X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ecf4a87ac687b713d3eb4f191f4c5ead293fa046..2f66d4cc05e9442a9bb69969744d0750a02a1ed4:/sdk/go/keepclient/perms_test.go

diff --git a/sdk/go/keepclient/perms_test.go b/sdk/go/keepclient/perms_test.go
index f0b8f96dc5..f8107f4696 100644
--- a/sdk/go/keepclient/perms_test.go
+++ b/sdk/go/keepclient/perms_test.go
@@ -1,3 +1,7 @@
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package keepclient
 
 import (
@@ -16,84 +20,84 @@ const (
 		"gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
 		"vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
 		"786u5rw2a9gx743dj3fgq2irk"
-	knownSignature     = "44362129a92a48d02b2e0789c597f970f3b1faf3"
+	knownSignature     = "89118b78732c33104a4d6231e8b5a5fa1e4301e3"
 	knownTimestamp     = "7fffffff"
 	knownSigHint       = "+A" + knownSignature + "@" + knownTimestamp
 	knownSignedLocator = knownLocator + knownSigHint
-	blobSigningTtl     = time.Duration(1) * time.Second
+	blobSignatureTTL   = 1209600 * time.Second
 )
 
 func TestSignLocator(t *testing.T) {
 	if ts, err := parseHexTimestamp(knownTimestamp); err != nil {
 		t.Errorf("bad knownTimestamp %s", knownTimestamp)
 	} else {
-		if knownSignedLocator != SignLocator(knownLocator, knownToken, ts, blobSigningTtl, []byte(knownKey)) {
+		if knownSignedLocator != SignLocator(knownLocator, knownToken, ts, blobSignatureTTL, []byte(knownKey)) {
 			t.Fail()
 		}
 	}
 }
 
 func TestVerifySignature(t *testing.T) {
-	if VerifySignature(knownSignedLocator, knownToken, blobSigningTtl, []byte(knownKey)) != nil {
+	if VerifySignature(knownSignedLocator, knownToken, blobSignatureTTL, []byte(knownKey)) != nil {
 		t.Fail()
 	}
 }
 
 func TestVerifySignatureExtraHints(t *testing.T) {
-	if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint, knownToken, blobSigningTtl, []byte(knownKey)) != nil {
+	if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint, knownToken, blobSignatureTTL, []byte(knownKey)) != nil {
 		t.Fatal("Verify cannot handle hint before permission signature")
 	}
 
-	if VerifySignature(knownLocator+knownSigHint+"+Zfoo", knownToken, blobSigningTtl, []byte(knownKey)) != nil {
+	if VerifySignature(knownLocator+knownSigHint+"+Zfoo", knownToken, blobSignatureTTL, []byte(knownKey)) != nil {
 		t.Fatal("Verify cannot handle hint after permission signature")
 	}
 
-	if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint+"+Zfoo", knownToken, blobSigningTtl, []byte(knownKey)) != nil {
+	if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint+"+Zfoo", knownToken, blobSignatureTTL, []byte(knownKey)) != nil {
 		t.Fatal("Verify cannot handle hints around permission signature")
 	}
 }
 
 // The size hint on the locator string should not affect signature validation.
 func TestVerifySignatureWrongSize(t *testing.T) {
-	if VerifySignature(knownHash+"+999999"+knownSigHint, knownToken, blobSigningTtl, []byte(knownKey)) != nil {
+	if VerifySignature(knownHash+"+999999"+knownSigHint, knownToken, blobSignatureTTL, []byte(knownKey)) != nil {
 		t.Fatal("Verify cannot handle incorrect size hint")
 	}
 
-	if VerifySignature(knownHash+knownSigHint, knownToken, blobSigningTtl, []byte(knownKey)) != nil {
+	if VerifySignature(knownHash+knownSigHint, knownToken, blobSignatureTTL, []byte(knownKey)) != nil {
 		t.Fatal("Verify cannot handle missing size hint")
 	}
 }
 
 func TestVerifySignatureBadSig(t *testing.T) {
 	badLocator := knownLocator + "+Aaaaaaaaaaaaaaaa@" + knownTimestamp
-	if VerifySignature(badLocator, knownToken, blobSigningTtl, []byte(knownKey)) != ErrSignatureMissing {
+	if VerifySignature(badLocator, knownToken, blobSignatureTTL, []byte(knownKey)) != ErrSignatureMissing {
 		t.Fail()
 	}
 }
 
 func TestVerifySignatureBadTimestamp(t *testing.T) {
 	badLocator := knownLocator + "+A" + knownSignature + "@OOOOOOOl"
-	if VerifySignature(badLocator, knownToken, blobSigningTtl, []byte(knownKey)) != ErrSignatureMissing {
+	if VerifySignature(badLocator, knownToken, blobSignatureTTL, []byte(knownKey)) != ErrSignatureMissing {
 		t.Fail()
 	}
 }
 
 func TestVerifySignatureBadSecret(t *testing.T) {
-	if VerifySignature(knownSignedLocator, knownToken, blobSigningTtl, []byte("00000000000000000000")) != ErrSignatureInvalid {
+	if VerifySignature(knownSignedLocator, knownToken, blobSignatureTTL, []byte("00000000000000000000")) != ErrSignatureInvalid {
 		t.Fail()
 	}
 }
 
 func TestVerifySignatureBadToken(t *testing.T) {
-	if VerifySignature(knownSignedLocator, "00000000", blobSigningTtl, []byte(knownKey)) != ErrSignatureInvalid {
+	if VerifySignature(knownSignedLocator, "00000000", blobSignatureTTL, []byte(knownKey)) != ErrSignatureInvalid {
 		t.Fail()
 	}
 }
 
 func TestVerifySignatureExpired(t *testing.T) {
 	yesterday := time.Now().AddDate(0, 0, -1)
-	expiredLocator := SignLocator(knownHash, knownToken, yesterday, blobSigningTtl, []byte(knownKey))
-	if VerifySignature(expiredLocator, knownToken, blobSigningTtl, []byte(knownKey)) != ErrSignatureExpired {
+	expiredLocator := SignLocator(knownHash, knownToken, yesterday, blobSignatureTTL, []byte(knownKey))
+	if VerifySignature(expiredLocator, knownToken, blobSignatureTTL, []byte(knownKey)) != ErrSignatureExpired {
 		t.Fail()
 	}
 }