From 5089c3bb94101d32028d0fc06283f43fd70af53c Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 8 Oct 2015 17:33:55 -0400 Subject: [PATCH] 7167: Replace duplicate tests with PermissionSecret tests --- services/keepstore/perms_test.go | 102 ++++++------------------------- 1 file changed, 19 insertions(+), 83 deletions(-) diff --git a/services/keepstore/perms_test.go b/services/keepstore/perms_test.go index 9b4e30abe3..f4443fc7be 100644 --- a/services/keepstore/perms_test.go +++ b/services/keepstore/perms_test.go @@ -24,103 +24,39 @@ const ( ) func TestSignLocator(t *testing.T) { - PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() + defer func(b []byte) { + PermissionSecret = b + }(PermissionSecret) tsInt, err := strconv.ParseInt(knownTimestamp, 16, 0) if err != nil { - t.Fail() - } - if knownSignedLocator != SignLocator(knownLocator, knownToken, time.Unix(tsInt, 0)) { - t.Fail() + t.Fatal(err) } -} + t0 := time.Unix(tsInt, 0) -func TestVerifySignature(t *testing.T) { PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() - - if VerifySignature(knownSignedLocator, knownToken) != nil { - t.Fail() - } -} - -func TestVerifySignatureExtraHints(t *testing.T) { - PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() - - if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint, knownToken) != nil { - t.Fatal("Verify cannot handle hint before permission signature") + if x := SignLocator(knownLocator, knownToken, t0); x != knownSignedLocator { + t.Fatalf("Got %+q, expected %+q", x, knownSignedLocator) } - if VerifySignature(knownLocator+knownSigHint+"+Zfoo", knownToken) != nil { - t.Fatal("Verify cannot handle hint after permission signature") - } - - if VerifySignature(knownLocator+"+K@xyzzy"+knownSigHint+"+Zfoo", knownToken) != nil { - t.Fatal("Verify cannot handle hints around permission signature") + PermissionSecret = []byte("arbitrarykey") + if x := SignLocator(knownLocator, knownToken, t0); x == knownSignedLocator { + t.Fatalf("Got same signature %+q, even though PermissionSecret changed", x) } } -// The size hint on the locator string should not affect signature validation. -func TestVerifySignatureWrongSize(t *testing.T) { - PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() - - if VerifySignature(knownHash+"+999999"+knownSigHint, knownToken) != nil { - t.Fatal("Verify cannot handle incorrect size hint") - } +func TestVerifyLocator(t *testing.T) { + defer func(b []byte) { + PermissionSecret = b + }(PermissionSecret) - if VerifySignature(knownHash+knownSigHint, knownToken) != nil { - t.Fatal("Verify cannot handle missing size hint") - } -} - -func TestVerifySignatureBadSig(t *testing.T) { PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() - - badLocator := knownLocator + "+Aaaaaaaaaaaaaaaa@" + knownTimestamp - if VerifySignature(badLocator, knownToken) != PermissionError { - t.Fail() + if err := VerifySignature(knownSignedLocator, knownToken); err != nil { + t.Fatal(err) } -} - -func TestVerifySignatureBadTimestamp(t *testing.T) { - PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() - - badLocator := knownLocator + "+A" + knownSignature + "@OOOOOOOl" - if VerifySignature(badLocator, knownToken) != PermissionError { - t.Fail() - } -} - -func TestVerifySignatureBadSecret(t *testing.T) { - PermissionSecret = []byte("00000000000000000000") - defer func() { PermissionSecret = nil }() - - if VerifySignature(knownSignedLocator, knownToken) != PermissionError { - t.Fail() - } -} - -func TestVerifySignatureBadToken(t *testing.T) { - PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() - - if VerifySignature(knownSignedLocator, "00000000") != PermissionError { - t.Fail() - } -} - -func TestVerifySignatureExpired(t *testing.T) { - PermissionSecret = []byte(knownKey) - defer func() { PermissionSecret = nil }() - yesterday := time.Now().AddDate(0, 0, -1) - expiredLocator := SignLocator(knownHash, knownToken, yesterday) - if VerifySignature(expiredLocator, knownToken) != ExpiredError { - t.Fail() + PermissionSecret = []byte("arbitrarykey") + if err := VerifySignature(knownSignedLocator, knownToken); err == nil { + t.Fatal("Verified signature even with wrong PermissionSecret") } } -- 2.30.2