package service import ( "crypto/rand" "testing" "github.com/nspcc-dev/neofs-api-go/refs" "github.com/nspcc-dev/neofs-crypto/test" "github.com/stretchr/testify/require" ) func TestTokenGettersSetters(t *testing.T) { var tok SessionToken = new(Token) { // ID id, err := refs.NewUUID() require.NoError(t, err) tok.SetID(id) require.Equal(t, id, tok.GetID()) } { // OwnerID ownerID := OwnerID{} _, err := rand.Read(ownerID[:]) require.NoError(t, err) tok.SetOwnerID(ownerID) require.Equal(t, ownerID, tok.GetOwnerID()) } { // Verb verb := Token_Info_Verb(3) tok.SetVerb(verb) require.Equal(t, verb, tok.GetVerb()) } { // Address addr := Address{} _, err := rand.Read(addr.CID[:]) require.NoError(t, err) _, err = rand.Read(addr.ObjectID[:]) require.NoError(t, err) tok.SetAddress(addr) require.Equal(t, addr, tok.GetAddress()) } { // Created e := uint64(5) tok.SetCreationEpoch(e) require.Equal(t, e, tok.CreationEpoch()) } { // ValidUntil e := uint64(5) tok.SetExpirationEpoch(e) require.Equal(t, e, tok.ExpirationEpoch()) } { // SessionKey key := make([]byte, 10) _, err := rand.Read(key) require.NoError(t, err) tok.SetSessionKey(key) require.Equal(t, key, tok.GetSessionKey()) } { key := make([]byte, 10) _, err := rand.Read(key) require.NoError(t, err) tok.SetOwnerKey(key) require.Equal(t, key, tok.GetOwnerKey()) } { // Signature sig := make([]byte, 10) _, err := rand.Read(sig) require.NoError(t, err) tok.SetSignature(sig) require.Equal(t, sig, tok.GetSignature()) } } func TestSignToken(t *testing.T) { var token SessionToken = new(Token) // create private key for signing sk := test.DecodeKey(0) pk := &sk.PublicKey id := TokenID{} _, err := rand.Read(id[:]) require.NoError(t, err) token.SetID(id) ownerID := OwnerID{} _, err = rand.Read(ownerID[:]) require.NoError(t, err) token.SetOwnerID(ownerID) verb := Token_Info_Verb(1) token.SetVerb(verb) addr := Address{} _, err = rand.Read(addr.ObjectID[:]) require.NoError(t, err) _, err = rand.Read(addr.CID[:]) require.NoError(t, err) token.SetAddress(addr) cEpoch := uint64(1) token.SetCreationEpoch(cEpoch) fEpoch := uint64(2) token.SetExpirationEpoch(fEpoch) sessionKey := make([]byte, 10) _, err = rand.Read(sessionKey[:]) require.NoError(t, err) token.SetSessionKey(sessionKey) ownerKey := make([]byte, 10) _, err = rand.Read(ownerKey[:]) require.NoError(t, err) token.SetOwnerKey(ownerKey) signedToken := NewSignedSessionToken(token) verifiedToken := NewVerifiedSessionToken(token) // sign and verify token require.NoError(t, AddSignatureWithKey(sk, signedToken)) require.NoError(t, VerifySignatureWithKey(pk, verifiedToken)) items := []struct { corrupt func() restore func() }{ { // ID corrupt: func() { id[0]++ token.SetID(id) }, restore: func() { id[0]-- token.SetID(id) }, }, { // Owner ID corrupt: func() { ownerID[0]++ token.SetOwnerID(ownerID) }, restore: func() { ownerID[0]-- token.SetOwnerID(ownerID) }, }, { // Verb corrupt: func() { token.SetVerb(verb + 1) }, restore: func() { token.SetVerb(verb) }, }, { // ObjectID corrupt: func() { addr.ObjectID[0]++ token.SetAddress(addr) }, restore: func() { addr.ObjectID[0]-- token.SetAddress(addr) }, }, { // CID corrupt: func() { addr.CID[0]++ token.SetAddress(addr) }, restore: func() { addr.CID[0]-- token.SetAddress(addr) }, }, { // Creation epoch corrupt: func() { token.SetCreationEpoch(cEpoch + 1) }, restore: func() { token.SetCreationEpoch(cEpoch) }, }, { // Expiration epoch corrupt: func() { token.SetExpirationEpoch(fEpoch + 1) }, restore: func() { token.SetExpirationEpoch(fEpoch) }, }, { // Session key corrupt: func() { sessionKey[0]++ token.SetSessionKey(sessionKey) }, restore: func() { sessionKey[0]-- token.SetSessionKey(sessionKey) }, }, { // Owner key corrupt: func() { ownerKey := token.GetOwnerKey() ownerKey[0]++ token.SetOwnerKey(ownerKey) }, restore: func() { ownerKey := token.GetOwnerKey() ownerKey[0]-- token.SetOwnerKey(ownerKey) }, }, } for _, v := range items { v.corrupt() require.Error(t, VerifySignatureWithKey(pk, verifiedToken)) v.restore() require.NoError(t, VerifySignatureWithKey(pk, verifiedToken)) } }