"time"
)
-var (
+const (
known_hash = "acbd18db4cc2f85cedef654fccc4a4d8"
known_locator = known_hash + "+3"
known_token = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk"
"786u5rw2a9gx743dj3fgq2irk"
known_signature = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a"
known_timestamp = "7fffffff"
- known_signed_locator = known_locator + "+A" + known_signature + "@" + known_timestamp
+ known_sig_hint = "+A" + known_signature + "@" + known_timestamp
+ known_signed_locator = known_locator + known_sig_hint
)
func TestSignLocator(t *testing.T) {
PermissionSecret = []byte(known_key)
defer func() { PermissionSecret = nil }()
- if !VerifySignature(known_signed_locator, known_token) {
+ if VerifySignature(known_signed_locator, known_token) != nil {
t.Fail()
}
}
+func TestVerifySignatureExtraHints(t *testing.T) {
+ PermissionSecret = []byte(known_key)
+ defer func() { PermissionSecret = nil }()
+
+ if VerifySignature(known_locator+"+K@xyzzy"+known_sig_hint, known_token) != nil{
+ t.Fatal("Verify cannot handle hint before permission signature")
+ }
+
+ if VerifySignature(known_locator+known_sig_hint+"+Zfoo", known_token) != nil {
+ t.Fatal("Verify cannot handle hint after permission signature")
+ }
+
+ if VerifySignature(known_locator+"+K@xyzzy"+known_sig_hint+"+Zfoo", known_token) != nil {
+ t.Fatal("Verify cannot handle hints around permission signature")
+ }
+}
+
// The size hint on the locator string should not affect signature validation.
func TestVerifySignatureWrongSize(t *testing.T) {
PermissionSecret = []byte(known_key)
defer func() { PermissionSecret = nil }()
- signed_locator_wrong_size := known_hash + "+999999+A" + known_signature + "@" + known_timestamp
- if !VerifySignature(signed_locator_wrong_size, known_token) {
- t.Fail()
+ if VerifySignature(known_hash+"+999999"+known_sig_hint, known_token) != nil {
+ t.Fatal("Verify cannot handle incorrect size hint")
+ }
+
+ if VerifySignature(known_hash+known_sig_hint, known_token) != nil {
+ t.Fatal("Verify cannot handle missing size hint")
}
}
defer func() { PermissionSecret = nil }()
bad_locator := known_locator + "+Aaaaaaaaaaaaaaaa@" + known_timestamp
- if VerifySignature(bad_locator, known_token) {
+ if VerifySignature(bad_locator, known_token) != PermissionError {
t.Fail()
}
}
PermissionSecret = []byte(known_key)
defer func() { PermissionSecret = nil }()
- bad_locator := known_locator + "+A" + known_signature + "@00000000"
- if VerifySignature(bad_locator, known_token) {
+ bad_locator := known_locator + "+A" + known_signature + "@OOOOOOOl"
+ if VerifySignature(bad_locator, known_token) != PermissionError {
t.Fail()
}
}
PermissionSecret = []byte("00000000000000000000")
defer func() { PermissionSecret = nil }()
- if VerifySignature(known_signed_locator, known_token) {
+ if VerifySignature(known_signed_locator, known_token) != PermissionError {
t.Fail()
}
}
PermissionSecret = []byte(known_key)
defer func() { PermissionSecret = nil }()
- if VerifySignature(known_signed_locator, "00000000") {
+ if VerifySignature(known_signed_locator, "00000000") != PermissionError {
t.Fail()
}
}
yesterday := time.Now().AddDate(0, 0, -1)
expired_locator := SignLocator(known_hash, known_token, yesterday)
- if VerifySignature(expired_locator, known_token) {
+ if VerifySignature(expired_locator, known_token) != ExpiredError {
t.Fail()
}
}
projects / arvados.git / blobdiff