"gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
"vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
"786u5rw2a9gx743dj3fgq2irk"
- knownSignature = "44362129a92a48d02b2e0789c597f970f3b1faf3"
+ knownSignature = "89118b78732c33104a4d6231e8b5a5fa1e4301e3"
knownTimestamp = "7fffffff"
knownSigHint = "+A" + knownSignature + "@" + knownTimestamp
knownSignedLocator = knownLocator + knownSigHint
- blobSignatureTTL = time.Second
+ blobSignatureTTL = 1209600 * time.Second
)
func TestSignLocator(t *testing.T) {
'786u5rw2a9gx743dj3fgq2irk'
@@known_signed_locator = 'acbd18db4cc2f85cedef654fccc4a4d8+3' +
'+A89118b78732c33104a4d6231e8b5a5fa1e4301e3@7fffffff'
+ @@known_signature_ttl = 1209600
test 'generate predictable invincible signature' do
original_ttl = Rails.configuration.blob_signature_ttl
- Rails.configuration.blob_signature_ttl = 1209600
+ Rails.configuration.blob_signature_ttl = @@known_signature_ttl
signed = Blob.sign_locator @@known_locator, {
api_token: @@known_token,
key: @@known_key,
test 'verify predictable invincible signature' do
original_ttl = Rails.configuration.blob_signature_ttl
- Rails.configuration.blob_signature_ttl = 1209600
+ Rails.configuration.blob_signature_ttl = @@known_signature_ttl
assert_equal true, Blob.verify_signature!(@@known_signed_locator,
api_token: @@known_token,
key: @@known_key)
}
original_ttl = Rails.configuration.blob_signature_ttl
- Rails.configuration.blob_signature_ttl = original_ttl*2
+ Rails.configuration.blob_signature_ttl = @@known_signature_ttl*2
signed2 = Blob.sign_locator @@known_locator, {
api_token: @@known_token,
key: @@known_key,
&permissionTTLSec,
"blob-signature-ttl",
int(time.Duration(2*7*24*time.Hour).Seconds()),
- "Lifetime of blob permission signatures. Modifying the ttl will invalidate all existing signatures"+
+ "Lifetime of blob permission signatures. Modifying the ttl will invalidate all existing signatures. "+
"See services/api/config/application.default.yml.")
flag.BoolVar(
&flagSerializeIO,
"gokee3eamvjy8qq1fvy238838enjmy5wzy2md7yvsitp5vztft6j4q866efym7e6" +
"vu5wm9fpnwjyxfldw3vbo01mgjs75rgo7qioh8z8ij7jpyp8508okhgbbex3ceei" +
"786u5rw2a9gx743dj3fgq2irk"
- knownSignature = "44362129a92a48d02b2e0789c597f970f3b1faf3"
+ knownSignatureTTL = 1209600 * time.Second
+ knownSignature = "89118b78732c33104a4d6231e8b5a5fa1e4301e3"
knownTimestamp = "7fffffff"
knownSigHint = "+A" + knownSignature + "@" + knownTimestamp
knownSignedLocator = knownLocator + knownSigHint
}
t0 := time.Unix(tsInt, 0)
- blobSignatureTTL = time.Second
+ blobSignatureTTL = knownSignatureTTL
PermissionSecret = []byte(knownKey)
if x := SignLocator(knownLocator, knownToken, t0); x != knownSignedLocator {
PermissionSecret = b
}(PermissionSecret)
- blobSignatureTTL = time.Second
+ blobSignatureTTL = knownSignatureTTL
PermissionSecret = []byte(knownKey)
if err := VerifySignature(knownSignedLocator, knownToken); err != nil {
"Block hash prefix. When a prefix is specified, only hashes listed in the file with this prefix will be checked.")
blobSignatureTTL := flags.Duration(
- "blob-signing-ttl",
+ "blob-signature-ttl",
0,
"Lifetime of blob permission signatures on the keepservers. If not provided, this will be retrieved from the API server's discovery document.")
"Index prefix")
srcBlobSignatureTTL := flags.Duration(
- "blob-signing-ttl",
+ "src-blob-signature-ttl",
0,
"Lifetime of blob permission signatures on source keepservers. If not provided, this will be retrieved from the API server's discovery document.")