frostfs-s3-gw/creds/accessbox/bearer_token_test.go

136 lines
3 KiB
Go
Raw Normal View History

package accessbox
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"testing"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/nspcc-dev/neofs-s3-gw/creds/hcs"
"github.com/stretchr/testify/require"
)
func Test_tokens_encode_decode(t *testing.T) {
var (
tkn = token.NewBearerToken()
tkn2 = token.NewBearerToken()
)
sec, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)
cred, err := hcs.Generate(rand.Reader)
require.NoError(t, err)
tkn.SetEACLTable(eacl.NewTable())
require.NoError(t, tkn.SignToken(sec))
data, err := encodeToken(tkn, cred.PrivateKey(), cred.PublicKey())
require.NoError(t, err)
err = decodeToken(data, tkn2, cred.PrivateKey(), cred.PublicKey())
require.NoError(t, err)
require.Equal(t, tkn, tkn2)
}
func Test_bearer_token_in_access_box(t *testing.T) {
var (
box, box2 AccessBox
tkn = token.NewBearerToken()
)
sec, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)
cred, err := hcs.Generate(rand.Reader)
require.NoError(t, err)
tkn.SetEACLTable(eacl.NewTable())
require.NoError(t, tkn.SignToken(sec))
box.SetOwnerPublicKey(cred.PublicKey())
err = box.AddBearerToken(tkn, cred.PrivateKey(), cred.PublicKey())
require.NoError(t, err)
data, err := box.Marshal()
require.NoError(t, err)
err = box2.Unmarshal(data)
require.NoError(t, err)
tkn2, err := box2.GetBearerToken(cred.PrivateKey())
require.NoError(t, err)
require.Equal(t, tkn, tkn2)
}
func Test_accessbox_multiple_keys(t *testing.T) {
var (
box AccessBox
tkn = token.NewBearerToken()
)
sec, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)
cred, err := hcs.Generate(rand.Reader)
require.NoError(t, err)
tkn.SetEACLTable(eacl.NewTable())
require.NoError(t, tkn.SignToken(sec))
count := 10
pubs := make([]hcs.PublicKey, 0, count)
keys := make([]hcs.PrivateKey, 0, count)
{ // generate keys
for i := 0; i < count; i++ {
cred, err := hcs.Generate(rand.Reader)
require.NoError(t, err)
pubs = append(pubs, cred.PublicKey())
keys = append(keys, cred.PrivateKey())
}
}
box.SetOwnerPublicKey(cred.PublicKey())
err = box.AddBearerToken(tkn, cred.PrivateKey(), pubs...)
require.NoError(t, err)
for i, k := range keys {
tkn2, err := box.GetBearerToken(k)
require.NoError(t, err, "key #%d: %s failed", i, k)
require.Equal(t, tkn2, tkn)
}
}
func Test_unknown_key(t *testing.T) {
var (
box AccessBox
tkn = token.NewBearerToken()
)
sec, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)
cred, err := hcs.Generate(rand.Reader)
require.NoError(t, err)
wrongCred, err := hcs.Generate(rand.Reader)
require.NoError(t, err)
tkn.SetEACLTable(eacl.NewTable())
require.NoError(t, tkn.SignToken(sec))
box.SetOwnerPublicKey(cred.PublicKey())
err = box.AddBearerToken(tkn, cred.PrivateKey(), cred.PublicKey())
require.NoError(t, err)
_, err = box.GetBearerToken(wrongCred.PrivateKey())
require.Error(t, err)
}