@@ -134,7 +134,7 @@ func TestDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsCbcEncrypted(t *testi
134134 assert .Equal (t , "bar" , decryptedPayload )
135135}
136136
137- func TestDecrypt_ShouldReturnError_WhenAuthTagIsInvalid (t * testing.T ) {
137+ func TestDecrypt_ShouldReturnError_WhenAuthTagIsInvalidAndVerificationEnabled (t * testing.T ) {
138138 jweObject , err := jwe .ParseJWEObject (encryptedPayloadCbc )
139139 assert .Nil (t , err )
140140
@@ -152,9 +152,33 @@ func TestDecrypt_ShouldReturnError_WhenAuthTagIsInvalid(t *testing.T) {
152152 cb := jwe .NewJWEConfigBuilder ()
153153 jweConfig := cb .WithDecryptionKey (decryptionKey ).
154154 WithCertificate (certificate ).
155+ WithHmacVerificationEnabled (true ).
155156 Build ()
156157
157158 decryptedPayload , err := jweObject .Decrypt (* jweConfig )
158159 assert .Empty (t , decryptedPayload )
159160 assert .NotNil (t , err )
160161}
162+
163+ func TestDecrypt_ShouldReturnDecryptedPayload_WhenVerificationEnabledAndAuthTagIsValid (t * testing.T ) {
164+ jweObject , err := jwe .ParseJWEObject (encryptedPayloadCbc )
165+ assert .Nil (t , err )
166+
167+ decryptionKeyPath := "../testdata/keys/pkcs8/test_key_pkcs8-2048.der"
168+ certificatePath := "../testdata/certificates/test_certificate-2048.der"
169+
170+ decryptionKey , err := utils .LoadUnencryptedDecryptionKey (decryptionKeyPath )
171+ assert .Nil (t , err )
172+ certificate , err := utils .LoadEncryptionCertificate (certificatePath )
173+ assert .Nil (t , err )
174+
175+ cb := jwe .NewJWEConfigBuilder ()
176+ jweConfig := cb .WithDecryptionKey (decryptionKey ).
177+ WithCertificate (certificate ).
178+ WithHmacVerificationEnabled (true ).
179+ Build ()
180+
181+ decryptedPayload , err := jweObject .Decrypt (* jweConfig )
182+ assert .Nil (t , err )
183+ assert .Equal (t , "bar" , decryptedPayload )
184+ }
0 commit comments