services/syncbase/signing/krl/krl_test.go - release.go.x.ref - Git at Google

 // Copyright 2015 The Vanadium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // Package krl tests the key revocation list package.
 package krl_test

 import "runtime"
 import "testing"
 import "time"

 import "v.io/x/ref/services/syncbase/signing/krl"

 // checkKeysNotRevoked() checks that key[start:] have not been revoked.  (The
 // start index is passed, rather than expecting the called to sub-slice, so
 // that error messages refer to the expected index.)
 func checkKeysNotRevoked(t *testing.T, krl *krl.KRL, start int, key [][]byte, now time.Time) {
 	_, _, callerLine, _ := runtime.Caller(1)
 	year := 365 * 24 * time.Hour
 	for i := start; i != len(key); i++ {
 		revoked := krl.RevocationTime(key[i])
 		if revoked.Before(now.Add(year)) {
 			t.Errorf("line %d: unrevoked key[%d]=%v has revocation time %v, which is not far enough in the future", callerLine, i, key[i], revoked)
 		}
 	}
 }

 func TestKRL(t *testing.T) {
 	now := time.Now()
 	key := [][]byte{
 		[]byte{0x00, 0x01, 0x02, 0x3},
 		[]byte{0x04, 0x05, 0x06, 0x7},
 		[]byte{0x08, 0x09, 0x0a, 0xb}}
 	var revoked time.Time

 	krl := krl.New()

 	checkKeysNotRevoked(t, krl, 0, key, now)

 	krl.Revoke(key[0], now)
 	if revoked = krl.RevocationTime(key[0]); !revoked.Equal(now) {
 		t.Errorf("unrevoked key %v has revocation time %v, but expected %v", key[0], revoked, now)
 	}
 	checkKeysNotRevoked(t, krl, 1, key, now)

 	krl.Revoke(key[1], now)
 	if revoked = krl.RevocationTime(key[0]); !revoked.Equal(now) {
 		t.Errorf("unrevoked key %v has revocation time %v, but expected %v", key[0], revoked, now)
 	}
 	if revoked = krl.RevocationTime(key[1]); !revoked.Equal(now) {
 		t.Errorf("unrevoked key %v has revocation time %v, but expected %v", key[1], revoked, now)
 	}
 	checkKeysNotRevoked(t, krl, 2, key, now)
 }
	// Copyright 2015 The Vanadium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// Package krl tests the key revocation list package.
	package krl_test

	import "runtime"
	import "testing"
	import "time"

	import "v.io/x/ref/services/syncbase/signing/krl"

	// checkKeysNotRevoked() checks that key[start:] have not been revoked. (The
	// start index is passed, rather than expecting the called to sub-slice, so
	// that error messages refer to the expected index.)
	func checkKeysNotRevoked(t testing.T, krl krl.KRL, start int, key [][]byte, now time.Time) {
	_, _, callerLine, _ := runtime.Caller(1)
	year := 365 * 24 * time.Hour
	for i := start; i != len(key); i++ {
	revoked := krl.RevocationTime(key[i])
	if revoked.Before(now.Add(year)) {
	t.Errorf("line %d: unrevoked key[%d]=%v has revocation time %v, which is not far enough in the future", callerLine, i, key[i], revoked)
	}
	}
	}

	func TestKRL(t *testing.T) {
	now := time.Now()
	key := [][]byte{
	[]byte{0x00, 0x01, 0x02, 0x3},
	[]byte{0x04, 0x05, 0x06, 0x7},
	[]byte{0x08, 0x09, 0x0a, 0xb}}
	var revoked time.Time

	krl := krl.New()

	checkKeysNotRevoked(t, krl, 0, key, now)

	krl.Revoke(key[0], now)
	if revoked = krl.RevocationTime(key[0]); !revoked.Equal(now) {
	t.Errorf("unrevoked key %v has revocation time %v, but expected %v", key[0], revoked, now)
	}
	checkKeysNotRevoked(t, krl, 1, key, now)

	krl.Revoke(key[1], now)
	if revoked = krl.RevocationTime(key[0]); !revoked.Equal(now) {
	t.Errorf("unrevoked key %v has revocation time %v, but expected %v", key[0], revoked, now)
	}
	if revoked = krl.RevocationTime(key[1]); !revoked.Equal(now) {
	t.Errorf("unrevoked key %v has revocation time %v, but expected %v", key[1], revoked, now)
	}
	checkKeysNotRevoked(t, krl, 2, key, now)
	}