forked from TrueCloudLab/frostfs-api-go
01b910fd31
Private token based on the token with private key. Therefore it must inherit public key field through constructor parameter.
95 lines
2.1 KiB
Go
95 lines
2.1 KiB
Go
package session
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/rand"
|
|
"testing"
|
|
|
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
"github.com/nspcc-dev/neofs-proto/refs"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
type testClient struct {
|
|
*ecdsa.PrivateKey
|
|
OwnerID OwnerID
|
|
}
|
|
|
|
func (c *testClient) Sign(data []byte) ([]byte, error) {
|
|
return crypto.Sign(c.PrivateKey, data)
|
|
}
|
|
|
|
func newTestClient(t *testing.T) *testClient {
|
|
key, err := ecdsa.GenerateKey(defaultCurve(), rand.Reader)
|
|
require.NoError(t, err)
|
|
|
|
owner, err := refs.NewOwnerID(&key.PublicKey)
|
|
require.NoError(t, err)
|
|
|
|
return &testClient{PrivateKey: key, OwnerID: owner}
|
|
}
|
|
|
|
func signToken(t *testing.T, token *PToken, c *testClient) {
|
|
require.NotNil(t, token)
|
|
token.SetPublicKeys(&c.PublicKey)
|
|
|
|
signH, err := c.Sign(token.Header.PublicKey)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, signH)
|
|
|
|
// data is not yet signed
|
|
keys := UnmarshalPublicKeys(&token.Token)
|
|
require.False(t, token.Verify(keys...))
|
|
|
|
signT, err := c.Sign(token.verificationData())
|
|
require.NoError(t, err)
|
|
require.NotNil(t, signT)
|
|
|
|
token.AddSignatures(signH, signT)
|
|
require.True(t, token.Verify(keys...))
|
|
}
|
|
|
|
func TestTokenStore(t *testing.T) {
|
|
s := NewSimpleStore()
|
|
|
|
oid, err := refs.NewObjectID()
|
|
require.NoError(t, err)
|
|
|
|
c := newTestClient(t)
|
|
require.NotNil(t, c)
|
|
pk := [][]byte{crypto.MarshalPublicKey(&c.PublicKey)}
|
|
|
|
// create new token
|
|
token := s.New(TokenParams{
|
|
ObjectID: []ObjectID{oid},
|
|
OwnerID: c.OwnerID,
|
|
PublicKeys: pk,
|
|
})
|
|
signToken(t, token, c)
|
|
|
|
// check that it can be fetched
|
|
t1 := s.Fetch(token.ID)
|
|
require.NotNil(t, t1)
|
|
require.Equal(t, token, t1)
|
|
|
|
// create and sign another token by the same client
|
|
t1 = s.New(TokenParams{
|
|
ObjectID: []ObjectID{oid},
|
|
OwnerID: c.OwnerID,
|
|
PublicKeys: pk})
|
|
|
|
signToken(t, t1, c)
|
|
|
|
data := []byte{1, 2, 3}
|
|
sign, err := t1.SignData(data)
|
|
require.NoError(t, err)
|
|
require.Error(t, token.Header.VerifyData(data, sign))
|
|
|
|
sign, err = token.SignData(data)
|
|
require.NoError(t, err)
|
|
require.NoError(t, token.Header.VerifyData(data, sign))
|
|
|
|
s.Remove(token.ID)
|
|
require.Nil(t, s.Fetch(token.ID))
|
|
require.NotNil(t, s.Fetch(t1.ID))
|
|
}
|