services/keepstore/perms_test.go

   1 package main
   2
   3 import (
   4         "testing"
   5         "time"
   6 )
   7
   8 const (
   9         knownHash    = "acbd18db4cc2f85cedef654fccc4a4d8"
  10         knownLocator = knownHash + "+3"
  11         knownToken   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
  12         knownKey     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
  13                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
  14                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
  15                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
  16                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
  17                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
  18                 "786u5rw2a9gx743dj3fgq2irk"
  19         knownSignature     = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a"
  20         knownTimestamp     = "7fffffff"
  21         knownSigHint       = "+A" + knownSignature + "@" + knownTimestamp
  22         knownSignedLocator = knownLocator + knownSigHint
  23 )
  24
  25 func TestSignLocator(t *testing.T) {
  26         PermissionSecret = []byte(knownKey)
  27         defer func() { PermissionSecret = nil }()
  28
  29         if ts, err := ParseHexTimestamp(knownTimestamp); err != nil {
  30                 t.Errorf("bad knownTimestamp %s", knownTimestamp)
  31         } else {
  32                 if knownSignedLocator != SignLocator(knownLocator, knownToken, ts) {
  33                         t.Fail()
  34                 }
  35         }
  36 }
  37
  38 func TestVerifySignature(t *testing.T) {
  39         PermissionSecret = []byte(knownKey)
  40         defer func() { PermissionSecret = nil }()
  41
  42         if VerifySignature(knownSignedLocator, knownToken) != nil {
  43                 t.Fail()
  44         }
  45 }
  46
  47 func TestVerifySignatureExtraHints(t *testing.T) {
  48         PermissionSecret = []byte(knownKey)
  49         defer func() { PermissionSecret = nil }()
  50
  51         if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint, knownToken) != nil {
  52                 t.Fatal("Verify cannot handle hint before permission signature")
  53         }
  54
  55         if VerifySignature(knownLocator+knownSigHint+"+Zfoo", knownToken) != nil {
  56                 t.Fatal("Verify cannot handle hint after permission signature")
  57         }
  58
  59         if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint+"+Zfoo", knownToken) != nil {
  60                 t.Fatal("Verify cannot handle hints around permission signature")
  61         }
  62 }
  63
  64 // The size hint on the locator string should not affect signature validation.
  65 func TestVerifySignatureWrongSize(t *testing.T) {
  66         PermissionSecret = []byte(knownKey)
  67         defer func() { PermissionSecret = nil }()
  68
  69         if VerifySignature(knownHash+"+999999"+knownSigHint, knownToken) != nil {
  70                 t.Fatal("Verify cannot handle incorrect size hint")
  71         }
  72
  73         if VerifySignature(knownHash+knownSigHint, knownToken) != nil {
  74                 t.Fatal("Verify cannot handle missing size hint")
  75         }
  76 }
  77
  78 func TestVerifySignatureBadSig(t *testing.T) {
  79         PermissionSecret = []byte(knownKey)
  80         defer func() { PermissionSecret = nil }()
  81
  82         badLocator := knownLocator + "+Aaaaaaaaaaaaaaaa@" + knownTimestamp
  83         if VerifySignature(badLocator, knownToken) != PermissionError {
  84                 t.Fail()
  85         }
  86 }
  87
  88 func TestVerifySignatureBadTimestamp(t *testing.T) {
  89         PermissionSecret = []byte(knownKey)
  90         defer func() { PermissionSecret = nil }()
  91
  92         badLocator := knownLocator + "+A" + knownSignature + "@OOOOOOOl"
  93         if VerifySignature(badLocator, knownToken) != PermissionError {
  94                 t.Fail()
  95         }
  96 }
  97
  98 func TestVerifySignatureBadSecret(t *testing.T) {
  99         PermissionSecret = []byte("00000000000000000000")
 100         defer func() { PermissionSecret = nil }()
 101
 102         if VerifySignature(knownSignedLocator, knownToken) != PermissionError {
 103                 t.Fail()
 104         }
 105 }
 106
 107 func TestVerifySignatureBadToken(t *testing.T) {
 108         PermissionSecret = []byte(knownKey)
 109         defer func() { PermissionSecret = nil }()
 110
 111         if VerifySignature(knownSignedLocator, "00000000") != PermissionError {
 112                 t.Fail()
 113         }
 114 }
 115
 116 func TestVerifySignatureExpired(t *testing.T) {
 117         PermissionSecret = []byte(knownKey)
 118         defer func() { PermissionSecret = nil }()
 119
 120         yesterday := time.Now().AddDate(0, 0, -1)
 121         expiredLocator := SignLocator(knownHash, knownToken, yesterday)
 122         if VerifySignature(expiredLocator, knownToken) != ExpiredError {
 123                 t.Fail()
 124         }
 125 }