service: implement Sign/Verify functions for SessionToken

2020-04-28 19:03:15 +03:00 · 2020-04-28 19:03:15 +03:00 · 82ffde253b
commit 82ffde253b
parent e47b775a86
2 changed files with 231 additions and 0 deletions
--- a/service/token_test.go
+++ b/service/token_test.go
@ -5,6 +5,8 @@ import (
 	"testing"

 	"github.com/nspcc-dev/neofs-api-go/refs"
+	crypto "github.com/nspcc-dev/neofs-crypto"
+	"github.com/nspcc-dev/neofs-crypto/test"
 	"github.com/stretchr/testify/require"
 )

@ -86,3 +88,145 @@ func TestTokenGettersSetters(t *testing.T) {
 		require.Equal(t, sig, tok.GetSignature())
 	}
 }
+
+func TestSignToken(t *testing.T) {
+	// nil token
+	require.EqualError(t,
+		SignToken(nil, nil),
+		ErrEmptyToken.Error(),
+	)
+
+	var token SessionToken = new(Token)
+
+	// nil key
+	require.EqualError(t,
+		SignToken(token, nil),
+		crypto.ErrEmptyPrivateKey.Error(),
+	)
+
+	// create private key for signing
+	sk := test.DecodeKey(0)
+	pk := &sk.PublicKey
+
+	id := TokenID{}
+	_, err := rand.Read(id[:])
+	require.NoError(t, err)
+	token.SetID(id)
+
+	ownerID := OwnerID{}
+	_, err = rand.Read(ownerID[:])
+	require.NoError(t, err)
+	token.SetOwnerID(ownerID)
+
+	verb := Token_Info_Verb(1)
+	token.SetVerb(verb)
+
+	addr := Address{}
+	_, err = rand.Read(addr.ObjectID[:])
+	require.NoError(t, err)
+	_, err = rand.Read(addr.CID[:])
+	require.NoError(t, err)
+	token.SetAddress(addr)
+
+	cEpoch := uint64(1)
+	token.SetCreationEpoch(cEpoch)
+
+	fEpoch := uint64(2)
+	token.SetExpirationEpoch(fEpoch)
+
+	sessionKey := make([]byte, 10)
+	_, err = rand.Read(sessionKey[:])
+	require.NoError(t, err)
+	token.SetSessionKey(sessionKey)
+
+	// sign and verify token
+	require.NoError(t, SignToken(token, sk))
+	require.NoError(t, VerifyTokenSignature(token, pk))
+
+	items := []struct {
+		corrupt func()
+		restore func()
+	}{
+		{ // ID
+			corrupt: func() {
+				id[0]++
+				token.SetID(id)
+			},
+			restore: func() {
+				id[0]--
+				token.SetID(id)
+			},
+		},
+		{ // Owner ID
+			corrupt: func() {
+				ownerID[0]++
+				token.SetOwnerID(ownerID)
+			},
+			restore: func() {
+				ownerID[0]--
+				token.SetOwnerID(ownerID)
+			},
+		},
+		{ // Verb
+			corrupt: func() {
+				token.SetVerb(verb + 1)
+			},
+			restore: func() {
+				token.SetVerb(verb)
+			},
+		},
+		{ // ObjectID
+			corrupt: func() {
+				addr.ObjectID[0]++
+				token.SetAddress(addr)
+			},
+			restore: func() {
+				addr.ObjectID[0]--
+				token.SetAddress(addr)
+			},
+		},
+		{ // CID
+			corrupt: func() {
+				addr.CID[0]++
+				token.SetAddress(addr)
+			},
+			restore: func() {
+				addr.CID[0]--
+				token.SetAddress(addr)
+			},
+		},
+		{ // Creation epoch
+			corrupt: func() {
+				token.SetCreationEpoch(cEpoch + 1)
+			},
+			restore: func() {
+				token.SetCreationEpoch(cEpoch)
+			},
+		},
+		{ // Expiration epoch
+			corrupt: func() {
+				token.SetExpirationEpoch(fEpoch + 1)
+			},
+			restore: func() {
+				token.SetExpirationEpoch(fEpoch)
+			},
+		},
+		{ // Session key
+			corrupt: func() {
+				sessionKey[0]++
+				token.SetSessionKey(sessionKey)
+			},
+			restore: func() {
+				sessionKey[0]--
+				token.SetSessionKey(sessionKey)
+			},
+		},
+	}
+
+	for _, v := range items {
+		v.corrupt()
+		require.Error(t, VerifyTokenSignature(token, pk))
+		v.restore()
+		require.NoError(t, VerifyTokenSignature(token, pk))
+	}
+}