X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1996b03c10e45d4c1959b40333c57261a040bffb..f04693da1811e670d4cbb981debeecf14d79137c:/services/keepstore/perms_test.go

diff --git a/services/keepstore/perms_test.go b/services/keepstore/perms_test.go
index f4443fc7be..6ec4887ce1 100644
--- a/services/keepstore/perms_test.go
+++ b/services/keepstore/perms_test.go
@@ -1,9 +1,15 @@
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: AGPL-3.0
+
 package main
 
 import (
 	"strconv"
-	"testing"
 	"time"
+
+	"git.curoverse.com/arvados.git/sdk/go/arvados"
+	check "gopkg.in/check.v1"
 )
 
 const (
@@ -17,46 +23,41 @@ const (
 		"gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
 		"vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
 		"786u5rw2a9gx743dj3fgq2irk"
-	knownSignature     = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a"
+	knownSignatureTTL  = arvados.Duration(24 * 14 * time.Hour)
+	knownSignature     = "89118b78732c33104a4d6231e8b5a5fa1e4301e3"
 	knownTimestamp     = "7fffffff"
 	knownSigHint       = "+A" + knownSignature + "@" + knownTimestamp
 	knownSignedLocator = knownLocator + knownSigHint
 )
 
-func TestSignLocator(t *testing.T) {
-	defer func(b []byte) {
-		PermissionSecret = b
-	}(PermissionSecret)
-
+func (s *HandlerSuite) TestSignLocator(c *check.C) {
 	tsInt, err := strconv.ParseInt(knownTimestamp, 16, 0)
 	if err != nil {
-		t.Fatal(err)
+		c.Fatal(err)
 	}
 	t0 := time.Unix(tsInt, 0)
 
-	PermissionSecret = []byte(knownKey)
-	if x := SignLocator(knownLocator, knownToken, t0); x != knownSignedLocator {
-		t.Fatalf("Got %+q, expected %+q", x, knownSignedLocator)
+	s.cluster.Collections.BlobSigningTTL = knownSignatureTTL
+	s.cluster.Collections.BlobSigningKey = knownKey
+	if x := SignLocator(s.cluster, knownLocator, knownToken, t0); x != knownSignedLocator {
+		c.Fatalf("Got %+q, expected %+q", x, knownSignedLocator)
 	}
 
-	PermissionSecret = []byte("arbitrarykey")
-	if x := SignLocator(knownLocator, knownToken, t0); x == knownSignedLocator {
-		t.Fatalf("Got same signature %+q, even though PermissionSecret changed", x)
+	s.cluster.Collections.BlobSigningKey = "arbitrarykey"
+	if x := SignLocator(s.cluster, knownLocator, knownToken, t0); x == knownSignedLocator {
+		c.Fatalf("Got same signature %+q, even though blobSigningKey changed", x)
 	}
 }
 
-func TestVerifyLocator(t *testing.T) {
-	defer func(b []byte) {
-		PermissionSecret = b
-	}(PermissionSecret)
-
-	PermissionSecret = []byte(knownKey)
-	if err := VerifySignature(knownSignedLocator, knownToken); err != nil {
-		t.Fatal(err)
+func (s *HandlerSuite) TestVerifyLocator(c *check.C) {
+	s.cluster.Collections.BlobSigningTTL = knownSignatureTTL
+	s.cluster.Collections.BlobSigningKey = knownKey
+	if err := VerifySignature(s.cluster, knownSignedLocator, knownToken); err != nil {
+		c.Fatal(err)
 	}
 
-	PermissionSecret = []byte("arbitrarykey")
-	if err := VerifySignature(knownSignedLocator, knownToken); err == nil {
-		t.Fatal("Verified signature even with wrong PermissionSecret")
+	s.cluster.Collections.BlobSigningKey = "arbitrarykey"
+	if err := VerifySignature(s.cluster, knownSignedLocator, knownToken); err == nil {
+		c.Fatal("Verified signature even with wrong blobSigningKey")
 	}
 }