services/keepstore/perms_test.go

   1 package main
   2
   3 import (
   4         "testing"
   5         "time"
   6 )
   7
   8 var (
   9         known_hash    = "acbd18db4cc2f85cedef654fccc4a4d8"
  10         known_locator = known_hash + "+3"
  11         known_token   = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
  12         known_key     = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" +
  13                 "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" +
  14                 "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" +
  15                 "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" +
  16                 "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
  17                 "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
  18                 "786u5rw2a9gx743dj3fgq2irk"
  19         known_signature      = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a"
  20         known_timestamp      = "7fffffff"
  21         known_signed_locator = known_locator + "+A" + known_signature + "@" + known_timestamp
  22 )
  23
  24 func TestSignLocator(t *testing.T) {
  25         PermissionSecret = []byte(known_key)
  26         defer func() { PermissionSecret = nil }()
  27
  28         if ts, err := ParseHexTimestamp(known_timestamp); err != nil {
  29                 t.Errorf("bad known_timestamp %s", known_timestamp)
  30         } else {
  31                 if known_signed_locator != SignLocator(known_locator, known_token, ts) {
  32                         t.Fail()
  33                 }
  34         }
  35 }
  36
  37 func TestVerifySignature(t *testing.T) {
  38         PermissionSecret = []byte(known_key)
  39         defer func() { PermissionSecret = nil }()
  40
  41         if !VerifySignature(known_signed_locator, known_token) {
  42                 t.Fail()
  43         }
  44 }
  45
  46 func TestVerifySignatureExtraHints(t *testing.T) {
  47         PermissionSecret = []byte(known_key)
  48         defer func() { PermissionSecret = nil }()
  49
  50         sig_stuff := "+A" + known_signature + "@" + known_timestamp
  51
  52         if !VerifySignature(known_locator + "+K@xyzzy" + sig_stuff, known_token) {
  53                 t.Fatal("Verify cannot handle hint before permission signature")
  54         }
  55
  56         if !VerifySignature(known_locator + sig_stuff + "+Zfoo", known_token) {
  57                 t.Fatal("Verify cannot handle hint after permission signature")
  58         }
  59
  60         if !VerifySignature(known_locator + "+K@xyzzy" + sig_stuff + "+Zfoo", known_token) {
  61                 t.Fatal("Verify cannot handle hints around permission signature")
  62         }
  63 }
  64
  65 // The size hint on the locator string should not affect signature validation.
  66 func TestVerifySignatureWrongSize(t *testing.T) {
  67         PermissionSecret = []byte(known_key)
  68         defer func() { PermissionSecret = nil }()
  69
  70         signed_locator_wrong_size := known_hash + "+999999+A" + known_signature + "@" + known_timestamp
  71         if !VerifySignature(signed_locator_wrong_size, known_token) {
  72                 t.Fail()
  73         }
  74 }
  75
  76 func TestVerifySignatureBadSig(t *testing.T) {
  77         PermissionSecret = []byte(known_key)
  78         defer func() { PermissionSecret = nil }()
  79
  80         bad_locator := known_locator + "+Aaaaaaaaaaaaaaaa@" + known_timestamp
  81         if VerifySignature(bad_locator, known_token) {
  82                 t.Fail()
  83         }
  84 }
  85
  86 func TestVerifySignatureBadTimestamp(t *testing.T) {
  87         PermissionSecret = []byte(known_key)
  88         defer func() { PermissionSecret = nil }()
  89
  90         bad_locator := known_locator + "+A" + known_signature + "@00000000"
  91         if VerifySignature(bad_locator, known_token) {
  92                 t.Fail()
  93         }
  94 }
  95
  96 func TestVerifySignatureBadSecret(t *testing.T) {
  97         PermissionSecret = []byte("00000000000000000000")
  98         defer func() { PermissionSecret = nil }()
  99
 100         if VerifySignature(known_signed_locator, known_token) {
 101                 t.Fail()
 102         }
 103 }
 104
 105 func TestVerifySignatureBadToken(t *testing.T) {
 106         PermissionSecret = []byte(known_key)
 107         defer func() { PermissionSecret = nil }()
 108
 109         if VerifySignature(known_signed_locator, "00000000") {
 110                 t.Fail()
 111         }
 112 }
 113
 114 func TestVerifySignatureExpired(t *testing.T) {
 115         PermissionSecret = []byte(known_key)
 116         defer func() { PermissionSecret = nil }()
 117
 118         yesterday := time.Now().AddDate(0, 0, -1)
 119         expired_locator := SignLocator(known_hash, known_token, yesterday)
 120         if VerifySignature(expired_locator, known_token) {
 121                 t.Fail()
 122         }
 123 }