| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 1 | package caveat_test |
| 2 | |
| 3 | import ( |
| Andres Erbsen | cdeacfe | 2014-06-11 14:55:16 -0700 | [diff] [blame] | 4 | "net" |
| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 5 | "testing" |
| 6 | "time" |
| 7 | |
| 8 | "veyron/security/caveat" |
| Andres Erbsen | cdeacfe | 2014-06-11 14:55:16 -0700 | [diff] [blame] | 9 | "veyron2/naming" |
| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 10 | "veyron2/security" |
| 11 | ) |
| 12 | |
| Andres Erbsen | cdeacfe | 2014-06-11 14:55:16 -0700 | [diff] [blame] | 13 | // endpoint implements naming.Endpoint |
| 14 | type endpoint struct { |
| 15 | naming.Endpoint |
| 16 | addr net.Addr |
| 17 | } |
| 18 | |
| 19 | func (e endpoint) Addr() net.Addr { return e.addr } |
| 20 | |
| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 21 | type context struct { |
| Andres Erbsen | cdeacfe | 2014-06-11 14:55:16 -0700 | [diff] [blame] | 22 | local, remote security.PublicID |
| 23 | localEndpoint, remoteEndpoint endpoint |
| 24 | method string |
| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 25 | } |
| 26 | |
| 27 | func (c *context) Method() string { return c.method } |
| 28 | func (c *context) Name() string { return "some_name" } |
| 29 | func (c *context) Suffix() string { return "some_suffix" } |
| 30 | func (c *context) Label() security.Label { return security.AdminLabel } |
| 31 | func (c *context) CaveatDischarges() security.CaveatDischargeMap { return nil } |
| 32 | func (c *context) LocalID() security.PublicID { return c.local } |
| 33 | func (c *context) RemoteID() security.PublicID { return c.remote } |
| Andres Erbsen | cdeacfe | 2014-06-11 14:55:16 -0700 | [diff] [blame] | 34 | func (c *context) LocalEndpoint() naming.Endpoint { return &c.localEndpoint } |
| 35 | func (c *context) RemoteEndpoint() naming.Endpoint { return &c.remoteEndpoint } |
| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 36 | |
| 37 | func TestCaveats(t *testing.T) { |
| 38 | var ( |
| 39 | alice = security.FakePublicID("alice") |
| 40 | bob = security.FakePublicID("bob") |
| 41 | ) |
| 42 | now := time.Now() |
| 43 | tests := []struct { |
| 44 | c security.Caveat |
| 45 | ok bool |
| 46 | }{ |
| 47 | {&caveat.Expiry{IssueTime: now, ExpiryTime: now.Add(time.Hour)}, true}, |
| 48 | {&caveat.Expiry{IssueTime: now.Add(-1 * time.Hour), ExpiryTime: now.Add(-1 * time.Minute)}, false}, |
| 49 | {caveat.MethodRestriction(nil), false}, |
| Andres Erbsen | cdeacfe | 2014-06-11 14:55:16 -0700 | [diff] [blame] | 50 | {caveat.NetworkType("udp"), false}, |
| 51 | {caveat.NetworkType("tcp"), true}, |
| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 52 | {caveat.MethodRestriction{"Pause", "Play"}, true}, |
| 53 | {caveat.MethodRestriction{"List"}, false}, |
| 54 | {caveat.PeerIdentity(nil), false}, |
| 55 | {caveat.PeerIdentity{"fake/alice"}, true}, |
| 56 | {caveat.PeerIdentity{"fake/carol"}, false}, |
| 57 | {caveat.PeerIdentity{"fake/alice", "fake/carol"}, true}, |
| 58 | } |
| Andres Erbsen | cdeacfe | 2014-06-11 14:55:16 -0700 | [diff] [blame] | 59 | ctx := &context{local: alice, remote: bob, method: "Play", remoteEndpoint: endpoint{addr: &net.TCPAddr{}}} |
| Asim Shankar | 45054a6 | 2014-05-15 10:32:54 -0700 | [diff] [blame] | 60 | for _, test := range tests { |
| 61 | if err := test.c.Validate(ctx); test.ok != (err == nil) { |
| 62 | t.Errorf("Caveat:%#v. Got error:%v, want error:%v", test.c, err, test.ok) |
| 63 | } |
| 64 | } |
| 65 | } |
