From aad2705036d829fe1eaf349d5aca5e4e094a639b Mon Sep 17 00:00:00 2001
From: Corbadoman <100508310+corbadoman@users.noreply.github.com>
Date: Fri, 23 May 2025 18:22:47 +0200
Subject: [PATCH 1/2] Optimized JWT unit tests

---
 .../com/corbado/unit/SessionServiceTest.java  | 32 +++++++++++++------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/src/test/java/com/corbado/unit/SessionServiceTest.java b/src/test/java/com/corbado/unit/SessionServiceTest.java
index b6dc2bd..827781c 100644
--- a/src/test/java/com/corbado/unit/SessionServiceTest.java
+++ b/src/test/java/com/corbado/unit/SessionServiceTest.java
@@ -19,7 +19,6 @@
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
 import java.util.Base64;
-import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
@@ -42,6 +41,7 @@
 import com.auth0.jwk.SigningKeyNotFoundException;
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.AlgorithmMismatchException;
 import com.auth0.jwt.exceptions.IncorrectClaimException;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.exceptions.JWTVerificationException;
@@ -143,7 +143,7 @@ void test_testDataIsPresent() throws InvalidKeySpecException, NoSuchAlgorithmExc
    */
   @Test
   void test_testGenerateJwt() throws InvalidKeySpecException, NoSuchAlgorithmException {
-    assertNotNull(generateJwt("1", 3, 4));
+    assertNotNull(generateJwt("1", 3, 4, Algorithm.RSA256(privateKey)));
   }
 
   /**
@@ -243,7 +243,8 @@ static List<Object[]> provideJwts() throws InvalidKeySpecException, NoSuchAlgori
           generateJwt(
               "https://auth.acme.com",
               System.currentTimeMillis() / 1000 + 100,
-              System.currentTimeMillis() / 1000 + 100),
+              System.currentTimeMillis() / 1000 + 100,
+              Algorithm.RSA256(privateKey)),
           IncorrectClaimException.class
         });
 
@@ -253,7 +254,8 @@ static List<Object[]> provideJwts() throws InvalidKeySpecException, NoSuchAlgori
           generateJwt(
               "https://auth.acme.com",
               System.currentTimeMillis() / 1000 - 100,
-              System.currentTimeMillis() / 1000 - 100),
+              System.currentTimeMillis() / 1000 - 100,
+              Algorithm.RSA256(privateKey)),
           TokenExpiredException.class
         });
 
@@ -263,17 +265,30 @@ static List<Object[]> provideJwts() throws InvalidKeySpecException, NoSuchAlgori
           generateJwt(
               "https://invalid.com",
               System.currentTimeMillis() / 1000 + 100,
-              System.currentTimeMillis() / 1000 - 100),
+              System.currentTimeMillis() / 1000 - 100,
+              Algorithm.RSA256(privateKey)),
           IncorrectClaimException.class
         });
 
+    // Invalid alg "none"
+    testData.add(
+        new Object[] {
+          generateJwt(
+              "https://auth.acme.com",
+              System.currentTimeMillis() / 1000 + 100,
+              System.currentTimeMillis() / 1000 - 100,
+              Algorithm.none()),
+          AlgorithmMismatchException.class
+        });
+
     // Success
     testData.add(
         new Object[] {
           generateJwt(
               "https://auth.acme.com",
               System.currentTimeMillis() / 1000 + 100,
-              System.currentTimeMillis() / 1000 - 100),
+              System.currentTimeMillis() / 1000 - 100,
+              Algorithm.RSA256(privateKey)),
           null
         });
 
@@ -317,12 +332,11 @@ private static RSAPrivateKey readPrivateKey(final String privateKeyPath)
    * @throws InvalidKeySpecException the invalid key spec exception
    * @throws NoSuchAlgorithmException the no such algorithm exception
    */
-  private static String generateJwt(final String iss, final long exp, final long nbf)
+  private static String generateJwt(final String iss, final long exp, final long nbf, final Algorithm algorithm)
       throws InvalidKeySpecException, NoSuchAlgorithmException {
 
-    final Algorithm algorithm = Algorithm.RSA256(privateKey);
     return JWT.create()
-        .withHeader(Collections.singletonMap("kid", "kid123"))
+        .withHeader(Map.of("kid", "kid123"))
         .withIssuer(iss)
         .withIssuedAt(new Date())
         .withExpiresAt(new Date(exp * 1000L))

From cbb3ee20089a269de63ef245d9bd95fb5d889938 Mon Sep 17 00:00:00 2001
From: Corbadoman <100508310+corbadoman@users.noreply.github.com>
Date: Fri, 23 May 2025 18:26:57 +0200
Subject: [PATCH 2/2] Bugfix

---
 src/test/java/com/corbado/unit/SessionServiceTest.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/java/com/corbado/unit/SessionServiceTest.java b/src/test/java/com/corbado/unit/SessionServiceTest.java
index 827781c..fa81ce2 100644
--- a/src/test/java/com/corbado/unit/SessionServiceTest.java
+++ b/src/test/java/com/corbado/unit/SessionServiceTest.java
@@ -22,6 +22,7 @@
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Collections;
 import java.util.stream.Stream;
 
 import org.junit.jupiter.api.BeforeAll;
@@ -336,7 +337,7 @@ private static String generateJwt(final String iss, final long exp, final long n
       throws InvalidKeySpecException, NoSuchAlgorithmException {
 
     return JWT.create()
-        .withHeader(Map.of("kid", "kid123"))
+        .withHeader(Collections.singletonMap("kid", "kid123"))
         .withIssuer(iss)
         .withIssuedAt(new Date())
         .withExpiresAt(new Date(exp * 1000L))