service: define BearerToken interface

2020-06-18 14:25:19 +03:00 · 2020-06-18 14:25:19 +03:00 · 55c3b714c0
commit 55c3b714c0
parent 4709d46292
3 changed files with 302 additions and 0 deletions
--- a/service/bearer_test.go
+++ b/service/bearer_test.go
@ -0,0 +1,172 @@
+package service
+
+import (
+	"crypto/rand"
+	"testing"
+
+	"github.com/nspcc-dev/neofs-crypto/test"
+	"github.com/stretchr/testify/require"
+)
+
+type testBearerToken struct {
+	aclRules []byte
+	expEpoch uint64
+	owner    OwnerID
+	key      []byte
+	sig      []byte
+}
+
+func (s testBearerToken) GetACLRules() []byte {
+	return s.aclRules
+}
+
+func (s *testBearerToken) SetACLRules(v []byte) {
+	s.aclRules = v
+}
+
+func (s testBearerToken) ExpirationEpoch() uint64 {
+	return s.expEpoch
+}
+
+func (s *testBearerToken) SetExpirationEpoch(v uint64) {
+	s.expEpoch = v
+}
+
+func (s testBearerToken) GetOwnerID() OwnerID {
+	return s.owner
+}
+
+func (s *testBearerToken) SetOwnerID(v OwnerID) {
+	s.owner = v
+}
+
+func (s testBearerToken) GetOwnerKey() []byte {
+	return s.key
+}
+
+func (s *testBearerToken) SetOwnerKey(v []byte) {
+	s.key = v
+}
+
+func (s testBearerToken) GetSignature() []byte {
+	return s.sig
+}
+
+func (s *testBearerToken) SetSignature(v []byte) {
+	s.sig = v
+}
+
+func TestBearerTokenMsgGettersSetters(t *testing.T) {
+	var tok BearerToken = new(testBearerToken)
+
+	{ // ACLRules
+		rules := []byte{1, 2, 3}
+
+		tok.SetACLRules(rules)
+
+		require.Equal(t, rules, tok.GetACLRules())
+	}
+
+	{ // OwnerID
+		ownerID := OwnerID{}
+		_, err := rand.Read(ownerID[:])
+		require.NoError(t, err)
+
+		tok.SetOwnerID(ownerID)
+
+		require.Equal(t, ownerID, tok.GetOwnerID())
+	}
+
+	{ // ValidUntil
+		e := uint64(5)
+
+		tok.SetExpirationEpoch(e)
+
+		require.Equal(t, e, tok.ExpirationEpoch())
+	}
+
+	{ // OwnerKey
+		key := make([]byte, 10)
+		_, err := rand.Read(key)
+		require.NoError(t, err)
+
+		tok.SetOwnerKey(key)
+
+		require.Equal(t, key, tok.GetOwnerKey())
+	}
+
+	{ // Signature
+		sig := make([]byte, 10)
+		_, err := rand.Read(sig)
+		require.NoError(t, err)
+
+		tok.SetSignature(sig)
+
+		require.Equal(t, sig, tok.GetSignature())
+	}
+}
+
+func TestSignVerifyBearerToken(t *testing.T) {
+	var token BearerToken = new(testBearerToken)
+
+	// create private key for signing
+	sk := test.DecodeKey(0)
+	pk := &sk.PublicKey
+
+	rules := []byte{1, 2, 3}
+	token.SetACLRules(rules)
+
+	ownerID := OwnerID{}
+	_, err := rand.Read(ownerID[:])
+	require.NoError(t, err)
+	token.SetOwnerID(ownerID)
+
+	fEpoch := uint64(2)
+	token.SetExpirationEpoch(fEpoch)
+
+	signedToken := NewSignedBearerToken(token)
+	verifiedToken := NewVerifiedBearerToken(token)
+
+	// sign and verify token
+	require.NoError(t, AddSignatureWithKey(sk, signedToken))
+	require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
+
+	items := []struct {
+		corrupt func()
+		restore func()
+	}{
+		{ // ACLRules
+			corrupt: func() {
+				token.SetACLRules(append(rules, 1))
+			},
+			restore: func() {
+				token.SetACLRules(rules)
+			},
+		},
+		{ // Owner ID
+			corrupt: func() {
+				ownerID[0]++
+				token.SetOwnerID(ownerID)
+			},
+			restore: func() {
+				ownerID[0]--
+				token.SetOwnerID(ownerID)
+			},
+		},
+		{ // Expiration epoch
+			corrupt: func() {
+				token.SetExpirationEpoch(fEpoch + 1)
+			},
+			restore: func() {
+				token.SetExpirationEpoch(fEpoch)
+			},
+		},
+	}
+
+	for _, v := range items {
+		v.corrupt()
+		require.Error(t, VerifySignatureWithKey(pk, verifiedToken))
+		v.restore()
+		require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
+	}
+}