249244536a
* CSR Service: + implement certificate sign rpc method + implement certificate signer client/server + refactor `AuthorizationDB#Create` + refactor `NewTestIdentity` + add `AuthorizationDB#Claim` + add `Token#Equal` + fix `Authorizations#Marshal` when marshaling identities and certificates + tweak `Authorization#String` format + cert debugging improvements (jsondiff) + receive context arg in `NewTestIdentity` + misc. fixes
108 lines
2.4 KiB
Go
108 lines
2.4 KiB
Go
// Copyright (C) 2018 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package identity
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"storj.io/storj/internal/testcontext"
|
|
)
|
|
|
|
func TestNewCA(t *testing.T) {
|
|
const expectedDifficulty = 4
|
|
|
|
ca, err := NewCA(context.Background(), NewCAOptions{
|
|
Difficulty: expectedDifficulty,
|
|
Concurrency: 5,
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.NotEmpty(t, ca)
|
|
|
|
actualDifficulty, err := ca.ID.Difficulty()
|
|
assert.NoError(t, err)
|
|
assert.True(t, actualDifficulty >= expectedDifficulty)
|
|
}
|
|
|
|
func TestFullCertificateAuthority_NewIdentity(t *testing.T) {
|
|
ctx := testcontext.New(t)
|
|
ca, err := NewCA(ctx, NewCAOptions{
|
|
Difficulty: 12,
|
|
Concurrency: 4,
|
|
})
|
|
if !assert.NoError(t, err) || !assert.NotNil(t, ca) {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
fi, err := ca.NewIdentity()
|
|
if !assert.NoError(t, err) || !assert.NotNil(t, fi) {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
assert.Equal(t, ca.Cert, fi.CA)
|
|
assert.Equal(t, ca.ID, fi.ID)
|
|
assert.NotEqual(t, ca.Key, fi.Key)
|
|
assert.NotEqual(t, ca.Cert, fi.Leaf)
|
|
|
|
err = fi.Leaf.CheckSignatureFrom(ca.Cert)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func TestFullCertificateAuthority_Sign(t *testing.T) {
|
|
ctx := testcontext.New(t)
|
|
caOpts := NewCAOptions{
|
|
Difficulty: 12,
|
|
Concurrency: 4,
|
|
}
|
|
|
|
ca, err := NewCA(ctx, caOpts)
|
|
if !assert.NoError(t, err) || !assert.NotNil(t, ca) {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
toSign, err := NewCA(ctx, caOpts)
|
|
if !assert.NoError(t, err) || !assert.NotNil(t, toSign) {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
signed, err := ca.Sign(toSign.Cert)
|
|
if !assert.NoError(t, err) || !assert.NotNil(t, signed) {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
assert.Equal(t, toSign.Cert.RawTBSCertificate, signed.RawTBSCertificate)
|
|
assert.NotEqual(t, toSign.Cert.Signature, signed.Signature)
|
|
assert.NotEqual(t, toSign.Cert.Raw, signed.Raw)
|
|
|
|
err = signed.CheckSignatureFrom(ca.Cert)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func TestFullCAConfig_Save(t *testing.T) {
|
|
// TODO(bryanchriswhite): test with both
|
|
// TODO(bryanchriswhite): test with only cert path
|
|
// TODO(bryanchriswhite): test with only key path
|
|
t.SkipNow()
|
|
}
|
|
|
|
func BenchmarkNewCA(b *testing.B) {
|
|
ctx := context.Background()
|
|
for _, difficulty := range []uint16{8, 12} {
|
|
for _, concurrency := range []uint{1, 2, 5, 10} {
|
|
test := fmt.Sprintf("%d/%d", difficulty, concurrency)
|
|
b.Run(test, func(b *testing.B) {
|
|
for i := 0; i < b.N; i++ {
|
|
_, _ = NewCA(ctx, NewCAOptions{
|
|
Difficulty: difficulty,
|
|
Concurrency: concurrency,
|
|
})
|
|
}
|
|
})
|
|
}
|
|
}
|
|
}
|