storj/satellite/contact/service_test.go

// Copyright (C) 2023 Storj Labs, Inc.
// See LICENSE for copying information.

package contact

import (
	"testing"

	"github.com/stretchr/testify/require"

	"storj.io/common/identity/testidentity"
	"storj.io/common/nodetag"
	"storj.io/common/pb"
	"storj.io/common/signing"
	"storj.io/common/storj"
	"storj.io/common/testcontext"
)

func TestVerifyTags(t *testing.T) {
	ctx := testcontext.New(t)
	snIdentity := testidentity.MustPregeneratedIdentity(0, storj.LatestIDVersion())
	signerIdentity := testidentity.MustPregeneratedIdentity(1, storj.LatestIDVersion())
	signer := signing.SignerFromFullIdentity(signerIdentity)
	authority := nodetag.Authority{
		signing.SignerFromFullIdentity(signerIdentity),
	}
	t.Run("ok tags", func(t *testing.T) {
		tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{
			NodeId: snIdentity.ID.Bytes(),
			Tags: []*pb.Tag{
				{
					Name:  "foo",
					Value: []byte("bar"),
				},
			},
		}, signer)
		require.NoError(t, err)

		verifiedTags, signerID, err := verifyTags(ctx, authority, snIdentity.ID, tags)
		require.NoError(t, err)

		require.Equal(t, signerIdentity.ID, signerID)
		require.Len(t, verifiedTags.Tags, 1)
		require.Equal(t, "foo", verifiedTags.Tags[0].Name)
		require.Equal(t, []byte("bar"), verifiedTags.Tags[0].Value)
	})

	t.Run("wrong signer ID", func(t *testing.T) {
		tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{
			NodeId: snIdentity.ID.Bytes(),
			Tags: []*pb.Tag{
				{
					Name:  "foo",
					Value: []byte("bar"),
				},
			},
		}, signer)
		require.NoError(t, err)
		tags.SignerNodeId = []byte{1, 2, 3, 4}

		_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)

		require.Error(t, err)
		require.ErrorContains(t, err, "01020304")
		require.ErrorContains(t, err, "failed to parse signerNodeID")

	})

	t.Run("wrong signature", func(t *testing.T) {
		tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{
			NodeId: snIdentity.ID.Bytes(),
			Tags: []*pb.Tag{
				{
					Name:  "foo",
					Value: []byte("bar"),
				},
			},
		}, signer)
		require.NoError(t, err)
		tags.Signature = []byte{4, 3, 2, 1}

		_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)

		require.Error(t, err)
		require.ErrorContains(t, err, "04030201")
		require.ErrorContains(t, err, "wrong/unknown signature")
	})

	t.Run("unknown signer", func(t *testing.T) {
		otherSignerIdentity := testidentity.MustPregeneratedIdentity(2, storj.LatestIDVersion())
		otherSigner := signing.SignerFromFullIdentity(otherSignerIdentity)

		tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{
			NodeId: snIdentity.ID.Bytes(),
			Tags: []*pb.Tag{
				{
					Name:  "foo",
					Value: []byte("bar"),
				},
			},
		}, otherSigner)
		require.NoError(t, err)

		_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)

		require.Error(t, err)
		require.ErrorContains(t, err, "wrong/unknown signature")
	})

	t.Run("signed for different node", func(t *testing.T) {
		otherNodeID := testidentity.MustPregeneratedIdentity(3, storj.LatestIDVersion()).ID
		tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{
			NodeId: otherNodeID.Bytes(),
			Tags: []*pb.Tag{
				{
					Name:  "foo",
					Value: []byte("bar"),
				},
			},
		}, signer)
		require.NoError(t, err)

		_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)

		require.Error(t, err)
		require.ErrorContains(t, err, snIdentity.ID.String())
		require.ErrorContains(t, err, "the tag is signed for a different node")
	})

	t.Run("wrong NodeID", func(t *testing.T) {
		tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{
			NodeId: []byte{4, 4, 4},
			Tags: []*pb.Tag{
				{
					Name:  "foo",
					Value: []byte("bar"),
				},
			},
		}, signer)
		require.NoError(t, err)

		_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)

		require.Error(t, err)
		require.ErrorContains(t, err, "040404")
		require.ErrorContains(t, err, "failed to parse nodeID")
	})

}
satellite,storagenode: propagate node tags with NodeCheckin Change-Id: Ib1a602a8cf81204efa001b5d338914ea4218c39b 2023-07-03 10:42:48 +01:00			`// Copyright (C) 2023 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package contact`

			`import (`
			`"testing"`

			`"github.com/stretchr/testify/require"`

			`"storj.io/common/identity/testidentity"`
			`"storj.io/common/nodetag"`
			`"storj.io/common/pb"`
			`"storj.io/common/signing"`
			`"storj.io/common/storj"`
			`"storj.io/common/testcontext"`
			`)`

			`func TestVerifyTags(t *testing.T) {`
			`ctx := testcontext.New(t)`
			`snIdentity := testidentity.MustPregeneratedIdentity(0, storj.LatestIDVersion())`
			`signerIdentity := testidentity.MustPregeneratedIdentity(1, storj.LatestIDVersion())`
			`signer := signing.SignerFromFullIdentity(signerIdentity)`
			`authority := nodetag.Authority{`
			`signing.SignerFromFullIdentity(signerIdentity),`
			`}`
			`t.Run("ok tags", func(t *testing.T) {`
			`tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{`
			`NodeId: snIdentity.ID.Bytes(),`
			`Tags: []*pb.Tag{`
			`{`
			`Name: "foo",`
			`Value: []byte("bar"),`
			`},`
			`},`
			`}, signer)`
			`require.NoError(t, err)`

			`verifiedTags, signerID, err := verifyTags(ctx, authority, snIdentity.ID, tags)`
			`require.NoError(t, err)`

			`require.Equal(t, signerIdentity.ID, signerID)`
			`require.Len(t, verifiedTags.Tags, 1)`
			`require.Equal(t, "foo", verifiedTags.Tags[0].Name)`
			`require.Equal(t, []byte("bar"), verifiedTags.Tags[0].Value)`
			`})`

			`t.Run("wrong signer ID", func(t *testing.T) {`
			`tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{`
			`NodeId: snIdentity.ID.Bytes(),`
			`Tags: []*pb.Tag{`
			`{`
			`Name: "foo",`
			`Value: []byte("bar"),`
			`},`
			`},`
			`}, signer)`
			`require.NoError(t, err)`
			`tags.SignerNodeId = []byte{1, 2, 3, 4}`

			`_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)`

			`require.Error(t, err)`
			`require.ErrorContains(t, err, "01020304")`
			`require.ErrorContains(t, err, "failed to parse signerNodeID")`

			`})`

			`t.Run("wrong signature", func(t *testing.T) {`
			`tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{`
			`NodeId: snIdentity.ID.Bytes(),`
			`Tags: []*pb.Tag{`
			`{`
			`Name: "foo",`
			`Value: []byte("bar"),`
			`},`
			`},`
			`}, signer)`
			`require.NoError(t, err)`
			`tags.Signature = []byte{4, 3, 2, 1}`

			`_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)`

			`require.Error(t, err)`
			`require.ErrorContains(t, err, "04030201")`
			`require.ErrorContains(t, err, "wrong/unknown signature")`
			`})`

			`t.Run("unknown signer", func(t *testing.T) {`
			`otherSignerIdentity := testidentity.MustPregeneratedIdentity(2, storj.LatestIDVersion())`
			`otherSigner := signing.SignerFromFullIdentity(otherSignerIdentity)`

			`tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{`
			`NodeId: snIdentity.ID.Bytes(),`
			`Tags: []*pb.Tag{`
			`{`
			`Name: "foo",`
			`Value: []byte("bar"),`
			`},`
			`},`
			`}, otherSigner)`
			`require.NoError(t, err)`

			`_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)`

			`require.Error(t, err)`
			`require.ErrorContains(t, err, "wrong/unknown signature")`
			`})`

			`t.Run("signed for different node", func(t *testing.T) {`
			`otherNodeID := testidentity.MustPregeneratedIdentity(3, storj.LatestIDVersion()).ID`
			`tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{`
			`NodeId: otherNodeID.Bytes(),`
			`Tags: []*pb.Tag{`
			`{`
			`Name: "foo",`
			`Value: []byte("bar"),`
			`},`
			`},`
			`}, signer)`
			`require.NoError(t, err)`

			`_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)`

			`require.Error(t, err)`
			`require.ErrorContains(t, err, snIdentity.ID.String())`
			`require.ErrorContains(t, err, "the tag is signed for a different node")`
			`})`

			`t.Run("wrong NodeID", func(t *testing.T) {`
			`tags, err := nodetag.Sign(ctx, &pb.NodeTagSet{`
			`NodeId: []byte{4, 4, 4},`
			`Tags: []*pb.Tag{`
			`{`
			`Name: "foo",`
			`Value: []byte("bar"),`
			`},`
			`},`
			`}, signer)`
			`require.NoError(t, err)`

			`_, _, err = verifyTags(ctx, authority, snIdentity.ID, tags)`

			`require.Error(t, err)`
			`require.ErrorContains(t, err, "040404")`
			`require.ErrorContains(t, err, "failed to parse nodeID")`
			`})`

			`}`