382af95499
Change-Id: I1e7a83de36d5cf16eed8874091b15af1e0b73df7
118 lines
4.0 KiB
Go
118 lines
4.0 KiB
Go
// Copyright (C) 2023 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package server
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"storj.io/common/identity"
|
|
"storj.io/common/pb"
|
|
"storj.io/common/storj"
|
|
"storj.io/common/testcontext"
|
|
)
|
|
|
|
func TestNoiseKeyAttestation(t *testing.T) {
|
|
ctx := testcontext.New(t)
|
|
ident, err := identity.NewFullIdentity(ctx, identity.NewCAOptions{})
|
|
require.NoError(t, err)
|
|
ident2, err := identity.NewFullIdentity(ctx, identity.NewCAOptions{})
|
|
require.NoError(t, err)
|
|
ident3, err := identity.NewFullIdentity(ctx, identity.NewCAOptions{})
|
|
require.NoError(t, err)
|
|
|
|
noiseCfg, err := generateNoiseConf(ident)
|
|
require.NoError(t, err)
|
|
|
|
attestation, err := GenerateNoiseKeyAttestation(ctx, ident, &pb.NoiseInfo{
|
|
Proto: defaultNoiseProto,
|
|
PublicKey: noiseCfg.StaticKeypair.Public,
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, ValidateNoiseKeyAttestation(ctx, attestation))
|
|
|
|
badAttestation1 := *attestation
|
|
badAttestation1.NodeId, err = storj.NodeIDFromString("121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6")
|
|
require.NoError(t, err)
|
|
err = ValidateNoiseKeyAttestation(ctx, &badAttestation1)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "node id mismatch")
|
|
|
|
badAttestation2 := *attestation
|
|
badAttestation2.NoisePublicKey = badAttestation2.NoisePublicKey[:len(badAttestation2.NoisePublicKey)-1]
|
|
err = ValidateNoiseKeyAttestation(ctx, &badAttestation2)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "signature is not valid")
|
|
|
|
badAttestation3 := *attestation
|
|
badAttestation3.Timestamp = time.Now()
|
|
err = ValidateNoiseKeyAttestation(ctx, &badAttestation3)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "signature is not valid")
|
|
|
|
ident2.CA = ident.CA
|
|
badAttestation4 := *attestation
|
|
badAttestation4.NodeCertchain = identity.EncodePeerIdentity(ident2.PeerIdentity())
|
|
err = ValidateNoiseKeyAttestation(ctx, &badAttestation4)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "certificate chain invalid")
|
|
|
|
ident3.Leaf = ident.Leaf
|
|
badAttestation5 := *attestation
|
|
badAttestation5.NodeCertchain = identity.EncodePeerIdentity(ident3.PeerIdentity())
|
|
err = ValidateNoiseKeyAttestation(ctx, &badAttestation5)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "certificate chain invalid")
|
|
}
|
|
|
|
func TestNoiseSessionAttestation(t *testing.T) {
|
|
ctx := testcontext.New(t)
|
|
ident, err := identity.NewFullIdentity(ctx, identity.NewCAOptions{})
|
|
require.NoError(t, err)
|
|
ident2, err := identity.NewFullIdentity(ctx, identity.NewCAOptions{})
|
|
require.NoError(t, err)
|
|
ident3, err := identity.NewFullIdentity(ctx, identity.NewCAOptions{})
|
|
require.NoError(t, err)
|
|
|
|
var hash [32]byte
|
|
_, err = rand.Read(hash[:])
|
|
require.NoError(t, err)
|
|
|
|
attestation, err := GenerateNoiseSessionAttestation(ctx, ident, hash[:])
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, ValidateNoiseSessionAttestation(ctx, attestation))
|
|
|
|
badAttestation1 := *attestation
|
|
badAttestation1.NodeId, err = storj.NodeIDFromString("121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6")
|
|
require.NoError(t, err)
|
|
err = ValidateNoiseSessionAttestation(ctx, &badAttestation1)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "node id mismatch")
|
|
|
|
badAttestation2 := *attestation
|
|
badAttestation2.NoiseHandshakeHash = badAttestation2.NoiseHandshakeHash[:len(badAttestation2.NoiseHandshakeHash)-1]
|
|
err = ValidateNoiseSessionAttestation(ctx, &badAttestation2)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "signature is not valid")
|
|
|
|
ident2.CA = ident.CA
|
|
badAttestation3 := *attestation
|
|
badAttestation3.NodeCertchain = identity.EncodePeerIdentity(ident2.PeerIdentity())
|
|
err = ValidateNoiseSessionAttestation(ctx, &badAttestation3)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "certificate chain invalid")
|
|
|
|
ident3.Leaf = ident.Leaf
|
|
badAttestation4 := *attestation
|
|
badAttestation4.NodeCertchain = identity.EncodePeerIdentity(ident3.PeerIdentity())
|
|
err = ValidateNoiseSessionAttestation(ctx, &badAttestation4)
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), "certificate chain invalid")
|
|
}
|