X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/41887dd213cfa165925e94d4f3bb120edeb1a30d..04a40b8028387c4b8899d6b5b0a55d349ddab04b:/services/keepstore/perms_test.go diff --git a/services/keepstore/perms_test.go b/services/keepstore/perms_test.go index d0081cd010..59516af85f 100644 --- a/services/keepstore/perms_test.go +++ b/services/keepstore/perms_test.go @@ -6,91 +6,91 @@ import ( ) const ( - known_hash = "acbd18db4cc2f85cedef654fccc4a4d8" - known_locator = known_hash + "+3" - known_token = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk" - known_key = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" + + knownHash = "acbd18db4cc2f85cedef654fccc4a4d8" + knownLocator = knownHash + "+3" + knownToken = "hocfupkn2pjhrpgp2vxv8rsku7tvtx49arbc9s4bvu7p7wxqvk" + knownKey = "13u9fkuccnboeewr0ne3mvapk28epf68a3bhj9q8sb4l6e4e5mkk" + "p6nhj2mmpscgu1zze5h5enydxfe3j215024u16ij4hjaiqs5u4pzsl3nczmaoxnc" + "ljkm4875xqn4xv058koz3vkptmzhyheiy6wzevzjmdvxhvcqsvr5abhl15c2d4o4" + "jhl0s91lojy1mtrzqqvprqcverls0xvy9vai9t1l1lvvazpuadafm71jl4mrwq2y" + "gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" + "vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" + "786u5rw2a9gx743dj3fgq2irk" - known_signature = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a" - known_timestamp = "7fffffff" - known_sig_hint = "+A" + known_signature + "@" + known_timestamp - known_signed_locator = known_locator + known_sig_hint + knownSignature = "257f3f5f5f0a4e4626a18fc74bd42ec34dcb228a" + knownTimestamp = "7fffffff" + knownSigHint = "+A" + knownSignature + "@" + knownTimestamp + knownSignedLocator = knownLocator + knownSigHint ) func TestSignLocator(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() - if ts, err := ParseHexTimestamp(known_timestamp); err != nil { - t.Errorf("bad known_timestamp %s", known_timestamp) + if ts, err := ParseHexTimestamp(knownTimestamp); err != nil { + t.Errorf("bad knownTimestamp %s", knownTimestamp) } else { - if known_signed_locator != SignLocator(known_locator, known_token, ts) { + if knownSignedLocator != SignLocator(knownLocator, knownToken, ts) { t.Fail() } } } func TestVerifySignature(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() - if !VerifySignature(known_signed_locator, known_token) { + if VerifySignature(knownSignedLocator, knownToken) != nil { t.Fail() } } func TestVerifySignatureExtraHints(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() - if !VerifySignature(known_locator + "+K@xyzzy" + known_sig_hint, known_token) { + if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint, knownToken) != nil { t.Fatal("Verify cannot handle hint before permission signature") } - if !VerifySignature(known_locator + known_sig_hint + "+Zfoo", known_token) { + if VerifySignature(knownLocator+knownSigHint+"+Zfoo", knownToken) != nil { t.Fatal("Verify cannot handle hint after permission signature") } - if !VerifySignature(known_locator + "+K@xyzzy" + known_sig_hint + "+Zfoo", known_token) { + if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint+"+Zfoo", knownToken) != nil { t.Fatal("Verify cannot handle hints around permission signature") } } // The size hint on the locator string should not affect signature validation. func TestVerifySignatureWrongSize(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() - if !VerifySignature(known_hash + "+999999" + known_sig_hint, known_token) { + if VerifySignature(knownHash+"+999999"+knownSigHint, knownToken) != nil { t.Fatal("Verify cannot handle incorrect size hint") } - if !VerifySignature(known_hash + known_sig_hint, known_token) { + if VerifySignature(knownHash+knownSigHint, knownToken) != nil { t.Fatal("Verify cannot handle missing size hint") } } func TestVerifySignatureBadSig(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() - bad_locator := known_locator + "+Aaaaaaaaaaaaaaaa@" + known_timestamp - if VerifySignature(bad_locator, known_token) { + badLocator := knownLocator + "+Aaaaaaaaaaaaaaaa@" + knownTimestamp + if VerifySignature(badLocator, knownToken) != PermissionError { t.Fail() } } func TestVerifySignatureBadTimestamp(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() - bad_locator := known_locator + "+A" + known_signature + "@00000000" - if VerifySignature(bad_locator, known_token) { + badLocator := knownLocator + "+A" + knownSignature + "@OOOOOOOl" + if VerifySignature(badLocator, knownToken) != PermissionError { t.Fail() } } @@ -99,27 +99,27 @@ func TestVerifySignatureBadSecret(t *testing.T) { PermissionSecret = []byte("00000000000000000000") defer func() { PermissionSecret = nil }() - if VerifySignature(known_signed_locator, known_token) { + if VerifySignature(knownSignedLocator, knownToken) != PermissionError { t.Fail() } } func TestVerifySignatureBadToken(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() - if VerifySignature(known_signed_locator, "00000000") { + if VerifySignature(knownSignedLocator, "00000000") != PermissionError { t.Fail() } } func TestVerifySignatureExpired(t *testing.T) { - PermissionSecret = []byte(known_key) + PermissionSecret = []byte(knownKey) defer func() { PermissionSecret = nil }() yesterday := time.Now().AddDate(0, 0, -1) - expired_locator := SignLocator(known_hash, known_token, yesterday) - if VerifySignature(expired_locator, known_token) { + expiredLocator := SignLocator(knownHash, knownToken, yesterday) + if VerifySignature(expiredLocator, knownToken) != ExpiredError { t.Fail() } }