TrueCloudLab/frostfs-s3-gw
15
3
Fork 18
Code Issues 19 Pull requests 6 Projects Releases 17 Packages Activity Actions
frostfs-s3-gw/creds/accessbox/bearer_token_test.go

307 lines
7.6 KiB
Go
Raw Normal View History

creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
package accessbox
import (
[#380] creds: Increase test coverage Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-24 15:20:51 +00:00
"encoding/hex"
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
"testing"
Rename package name Due to source code relocation from GitHub. Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-03-07 14:38:08 +00:00
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
"github.com/google/uuid"
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
"github.com/stretchr/testify/require"
)
[#485] Upgrade SDK with latest `bearer` package API Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-01 14:00:30 +00:00
func assertBearerToken(t *testing.T, exp, act bearer.Token) {
// compare binary representations since deep equal is not guaranteed
require.Equal(t, exp.Marshal(), act.Marshal())
}
[#617] Unify test names Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-10-25 09:36:31 +00:00
func TestTokensEncryptDecrypt(t *testing.T) {
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
var (
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn bearer.Token
tkn2 bearer.Token
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
sec, err := keys.NewPrivateKey()
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
cred, err := keys.NewPrivateKey()
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn.SetEACLTable(*eacl.NewTable())
require.NoError(t, tkn.Sign(sec.PrivateKey))
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
data, err := encrypt(cred, cred.PublicKey(), tkn.Marshal())
[#83] Use multiple bearer tokens Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-17 16:45:50 +00:00
require.NoError(t, err)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
rawTkn2, err := decrypt(cred, cred.PublicKey(), data)
[#83] Use multiple bearer tokens Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-17 16:45:50 +00:00
require.NoError(t, err)
err = tkn2.Unmarshal(rawTkn2)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#485] Upgrade SDK with latest `bearer` package API Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-01 14:00:30 +00:00
assertBearerToken(t, tkn, tkn2)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
}
[#617] Unify test names Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-10-25 09:36:31 +00:00
func TestBearerTokenInAccessBox(t *testing.T) {
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
var (
[#75] Using secp256r1 instead of curve25519 Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-16 14:07:31 +00:00
box *AccessBox
box2 AccessBox
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn bearer.Token
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
sec, err := keys.NewPrivateKey()
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
cred, err := keys.NewPrivateKey()
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn.SetEACLTable(*eacl.NewTable())
require.NoError(t, tkn.Sign(sec.PrivateKey))
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
gate := NewGateData(cred.PublicKey(), &tkn)
[#135] authmate: Support CRDT GSet for credentials Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-13 09:35:40 +00:00
box, _, err = PackTokens([]*GateData{gate}, nil)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
data, err := box.Marshal()
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
err = box2.Unmarshal(data)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#83] Use multiple bearer tokens Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-17 16:45:50 +00:00
tkns, err := box2.GetTokens(cred)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#485] Upgrade SDK with latest `bearer` package API Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-01 14:00:30 +00:00
assertBearerToken(t, tkn, *tkns.BearerToken)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
}
[#617] Unify test names Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-10-25 09:36:31 +00:00
func TestSessionTokenInAccessBox(t *testing.T) {
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
var (
box *AccessBox
box2 AccessBox
[#428] Update SDK Includes: - container removal fix - new session token structure: authmate does not parse session context anymore, instead it is application defined flexible structure with container ID encoded in human-readable format Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-05-04 12:29:11 +00:00
tkn = new(session.Container)
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
sec, err := keys.NewPrivateKey()
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
require.NoError(t, err)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
cred, err := keys.NewPrivateKey()
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
require.NoError(t, err)
[#428] Update SDK Includes: - container removal fix - new session token structure: authmate does not parse session context anymore, instead it is application defined flexible structure with container ID encoded in human-readable format Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-05-04 12:29:11 +00:00
tkn.SetID(uuid.New())
[#2] Rename internals Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2022-12-20 08:38:58 +00:00
tkn.SetAuthKey((*frostfsecdsa.PublicKey)(sec.PublicKey()))
[#428] Update SDK Includes: - container removal fix - new session token structure: authmate does not parse session context anymore, instead it is application defined flexible structure with container ID encoded in human-readable format Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-05-04 12:29:11 +00:00
require.NoError(t, tkn.Sign(sec.PrivateKey))
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
var newTkn bearer.Token
gate := NewGateData(cred.PublicKey(), &newTkn)
[#428] Update SDK Includes: - container removal fix - new session token structure: authmate does not parse session context anymore, instead it is application defined flexible structure with container ID encoded in human-readable format Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-05-04 12:29:11 +00:00
gate.SessionTokens = []*session.Container{tkn}
[#135] authmate: Support CRDT GSet for credentials Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-13 09:35:40 +00:00
box, _, err = PackTokens([]*GateData{gate}, nil)
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
require.NoError(t, err)
data, err := box.Marshal()
require.NoError(t, err)
err = box2.Unmarshal(data)
require.NoError(t, err)
tkns, err := box2.GetTokens(cred)
require.NoError(t, err)
[#428] Update SDK Includes: - container removal fix - new session token structure: authmate does not parse session context anymore, instead it is application defined flexible structure with container ID encoded in human-readable format Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-05-04 12:29:11 +00:00
require.Equal(t, []*session.Container{tkn}, tkns.SessionTokens)
[#83] Added sessionKey to token Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-18 15:15:58 +00:00
}
[#617] Unify test names Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-10-25 09:36:31 +00:00
func TestAccessboxMultipleKeys(t *testing.T) {
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
var (
[#75] Using secp256r1 instead of curve25519 Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-16 14:07:31 +00:00
box *AccessBox
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn bearer.Token
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
sec, err := keys.NewPrivateKey()
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn.SetEACLTable(*eacl.NewTable())
require.NoError(t, tkn.Sign(sec.PrivateKey))
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
count := 10
[#83] Use multiple bearer tokens Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-17 16:45:50 +00:00
gates := make([]*GateData, 0, count)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
privateKeys := make([]*keys.PrivateKey, 0, count)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
{ // generate keys
for i := 0; i < count; i++ {
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
cred, err := keys.NewPrivateKey()
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
require.NoError(t, err)
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
gates = append(gates, NewGateData(cred.PublicKey(), &tkn))
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
privateKeys = append(privateKeys, cred)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
}
}
[#135] authmate: Support CRDT GSet for credentials Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-13 09:35:40 +00:00
box, _, err = PackTokens(gates, nil)
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
require.NoError(t, err)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
for i, k := range privateKeys {
[#83] Use multiple bearer tokens Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-17 16:45:50 +00:00
tkns, err := box.GetTokens(k)
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
require.NoError(t, err, "key #%d: %s failed", i, k)
[#485] Upgrade SDK with latest `bearer` package API Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-01 14:00:30 +00:00
assertBearerToken(t, tkn, *tkns.BearerToken)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
}
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
}
[#617] Unify test names Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-10-25 09:36:31 +00:00
func TestUnknownKey(t *testing.T) {
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
var (
[#75] Using secp256r1 instead of curve25519 Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-16 14:07:31 +00:00
box *AccessBox
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn bearer.Token
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
sec, err := keys.NewPrivateKey()
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
require.NoError(t, err)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
cred, err := keys.NewPrivateKey()
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
require.NoError(t, err)
[#104] Support NEP-6 for authmate Drop neofs-crypto. Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-24 15:21:34 +00:00
wrongCred, err := keys.NewPrivateKey()
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
require.NoError(t, err)
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
tkn.SetEACLTable(*eacl.NewTable())
require.NoError(t, tkn.Sign(sec.PrivateKey))
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
[#409] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 09:57:58 +00:00
gate := NewGateData(cred.PublicKey(), &tkn)
[#135] authmate: Support CRDT GSet for credentials Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-13 09:35:40 +00:00
box, _, err = PackTokens([]*GateData{gate}, nil)
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
require.NoError(t, err)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
[#83] Use multiple bearer tokens Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-06-17 16:45:50 +00:00
_, err = box.GetTokens(wrongCred)
[#48] creds,authmate:Replace old accessbox by new Removed encoder, decoder wraps. Made changes in api, authmate and creds via new accessbox. Updated bearer_token_tests via new accessbox. Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-06-14 13:39:25 +00:00
require.Error(t, err)
creds: move credential management into s3 gate Mostly taken from old SDK (abe47687cd11266f946cad57f07572cc10c67226), but error handling adapted to eliminate pkg/errors and internal packages. Signed-off-by: Roman Khimov <roman@nspcc.ru>
2021-05-25 19:59:21 +00:00
}
[#380] creds: Increase test coverage Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-24 15:20:51 +00:00
func TestGateDataSessionToken(t *testing.T) {
cred, err := keys.NewPrivateKey()
require.NoError(t, err)
var tkn bearer.Token
gate := NewGateData(cred.PublicKey(), &tkn)
require.Equal(t, cred.PublicKey(), gate.GateKey)
assertBearerToken(t, tkn, *gate.BearerToken)
t.Run("session token for put", func(t *testing.T) {
gate.SessionTokens = []*session.Container{}
sessionTkn := gate.SessionTokenForPut()
require.Nil(t, sessionTkn)
sessionTknPut := new(session.Container)
sessionTknPut.ForVerb(session.VerbContainerPut)
gate.SessionTokens = []*session.Container{sessionTknPut}
sessionTkn = gate.SessionTokenForPut()
require.Equal(t, sessionTknPut, sessionTkn)
})
t.Run("session token for delete", func(t *testing.T) {
gate.SessionTokens = []*session.Container{}
sessionTkn := gate.SessionTokenForDelete()
require.Nil(t, sessionTkn)
sessionTknDelete := new(session.Container)
sessionTknDelete.ForVerb(session.VerbContainerDelete)
gate.SessionTokens = []*session.Container{sessionTknDelete}
sessionTkn = gate.SessionTokenForDelete()
require.Equal(t, sessionTknDelete, sessionTkn)
})
t.Run("session token", func(t *testing.T) {
gate.SessionTokens = []*session.Container{}
sessionTkn := gate.SessionToken()
require.Nil(t, sessionTkn)
sessionTknPut := new(session.Container)
sessionTknPut.ForVerb(session.VerbContainerPut)
gate.SessionTokens = []*session.Container{sessionTknPut}
sessionTkn = gate.SessionToken()
require.Equal(t, sessionTkn, sessionTknPut)
})
}
func TestGetBox(t *testing.T) {
cred, err := keys.NewPrivateKey()
require.NoError(t, err)
var tkn bearer.Token
gate := NewGateData(cred.PublicKey(), &tkn)
secret := []byte("secret")
accessBox, _, err := PackTokens([]*GateData{gate}, secret)
require.NoError(t, err)
box, err := accessBox.GetBox(cred)
require.NoError(t, err)
require.Equal(t, hex.EncodeToString(secret), box.Gate.SecretKey)
}
func TestAccessBox(t *testing.T) {
cred, err := keys.NewPrivateKey()
require.NoError(t, err)
var tkn bearer.Token
gate := NewGateData(cred.PublicKey(), &tkn)
accessBox, _, err := PackTokens([]*GateData{gate}, nil)
require.NoError(t, err)
t.Run("invalid owner", func(t *testing.T) {
randomKey, err := keys.NewPrivateKey()
require.NoError(t, err)
_, err = accessBox.GetTokens(randomKey)
require.Error(t, err)
_, err = accessBox.GetBox(randomKey)
require.Error(t, err)
})
t.Run("empty placement policy", func(t *testing.T) {
policy, err := accessBox.GetPlacementPolicy()
require.NoError(t, err)
require.Nil(t, policy)
})
t.Run("get correct placement policy", func(t *testing.T) {
policy := &AccessBox_ContainerPolicy{LocationConstraint: "locationConstraint"}
accessBox.ContainerPolicy = []*AccessBox_ContainerPolicy{policy}
policies, err := accessBox.GetPlacementPolicy()
require.NoError(t, err)
require.Len(t, policies, 1)
require.Equal(t, policy.LocationConstraint, policies[0].LocationConstraint)
})
t.Run("get incorrect placement policy", func(t *testing.T) {
policy := &AccessBox_ContainerPolicy{
LocationConstraint: "locationConstraint",
Policy: []byte("policy"),
}
accessBox.ContainerPolicy = []*AccessBox_ContainerPolicy{policy}
_, err = accessBox.GetPlacementPolicy()
require.Error(t, err)
_, err = accessBox.GetBox(cred)
require.Error(t, err)
})
t.Run("empty seed key", func(t *testing.T) {
accessBox.SeedKey = nil
_, err = accessBox.GetTokens(cred)
require.Error(t, err)
_, err = accessBox.GetBox(cred)
require.Error(t, err)
})
t.Run("invalid gate key", func(t *testing.T) {
gate = &GateData{
BearerToken: &tkn,
GateKey: &keys.PublicKey{},
}
_, _, err = PackTokens([]*GateData{gate}, nil)
require.Error(t, err)
})
}
Reference in a new issue Copy permalink