services/keep/src/keep/perms_test.go

   1 package main
   2
   3 import (
   4         "testing"
   5         "time"
   6 )
   7
   8 var (
   9         known_hash    = "acbd18db4cc2f85cedef654fccc4a4d8"
  10         known_locator = known_hash + "+3"
  11         known_token   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
  12         known_key     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
  13                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
  14                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
  15                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
  16                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
  17                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
  18                 "786u5rw2a9gx743dj3fgq2irk"
  19         known_signature      = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a"
  20         known_timestamp      = "7fffffff"
  21         known_signed_locator = known_locator + "+A" + known_signature + "@" + known_timestamp
  22 )
  23
  24 func TestSignLocator(t *testing.T) {
  25         PermissionSecret = []byte(known_key)
  26         defer func() { PermissionSecret = nil }()
  27
  28         if ts, err := ParseHexTimestamp(known_timestamp); err != nil {
  29                 t.Errorf("bad known_timestamp %s", known_timestamp)
  30         } else {
  31                 if known_signed_locator != SignLocator(known_locator, known_token, ts) {
  32                         t.Fail()
  33                 }
  34         }
  35 }
  36
  37 func TestVerifySignature(t *testing.T) {
  38         PermissionSecret = []byte(known_key)
  39         defer func() { PermissionSecret = nil }()
  40
  41         if !VerifySignature(known_signed_locator, known_token) {
  42                 t.Fail()
  43         }
  44 }
  45
  46 // The size hint on the locator string should not affect signature validation.
  47 func TestVerifySignatureWrongSize(t *testing.T) {
  48         PermissionSecret = []byte(known_key)
  49         defer func() { PermissionSecret = nil }()
  50
  51         signed_locator_wrong_size := known_hash + "+999999+A" + known_signature + "@" + known_timestamp
  52         if !VerifySignature(signed_locator_wrong_size, known_token) {
  53                 t.Fail()
  54         }
  55 }
  56
  57 func TestVerifySignatureBadSig(t *testing.T) {
  58         PermissionSecret = []byte(known_key)
  59         defer func() { PermissionSecret = nil }()
  60
  61         bad_locator := known_locator + "+Aaaaaaaaaaaaaaaa@" + known_timestamp
  62         if VerifySignature(bad_locator, known_token) {
  63                 t.Fail()
  64         }
  65 }
  66
  67 func TestVerifySignatureBadTimestamp(t *testing.T) {
  68         PermissionSecret = []byte(known_key)
  69         defer func() { PermissionSecret = nil }()
  70
  71         bad_locator := known_locator + "+A" + known_signature + "@00000000"
  72         if VerifySignature(bad_locator, known_token) {
  73                 t.Fail()
  74         }
  75 }
  76
  77 func TestVerifySignatureBadSecret(t *testing.T) {
  78         PermissionSecret = []byte("00000000000000000000")
  79         defer func() { PermissionSecret = nil }()
  80
  81         if VerifySignature(known_signed_locator, known_token) {
  82                 t.Fail()
  83         }
  84 }
  85
  86 func TestVerifySignatureBadToken(t *testing.T) {
  87         PermissionSecret = []byte(known_key)
  88         defer func() { PermissionSecret = nil }()
  89
  90         if VerifySignature(known_signed_locator, "00000000") {
  91                 t.Fail()
  92         }
  93 }
  94
  95 func TestVerifySignatureExpired(t *testing.T) {
  96         PermissionSecret = []byte(known_key)
  97         defer func() { PermissionSecret = nil }()
  98
  99         yesterday := time.Now().AddDate(0, 0, -1)
 100         expired_locator := SignLocator(known_hash, known_token, yesterday)
 101         if VerifySignature(expired_locator, known_token) {
 102                 t.Fail()
 103         }
 104 }