veyron/services/identity, veyron/tools/identity: Identity tool can request blessing with
caveats.
* New oauth flow to keep the blessing process secure from malicious identity tools.
* The oauth flow can be seen https://docs.google.com/a/google.com/document/d/1SRoc2cKE9iE1fWR7aSmMoccZoi4ZE8BQL7sr1LDNVkk/edit?usp=sharing.
Change-Id: I534f216953a1825cce899ffbfd82768db49b4108
diff --git a/services/identity/util/macaroon_test.go b/services/identity/util/macaroon_test.go
new file mode 100644
index 0000000..eef90df
--- /dev/null
+++ b/services/identity/util/macaroon_test.go
@@ -0,0 +1,40 @@
+package util
+
+import (
+ "bytes"
+ "crypto/rand"
+ "testing"
+)
+
+func TestMacaroon(t *testing.T) {
+ key := randBytes(t)
+ incorrectKey := randBytes(t)
+ input := randBytes(t)
+
+ m := NewMacaroon(key, input)
+
+ // Test incorrect key.
+ decoded, err := m.Decode(incorrectKey)
+ if err == nil {
+ t.Errorf("m.Decode should have failed")
+ }
+ if decoded != nil {
+ t.Errorf("decoded value should be nil when decode fails")
+ }
+
+ // Test correct key.
+ if decoded, err = m.Decode(key); err != nil {
+ t.Errorf("m.Decode should have succeeded")
+ }
+ if !bytes.Equal(decoded, input) {
+ t.Errorf("decoded value should equal input")
+ }
+}
+
+func randBytes(t *testing.T) []byte {
+ b := make([]byte, 16)
+ if _, err := rand.Read(b); err != nil {
+ t.Fatalf("bytes creation failed: %v", err)
+ }
+ return b
+}
