storj/pkg/identity/cert_authority_test.go
Bryan White 249244536a
CSR Service (part 2): cert signing rpc (#950)
* CSR Service:

+ implement certificate sign rpc method
+ implement certificate signer client/server
+ refactor `AuthorizationDB#Create`
+ refactor `NewTestIdentity`
+ add `AuthorizationDB#Claim`
+ add `Token#Equal`
+ fix `Authorizations#Marshal` when marshaling identities and certificates
+ tweak `Authorization#String` format
+ cert debugging improvements (jsondiff)
+ receive context arg in `NewTestIdentity`
+ misc. fixes
2019-01-02 12:39:17 -05:00

108 lines
2.4 KiB
Go

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.
package identity
import (
"context"
"fmt"
"testing"
"github.com/stretchr/testify/assert"
"storj.io/storj/internal/testcontext"
)
func TestNewCA(t *testing.T) {
const expectedDifficulty = 4
ca, err := NewCA(context.Background(), NewCAOptions{
Difficulty: expectedDifficulty,
Concurrency: 5,
})
assert.NoError(t, err)
assert.NotEmpty(t, ca)
actualDifficulty, err := ca.ID.Difficulty()
assert.NoError(t, err)
assert.True(t, actualDifficulty >= expectedDifficulty)
}
func TestFullCertificateAuthority_NewIdentity(t *testing.T) {
ctx := testcontext.New(t)
ca, err := NewCA(ctx, NewCAOptions{
Difficulty: 12,
Concurrency: 4,
})
if !assert.NoError(t, err) || !assert.NotNil(t, ca) {
t.Fatal(err)
}
fi, err := ca.NewIdentity()
if !assert.NoError(t, err) || !assert.NotNil(t, fi) {
t.Fatal(err)
}
assert.Equal(t, ca.Cert, fi.CA)
assert.Equal(t, ca.ID, fi.ID)
assert.NotEqual(t, ca.Key, fi.Key)
assert.NotEqual(t, ca.Cert, fi.Leaf)
err = fi.Leaf.CheckSignatureFrom(ca.Cert)
assert.NoError(t, err)
}
func TestFullCertificateAuthority_Sign(t *testing.T) {
ctx := testcontext.New(t)
caOpts := NewCAOptions{
Difficulty: 12,
Concurrency: 4,
}
ca, err := NewCA(ctx, caOpts)
if !assert.NoError(t, err) || !assert.NotNil(t, ca) {
t.Fatal(err)
}
toSign, err := NewCA(ctx, caOpts)
if !assert.NoError(t, err) || !assert.NotNil(t, toSign) {
t.Fatal(err)
}
signed, err := ca.Sign(toSign.Cert)
if !assert.NoError(t, err) || !assert.NotNil(t, signed) {
t.Fatal(err)
}
assert.Equal(t, toSign.Cert.RawTBSCertificate, signed.RawTBSCertificate)
assert.NotEqual(t, toSign.Cert.Signature, signed.Signature)
assert.NotEqual(t, toSign.Cert.Raw, signed.Raw)
err = signed.CheckSignatureFrom(ca.Cert)
assert.NoError(t, err)
}
func TestFullCAConfig_Save(t *testing.T) {
// TODO(bryanchriswhite): test with both
// TODO(bryanchriswhite): test with only cert path
// TODO(bryanchriswhite): test with only key path
t.SkipNow()
}
func BenchmarkNewCA(b *testing.B) {
ctx := context.Background()
for _, difficulty := range []uint16{8, 12} {
for _, concurrency := range []uint{1, 2, 5, 10} {
test := fmt.Sprintf("%d/%d", difficulty, concurrency)
b.Run(test, func(b *testing.B) {
for i := 0; i < b.N; i++ {
_, _ = NewCA(ctx, NewCAOptions{
Difficulty: difficulty,
Concurrency: concurrency,
})
}
})
}
}
}