0qWGrrY'#10+
    'MY/l+vNRAoGBAOsi72pJj30ApfVbSpx8/8QIpweLbEgAD+Ssd41Kgc4O/N7azB61'#10+
    'RjzSOs1BGhpAZNU6muAAbucm9EssfG5WTAjIM2W2LVuZXXEVXqEGkIymPz9NGugf'#10+
    'JaCWLaoibmwHkKa+ZV9kDwasmx/VkbAfAbRWaz49ejdrMmkpCW77lYjHAoGBAM8m'#10+
    'PVJWvFhQrB21xQGSWKd5iSUn2V92gICeDoORqfVtt/UPOaDT915KzXPh4bJeOwg6'#10+
    'Kkx5wX6UwaNSRH39loDSY1rsBYioV8bxW0BpBvEJG7KXRbBvxzr0+TJkCHgmGMns'#10+
    'dhePYUcriCaqpQi1yzf201oLTZ6PlJxkmHQobXJ1AoGBAIgWPg576InmWCa64WHU'#10+
    'joq8nz8kmFTLhGdK0h56IspJrlyksUKMk8wbuGCW7y6GWlV2h7BhT86Eoxrm8lVB'#10+
    'qNvkUqrpVzMOfiA2x//WNs7QYQaX75ysejCI+oDfUJ1Be5yl0TH2TSQFvfoctycB'#10+
    'qxDee08YcaWlaxWl5InRHeh9AoGABm3XZWDPw6XtUZa8oIncOoZpHUAZXP8eid9d'#10+
    '7/NrZPScyvxH+5fYi5Kiwb/280Q9bMnxWiJFQRp40ArTmV1veFwPPVkp6s3eu4vu'#10+
    'GxenYX+43lgXj5xIgKntugSkxqXYCxxNpfmLOVw+g4S0Torl3bzJXngPVqZ6JEhy'#10+
    '+tfuXakCgYEA19/JCD/5pVPJtwyDDAYnUUESK+JfBPq1cTbsxcOq01mp5ntsqR4y'#10+
    'dtOAmxMASvsqud3XIM5fO5m3Jpl1phiGhCw4nvVLcYzVWxYY+oWoeCSyECgu5tmT'#10+
    'Fo8vn4EEXCkEAA2YPiEuVcrcYsWkLivCTC19lJDfUNMmpwSdiGz/tDU='#10+
    '-----END RSA PRIVATE KEY-----'#10;
  PublicKeyPem =
    '-----BEGIN PUBLIC KEY-----'#10+
    'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkRfGW8psCZ3G4+hBA6W'#10+
    '/CR/FHhBLB3k3QLypamPbRFlFBxLtOK2NblBybY22vUiMLZbb5x8OoOj/IhOrJAl'#10+
    'TqhtbTWLy/0K3qbG09vLm8V40kEK8/p0STrp3UmsxHNkccj9MRSKk7pOyEvxSCY6'#10+
    'K5JGK1VTsMuDCS7DCYk6Vqr3zjX7qedF1PVM+Z5t0B+f//kt3oBETNlic4IooEpG'#10+
    '/PN2GUQ0oZpa16DDtfgGu7wT3X3QEZFWLJYQTvGc82NpachBIUvqNdIt1npbK38M'#10+
    'XU4IPHVrSN/HdK2nQPSMLdKnTV+Eh/HcxpfjBjarg+VjgDqlmqJ9bkosOVn35vsg'#10+
    '8wIDAQAB'#10+
    '-----END PUBLIC KEY-----';
begin
  aPrivateKeyPEM:=PrivateKeyPem;
  aPublicKeyPEM:=PublicKeyPem;
end;

procedure TTestJWT.TestVerifyRSAPem(SignerClass: TJWTSignerClass);
var
  aInput, aPrivateKeyPEM, aPublicKeyPEM: String;
  Signer: TJWTSigner;
  NewDER: TBytes;
  RSAPublic: TX509RSAPublicKey;
  RSAPrivate: TX509RSAPrivateKey;
begin
  GetTestPEM(aPrivateKeyPEM, aPublicKeyPEM);

  // header
  jwt.JOSE.alg:=SignerClass.AlgorithmName;

  // claims
  jwt.Claims.exp:=DateTimeToUnix(Now+10);
  jwt.Claims.iss:='FPC JWT';

  // load private key from pem
  FKey.AsBytes:=PemToDER(APrivateKeyPem,_BEGIN_RSA_PRIVATE_KEY,_END_RSA_PRIVATE_KEY);
  X509RsaPrivateKeyInitFromDER(RSAPrivate,FKey.AsBytes);
  NewDER:=RSAPrivate.AsDER;
  if (length(FKey.AsBytes)<>length(NewDER)) or
      not CompareMem(@FKey.AsBytes[0],@NewDER[0],length(NewDER)) then
    Fail('TX509RSAPrivateKey.AsDER');

  // sign
  Signer:=TJWTSigner(SignerClass.Create);
  try
    aInput:=Signer.AppendSignature(JWT,Key);
  finally
    Signer.Free;
  end;

  // load public key from pem
  FKey.AsBytes:=PemToDER(APublicKeyPem,_BEGIN_PUBLIC_KEY,_END_PUBLIC_KEY);
  X509RsaPublicKeyInitFromDER(RSAPublic,FKey.AsBytes);
  NewDER:=RSAPublic.AsDER;
  if (length(FKey.AsBytes)<>length(NewDER)) or
      not CompareMem(@FKey.AsBytes[0],@NewDER[0],length(NewDER)) then
    Fail('TX509RSAPublicKey.AsDER');

  // verify
  FVerifyResult:=TMyJWT.ValidateJWT(aInput,FKey);
  AssertNotNull('Have result',FVerifyResult);
  AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
  AssertNotNull('Have result.claims',FVerifyResult.Claims);
  AssertEquals('Correct claims class',TMyClaims,FVerifyResult.Claims.ClassType);
  AssertEquals('Have correct algorithm',SignerClass.AlgorithmName,FVerifyResult.JOSE.Alg);
  AssertEquals('Have correct typ','JWT',FVerifyResult.JOSE.typ);
  AssertEquals('Have correct sub','1234567890',FVerifyResult.Claims.sub);
  AssertEquals('Have correct name','John Doe',(TMyJWT(FVerifyResult).Claims as TMyClaims).Name);
  AssertEquals('Have correct admin',False,(TMyJWT(FVerifyResult).Claims as TMyClaims).Admin);
end;

initialization
  RegisterTest(TTestJWT);
end.