2019-03-25 21:52:12 +00:00
|
|
|
// Copyright (C) 2019 Storj Labs, Inc.
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package identity_test
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"crypto/x509/pkix"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
"storj.io/storj/internal/testcontext"
|
|
|
|
"storj.io/storj/internal/testidentity"
|
|
|
|
"storj.io/storj/internal/testpeertls"
|
|
|
|
"storj.io/storj/pkg/identity"
|
|
|
|
"storj.io/storj/pkg/peertls"
|
|
|
|
"storj.io/storj/pkg/peertls/extensions"
|
2019-04-08 19:15:19 +01:00
|
|
|
"storj.io/storj/pkg/storj"
|
2019-03-25 21:52:12 +00:00
|
|
|
"storj.io/storj/storage"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestRevocationDB_Get(t *testing.T) {
|
|
|
|
ctx := testcontext.New(t)
|
|
|
|
defer ctx.Cleanup()
|
|
|
|
|
|
|
|
testidentity.RevocationDBsTest(t, func(t *testing.T, revDB extensions.RevocationDB, db storage.KeyValueStore) {
|
2019-04-08 19:15:19 +01:00
|
|
|
keys, chain, err := testpeertls.NewCertChain(2, storj.LatestIDVersion().Number)
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2019-04-08 19:15:19 +01:00
|
|
|
ext, err := extensions.NewRevocationExt(keys[peertls.CAIndex], chain[peertls.LeafIndex])
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
var rev *extensions.Revocation
|
|
|
|
|
|
|
|
{
|
|
|
|
t.Log("missing key")
|
2019-06-04 12:36:27 +01:00
|
|
|
rev, err = revDB.Get(ctx, chain)
|
2019-03-25 21:52:12 +00:00
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.Nil(t, rev)
|
|
|
|
|
2019-04-08 19:15:19 +01:00
|
|
|
nodeID, err := identity.NodeIDFromCert(chain[peertls.CAIndex])
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2019-06-05 15:23:10 +01:00
|
|
|
err = db.Put(ctx, nodeID.Bytes(), ext.Value)
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
t.Log("existing key")
|
2019-06-04 12:36:27 +01:00
|
|
|
rev, err = revDB.Get(ctx, chain)
|
2019-03-25 21:52:12 +00:00
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
revBytes, err := rev.Marshal()
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.True(t, bytes.Equal(ext.Value, revBytes))
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRevocationDB_Put_success(t *testing.T) {
|
|
|
|
ctx := testcontext.New(t)
|
|
|
|
defer ctx.Cleanup()
|
|
|
|
|
|
|
|
testidentity.RevocationDBsTest(t, func(t *testing.T, revDB extensions.RevocationDB, db storage.KeyValueStore) {
|
2019-04-08 19:15:19 +01:00
|
|
|
keys, chain, err := testpeertls.NewCertChain(2, storj.LatestIDVersion().Number)
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2019-04-08 19:15:19 +01:00
|
|
|
firstRevocation, err := extensions.NewRevocationExt(keys[peertls.CAIndex], chain[peertls.LeafIndex])
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
// NB: revocation timestamps need to be different between revocations for the same
|
|
|
|
// identity to be valid.
|
|
|
|
time.Sleep(time.Second)
|
2019-04-08 19:15:19 +01:00
|
|
|
newerRevocation, err := extensions.NewRevocationExt(keys[peertls.CAIndex], chain[peertls.LeafIndex])
|
2019-03-25 21:52:12 +00:00
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
testcases := []struct {
|
|
|
|
name string
|
|
|
|
ext pkix.Extension
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
"new key",
|
|
|
|
firstRevocation,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"existing key - newer timestamp",
|
|
|
|
newerRevocation,
|
|
|
|
},
|
|
|
|
// TODO(bryanchriswhite): test empty/garbage cert/timestamp/sig
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, testcase := range testcases {
|
|
|
|
t.Log(testcase.name)
|
|
|
|
require.NotNil(t, testcase.ext)
|
|
|
|
|
2019-06-04 12:36:27 +01:00
|
|
|
err = revDB.Put(ctx, chain, testcase.ext)
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2019-04-08 19:15:19 +01:00
|
|
|
nodeID, err := identity.NodeIDFromCert(chain[peertls.CAIndex])
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2019-06-05 15:23:10 +01:00
|
|
|
revBytes, err := db.Get(ctx, nodeID.Bytes())
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
assert.Equal(t, testcase.ext.Value, []byte(revBytes))
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRevocationDB_Put_error(t *testing.T) {
|
|
|
|
ctx := testcontext.New(t)
|
|
|
|
defer ctx.Cleanup()
|
|
|
|
|
|
|
|
testidentity.RevocationDBsTest(t, func(t *testing.T, revDB extensions.RevocationDB, db storage.KeyValueStore) {
|
2019-04-08 19:15:19 +01:00
|
|
|
keys, chain, err := testpeertls.NewCertChain(2, storj.LatestIDVersion().Number)
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2019-04-08 19:15:19 +01:00
|
|
|
olderRevocation, err := extensions.NewRevocationExt(keys[peertls.CAIndex], chain[peertls.LeafIndex])
|
2019-03-25 21:52:12 +00:00
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
time.Sleep(time.Second)
|
2019-04-08 19:15:19 +01:00
|
|
|
newerRevocation, err := extensions.NewRevocationExt(keys[peertls.CAIndex], chain[peertls.LeafIndex])
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2019-06-04 12:36:27 +01:00
|
|
|
err = revDB.Put(ctx, chain, newerRevocation)
|
2019-03-25 21:52:12 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
testcases := []struct {
|
|
|
|
name string
|
|
|
|
ext pkix.Extension
|
|
|
|
err error
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
"existing key - older timestamp",
|
|
|
|
olderRevocation,
|
|
|
|
extensions.ErrRevocationTimestamp,
|
|
|
|
},
|
|
|
|
// TODO(bryanchriswhite): test empty/garbage cert/timestamp/sig
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, testcase := range testcases {
|
|
|
|
t.Log(testcase.name)
|
|
|
|
require.NotNil(t, testcase.ext)
|
|
|
|
|
2019-06-04 12:36:27 +01:00
|
|
|
err = revDB.Put(ctx, chain, testcase.ext)
|
2019-03-25 21:52:12 +00:00
|
|
|
assert.True(t, extensions.Error.Has(err))
|
|
|
|
assert.Equal(t, testcase.err, err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|