2021-05-25 19:59:21 +00:00
|
|
|
package accessbox
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2021-06-18 15:15:58 +00:00
|
|
|
"github.com/google/uuid"
|
2021-06-24 15:21:34 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
2022-04-25 09:57:58 +00:00
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
2022-05-04 12:29:11 +00:00
|
|
|
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
|
2021-11-15 12:56:16 +00:00
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
2021-05-25 19:59:21 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
2021-06-17 16:45:50 +00:00
|
|
|
func Test_tokens_encrypt_decrypt(t *testing.T) {
|
2021-06-14 13:39:25 +00:00
|
|
|
var (
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn bearer.Token
|
|
|
|
tkn2 bearer.Token
|
2021-06-14 13:39:25 +00:00
|
|
|
)
|
2021-06-24 15:21:34 +00:00
|
|
|
sec, err := keys.NewPrivateKey()
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
cred, err := keys.NewPrivateKey()
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn.SetEACLTable(*eacl.NewTable())
|
|
|
|
require.NoError(t, tkn.Sign(sec.PrivateKey))
|
2021-05-25 19:59:21 +00:00
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
data, err := encrypt(cred, cred.PublicKey(), tkn.Marshal())
|
2021-06-17 16:45:50 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
rawTkn2, err := decrypt(cred, cred.PublicKey(), data)
|
2021-06-17 16:45:50 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
err = tkn2.Unmarshal(rawTkn2)
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-14 13:39:25 +00:00
|
|
|
require.Equal(t, tkn, tkn2)
|
2021-05-25 19:59:21 +00:00
|
|
|
}
|
|
|
|
|
2021-06-14 13:39:25 +00:00
|
|
|
func Test_bearer_token_in_access_box(t *testing.T) {
|
|
|
|
var (
|
2021-06-16 14:07:31 +00:00
|
|
|
box *AccessBox
|
|
|
|
box2 AccessBox
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn bearer.Token
|
2021-06-14 13:39:25 +00:00
|
|
|
)
|
2021-05-25 19:59:21 +00:00
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
sec, err := keys.NewPrivateKey()
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
cred, err := keys.NewPrivateKey()
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn.SetEACLTable(*eacl.NewTable())
|
|
|
|
require.NoError(t, tkn.Sign(sec.PrivateKey))
|
2021-05-25 19:59:21 +00:00
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
gate := NewGateData(cred.PublicKey(), &tkn)
|
2021-06-18 15:15:58 +00:00
|
|
|
box, _, err = PackTokens([]*GateData{gate})
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-14 13:39:25 +00:00
|
|
|
data, err := box.Marshal()
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-14 13:39:25 +00:00
|
|
|
err = box2.Unmarshal(data)
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-17 16:45:50 +00:00
|
|
|
tkns, err := box2.GetTokens(cred)
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
require.Equal(t, &tkn, tkns.BearerToken)
|
2021-05-25 19:59:21 +00:00
|
|
|
}
|
|
|
|
|
2021-06-18 15:15:58 +00:00
|
|
|
func Test_session_token_in_access_box(t *testing.T) {
|
|
|
|
var (
|
|
|
|
box *AccessBox
|
|
|
|
box2 AccessBox
|
2022-05-04 12:29:11 +00:00
|
|
|
tkn = new(session.Container)
|
2021-06-18 15:15:58 +00:00
|
|
|
)
|
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
sec, err := keys.NewPrivateKey()
|
2021-06-18 15:15:58 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
cred, err := keys.NewPrivateKey()
|
2021-06-18 15:15:58 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-05-04 12:29:11 +00:00
|
|
|
tkn.SetID(uuid.New())
|
|
|
|
tkn.SetAuthKey((*neofsecdsa.PublicKey)(sec.PublicKey()))
|
|
|
|
require.NoError(t, tkn.Sign(sec.PrivateKey))
|
2021-06-18 15:15:58 +00:00
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
var newTkn bearer.Token
|
|
|
|
gate := NewGateData(cred.PublicKey(), &newTkn)
|
2022-05-04 12:29:11 +00:00
|
|
|
gate.SessionTokens = []*session.Container{tkn}
|
2021-06-18 15:15:58 +00:00
|
|
|
box, _, err = PackTokens([]*GateData{gate})
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
data, err := box.Marshal()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
err = box2.Unmarshal(data)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
tkns, err := box2.GetTokens(cred)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-05-04 12:29:11 +00:00
|
|
|
require.Equal(t, []*session.Container{tkn}, tkns.SessionTokens)
|
2021-06-18 15:15:58 +00:00
|
|
|
}
|
|
|
|
|
2021-06-14 13:39:25 +00:00
|
|
|
func Test_accessbox_multiple_keys(t *testing.T) {
|
|
|
|
var (
|
2021-06-16 14:07:31 +00:00
|
|
|
box *AccessBox
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn bearer.Token
|
2021-06-14 13:39:25 +00:00
|
|
|
)
|
2021-05-25 19:59:21 +00:00
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
sec, err := keys.NewPrivateKey()
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn.SetEACLTable(*eacl.NewTable())
|
|
|
|
require.NoError(t, tkn.Sign(sec.PrivateKey))
|
2021-05-25 19:59:21 +00:00
|
|
|
|
|
|
|
count := 10
|
2021-06-17 16:45:50 +00:00
|
|
|
gates := make([]*GateData, 0, count)
|
2021-06-24 15:21:34 +00:00
|
|
|
privateKeys := make([]*keys.PrivateKey, 0, count)
|
2021-05-25 19:59:21 +00:00
|
|
|
{ // generate keys
|
|
|
|
for i := 0; i < count; i++ {
|
2021-06-24 15:21:34 +00:00
|
|
|
cred, err := keys.NewPrivateKey()
|
2021-05-25 19:59:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
gates = append(gates, NewGateData(cred.PublicKey(), &tkn))
|
2021-06-24 15:21:34 +00:00
|
|
|
privateKeys = append(privateKeys, cred)
|
2021-05-25 19:59:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-06-18 15:15:58 +00:00
|
|
|
box, _, err = PackTokens(gates)
|
2021-06-14 13:39:25 +00:00
|
|
|
require.NoError(t, err)
|
2021-05-25 19:59:21 +00:00
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
for i, k := range privateKeys {
|
2021-06-17 16:45:50 +00:00
|
|
|
tkns, err := box.GetTokens(k)
|
2021-06-14 13:39:25 +00:00
|
|
|
require.NoError(t, err, "key #%d: %s failed", i, k)
|
2022-04-25 09:57:58 +00:00
|
|
|
require.Equal(t, *tkns.BearerToken, tkn)
|
2021-05-25 19:59:21 +00:00
|
|
|
}
|
2021-06-14 13:39:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func Test_unknown_key(t *testing.T) {
|
|
|
|
var (
|
2021-06-16 14:07:31 +00:00
|
|
|
box *AccessBox
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn bearer.Token
|
2021-06-14 13:39:25 +00:00
|
|
|
)
|
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
sec, err := keys.NewPrivateKey()
|
2021-06-14 13:39:25 +00:00
|
|
|
require.NoError(t, err)
|
2021-05-25 19:59:21 +00:00
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
cred, err := keys.NewPrivateKey()
|
2021-06-14 13:39:25 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2021-06-24 15:21:34 +00:00
|
|
|
wrongCred, err := keys.NewPrivateKey()
|
2021-06-14 13:39:25 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
tkn.SetEACLTable(*eacl.NewTable())
|
|
|
|
require.NoError(t, tkn.Sign(sec.PrivateKey))
|
2021-06-14 13:39:25 +00:00
|
|
|
|
2022-04-25 09:57:58 +00:00
|
|
|
gate := NewGateData(cred.PublicKey(), &tkn)
|
2021-06-18 15:15:58 +00:00
|
|
|
box, _, err = PackTokens([]*GateData{gate})
|
2021-06-14 13:39:25 +00:00
|
|
|
require.NoError(t, err)
|
2021-05-25 19:59:21 +00:00
|
|
|
|
2021-06-17 16:45:50 +00:00
|
|
|
_, err = box.GetTokens(wrongCred)
|
2021-06-14 13:39:25 +00:00
|
|
|
require.Error(t, err)
|
2021-05-25 19:59:21 +00:00
|
|
|
}
|