Google Git
Sign in
vanadium / release.go.x.ref / de6e04fe1fab44a40b6288d72e22f63e2c54117b / . / cmd / principal / principal_v23_test.go
blob: 6186649ea3722abbecbc8641346b3a361551986c [file] [log] [blame]
Jiri Simsad7616c92015-03-24 23:44:30 -0700[diff] [blame]1// Copyright 2015 The Vanadium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]5package main_test
6
7import (
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]8 "bytes"
Asim Shankar5fbe3262015-03-11 23:03:51 -0700[diff] [blame]9 "fmt"
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]10 "io/ioutil"
11 "os"
12 "path/filepath"
13 "regexp"
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]14 "strings"
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]15
Todd Wang8123b5e2015-05-14 18:44:43 -0700[diff] [blame]16 "v.io/x/ref"
Cosmos Nicolaou1381f8a2015-03-13 09:40:34 -0700[diff] [blame]17 "v.io/x/ref/test/v23tests"
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]18)
19
Cosmos Nicolaoua866f262015-02-10 14:56:06 -0800[diff] [blame]20//go:generate v23 test generate
Suharsh Sivakumar6d70f9e2015-02-20 16:35:33 -0800[diff] [blame]21
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]22// redirect redirects the stdout of the given invocation to the file at the
23// given path.
Cosmos Nicolaou01007a02015-02-11 15:38:38 -0800[diff] [blame]24func redirect(t *v23tests.T, inv *v23tests.Invocation, path string) {
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]25 if err := ioutil.WriteFile(path, []byte(inv.Output()), 0600); err != nil {
26 t.Fatalf("WriteFile(%q) failed: %v\n", path, err)
27 }
28}
29
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]30// removePublicKeys replaces public keys (16 hex bytes, :-separated) with
31// XX:.... This substitution enables comparison with golden output even when
32// keys are freshly minted by the "principal create" command.
33func removePublicKeys(input string) string {
34 return regexp.MustCompile("([0-9a-f]{2}:){15}[0-9a-f]{2}").ReplaceAllString(input, "XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX")
35}
36
37func removeCaveats(input string) string {
Suharsh Sivakumarf3eafa22015-02-24 12:58:51 -0800[diff] [blame]38 input = regexp.MustCompile(`0xa64c2d0119fba3348071feeb2f308000\(time\.Time=.*\)`).ReplaceAllString(input, "ExpiryCaveat")
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]39 input = regexp.MustCompile(`0x54a676398137187ecdb26d2d69ba0003\(\[]string=.*\)`).ReplaceAllString(input, "MethodCaveat")
40 input = regexp.MustCompile(`0x00000000000000000000000000000000\(bool=true\)`).ReplaceAllString(input, "Unconstrained")
41 return input
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]42}
43
Cosmos Nicolaou01007a02015-02-11 15:38:38 -0800[diff] [blame]44func V23TestBlessSelf(t *v23tests.T) {
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]45 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]46 outputDir = t.NewTempDir("")
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]47 aliceDir = filepath.Join(outputDir, "alice")
48 aliceBlessingFile = filepath.Join(outputDir, "aliceself")
49 )
50
Matt Rosencrantzbca49812015-03-01 21:32:54 -0800[diff] [blame]51 bin := t.BuildGoPkg("v.io/x/ref/cmd/principal")
Cosmos Nicolaou42a17362015-03-10 16:40:18 -0700[diff] [blame]52 bin.Run("create", aliceDir, "alice")
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]53
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]54 bin = bin.WithEnv(credEnv(aliceDir))
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]55 redirect(t, bin.Start("blessself", "alicereborn"), aliceBlessingFile)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]56 got := removePublicKeys(bin.Start("dumpblessings", aliceBlessingFile).Output())
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]57 want := `Blessings : alicereborn
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]58PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]59Certificate chains : 1
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]60Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
61 Certificate #0: alicereborn with 0 caveats
62`
63 if want != got {
64 t.Fatalf("unexpected output, wanted \n%s, got\n%s", want, got)
Cosmos Nicolaou728a57e2015-02-05 13:04:08 -0800[diff] [blame]65 }
66}
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]67
68func V23TestStore(t *v23tests.T) {
69 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]70 outputDir = t.NewTempDir("")
Matt Rosencrantzbca49812015-03-01 21:32:54 -0800[diff] [blame]71 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]72 aliceDir = filepath.Join(outputDir, "alice")
73 aliceFriend = filepath.Join(outputDir, "alice.bless")
74 bobDir = filepath.Join(outputDir, "bob")
Suharsh Sivakumar2b22fc12015-04-15 19:38:04 -0700[diff] [blame]75 bobForPeer = filepath.Join(outputDir, "bob.get.forpeer")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]76 )
77
78 // Create two principals: alice and bob.
79 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
80 bin.Start("create", bobDir, "bob").WaitOrDie(os.Stdout, os.Stderr)
81
Suharsh Sivakumar2b22fc12015-04-15 19:38:04 -0700[diff] [blame]82 // Bless Bob with Alice's principal.
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]83 blessEnv := credEnv(aliceDir)
84 redirect(t, bin.WithEnv(blessEnv).Start("bless", "--for=1m", bobDir, "friend"), aliceFriend)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]85
86 // Run store forpeer on bob.
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]87 bin.Start("--v23.credentials="+bobDir, "set", "forpeer", aliceFriend, "alice").WaitOrDie(os.Stdout, os.Stderr)
88 redirect(t, bin.WithEnv(blessEnv).Start("--v23.credentials="+bobDir, "get", "forpeer", "alice/server"), bobForPeer)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]89
90 got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", bobForPeer).Output()))
Asim Shankarb3c8d662015-03-31 23:48:02 -0700[diff] [blame]91 want := `Blessings : bob,alice/friend
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]92PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
93Certificate chains : 2
94Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
95 Certificate #0: bob with 0 caveats
96Chain #1 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
97 Certificate #0: alice with 0 caveats
98 Certificate #1: friend with 1 caveat
99 (0) ExpiryCaveat
100`
101 if want != got {
Suharsh Sivakumar2b22fc12015-04-15 19:38:04 -0700[diff] [blame]102 t.Errorf("unexpected output, got\n%s, wanted\n%s", got, want)
103 }
104
105 // Test the names flag.
106 got = bin.WithEnv(blessEnv).Start("--v23.credentials="+bobDir, "get", "forpeer", "--names", "alice/server").Output()
107 want = `bob
108alice/friend
109`
110 if got != want {
111 t.Errorf("unexpected output, got %s, want %s", got, want)
112 }
113
114 // Test the rootkey flag. In particular alice/friend's rootkey should be equal to alice's publickey.
115 got = bin.WithEnv(blessEnv).Start("--v23.credentials="+bobDir, "get", "forpeer", "--rootkey", "alice/friend", "alice/server").Output()
Asim Shankarde6fda52015-04-22 21:20:24 -0700[diff] [blame]116 want = bin.WithEnv(blessEnv).Start("get", "publickey", "--pretty").Output()
Suharsh Sivakumar2b22fc12015-04-15 19:38:04 -0700[diff] [blame]117 if got != want {
118 t.Errorf("unexpected output, got %s, want %s", got, want)
119 }
120
121 // Test the caveats flag.
122 got = bin.WithEnv(blessEnv).Start("--v23.credentials="+bobDir, "get", "forpeer", "--caveats", "alice/friend", "alice/server").Output()
123 want = "Expires at"
124 if !strings.HasPrefix(got, want) {
125 t.Errorf("unexpected output, got %s, want %s", got, want)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]126 }
127}
128
129func V23TestDump(t *v23tests.T) {
130 var (
Bogdan Caprita4ab95412015-05-13 13:37:46 -0700[diff] [blame]131 outputDir = t.NewTempDir("")
132 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
133 aliceDir = filepath.Join(outputDir, "alice")
134 aliceExpiredDir = filepath.Join(outputDir, "alice-expired")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]135 )
136
137 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
138
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]139 blessEnv := credEnv(aliceDir)
140 got := removePublicKeys(bin.WithEnv(blessEnv).Start("dump").Output())
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]141 want := `Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Bogdan Caprita4ab95412015-05-13 13:37:46 -0700[diff] [blame]142Default Blessings : alice
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]143---------------- BlessingStore ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]144Default Blessings alice
145Peer pattern Blessings
146... alice
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]147---------------- BlessingRoots ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]148Public key Pattern
149XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [alice]
150`
151 if want != got {
152 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
153 }
Bogdan Caprita4ab95412015-05-13 13:37:46 -0700[diff] [blame]154
155 got = bin.WithEnv(blessEnv).Start("dump", "-s").Output()
156 want = "alice\n"
157 if want != got {
158 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
159 }
160
161 bin.Start("--v23.credentials="+aliceDir, "fork", "--for", "-1h", aliceExpiredDir, "expired").WaitOrDie(os.Stdout, os.Stderr)
162 blessEnv = credEnv(aliceExpiredDir)
163 got = removePublicKeys(bin.WithEnv(blessEnv).Start("dump").Output())
164 want = `Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
165Default Blessings : alice/expired [EXPIRED]
166---------------- BlessingStore ----------------
167Default Blessings alice/expired
168Peer pattern Blessings
169... alice/expired
170---------------- BlessingRoots ----------------
171Public key Pattern
172XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [alice]
173`
174 if want != got {
175 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
176 }
177
178 got = bin.WithEnv(blessEnv).Start("dump", "-s").Output()
179 want = "alice/expired [EXPIRED]\n"
180 if want != got {
181 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
182 }
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]183}
184
185func V23TestGetRecognizedRoots(t *v23tests.T) {
186 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]187 outputDir = t.NewTempDir("")
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]188 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
189 aliceDir = filepath.Join(outputDir, "alice")
190 )
191
192 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
193
194 blessEnv := credEnv(aliceDir)
195 got := removePublicKeys(bin.WithEnv(blessEnv).Start("get", "recognizedroots").Output())
196 want := `Public key Pattern
197XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [alice]
198`
199 if want != got {
200 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
201 }
202}
203
204func V23TestGetPeermap(t *v23tests.T) {
205 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]206 outputDir = t.NewTempDir("")
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]207 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
208 aliceDir = filepath.Join(outputDir, "alice")
209 )
210
211 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
212
213 blessEnv := credEnv(aliceDir)
Suharsh Sivakumar2b22fc12015-04-15 19:38:04 -0700[diff] [blame]214 got := bin.WithEnv(blessEnv).Start("get", "peermap").Output()
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]215 want := `Default Blessings alice
216Peer pattern Blessings
217... alice
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]218`
219 if want != got {
220 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
221 }
222}
223
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]224// Given an invocation of "principal recvblessings", this function returns the
225// arguments to provide to "principal bless" provided by the "recvblessings"
226// invocation.
227//
228// For example,
229// principal recvblessings
230// would typically print something like:
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]231// principal bless --remote-key=<some_public_key> --remote-token=<some_token> extensionfoo
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]232// as an example of command line to use to send the blessings over.
233//
234// In that case, this method would return:
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]235// { "--remote-key=<some_public_key>", "--remote-token=<some_token>", "extensionfoo"}
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]236func blessArgsFromRecvBlessings(inv *v23tests.Invocation) []string {
237 cmd := inv.ExpectSetEventuallyRE("(^principal bless .*$)")[0][0]
238 return strings.Split(cmd, " ")[2:]
239}
240
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]241func V23TestRecvBlessings(t *v23tests.T) {
242 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]243 outputDir = t.NewTempDir("")
Suharsh Sivakumarab21eb02015-04-01 12:58:20 -0700[diff] [blame]244 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
245 aliceDir = filepath.Join(outputDir, "alice")
246 bobDir = filepath.Join(outputDir, "bob")
247 carolDir = filepath.Join(outputDir, "carol")
248 bobBlessFile = filepath.Join(outputDir, "bobBlessInfo")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]249 )
250
Asim Shankar2a32dd22015-05-29 15:45:22 -0700[diff] [blame]251 // Generate principals
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]252 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
Suharsh Sivakumarab21eb02015-04-01 12:58:20 -0700[diff] [blame]253 bin.Start("create", bobDir, "bob").WaitOrDie(os.Stdout, os.Stderr)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]254 bin.Start("create", carolDir, "carol").WaitOrDie(os.Stdout, os.Stderr)
255
256 // Run recvblessings on carol, and have alice send blessings over
257 // (blessings received must be set as default and shareable with all peers).
258 var args []string
259 {
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]260 inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings")
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]261 args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(inv)...)
Asim Shankar2a32dd22015-05-29 15:45:22 -0700[diff] [blame]262 // Use the "friend/carol" extension
263 args = append(args, "friend/carol")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]264 }
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]265 bin.WithEnv(credEnv(aliceDir)).Start(args...).WaitOrDie(os.Stdout, os.Stderr)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]266
267 // Run recvblessings on carol, and have alice send blessings over
268 // (blessings received must be set as shareable with peers matching 'alice/...'.)
269 {
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]270 inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for-peer=alice", "--set-default=false")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]271 // recvblessings suggests a random extension, find the extension and replace it with friend/carol/foralice.
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]272 args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(inv)...)
Asim Shankar2a32dd22015-05-29 15:45:22 -0700[diff] [blame]273 args = append(args, "friend/carol/foralice")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]274 }
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]275 bin.WithEnv(credEnv(aliceDir)).Start(args...).WaitOrDie(os.Stdout, os.Stderr)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]276
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]277 // Run recvblessings on carol with the --remote-arg-file flag, and have bob send blessings over with the --remote-arg-file flag.
Suharsh Sivakumarab21eb02015-04-01 12:58:20 -0700[diff] [blame]278 {
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]279 inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for-peer=bob", "--set-default=false", "--remote-arg-file="+bobBlessFile)
Suharsh Sivakumarab21eb02015-04-01 12:58:20 -0700[diff] [blame]280 // recvblessings suggests a random extension, use friend/carol/forbob instead.
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]281 args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(inv)...)
Asim Shankar2a32dd22015-05-29 15:45:22 -0700[diff] [blame]282 args = append(args, "friend/carol/forbob")
Suharsh Sivakumarab21eb02015-04-01 12:58:20 -0700[diff] [blame]283 }
284 bin.WithEnv(credEnv(bobDir)).Start(args...).WaitOrDie(os.Stdout, os.Stderr)
285
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]286 listenerInv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for-peer=alice/...", "--set-default=false", "--vmodule=*=2", "--logtostderr")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]287
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]288 args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(listenerInv)...)
Asim Shankar2a32dd22015-05-29 15:45:22 -0700[diff] [blame]289 args = append(args, "willfail")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]290
291 {
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]292 // Mucking around with remote-key should fail.
293 cpy := strings.Split(regexp.MustCompile("remote-key=").ReplaceAllString(strings.Join(args, " "), "remote-key=BAD"), " ")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]294 var buf bytes.Buffer
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]295 if bin.WithEnv(credEnv(aliceDir)).Start(cpy...).Wait(os.Stdout, &buf) == nil {
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]296 t.Fatalf("%v should have failed, but did not", cpy)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]297 }
298
299 if want, got := "key mismatch", buf.String(); !strings.Contains(got, want) {
300 t.Fatalf("expected %q to be contained within\n%s\n, but was not", want, got)
301 }
302 }
303
304 {
305 var buf bytes.Buffer
306 // Mucking around with the token should fail.
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]307 cpy := strings.Split(regexp.MustCompile("remote-token=").ReplaceAllString(strings.Join(args, " "), "remote-token=BAD"), " ")
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]308 if bin.WithEnv(credEnv(aliceDir)).Start(cpy...).Wait(os.Stdout, &buf) == nil {
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]309 t.Fatalf("%v should have failed, but did not", cpy)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]310 }
311
312 if want, got := "blessings received from unexpected sender", buf.String(); !strings.Contains(got, want) {
313 t.Fatalf("expected %q to be contained within\n%s\n, but was not", want, got)
314 }
315 }
316
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]317 // Dump carol out, the only blessing that survives should be from the
318 // first "bless" command. (alice/friend/carol).
319 got := removePublicKeys(bin.Start("--v23.credentials="+carolDir, "dump").Output())
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]320 want := `Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Bogdan Caprita4ab95412015-05-13 13:37:46 -0700[diff] [blame]321Default Blessings : alice/friend/carol
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]322---------------- BlessingStore ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]323Default Blessings alice/friend/carol
324Peer pattern Blessings
325... alice/friend/carol
326alice alice/friend/carol/foralice
327bob bob/friend/carol/forbob
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]328---------------- BlessingRoots ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]329Public key Pattern
330XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [alice]
331XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [bob]
332XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [carol]
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]333`
334 if want != got {
335 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
336 }
337}
338
Asim Shankar2a32dd22015-05-29 15:45:22 -0700[diff] [blame]339func V23TestRecvBlessingsInteractive(t *v23tests.T) {
340 var (
341 outputDir = t.NewTempDir("")
342 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
343 aliceDir = filepath.Join(outputDir, "alice")
344 bobDir = filepath.Join(outputDir, "bob")
345 aliceBin = bin.WithEnv(credEnv(aliceDir))
346 )
347
348 // Generate principals
349 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
350 bin.Start("create", bobDir, "bob").WaitOrDie(os.Stdout, os.Stderr)
351
352 // Run recvblessings on bob
353 recv := bin.Start("--v23.credentials="+bobDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings")
354 args := blessArgsFromRecvBlessings(recv)
355
356 // When running the exact command, must be prompted about caveats.
357 {
358 inv := aliceBin.Start(append([]string{"bless"}, args...)...)
359 inv.Expect("WARNING: No caveats provided")
360 // Saying something other than "yes" or "YES"
361 // should fail.
362 fmt.Fprintln(inv.Stdin(), "yeah")
363 if err := inv.Wait(os.Stdout, os.Stderr); err == nil {
364 t.Fatalf("Expected principal bless to fail because the wrong input was provided")
365 }
366 }
367 // When agreeing to have no caveats, must specify an extension
368 {
369 inv := aliceBin.Start(append([]string{"bless"}, args...)...)
370 inv.Expect("WARNING: No caveats provided")
371 fmt.Fprintln(inv.Stdin(), "yes")
372 inv.CloseStdin()
373 if err := inv.Wait(os.Stdout, os.Stderr); err == nil {
374 t.Fatalf("Expected principal bless to fail because no extension was provided")
375 }
376 }
377 // When providing both, the bless command should succeed.
378 {
379 inv := aliceBin.Start(append([]string{"bless"}, args...)...)
380 fmt.Fprintln(inv.Stdin(), "YES")
381 fmt.Fprintln(inv.Stdin(), "friend/bobby")
382 if err := inv.Wait(os.Stdout, os.Stderr); err != nil {
383 t.Fatal(err)
384 }
385 }
386 got := removePublicKeys(bin.Start("--v23.credentials="+bobDir, "dump").Output())
387 want := `Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
388Default Blessings : alice/friend/bobby
389---------------- BlessingStore ----------------
390Default Blessings alice/friend/bobby
391Peer pattern Blessings
392... alice/friend/bobby
393---------------- BlessingRoots ----------------
394Public key Pattern
395XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [alice]
396XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [bob]
397`
398 if want != got {
399 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
400 }
401}
402
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]403func V23TestFork(t *v23tests.T) {
404 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]405 outputDir = t.NewTempDir("")
Matt Rosencrantzbca49812015-03-01 21:32:54 -0800[diff] [blame]406 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]407 aliceDir = filepath.Join(outputDir, "alice")
408 alicePhoneDir = filepath.Join(outputDir, "alice-phone")
409 alicePhoneCalendarDir = filepath.Join(outputDir, "alice-phone-calendar")
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]410 tmpfile = filepath.Join(outputDir, "tmpfile")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]411 )
412
413 // Generate principals for alice.
414 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
415
416 // Run fork to setup up credentials for alice/phone that are
417 // blessed by alice under the extension "phone".
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]418 bin.Start("--v23.credentials="+aliceDir, "fork", "--for", "1h", alicePhoneDir, "phone").WaitOrDie(os.Stdout, os.Stderr)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]419
420 // Dump alice-phone out, the only blessings it has must be from alice (alice/phone).
421 {
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]422 got := removePublicKeys(bin.Start("--v23.credentials="+alicePhoneDir, "dump").Output())
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]423 want := `Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Bogdan Caprita4ab95412015-05-13 13:37:46 -0700[diff] [blame]424Default Blessings : alice/phone
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]425---------------- BlessingStore ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]426Default Blessings alice/phone
427Peer pattern Blessings
428... alice/phone
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]429---------------- BlessingRoots ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]430Public key Pattern
431XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [alice]
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]432`
433 if want != got {
434 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
435 }
436 }
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]437 // And it should have an expiry caveat
438 {
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]439 redirect(t, bin.Start("--v23.credentials", alicePhoneDir, "get", "default"), tmpfile)
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]440 got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", tmpfile).Output()))
441 want := `Blessings : alice/phone
442PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
443Certificate chains : 1
444Chain #0 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
445 Certificate #0: alice with 0 caveats
446 Certificate #1: phone with 1 caveat
447 (0) ExpiryCaveat
448`
449 if want != got {
450 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
451 }
452 }
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]453
454 // Run fork to setup up credentials for alice/phone/calendar that are
455 // blessed by alice/phone under the extension "calendar".
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]456 bin.Start("--v23.credentials="+alicePhoneDir, "fork", "--for", "1h", alicePhoneCalendarDir, "calendar").WaitOrDie(os.Stdout, os.Stderr)
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]457 {
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]458 got := removePublicKeys(bin.Start("--v23.credentials="+alicePhoneCalendarDir, "dump").Output())
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]459 want := `Public key : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Bogdan Caprita4ab95412015-05-13 13:37:46 -0700[diff] [blame]460Default Blessings : alice/phone/calendar
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]461---------------- BlessingStore ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]462Default Blessings alice/phone/calendar
463Peer pattern Blessings
464... alice/phone/calendar
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]465---------------- BlessingRoots ----------------
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]466Public key Pattern
467XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [alice]
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]468`
469 if want != got {
470 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
471 }
472 }
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]473 {
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]474 redirect(t, bin.Start("--v23.credentials", alicePhoneCalendarDir, "get", "default"), tmpfile)
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]475 got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", tmpfile).Output()))
476 want := `Blessings : alice/phone/calendar
477PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
478Certificate chains : 1
479Chain #0 (3 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
480 Certificate #0: alice with 0 caveats
481 Certificate #1: phone with 1 caveat
482 (0) ExpiryCaveat
483 Certificate #2: calendar with 1 caveat
484 (0) ExpiryCaveat
485`
486 if want != got {
487 t.Fatalf("unexpected output, got\n%s, wanted\n%s", got, want)
488 }
489 }
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]490}
491
492func V23TestCreate(t *v23tests.T) {
493 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]494 outputDir = t.NewTempDir("")
Matt Rosencrantzbca49812015-03-01 21:32:54 -0800[diff] [blame]495 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
James Ring5721f3d2015-02-12 19:53:20 -0800[diff] [blame]496 aliceDir = filepath.Join(outputDir, "alice")
497 )
498
499 // Creating a principal should succeed the first time.
500 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
501
502 // The second time should fail (the create command won't override an existing principal).
503 if bin.Start("create", aliceDir, "alice").Wait(os.Stdout, os.Stderr) == nil {
504 t.Fatalf("principal creation should have failed, but did not")
505 }
506
507 // If we specify -overwrite, it will.
508 bin.Start("create", "--overwrite", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
509}
Suharsh Sivakumar1d61f642015-02-17 20:56:14 -0800[diff] [blame]510
511func V23TestCaveats(t *v23tests.T) {
512 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]513 outputDir = t.NewTempDir("")
Suharsh Sivakumar1d61f642015-02-17 20:56:14 -0800[diff] [blame]514 aliceDir = filepath.Join(outputDir, "alice")
515 aliceBlessingFile = filepath.Join(outputDir, "aliceself")
516 )
517
Matt Rosencrantzbca49812015-03-01 21:32:54 -0800[diff] [blame]518 bin := t.BuildGoPkg("v.io/x/ref/cmd/principal")
Suharsh Sivakumar1d61f642015-02-17 20:56:14 -0800[diff] [blame]519 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
520
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]521 bin = bin.WithEnv(credEnv(aliceDir))
Suharsh Sivakumar1d61f642015-02-17 20:56:14 -0800[diff] [blame]522 args := []string{
523 "blessself",
Suharsh Sivakumar60b78e92015-04-23 21:36:49 -0700[diff] [blame]524 "--caveat=\"v.io/v23/security\".MethodCaveat={\"method\"}",
Suharsh Sivakumar1d61f642015-02-17 20:56:14 -0800[diff] [blame]525 "--caveat={{0x54,0xa6,0x76,0x39,0x81,0x37,0x18,0x7e,0xcd,0xb2,0x6d,0x2d,0x69,0xba,0x0,0x3},typeobject([]string)}={\"method\"}",
526 "alicereborn",
527 }
528 redirect(t, bin.Start(args...), aliceBlessingFile)
529 got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", aliceBlessingFile).Output()))
530 want := `Blessings : alicereborn
531PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
532Certificate chains : 1
533Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
534 Certificate #0: alicereborn with 2 caveats
535 (0) MethodCaveat
536 (1) MethodCaveat
537`
538 if want != got {
539 t.Fatalf("unexpected output, wanted \n%s, got\n%s", want, got)
540 }
541}
Asim Shankar918190d2015-02-18 17:12:43 -0800[diff] [blame]542
543func V23TestForkWithoutVDLPATH(t *v23tests.T) {
544 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]545 parent = t.NewTempDir("")
Jiri Simsa32f76fb2015-04-07 15:39:23 -0700[diff] [blame]546 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal").WithEnv("V23_ROOT=''", "VDLPATH=''")
Asim Shankar918190d2015-02-18 17:12:43 -0800[diff] [blame]547 )
548 if err := bin.Start("create", parent, "parent").Wait(os.Stdout, os.Stderr); err != nil {
549 t.Fatalf("create %q failed: %v", parent, err)
550 }
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]551 if err := bin.Start("--v23.credentials="+parent, "fork", "--for=1s", t.NewTempDir(""), "child").Wait(os.Stdout, os.Stderr); err != nil {
Asim Shankar918190d2015-02-18 17:12:43 -0800[diff] [blame]552 t.Errorf("fork failed: %v", err)
553 }
554}
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]555
556func V23TestForkWithoutCaveats(t *v23tests.T) {
557 var (
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]558 parent = t.NewTempDir("")
559 child = t.NewTempDir("")
Matt Rosencrantzbca49812015-03-01 21:32:54 -0800[diff] [blame]560 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]561 buf bytes.Buffer
562 )
563 if err := bin.Start("create", parent, "parent").Wait(os.Stdout, os.Stderr); err != nil {
564 t.Fatalf("create %q failed: %v", parent, err)
565 }
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]566 if err := bin.Start("--v23.credentials", parent, "fork", child, "child").Wait(os.Stdout, &buf); err == nil {
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]567 t.Errorf("fork should have failed without any caveats, but did not")
568 } else if got, want := buf.String(), "ERROR: no caveats provided"; !strings.Contains(got, want) {
569 t.Errorf("fork returned error: %q, expected error to contain %q", got, want)
570 }
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]571 if err := bin.Start("--v23.credentials", parent, "fork", "--for=0", child, "child").Wait(os.Stdout, &buf); err == nil {
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]572 t.Errorf("fork should have failed without any caveats, but did not")
573 } else if got, want := buf.String(), "ERROR: no caveats provided"; !strings.Contains(got, want) {
574 t.Errorf("fork returned error: %q, expected error to contain %q", got, want)
575 }
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]576 if err := bin.Start("--v23.credentials", parent, "fork", "--require-caveats=false", child, "child").Wait(os.Stdout, os.Stderr); err != nil {
577 t.Errorf("fork --require-caveats=false failed with: %v", err)
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]578 }
579}
580
581func V23TestBless(t *v23tests.T) {
582 var (
Matt Rosencrantzbca49812015-03-01 21:32:54 -0800[diff] [blame]583 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]584 dir = t.NewTempDir("")
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]585 aliceDir = filepath.Join(dir, "alice")
586 bobDir = filepath.Join(dir, "bob")
587 tmpfile = filepath.Join(dir, "tmpfile")
588 )
589 // Create two principals: alice and bob
590 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
591 bin.Start("create", bobDir, "bob").WaitOrDie(os.Stdout, os.Stderr)
592
593 // All blessings will be done by "alice"
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]594 bin = bin.WithEnv(credEnv(aliceDir))
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]595
596 {
597 // "alice" should fail to bless "bob" without any caveats
598 var buf bytes.Buffer
599 if err := bin.Start("bless", bobDir, "friend").Wait(os.Stdout, &buf); err == nil {
600 t.Errorf("bless should have failed when no caveats are specified")
601 } else if got, want := buf.String(), "ERROR: no caveats provided"; !strings.Contains(got, want) {
602 t.Errorf("got error %q, expected to match %q", got, want)
603 }
604 }
605 {
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]606 // But succeed if --require-caveats=false is specified
607 redirect(t, bin.Start("bless", "--require-caveats=false", bobDir, "friend"), tmpfile)
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]608 got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", tmpfile).Output()))
609 want := `Blessings : alice/friend
610PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
611Certificate chains : 1
612Chain #0 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
613 Certificate #0: alice with 0 caveats
614 Certificate #1: friend with 1 caveat
615 (0) Unconstrained
616`
617 if got != want {
618 t.Errorf("Got\n%vWant\n%v", got, want)
619 }
620 }
621 {
622 // And succeed if --for is specified
623 redirect(t, bin.Start("bless", "--for=1m", bobDir, "friend"), tmpfile)
624 got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", tmpfile).Output()))
625 want := `Blessings : alice/friend
626PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
627Certificate chains : 1
628Chain #0 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
629 Certificate #0: alice with 0 caveats
630 Certificate #1: friend with 1 caveat
631 (0) ExpiryCaveat
632`
633 if got != want {
634 t.Errorf("Got\n%vWant\n%v", got, want)
635 }
636 }
637 {
Suharsh Sivakumar7e80c862015-05-11 15:33:55 -0700[diff] [blame]638 // If the Blessings are expired, dumpBlessings should print so.
639 redirect(t, bin.Start("bless", "--for=-1s", bobDir, "friend"), tmpfile)
640 got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", tmpfile).Output()))
641 want := `Blessings : alice/friend [EXPIRED]
642PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
643Certificate chains : 1
644Chain #0 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
645 Certificate #0: alice with 0 caveats
646 Certificate #1: friend with 1 caveat
647 (0) ExpiryCaveat
648`
649 if got != want {
650 t.Errorf("Got\n%vWant\n%v", got, want)
651 }
652 }
653 {
Asim Shankara0bba462015-02-20 22:50:51 -0800[diff] [blame]654 // But not if --for=0
655 var buf bytes.Buffer
656 if err := bin.Start("bless", "--for=0", bobDir, "friend").Wait(os.Stdout, &buf); err == nil {
657 t.Errorf("bless should have failed when no caveats are specified")
658 } else if got, want := buf.String(), "ERROR: no caveats provided"; !strings.Contains(got, want) {
659 t.Errorf("got error %q, expected to match %q", got, want)
660 }
661 }
662}
Asim Shankar5fbe3262015-03-11 23:03:51 -0700[diff] [blame]663
Asim Shankar80277d02015-03-31 12:57:06 -0700[diff] [blame]664func V23TestAddBlessingsToRoots(t *v23tests.T) {
Asim Shankar5fbe3262015-03-11 23:03:51 -0700[diff] [blame]665 var (
666 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
Robert Kroeger02714b72015-04-14 18:02:38 -0700[diff] [blame]667 aliceDir = t.NewTempDir("")
668 bobDir = t.NewTempDir("")
669 blessingFile = filepath.Join(t.NewTempDir(""), "bobfile")
Asim Shankar5fbe3262015-03-11 23:03:51 -0700[diff] [blame]670
671 // Extract the public key from the first line of output from
672 // "principal dump", which is formatted as:
673 // Public key : <the public key>
674 publicKey = func(dir string) string {
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]675 output := bin.Start("--v23.credentials="+dir, "dump").Output()
Asim Shankar5fbe3262015-03-11 23:03:51 -0700[diff] [blame]676 line := strings.SplitN(output, "\n", 2)[0]
677 fields := strings.Split(line, " ")
678 return fields[len(fields)-1]
679 }
680 )
681 // Create two principals, "alice" and "bob"
682 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
683 bin.Start("create", bobDir, "bob").WaitOrDie(os.Stdout, os.Stderr)
684 // Have bob create a "bob/friend" blessing and have alice recognize that.
Suharsh Sivakumared5be1d2015-04-01 17:45:35 -0700[diff] [blame]685 redirect(t, bin.Start("--v23.credentials="+bobDir, "bless", "--require-caveats=false", aliceDir, "friend"), blessingFile)
Asim Shankar562b2302015-04-27 13:52:43 -0700[diff] [blame]686 bin.Start("--v23.credentials="+aliceDir, "recognize", blessingFile).WaitOrDie(os.Stdout, os.Stderr)
Asim Shankar5fbe3262015-03-11 23:03:51 -0700[diff] [blame]687
Suharsh Sivakumar4bbe8ed2015-04-09 14:21:44 -0700[diff] [blame]688 want := fmt.Sprintf(`Public key Pattern
689%v [alice]
690%v [bob]
691`, publicKey(aliceDir), publicKey(bobDir))
692
693 // Finally view alice's recognized roots, it should have lines corresponding to aliceLine and bobLine.
694 got := bin.Start("--v23.credentials="+aliceDir, "get", "recognizedroots").Output()
695 if got != want {
696 t.Fatalf("Got:\n%v\n\nWant:\n%v", got, want)
Asim Shankar5fbe3262015-03-11 23:03:51 -0700[diff] [blame]697 }
698}
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]699
Asim Shankar80277d02015-03-31 12:57:06 -0700[diff] [blame]700func V23TestAddKeyToRoots(t *v23tests.T) {
701 var (
Asim Shankarde6fda52015-04-22 21:20:24 -0700[diff] [blame]702 bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
703 outputDir = t.NewTempDir("")
704 aliceDir = filepath.Join(outputDir, "alice")
705 bobDir = filepath.Join(outputDir, "bob")
Asim Shankar80277d02015-03-31 12:57:06 -0700[diff] [blame]706 )
707 bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
Asim Shankarde6fda52015-04-22 21:20:24 -0700[diff] [blame]708 bin.Start("create", bobDir, "bob").WaitOrDie(os.Stdout, os.Stderr)
709 // Get bob's public key and add it to roots for alice
710 bobKey := strings.TrimSpace(bin.Start("--v23.credentials="+bobDir, "get", "publickey").Output())
711 bobPrettyKey := strings.TrimSpace(bin.Start("--v23.credentials="+bobDir, "get", "publickey", "--pretty").Output())
Asim Shankar562b2302015-04-27 13:52:43 -0700[diff] [blame]712 bin.Start("--v23.credentials="+aliceDir, "recognize", "bob", bobKey).WaitOrDie(os.Stdout, os.Stderr)
Asim Shankarde6fda52015-04-22 21:20:24 -0700[diff] [blame]713
714 // Verify that it has been added
Asim Shankarf32d24d2015-04-01 16:34:26 -0700[diff] [blame]715 output := bin.Start("--v23.credentials="+aliceDir, "dump").Output()
Asim Shankarde6fda52015-04-22 21:20:24 -0700[diff] [blame]716 want := fmt.Sprintf("%v [bob]", bobPrettyKey)
Asim Shankar80277d02015-03-31 12:57:06 -0700[diff] [blame]717 for _, line := range strings.Split(output, "\n") {
718 if line == want {
719 return
720 }
721 }
722 t.Errorf("Could not find line:\n%v\nin output:\n%v\n", want, output)
723}
724
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]725func credEnv(dir string) string {
Todd Wang8123b5e2015-05-14 18:44:43 -0700[diff] [blame]726 return fmt.Sprintf("%s=%s", ref.EnvCredentials, dir)
Asim Shankar59b8b692015-03-30 01:23:36 -0700[diff] [blame]727}