Google Git
Sign in
vanadium / release.go.x.ref / 19e84b21949da9428a0bda3c50275c7f348d2f96 / . / lib / security / blessingroots_test.go
blob: ad6afd56aeeaa9f281484989e7e287897c37cc89 [file] [log] [blame]
Jiri Simsad7616c92015-03-24 23:44:30 -0700[diff] [blame]1// Copyright 2015 The Vanadium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]5package security
6
7import (
8 "fmt"
9 "io/ioutil"
10 "os"
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]11 "reflect"
12 "sort"
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]13 "testing"
14
Jiri Simsa6ac95222015-02-23 16:11:49 -0800[diff] [blame]15 "v.io/v23/security"
Asim Shankar3c134af2015-03-23 19:41:31 -0700[diff] [blame]16 "v.io/v23/verror"
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]17)
18
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]19type rootsTester [4]security.PublicKey
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]20
21func newRootsTester() *rootsTester {
22 var tester rootsTester
23 var err error
24 for idx := range tester {
Asim Shankar05968c62014-11-06 00:57:26 -0800[diff] [blame]25 if tester[idx], _, err = NewPrincipalKey(); err != nil {
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]26 panic(err)
27 }
28 }
29 return &tester
30}
31
32func (t *rootsTester) add(br security.BlessingRoots) error {
Ankur344bbdf2015-05-07 18:26:15 -0700[diff] [blame]33 if err := br.Add(t[0], security.AllPrincipals); err == nil {
34 return fmt.Errorf("Add( , %v) succeeded, expected it to fail", security.AllPrincipals)
35 }
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]36 testdata := []struct {
37 root security.PublicKey
38 pattern security.BlessingPattern
39 }{
Suharsh Sivakumar8646ba62015-03-18 15:22:28 -0700[diff] [blame]40 {t[0], "vanadium"},
Ankur78b8b2a2015-02-04 20:16:28 -0800[diff] [blame]41 {t[1], "google/foo"},
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]42 {t[2], "google/foo"},
Ankur2b61d352015-01-27 14:59:37 -0800[diff] [blame]43 {t[0], "google/$"},
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]44 }
45 for _, d := range testdata {
46 if err := br.Add(d.root, d.pattern); err != nil {
47 return fmt.Errorf("Add(%v, %q) failed: %s", d.root, d.pattern, err)
48 }
49 }
50 return nil
51}
52
53func (t *rootsTester) testRecognized(br security.BlessingRoots) error {
54 testdata := []struct {
55 root security.PublicKey
56 recognized []string
57 notRecognized []string
58 }{
59 {
60 root: t[0],
Suharsh Sivakumar8646ba62015-03-18 15:22:28 -0700[diff] [blame]61 recognized: []string{"vanadium", "vanadium/foo", "vanadium/foo/bar", "google"},
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]62 notRecognized: []string{"google/foo", "foo", "foo/bar"},
63 },
64 {
65 root: t[1],
Ankurd6a793b2015-02-12 11:52:11 -0800[diff] [blame]66 recognized: []string{"google/foo", "google/foo/bar"},
Suharsh Sivakumar8646ba62015-03-18 15:22:28 -0700[diff] [blame]67 notRecognized: []string{"google", "google/bar", "vanadium", "vanadium/foo", "foo", "foo/bar"},
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]68 },
69 {
70 root: t[2],
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]71 recognized: []string{"google/foo", "google/foo/bar"},
72 notRecognized: []string{"google", "google/bar", "vanadium", "vanadium/foo", "foo", "foo/bar"},
73 },
74 {
75 root: t[3],
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]76 recognized: []string{},
Suharsh Sivakumar8646ba62015-03-18 15:22:28 -0700[diff] [blame]77 notRecognized: []string{"vanadium", "vanadium/foo", "vanadium/bar", "google", "google/foo", "google/bar", "foo", "foo/bar"},
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]78 },
79 }
80 for _, d := range testdata {
81 for _, b := range d.recognized {
82 if err := br.Recognized(d.root, b); err != nil {
83 return fmt.Errorf("Recognized(%v, %q): got: %v, want nil", d.root, b, err)
84 }
85 }
86 for _, b := range d.notRecognized {
Todd Wang8fa38762015-03-25 14:04:59 -0700[diff] [blame]87 if err, want := br.Recognized(d.root, b), security.ErrUnrecognizedRoot.ID; verror.ErrorID(err) != want {
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]88 return fmt.Errorf("Recognized(%v, %q): got %v(errorid=%v), want errorid=%v", d.root, b, err, verror.ErrorID(err), want)
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]89 }
90 }
91 }
92 return nil
93}
94
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]95type pubKeySorter []security.PublicKey
96
97func (s pubKeySorter) Len() int { return len(s) }
98func (s pubKeySorter) Less(i, j int) bool { return s[i].String() < s[j].String() }
99func (s pubKeySorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
100
101func (t *rootsTester) testDump(br security.BlessingRoots) error {
102 want := map[security.BlessingPattern][]security.PublicKey{
103 "google/foo": []security.PublicKey{t[1], t[2]},
104 "google/$": []security.PublicKey{t[0]},
105 "vanadium": []security.PublicKey{t[0]},
106 }
107 got := br.Dump()
108 sort.Sort(pubKeySorter(want["google/foo"]))
109 sort.Sort(pubKeySorter(got["google/foo"]))
110 if !reflect.DeepEqual(got, want) {
111 return fmt.Errorf("Dump(): got %v, want %v", got, want)
112 }
113 return nil
114}
115
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]116func TestBlessingRoots(t *testing.T) {
117 p, err := NewPrincipal()
118 if err != nil {
119 t.Fatal(err)
120 }
121 tester := newRootsTester()
122 if err := tester.add(p.Roots()); err != nil {
123 t.Fatal(err)
124 }
125 if err := tester.testRecognized(p.Roots()); err != nil {
126 t.Fatal(err)
127 }
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]128 if err := tester.testDump(p.Roots()); err != nil {
129 t.Fatal(err)
130 }
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]131}
132
133func TestBlessingRootsPersistence(t *testing.T) {
134 dir, err := ioutil.TempDir("", "TestBlessingRootsPersistence")
135 if err != nil {
136 t.Fatal(err)
137 }
138 defer os.RemoveAll(dir)
139 tester := newRootsTester()
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]140 p, err := CreatePersistentPrincipal(dir, nil)
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]141 if err != nil {
142 t.Fatal(err)
143 }
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]144 if err := tester.add(p.Roots()); err != nil {
145 t.Error(err)
146 }
147 if err := tester.testRecognized(p.Roots()); err != nil {
148 t.Error(err)
149 }
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]150 if err := tester.testDump(p.Roots()); err != nil {
151 t.Error(err)
152 }
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]153 // Recreate the principal (and thus BlessingRoots)
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]154 p2, err := LoadPersistentPrincipal(dir, nil)
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]155 if err != nil {
156 t.Fatal(err)
157 }
158 if err := tester.testRecognized(p2.Roots()); err != nil {
159 t.Error(err)
160 }
Ankur9e5b7722015-04-28 15:00:25 -0700[diff] [blame]161 if err := tester.testDump(p2.Roots()); err != nil {
162 t.Error(err)
163 }
Asim Shankarae8d4c52014-10-08 13:03:31 -0700[diff] [blame]164}