8b9711cb5e
* better waitlist-gating (cherry picked from commit 490fe02b7c3558da18678dfb651c92ec9c4a75b5) * fix broken test * linter fixes * linter fixes * make extension verification optional * add certifcate gating script for captplanet * fixing tests * linter fixes * linter fixes? * moar linter fixes * Revert "moar linter fixes" This reverts commit 8139ccbd73cbbead987b7667567844f50f7df2c8. * just kill me * refactor * refactor tests * liniter... * cleanup
81 lines
2.2 KiB
Go
81 lines
2.2 KiB
Go
// Copyright (C) 2018 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package auth
|
|
|
|
import (
|
|
"context"
|
|
"crypto/ecdsa"
|
|
"testing"
|
|
|
|
"github.com/gtank/cryptopasta"
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"storj.io/storj/pkg/provider"
|
|
)
|
|
|
|
func TestGenerateSignature(t *testing.T) {
|
|
ctx := context.Background()
|
|
ca, err := provider.NewTestCA(ctx)
|
|
assert.NoError(t, err)
|
|
identity, err := ca.NewIdentity()
|
|
assert.NoError(t, err)
|
|
|
|
k, ok := identity.Leaf.PublicKey.(*ecdsa.PublicKey)
|
|
assert.Equal(t, true, ok)
|
|
|
|
for _, tt := range []struct {
|
|
data []byte
|
|
verified bool
|
|
}{
|
|
{identity.ID.Bytes(), true},
|
|
{[]byte("non verifiable data"), false},
|
|
} {
|
|
signature, err := GenerateSignature(identity.ID.Bytes(), identity)
|
|
assert.NoError(t, err)
|
|
|
|
verified := cryptopasta.Verify(tt.data, signature, k)
|
|
assert.Equal(t, tt.verified, verified)
|
|
}
|
|
}
|
|
|
|
func TestSignedMessageVerifier(t *testing.T) {
|
|
ctx := context.Background()
|
|
ca, err := provider.NewTestCA(ctx)
|
|
assert.NoError(t, err)
|
|
identity, err := ca.NewIdentity()
|
|
assert.NoError(t, err)
|
|
|
|
signature, err := GenerateSignature(identity.ID.Bytes(), identity)
|
|
assert.NoError(t, err)
|
|
|
|
peerIdentity := &provider.PeerIdentity{ID: identity.ID, Leaf: identity.Leaf}
|
|
signedMessage, err := NewSignedMessage(signature, peerIdentity)
|
|
assert.NoError(t, err)
|
|
|
|
for _, tt := range []struct {
|
|
signature []byte
|
|
data []byte
|
|
publicKey []byte
|
|
errString string
|
|
}{
|
|
{signedMessage.Signature, signedMessage.Data, signedMessage.PublicKey, ""},
|
|
{nil, signedMessage.Data, signedMessage.PublicKey, "auth error: missing signature for verification"},
|
|
{signedMessage.Signature, nil, signedMessage.PublicKey, "auth error: missing data for verification"},
|
|
{signedMessage.Signature, signedMessage.Data, nil, "auth error: missing public key for verification"},
|
|
|
|
{signedMessage.Signature, []byte("malformed data"), signedMessage.PublicKey, "auth error: failed to verify message"},
|
|
} {
|
|
signedMessage.Signature = tt.signature
|
|
signedMessage.Data = tt.data
|
|
signedMessage.PublicKey = tt.publicKey
|
|
|
|
err := NewSignedMessageVerifier()(signedMessage)
|
|
if tt.errString != "" {
|
|
assert.EqualError(t, err, tt.errString)
|
|
} else {
|
|
assert.NoError(t, err)
|
|
}
|
|
}
|
|
}
|