frostfs-api-go/service/bearer_test.go

package service

import (
	"crypto/rand"
	"testing"

	"github.com/nspcc-dev/neofs-crypto/test"
	"github.com/stretchr/testify/require"
)

type testBearerToken struct {
	aclRules []byte
	expEpoch uint64
	owner    OwnerID
	key      []byte
	sig      []byte
}

func (s testBearerToken) GetACLRules() []byte {
	return s.aclRules
}

func (s *testBearerToken) SetACLRules(v []byte) {
	s.aclRules = v
}

func (s testBearerToken) ExpirationEpoch() uint64 {
	return s.expEpoch
}

func (s *testBearerToken) SetExpirationEpoch(v uint64) {
	s.expEpoch = v
}

func (s testBearerToken) GetOwnerID() OwnerID {
	return s.owner
}

func (s *testBearerToken) SetOwnerID(v OwnerID) {
	s.owner = v
}

func (s testBearerToken) GetOwnerKey() []byte {
	return s.key
}

func (s *testBearerToken) SetOwnerKey(v []byte) {
	s.key = v
}

func (s testBearerToken) GetSignature() []byte {
	return s.sig
}

func (s *testBearerToken) SetSignature(v []byte) {
	s.sig = v
}

func TestBearerTokenMsgGettersSetters(t *testing.T) {
	var tok BearerToken = new(testBearerToken)

	{ // ACLRules
		rules := []byte{1, 2, 3}

		tok.SetACLRules(rules)

		require.Equal(t, rules, tok.GetACLRules())
	}

	{ // OwnerID
		ownerID := OwnerID{}
		_, err := rand.Read(ownerID[:])
		require.NoError(t, err)

		tok.SetOwnerID(ownerID)

		require.Equal(t, ownerID, tok.GetOwnerID())
	}

	{ // ValidUntil
		e := uint64(5)

		tok.SetExpirationEpoch(e)

		require.Equal(t, e, tok.ExpirationEpoch())
	}

	{ // OwnerKey
		key := make([]byte, 10)
		_, err := rand.Read(key)
		require.NoError(t, err)

		tok.SetOwnerKey(key)

		require.Equal(t, key, tok.GetOwnerKey())
	}

	{ // Signature
		sig := make([]byte, 10)
		_, err := rand.Read(sig)
		require.NoError(t, err)

		tok.SetSignature(sig)

		require.Equal(t, sig, tok.GetSignature())
	}
}

func TestSignVerifyBearerToken(t *testing.T) {
	var token BearerToken = new(testBearerToken)

	// create private key for signing
	sk := test.DecodeKey(0)
	pk := &sk.PublicKey

	rules := []byte{1, 2, 3}
	token.SetACLRules(rules)

	ownerID := OwnerID{}
	_, err := rand.Read(ownerID[:])
	require.NoError(t, err)
	token.SetOwnerID(ownerID)

	fEpoch := uint64(2)
	token.SetExpirationEpoch(fEpoch)

	signedToken := NewSignedBearerToken(token)
	verifiedToken := NewVerifiedBearerToken(token)

	// sign and verify token
	require.NoError(t, AddSignatureWithKey(sk, signedToken))
	require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))

	items := []struct {
		corrupt func()
		restore func()
	}{
		{ // ACLRules
			corrupt: func() {
				token.SetACLRules(append(rules, 1))
			},
			restore: func() {
				token.SetACLRules(rules)
			},
		},
		{ // Owner ID
			corrupt: func() {
				ownerID[0]++
				token.SetOwnerID(ownerID)
			},
			restore: func() {
				ownerID[0]--
				token.SetOwnerID(ownerID)
			},
		},
		{ // Expiration epoch
			corrupt: func() {
				token.SetExpirationEpoch(fEpoch + 1)
			},
			restore: func() {
				token.SetExpirationEpoch(fEpoch)
			},
		},
	}

	for _, v := range items {
		v.corrupt()
		require.Error(t, VerifySignatureWithKey(pk, verifiedToken))
		v.restore()
		require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
	}
}
service: define BearerToken interface 2020-06-18 11:25:19 +00:00			`package service`

			`import (`
			`"crypto/rand"`
			`"testing"`

			`"github.com/nspcc-dev/neofs-crypto/test"`
			`"github.com/stretchr/testify/require"`
			`)`

			`type testBearerToken struct {`
			`aclRules []byte`
			`expEpoch uint64`
			`owner OwnerID`
			`key []byte`
			`sig []byte`
			`}`

			`func (s testBearerToken) GetACLRules() []byte {`
			`return s.aclRules`
			`}`

			`func (s *testBearerToken) SetACLRules(v []byte) {`
			`s.aclRules = v`
			`}`

			`func (s testBearerToken) ExpirationEpoch() uint64 {`
			`return s.expEpoch`
			`}`

			`func (s *testBearerToken) SetExpirationEpoch(v uint64) {`
			`s.expEpoch = v`
			`}`

			`func (s testBearerToken) GetOwnerID() OwnerID {`
			`return s.owner`
			`}`

			`func (s *testBearerToken) SetOwnerID(v OwnerID) {`
			`s.owner = v`
			`}`

			`func (s testBearerToken) GetOwnerKey() []byte {`
			`return s.key`
			`}`

			`func (s *testBearerToken) SetOwnerKey(v []byte) {`
			`s.key = v`
			`}`

			`func (s testBearerToken) GetSignature() []byte {`
			`return s.sig`
			`}`

			`func (s *testBearerToken) SetSignature(v []byte) {`
			`s.sig = v`
			`}`

			`func TestBearerTokenMsgGettersSetters(t *testing.T) {`
			`var tok BearerToken = new(testBearerToken)`

			`{ // ACLRules`
			`rules := []byte{1, 2, 3}`

			`tok.SetACLRules(rules)`

			`require.Equal(t, rules, tok.GetACLRules())`
			`}`

			`{ // OwnerID`
			`ownerID := OwnerID{}`
			`_, err := rand.Read(ownerID[:])`
			`require.NoError(t, err)`

			`tok.SetOwnerID(ownerID)`

			`require.Equal(t, ownerID, tok.GetOwnerID())`
			`}`

			`{ // ValidUntil`
			`e := uint64(5)`

			`tok.SetExpirationEpoch(e)`

			`require.Equal(t, e, tok.ExpirationEpoch())`
			`}`

			`{ // OwnerKey`
			`key := make([]byte, 10)`
			`_, err := rand.Read(key)`
			`require.NoError(t, err)`

			`tok.SetOwnerKey(key)`

			`require.Equal(t, key, tok.GetOwnerKey())`
			`}`

			`{ // Signature`
			`sig := make([]byte, 10)`
			`_, err := rand.Read(sig)`
			`require.NoError(t, err)`

			`tok.SetSignature(sig)`

			`require.Equal(t, sig, tok.GetSignature())`
			`}`
			`}`

			`func TestSignVerifyBearerToken(t *testing.T) {`
			`var token BearerToken = new(testBearerToken)`

			`// create private key for signing`
			`sk := test.DecodeKey(0)`
			`pk := &sk.PublicKey`

			`rules := []byte{1, 2, 3}`
			`token.SetACLRules(rules)`

			`ownerID := OwnerID{}`
			`_, err := rand.Read(ownerID[:])`
			`require.NoError(t, err)`
			`token.SetOwnerID(ownerID)`

			`fEpoch := uint64(2)`
			`token.SetExpirationEpoch(fEpoch)`

			`signedToken := NewSignedBearerToken(token)`
			`verifiedToken := NewVerifiedBearerToken(token)`

			`// sign and verify token`
			`require.NoError(t, AddSignatureWithKey(sk, signedToken))`
			`require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))`

			`items := []struct {`
			`corrupt func()`
			`restore func()`
			`}{`
			`{ // ACLRules`
			`corrupt: func() {`
			`token.SetACLRules(append(rules, 1))`
			`},`
			`restore: func() {`
			`token.SetACLRules(rules)`
			`},`
			`},`
			`{ // Owner ID`
			`corrupt: func() {`
			`ownerID[0]++`
			`token.SetOwnerID(ownerID)`
			`},`
			`restore: func() {`
			`ownerID[0]--`
			`token.SetOwnerID(ownerID)`
			`},`
			`},`
			`{ // Expiration epoch`
			`corrupt: func() {`
			`token.SetExpirationEpoch(fEpoch + 1)`
			`},`
			`restore: func() {`
			`token.SetExpirationEpoch(fEpoch)`
			`},`
			`},`
			`}`

			`for _, v := range items {`
			`v.corrupt()`
			`require.Error(t, VerifySignatureWithKey(pk, verifiedToken))`
			`v.restore()`
			`require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))`
			`}`
			`}`