services/keepstore/perms_test.go

   1 package main
   2
   3 import (
   4         "strconv"
   5         "testing"
   6         "time"
   7
   8         "git.curoverse.com/arvados.git/sdk/go/arvados"
   9 )
  10
  11 const (
  12         knownHash    = "acbd18db4cc2f85cedef654fccc4a4d8"
  13         knownLocator = knownHash + "+3"
  14         knownToken   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
  15         knownKey     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
  16                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
  17                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
  18                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
  19                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
  20                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
  21                 "786u5rw2a9gx743dj3fgq2irk"
  22         knownSignatureTTL  = arvados.Duration(24 * 14 * time.Hour)
  23         knownSignature     = "89118b78732c33104a4d6231e8b5a5fa1e4301e3"
  24         knownTimestamp     = "7fffffff"
  25         knownSigHint       = "+A" + knownSignature + "@" + knownTimestamp
  26         knownSignedLocator = knownLocator + knownSigHint
  27 )
  28
  29 func TestSignLocator(t *testing.T) {
  30         defer func(b []byte) {
  31                 theConfig.blobSigningKey = b
  32         }(theConfig.blobSigningKey)
  33
  34         tsInt, err := strconv.ParseInt(knownTimestamp, 16, 0)
  35         if err != nil {
  36                 t.Fatal(err)
  37         }
  38         t0 := time.Unix(tsInt, 0)
  39
  40         theConfig.BlobSignatureTTL = knownSignatureTTL
  41
  42         theConfig.blobSigningKey = []byte(knownKey)
  43         if x := SignLocator(knownLocator, knownToken, t0); x != knownSignedLocator {
  44                 t.Fatalf("Got %+q, expected %+q", x, knownSignedLocator)
  45         }
  46
  47         theConfig.blobSigningKey = []byte("arbitrarykey")
  48         if x := SignLocator(knownLocator, knownToken, t0); x == knownSignedLocator {
  49                 t.Fatalf("Got same signature %+q, even though blobSigningKey changed", x)
  50         }
  51 }
  52
  53 func TestVerifyLocator(t *testing.T) {
  54         defer func(b []byte) {
  55                 theConfig.blobSigningKey = b
  56         }(theConfig.blobSigningKey)
  57
  58         theConfig.BlobSignatureTTL = knownSignatureTTL
  59
  60         theConfig.blobSigningKey = []byte(knownKey)
  61         if err := VerifySignature(knownSignedLocator, knownToken); err != nil {
  62                 t.Fatal(err)
  63         }
  64
  65         theConfig.blobSigningKey = []byte("arbitrarykey")
  66         if err := VerifySignature(knownSignedLocator, knownToken); err == nil {
  67                 t.Fatal("Verified signature even with wrong blobSigningKey")
  68         }
  69 }