Merge branch 'master' into 4025-move-project-button-label
[arvados.git] / services / keepstore / perms_test.go
1 package main
2
3 import (
4         "testing"
5         "time"
6 )
7
8 var (
9         known_hash    = "acbd18db4cc2f85cedef654fccc4a4d8"
10         known_locator = known_hash + "+3"
11         known_token   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
12         known_key     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
13                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
14                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
15                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
16                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
17                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
18                 "786u5rw2a9gx743dj3fgq2irk"
19         known_signature      = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a"
20         known_timestamp      = "7fffffff"
21         known_signed_locator = known_locator + "+A" + known_signature + "@" + known_timestamp
22 )
23
24 func TestSignLocator(t *testing.T) {
25         PermissionSecret = []byte(known_key)
26         defer func() { PermissionSecret = nil }()
27
28         if ts, err := ParseHexTimestamp(known_timestamp); err != nil {
29                 t.Errorf("bad known_timestamp %s", known_timestamp)
30         } else {
31                 if known_signed_locator != SignLocator(known_locator, known_token, ts) {
32                         t.Fail()
33                 }
34         }
35 }
36
37 func TestVerifySignature(t *testing.T) {
38         PermissionSecret = []byte(known_key)
39         defer func() { PermissionSecret = nil }()
40
41         if !VerifySignature(known_signed_locator, known_token) {
42                 t.Fail()
43         }
44 }
45
46 // The size hint on the locator string should not affect signature validation.
47 func TestVerifySignatureWrongSize(t *testing.T) {
48         PermissionSecret = []byte(known_key)
49         defer func() { PermissionSecret = nil }()
50
51         signed_locator_wrong_size := known_hash + "+999999+A" + known_signature + "@" + known_timestamp
52         if !VerifySignature(signed_locator_wrong_size, known_token) {
53                 t.Fail()
54         }
55 }
56
57 func TestVerifySignatureBadSig(t *testing.T) {
58         PermissionSecret = []byte(known_key)
59         defer func() { PermissionSecret = nil }()
60
61         bad_locator := known_locator + "+Aaaaaaaaaaaaaaaa@" + known_timestamp
62         if VerifySignature(bad_locator, known_token) {
63                 t.Fail()
64         }
65 }
66
67 func TestVerifySignatureBadTimestamp(t *testing.T) {
68         PermissionSecret = []byte(known_key)
69         defer func() { PermissionSecret = nil }()
70
71         bad_locator := known_locator + "+A" + known_signature + "@00000000"
72         if VerifySignature(bad_locator, known_token) {
73                 t.Fail()
74         }
75 }
76
77 func TestVerifySignatureBadSecret(t *testing.T) {
78         PermissionSecret = []byte("00000000000000000000")
79         defer func() { PermissionSecret = nil }()
80
81         if VerifySignature(known_signed_locator, known_token) {
82                 t.Fail()
83         }
84 }
85
86 func TestVerifySignatureBadToken(t *testing.T) {
87         PermissionSecret = []byte(known_key)
88         defer func() { PermissionSecret = nil }()
89
90         if VerifySignature(known_signed_locator, "00000000") {
91                 t.Fail()
92         }
93 }
94
95 func TestVerifySignatureExpired(t *testing.T) {
96         PermissionSecret = []byte(known_key)
97         defer func() { PermissionSecret = nil }()
98
99         yesterday := time.Now().AddDate(0, 0, -1)
100         expired_locator := SignLocator(known_hash, known_token, yesterday)
101         if VerifySignature(expired_locator, known_token) {
102                 t.Fail()
103         }
104 }