forked from TrueCloudLab/frostfs-api-go
106 lines
2.5 KiB
Go
106 lines
2.5 KiB
Go
package service
|
|
|
|
import (
|
|
"math"
|
|
"testing"
|
|
|
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
"github.com/nspcc-dev/neofs-crypto/test"
|
|
"github.com/pkg/errors"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestSignRequestHeader(t *testing.T) {
|
|
req := &TestRequest{
|
|
IntField: math.MaxInt32,
|
|
StringField: "TestRequestStringField",
|
|
BytesField: []byte("TestRequestBytesField"),
|
|
}
|
|
|
|
key := test.DecodeKey(0)
|
|
peer := crypto.MarshalPublicKey(&key.PublicKey)
|
|
|
|
data, err := req.Marshal()
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, SignRequestHeader(key, req))
|
|
|
|
require.Len(t, req.Signatures, 1)
|
|
for i := range req.Signatures {
|
|
sign := req.Signatures[i].GetSign()
|
|
require.Equal(t, peer, req.Signatures[i].GetPeer())
|
|
require.NoError(t, crypto.Verify(&key.PublicKey, data, sign))
|
|
}
|
|
}
|
|
|
|
func TestVerifyRequestHeader(t *testing.T) {
|
|
req := &TestRequest{
|
|
IntField: math.MaxInt32,
|
|
StringField: "TestRequestStringField",
|
|
BytesField: []byte("TestRequestBytesField"),
|
|
RequestMetaHeader: RequestMetaHeader{TTL: 10},
|
|
}
|
|
|
|
for i := 0; i < 10; i++ {
|
|
req.TTL--
|
|
require.NoError(t, SignRequestHeader(test.DecodeKey(i), req))
|
|
}
|
|
|
|
require.NoError(t, VerifyRequestHeader(req))
|
|
}
|
|
|
|
func TestMaintainableRequest(t *testing.T) {
|
|
req := &TestRequest{
|
|
IntField: math.MaxInt32,
|
|
StringField: "TestRequestStringField",
|
|
BytesField: []byte("TestRequestBytesField"),
|
|
RequestMetaHeader: RequestMetaHeader{TTL: 10},
|
|
}
|
|
|
|
count := 10
|
|
owner := test.DecodeKey(count + 1)
|
|
|
|
for i := 0; i < count; i++ {
|
|
req.TTL--
|
|
|
|
key := test.DecodeKey(i)
|
|
require.NoError(t, SignRequestHeader(key, req))
|
|
|
|
// sign first key (session key) by owner key
|
|
if i == 0 {
|
|
sign, err := crypto.Sign(owner, crypto.MarshalPublicKey(&key.PublicKey))
|
|
require.NoError(t, err)
|
|
|
|
req.SetOwner(&owner.PublicKey, sign)
|
|
}
|
|
}
|
|
|
|
{ // Good case:
|
|
require.NoError(t, VerifyRequestHeader(req))
|
|
|
|
// validate, that first key (session key) was signed with owner
|
|
signatures := req.GetSignatures()
|
|
|
|
require.Len(t, signatures, count)
|
|
|
|
pub, err := req.GetOwner()
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, &owner.PublicKey, pub)
|
|
}
|
|
|
|
{ // wrong owner:
|
|
req.Signatures[0].Origin = nil
|
|
|
|
pub, err := req.GetOwner()
|
|
require.NoError(t, err)
|
|
|
|
require.NotEqual(t, &owner.PublicKey, pub)
|
|
}
|
|
|
|
{ // Wrong signatures:
|
|
copy(req.Signatures[count-1].Sign, req.Signatures[count-1].Peer)
|
|
err := VerifyRequestHeader(req)
|
|
require.EqualError(t, errors.Cause(err), crypto.ErrInvalidSignature.Error())
|
|
}
|
|
}
|