services/keepstore/perms_test.go

   1 package main
   2
   3 import (
   4         "strconv"
   5         "testing"
   6         "time"
   7 )
   8
   9 const (
  10         knownHash    = "acbd18db4cc2f85cedef654fccc4a4d8"
  11         knownLocator = knownHash + "+3"
  12         knownToken   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
  13         knownKey     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
  14                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
  15                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
  16                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
  17                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
  18                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
  19                 "786u5rw2a9gx743dj3fgq2irk"
  20         knownSignature     = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a"
  21         knownTimestamp     = "7fffffff"
  22         knownSigHint       = "+A" + knownSignature + "@" + knownTimestamp
  23         knownSignedLocator = knownLocator + knownSigHint
  24 )
  25
  26 func TestSignLocator(t *testing.T) {
  27         PermissionSecret = []byte(knownKey)
  28         defer func() { PermissionSecret = nil }()
  29
  30         tsInt, err := strconv.ParseInt(knownTimestamp, 16, 0)
  31         if err != nil {
  32                 t.Fail()
  33         }
  34         if knownSignedLocator != SignLocator(knownLocator, knownToken, time.Unix(tsInt, 0)) {
  35                 t.Fail()
  36         }
  37 }
  38
  39 func TestVerifySignature(t *testing.T) {
  40         PermissionSecret = []byte(knownKey)
  41         defer func() { PermissionSecret = nil }()
  42
  43         if VerifySignature(knownSignedLocator, knownToken) != nil {
  44                 t.Fail()
  45         }
  46 }
  47
  48 func TestVerifySignatureExtraHints(t *testing.T) {
  49         PermissionSecret = []byte(knownKey)
  50         defer func() { PermissionSecret = nil }()
  51
  52         if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint, knownToken) != nil {
  53                 t.Fatal("Verify cannot handle hint before permission signature")
  54         }
  55
  56         if VerifySignature(knownLocator+knownSigHint+"+Zfoo", knownToken) != nil {
  57                 t.Fatal("Verify cannot handle hint after permission signature")
  58         }
  59
  60         if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint+"+Zfoo", knownToken) != nil {
  61                 t.Fatal("Verify cannot handle hints around permission signature")
  62         }
  63 }
  64
  65 // The size hint on the locator string should not affect signature validation.
  66 func TestVerifySignatureWrongSize(t *testing.T) {
  67         PermissionSecret = []byte(knownKey)
  68         defer func() { PermissionSecret = nil }()
  69
  70         if VerifySignature(knownHash+"+999999"+knownSigHint, knownToken) != nil {
  71                 t.Fatal("Verify cannot handle incorrect size hint")
  72         }
  73
  74         if VerifySignature(knownHash+knownSigHint, knownToken) != nil {
  75                 t.Fatal("Verify cannot handle missing size hint")
  76         }
  77 }
  78
  79 func TestVerifySignatureBadSig(t *testing.T) {
  80         PermissionSecret = []byte(knownKey)
  81         defer func() { PermissionSecret = nil }()
  82
  83         badLocator := knownLocator + "+Aaaaaaaaaaaaaaaa@" + knownTimestamp
  84         if VerifySignature(badLocator, knownToken) != PermissionError {
  85                 t.Fail()
  86         }
  87 }
  88
  89 func TestVerifySignatureBadTimestamp(t *testing.T) {
  90         PermissionSecret = []byte(knownKey)
  91         defer func() { PermissionSecret = nil }()
  92
  93         badLocator := knownLocator + "+A" + knownSignature + "@OOOOOOOl"
  94         if VerifySignature(badLocator, knownToken) != PermissionError {
  95                 t.Fail()
  96         }
  97 }
  98
  99 func TestVerifySignatureBadSecret(t *testing.T) {
 100         PermissionSecret = []byte("00000000000000000000")
 101         defer func() { PermissionSecret = nil }()
 102
 103         if VerifySignature(knownSignedLocator, knownToken) != PermissionError {
 104                 t.Fail()
 105         }
 106 }
 107
 108 func TestVerifySignatureBadToken(t *testing.T) {
 109         PermissionSecret = []byte(knownKey)
 110         defer func() { PermissionSecret = nil }()
 111
 112         if VerifySignature(knownSignedLocator, "00000000") != PermissionError {
 113                 t.Fail()
 114         }
 115 }
 116
 117 func TestVerifySignatureExpired(t *testing.T) {
 118         PermissionSecret = []byte(knownKey)
 119         defer func() { PermissionSecret = nil }()
 120
 121         yesterday := time.Now().AddDate(0, 0, -1)
 122         expiredLocator := SignLocator(knownHash, knownToken, yesterday)
 123         if VerifySignature(expiredLocator, knownToken) != ExpiredError {
 124                 t.Fail()
 125         }
 126 }