services/keepstore/perms_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package main
   6
   7 import (
   8         "strconv"
   9         "testing"
  10         "time"
  11
  12         "git.curoverse.com/arvados.git/sdk/go/arvados"
  13 )
  14
  15 const (
  16         knownHash    = "acbd18db4cc2f85cedef654fccc4a4d8"
  17         knownLocator = knownHash + "+3"
  18         knownToken   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
  19         knownKey     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
  20                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
  21                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
  22                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
  23                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
  24                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
  25                 "786u5rw2a9gx743dj3fgq2irk"
  26         knownSignatureTTL  = arvados.Duration(24 * 14 * time.Hour)
  27         knownSignature     = "89118b78732c33104a4d6231e8b5a5fa1e4301e3"
  28         knownTimestamp     = "7fffffff"
  29         knownSigHint       = "+A" + knownSignature + "@" + knownTimestamp
  30         knownSignedLocator = knownLocator + knownSigHint
  31 )
  32
  33 func TestSignLocator(t *testing.T) {
  34         defer func(b []byte) {
  35                 theConfig.blobSigningKey = b
  36         }(theConfig.blobSigningKey)
  37
  38         tsInt, err := strconv.ParseInt(knownTimestamp, 16, 0)
  39         if err != nil {
  40                 t.Fatal(err)
  41         }
  42         t0 := time.Unix(tsInt, 0)
  43
  44         theConfig.BlobSignatureTTL = knownSignatureTTL
  45
  46         theConfig.blobSigningKey = []byte(knownKey)
  47         if x := SignLocator(knownLocator, knownToken, t0); x != knownSignedLocator {
  48                 t.Fatalf("Got %+q, expected %+q", x, knownSignedLocator)
  49         }
  50
  51         theConfig.blobSigningKey = []byte("arbitrarykey")
  52         if x := SignLocator(knownLocator, knownToken, t0); x == knownSignedLocator {
  53                 t.Fatalf("Got same signature %+q, even though blobSigningKey changed", x)
  54         }
  55 }
  56
  57 func TestVerifyLocator(t *testing.T) {
  58         defer func(b []byte) {
  59                 theConfig.blobSigningKey = b
  60         }(theConfig.blobSigningKey)
  61
  62         theConfig.BlobSignatureTTL = knownSignatureTTL
  63
  64         theConfig.blobSigningKey = []byte(knownKey)
  65         if err := VerifySignature(knownSignedLocator, knownToken); err != nil {
  66                 t.Fatal(err)
  67         }
  68
  69         theConfig.blobSigningKey = []byte("arbitrarykey")
  70         if err := VerifySignature(knownSignedLocator, knownToken); err == nil {
  71                 t.Fatal("Verified signature even with wrong blobSigningKey")
  72         }
  73 }