frostfs-api-go/service/verify_test.go

package service

import (
	"math"
	"testing"

	crypto "github.com/nspcc-dev/neofs-crypto"
	"github.com/nspcc-dev/neofs-crypto/test"
	"github.com/pkg/errors"
	"github.com/stretchr/testify/require"
)

func TestSignRequestHeader(t *testing.T) {
	req := &TestRequest{
		IntField:    math.MaxInt32,
		StringField: "TestRequestStringField",
		BytesField:  []byte("TestRequestBytesField"),
	}

	key := test.DecodeKey(0)
	peer := crypto.MarshalPublicKey(&key.PublicKey)

	data, err := req.Marshal()
	require.NoError(t, err)

	require.NoError(t, SignRequestHeader(key, req))

	require.Len(t, req.Signatures, 1)
	for i := range req.Signatures {
		sign := req.Signatures[i].GetSign()
		require.Equal(t, peer, req.Signatures[i].GetPeer())
		require.NoError(t, crypto.Verify(&key.PublicKey, data, sign))
	}
}

func TestVerifyRequestHeader(t *testing.T) {
	req := &TestRequest{
		IntField:          math.MaxInt32,
		StringField:       "TestRequestStringField",
		BytesField:        []byte("TestRequestBytesField"),
		RequestMetaHeader: RequestMetaHeader{TTL: 10},
	}

	for i := 0; i < 10; i++ {
		req.TTL--
		require.NoError(t, SignRequestHeader(test.DecodeKey(i), req))
	}

	require.NoError(t, VerifyRequestHeader(req))
}

func TestMaintainableRequest(t *testing.T) {
	req := &TestRequest{
		IntField:          math.MaxInt32,
		StringField:       "TestRequestStringField",
		BytesField:        []byte("TestRequestBytesField"),
		RequestMetaHeader: RequestMetaHeader{TTL: 10},
	}

	count := 10
	owner := test.DecodeKey(count + 1)

	for i := 0; i < count; i++ {
		req.TTL--

		key := test.DecodeKey(i)
		require.NoError(t, SignRequestHeader(key, req))

		// sign first key (session key) by owner key
		if i == 0 {
			sign, err := crypto.Sign(owner, crypto.MarshalPublicKey(&key.PublicKey))
			require.NoError(t, err)

			req.SetOwner(&owner.PublicKey, sign)
		}
	}

	{ // Good case:
		require.NoError(t, VerifyRequestHeader(req))

		// validate, that first key (session key) was signed with owner
		signatures := req.GetSignatures()

		require.Len(t, signatures, count)

		pub, err := req.GetOwner()
		require.NoError(t, err)

		require.Equal(t, &owner.PublicKey, pub)
	}

	{ // wrong owner:
		req.Signatures[0].Origin = nil

		pub, err := req.GetOwner()
		require.NoError(t, err)

		require.NotEqual(t, &owner.PublicKey, pub)
	}

	{ // Wrong signatures:
		copy(req.Signatures[count-1].Sign, req.Signatures[count-1].Peer)
		err := VerifyRequestHeader(req)
		require.EqualError(t, errors.Cause(err), crypto.ErrInvalidSignature.Error())
	}
}
Update develop branch 2019-11-18 16:22:08 +00:00			`package service`

			`import (`
			`"math"`
			`"testing"`

			`crypto "github.com/nspcc-dev/neofs-crypto"`
			`"github.com/nspcc-dev/neofs-crypto/test"`
			`"github.com/pkg/errors"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func TestSignRequestHeader(t *testing.T) {`
			`req := &TestRequest{`
			`IntField: math.MaxInt32,`
			`StringField: "TestRequestStringField",`
			`BytesField: []byte("TestRequestBytesField"),`
			`}`

			`key := test.DecodeKey(0)`
			`peer := crypto.MarshalPublicKey(&key.PublicKey)`

			`data, err := req.Marshal()`
			`require.NoError(t, err)`

			`require.NoError(t, SignRequestHeader(key, req))`

			`require.Len(t, req.Signatures, 1)`
			`for i := range req.Signatures {`
			`sign := req.Signatures[i].GetSign()`
			`require.Equal(t, peer, req.Signatures[i].GetPeer())`
			`require.NoError(t, crypto.Verify(&key.PublicKey, data, sign))`
			`}`
			`}`

			`func TestVerifyRequestHeader(t *testing.T) {`
			`req := &TestRequest{`
			`IntField: math.MaxInt32,`
			`StringField: "TestRequestStringField",`
			`BytesField: []byte("TestRequestBytesField"),`
			`RequestMetaHeader: RequestMetaHeader{TTL: 10},`
			`}`

			`for i := 0; i < 10; i++ {`
			`req.TTL--`
			`require.NoError(t, SignRequestHeader(test.DecodeKey(i), req))`
			`}`

			`require.NoError(t, VerifyRequestHeader(req))`
			`}`

			`func TestMaintainableRequest(t *testing.T) {`
			`req := &TestRequest{`
			`IntField: math.MaxInt32,`
			`StringField: "TestRequestStringField",`
			`BytesField: []byte("TestRequestBytesField"),`
			`RequestMetaHeader: RequestMetaHeader{TTL: 10},`
			`}`

			`count := 10`
			`owner := test.DecodeKey(count + 1)`

			`for i := 0; i < count; i++ {`
			`req.TTL--`

			`key := test.DecodeKey(i)`
			`require.NoError(t, SignRequestHeader(key, req))`

			`// sign first key (session key) by owner key`
			`if i == 0 {`
			`sign, err := crypto.Sign(owner, crypto.MarshalPublicKey(&key.PublicKey))`
			`require.NoError(t, err)`

			`req.SetOwner(&owner.PublicKey, sign)`
			`}`
			`}`

			`{ // Good case:`
			`require.NoError(t, VerifyRequestHeader(req))`

			`// validate, that first key (session key) was signed with owner`
			`signatures := req.GetSignatures()`

			`require.Len(t, signatures, count)`

			`pub, err := req.GetOwner()`
			`require.NoError(t, err)`

			`require.Equal(t, &owner.PublicKey, pub)`
			`}`

			`{ // wrong owner:`
			`req.Signatures[0].Origin = nil`

			`pub, err := req.GetOwner()`
			`require.NoError(t, err)`

			`require.NotEqual(t, &owner.PublicKey, pub)`
			`}`

			`{ // Wrong signatures:`
			`copy(req.Signatures[count-1].Sign, req.Signatures[count-1].Peer)`
			`err := VerifyRequestHeader(req)`
			`require.EqualError(t, errors.Cause(err), crypto.ErrInvalidSignature.Error())`
			`}`
			`}`