211 lines
4 KiB
Go
211 lines
4 KiB
Go
package service
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"testing"
|
|
|
|
"github.com/nspcc-dev/neofs-crypto/test"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
type testBearerToken struct {
|
|
aclRules []byte
|
|
expEpoch uint64
|
|
owner OwnerID
|
|
key []byte
|
|
sig []byte
|
|
}
|
|
|
|
func (s testBearerToken) GetACLRules() []byte {
|
|
return s.aclRules
|
|
}
|
|
|
|
func (s *testBearerToken) SetACLRules(v []byte) {
|
|
s.aclRules = v
|
|
}
|
|
|
|
func (s testBearerToken) ExpirationEpoch() uint64 {
|
|
return s.expEpoch
|
|
}
|
|
|
|
func (s *testBearerToken) SetExpirationEpoch(v uint64) {
|
|
s.expEpoch = v
|
|
}
|
|
|
|
func (s testBearerToken) GetOwnerID() OwnerID {
|
|
return s.owner
|
|
}
|
|
|
|
func (s *testBearerToken) SetOwnerID(v OwnerID) {
|
|
s.owner = v
|
|
}
|
|
|
|
func (s testBearerToken) GetOwnerKey() []byte {
|
|
return s.key
|
|
}
|
|
|
|
func (s *testBearerToken) SetOwnerKey(v []byte) {
|
|
s.key = v
|
|
}
|
|
|
|
func (s testBearerToken) GetSignature() []byte {
|
|
return s.sig
|
|
}
|
|
|
|
func (s *testBearerToken) SetSignature(v []byte) {
|
|
s.sig = v
|
|
}
|
|
|
|
func TestBearerTokenMsgGettersSetters(t *testing.T) {
|
|
var tok BearerToken = new(testBearerToken)
|
|
|
|
{ // ACLRules
|
|
rules := []byte{1, 2, 3}
|
|
|
|
tok.SetACLRules(rules)
|
|
|
|
require.Equal(t, rules, tok.GetACLRules())
|
|
}
|
|
|
|
{ // OwnerID
|
|
ownerID := OwnerID{}
|
|
_, err := rand.Read(ownerID[:])
|
|
require.NoError(t, err)
|
|
|
|
tok.SetOwnerID(ownerID)
|
|
|
|
require.Equal(t, ownerID, tok.GetOwnerID())
|
|
}
|
|
|
|
{ // ValidUntil
|
|
e := uint64(5)
|
|
|
|
tok.SetExpirationEpoch(e)
|
|
|
|
require.Equal(t, e, tok.ExpirationEpoch())
|
|
}
|
|
|
|
{ // OwnerKey
|
|
key := make([]byte, 10)
|
|
_, err := rand.Read(key)
|
|
require.NoError(t, err)
|
|
|
|
tok.SetOwnerKey(key)
|
|
|
|
require.Equal(t, key, tok.GetOwnerKey())
|
|
}
|
|
|
|
{ // Signature
|
|
sig := make([]byte, 10)
|
|
_, err := rand.Read(sig)
|
|
require.NoError(t, err)
|
|
|
|
tok.SetSignature(sig)
|
|
|
|
require.Equal(t, sig, tok.GetSignature())
|
|
}
|
|
}
|
|
|
|
func TestSignVerifyBearerToken(t *testing.T) {
|
|
var token BearerToken = new(testBearerToken)
|
|
|
|
// create private key for signing
|
|
sk := test.DecodeKey(0)
|
|
pk := &sk.PublicKey
|
|
|
|
rules := []byte{1, 2, 3}
|
|
token.SetACLRules(rules)
|
|
|
|
ownerID := OwnerID{}
|
|
_, err := rand.Read(ownerID[:])
|
|
require.NoError(t, err)
|
|
token.SetOwnerID(ownerID)
|
|
|
|
fEpoch := uint64(2)
|
|
token.SetExpirationEpoch(fEpoch)
|
|
|
|
signedToken := NewSignedBearerToken(token)
|
|
verifiedToken := NewVerifiedBearerToken(token)
|
|
|
|
// sign and verify token
|
|
require.NoError(t, AddSignatureWithKey(sk, signedToken))
|
|
require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
|
|
|
|
items := []struct {
|
|
corrupt func()
|
|
restore func()
|
|
}{
|
|
{ // ACLRules
|
|
corrupt: func() {
|
|
token.SetACLRules(append(rules, 1))
|
|
},
|
|
restore: func() {
|
|
token.SetACLRules(rules)
|
|
},
|
|
},
|
|
{ // Owner ID
|
|
corrupt: func() {
|
|
ownerID[0]++
|
|
token.SetOwnerID(ownerID)
|
|
},
|
|
restore: func() {
|
|
ownerID[0]--
|
|
token.SetOwnerID(ownerID)
|
|
},
|
|
},
|
|
{ // Expiration epoch
|
|
corrupt: func() {
|
|
token.SetExpirationEpoch(fEpoch + 1)
|
|
},
|
|
restore: func() {
|
|
token.SetExpirationEpoch(fEpoch)
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, v := range items {
|
|
v.corrupt()
|
|
require.Error(t, VerifySignatureWithKey(pk, verifiedToken))
|
|
v.restore()
|
|
require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
|
|
}
|
|
}
|
|
|
|
func TestBearerTokenMsg_Setters(t *testing.T) {
|
|
s := new(BearerTokenMsg)
|
|
|
|
aclRules := []byte{1, 2, 3}
|
|
s.SetACLRules(aclRules)
|
|
require.Equal(t, aclRules, s.GetACLRules())
|
|
|
|
validUntil := uint64(6)
|
|
s.SetValidUntil(validUntil)
|
|
require.Equal(t, validUntil, s.GetValidUntil())
|
|
|
|
ownerID := OwnerID{1, 2, 3}
|
|
s.SetOwnerID(ownerID)
|
|
require.Equal(t, ownerID, s.GetOwnerID())
|
|
|
|
ownerKey := []byte{4, 5, 6}
|
|
s.SetOwnerKey(ownerKey)
|
|
require.Equal(t, ownerKey, s.GetOwnerKey())
|
|
|
|
sig := []byte{7, 8, 9}
|
|
s.SetSignature(sig)
|
|
require.Equal(t, sig, s.GetSignature())
|
|
}
|
|
|
|
func TestBearerMsgWrapper_ExpirationEpoch(t *testing.T) {
|
|
s := wrapBearerTokenMsg(nil)
|
|
require.Zero(t, s.ExpirationEpoch())
|
|
require.NotPanics(t, func() {
|
|
s.SetExpirationEpoch(1)
|
|
})
|
|
|
|
msg := new(BearerTokenMsg)
|
|
s = wrapBearerTokenMsg(msg)
|
|
|
|
epoch := uint64(7)
|
|
s.SetExpirationEpoch(epoch)
|
|
require.Equal(t, epoch, s.ExpirationEpoch())
|
|
}
|