projects / arvados.git / blob


bab5ed2453c7fe9851a1fe4dad56b671feea3b4f
[arvados.git] / services / keepstore / perms_test.go
1 package main
2
3 import (
4         "strconv"
5         "testing"
6         "time"
7 )
8
9 const (
10         knownHash    = "acbd18db4cc2f85cedef654fccc4a4d8"
11         knownLocator = knownHash + "+3"
12         knownToken   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
13         knownKey     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
14                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
15                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
16                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
17                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
18                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
19                 "786u5rw2a9gx743dj3fgq2irk"
20         knownSignature     = "44362129a92a48d02b2e0789c597f970f3b1faf3"
21         knownTimestamp     = "7fffffff"
22         knownSigHint       = "+A" + knownSignature + "@" + knownTimestamp
23         knownSignedLocator = knownLocator + knownSigHint
24 )
25
26 func TestSignLocator(t *testing.T) {
27         defer func(b []byte) {
28                 PermissionSecret = b
29         }(PermissionSecret)
30
31         tsInt, err := strconv.ParseInt(knownTimestamp, 16, 0)
32         if err != nil {
33                 t.Fatal(err)
34         }
35         t0 := time.Unix(tsInt, 0)
36
37         blobSignatureTTL = time.Duration(1) * time.Second
38
39         PermissionSecret = []byte(knownKey)
40         if x := SignLocator(knownLocator, knownToken, t0); x != knownSignedLocator {
41                 t.Fatalf("Got %+q, expected %+q", x, knownSignedLocator)
42         }
43
44         PermissionSecret = []byte("arbitrarykey")
45         if x := SignLocator(knownLocator, knownToken, t0); x == knownSignedLocator {
46                 t.Fatalf("Got same signature %+q, even though PermissionSecret changed", x)
47         }
48 }
49
50 func TestVerifyLocator(t *testing.T) {
51         defer func(b []byte) {
52                 PermissionSecret = b
53         }(PermissionSecret)
54
55         blobSignatureTTL = time.Duration(1) * time.Second
56
57         PermissionSecret = []byte(knownKey)
58         if err := VerifySignature(knownSignedLocator, knownToken); err != nil {
59                 t.Fatal(err)
60         }
61
62         PermissionSecret = []byte("arbitrarykey")
63         if err := VerifySignature(knownSignedLocator, knownToken); err == nil {
64                 t.Fatal("Verified signature even with wrong PermissionSecret")
65         }
66 }