Google Git
Sign in
vanadium / release.go.x.ref / 1697c4ac60c3ff20bd501b4d99bfb1c8ee7e61e0 / . / security / blessingroots_test.go
blob: 49b599f77df2316935c096778ee3b5ed1b026af2 [file] [log] [blame]
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]1package security
2
3import (
4 "fmt"
5 "io/ioutil"
6 "os"
7 "testing"
8
Jiri Simsa764efb72014-12-25 20:57:03 -0800[diff] [blame]9 "v.io/core/veyron2/security"
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]10)
11
12type rootsTester [3]security.PublicKey
13
14func newRootsTester() *rootsTester {
15 var tester rootsTester
16 var err error
17 for idx := range tester {
Asim Shankar05968c62014-11-06 00:57:26 -0800[diff] [blame]18 if tester[idx], _, err = NewPrincipalKey(); err != nil {
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]19 panic(err)
20 }
21 }
22 return &tester
23}
24
25func (t *rootsTester) add(br security.BlessingRoots) error {
26 testdata := []struct {
27 root security.PublicKey
28 pattern security.BlessingPattern
29 }{
30 {t[0], "veyron/..."},
31 {t[1], "google/foo/..."},
32 {t[0], "google"},
33 }
34 for _, d := range testdata {
35 if err := br.Add(d.root, d.pattern); err != nil {
36 return fmt.Errorf("Add(%v, %q) failed: %s", d.root, d.pattern, err)
37 }
38 }
39 return nil
40}
41
42func (t *rootsTester) testRecognized(br security.BlessingRoots) error {
43 testdata := []struct {
44 root security.PublicKey
45 recognized []string
46 notRecognized []string
47 }{
48 {
49 root: t[0],
50 recognized: []string{"veyron", "veyron/foo", "veyron/foo/bar", "google"},
51 notRecognized: []string{"google/foo", "foo", "foo/bar"},
52 },
53 {
54 root: t[1],
55 recognized: []string{"google", "google/foo", "google/foo/bar"},
56 notRecognized: []string{"google/bar", "veyron", "veyron/foo", "foo", "foo/bar"},
57 },
58 {
59 root: t[2],
60 recognized: []string{},
61 notRecognized: []string{"veyron", "veyron/foo", "veyron/bar", "google", "google/foo", "google/bar", "foo", "foo/bar"},
62 },
63 }
64 for _, d := range testdata {
65 for _, b := range d.recognized {
66 if err := br.Recognized(d.root, b); err != nil {
67 return fmt.Errorf("Recognized(%v, %q): got: %v, want nil", d.root, b, err)
68 }
69 }
70 for _, b := range d.notRecognized {
71 if err := matchesError(br.Recognized(d.root, b), "not a recognized root"); err != nil {
72 return fmt.Errorf("Recognized(%v, %q): %v", d.root, b, err)
73 }
74 }
75 }
76 return nil
77}
78
79func TestBlessingRoots(t *testing.T) {
80 p, err := NewPrincipal()
81 if err != nil {
82 t.Fatal(err)
83 }
84 tester := newRootsTester()
85 if err := tester.add(p.Roots()); err != nil {
86 t.Fatal(err)
87 }
88 if err := tester.testRecognized(p.Roots()); err != nil {
89 t.Fatal(err)
90 }
91}
92
93func TestBlessingRootsPersistence(t *testing.T) {
94 dir, err := ioutil.TempDir("", "TestBlessingRootsPersistence")
95 if err != nil {
96 t.Fatal(err)
97 }
98 defer os.RemoveAll(dir)
99 tester := newRootsTester()
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]100 p, err := CreatePersistentPrincipal(dir, nil)
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]101 if err != nil {
102 t.Fatal(err)
103 }
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]104 if err := tester.add(p.Roots()); err != nil {
105 t.Error(err)
106 }
107 if err := tester.testRecognized(p.Roots()); err != nil {
108 t.Error(err)
109 }
110 // Recreate the principal (and thus BlessingRoots)
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]111 p2, err := LoadPersistentPrincipal(dir, nil)
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]112 if err != nil {
113 t.Fatal(err)
114 }
115 if err := tester.testRecognized(p2.Roots()); err != nil {
116 t.Error(err)
117 }
118}