| Asim Shankar | 0c73fbf | 2014-10-31 15:34:02 -0700 | [diff] [blame] | 1 | package ipc |
| 2 | |
| 3 | import ( |
| 4 | "testing" |
| 5 | |
| Jiri Simsa | 764efb7 | 2014-12-25 20:57:03 -0800 | [diff] [blame] | 6 | vsecurity "v.io/core/veyron/security" |
| 7 | "v.io/core/veyron2/security" |
| Asim Shankar | 0c73fbf | 2014-10-31 15:34:02 -0700 | [diff] [blame] | 8 | ) |
| 9 | |
| 10 | func TestDefaultAuthorizer(t *testing.T) { |
| 11 | var ( |
| 12 | pali, _ = vsecurity.NewPrincipal() |
| 13 | pbob, _ = vsecurity.NewPrincipal() |
| 14 | pche, _ = vsecurity.NewPrincipal() |
| 15 | |
| 16 | che, _ = pche.BlessSelf("che") |
| 17 | ali, _ = pali.BlessSelf("ali") |
| 18 | bob, _ = pbob.BlessSelf("bob") |
| 19 | |
| 20 | // bless(ali, bob, "friend") will generate a blessing for ali, calling him "bob/friend". |
| 21 | bless = func(target, extend security.Blessings, extension string) security.Blessings { |
| 22 | var p security.Principal |
| 23 | switch extend { |
| 24 | case ali: |
| 25 | p = pali |
| 26 | case bob: |
| 27 | p = pbob |
| 28 | case che: |
| 29 | p = pche |
| 30 | default: |
| 31 | panic(extend) |
| 32 | } |
| 33 | ret, err := p.Bless(target.PublicKey(), extend, extension, security.UnconstrainedUse()) |
| 34 | if err != nil { |
| 35 | panic(err) |
| 36 | } |
| 37 | return ret |
| 38 | } |
| 39 | |
| 40 | U = func(blessings ...security.Blessings) security.Blessings { |
| 41 | u, err := security.UnionOfBlessings(blessings...) |
| 42 | if err != nil { |
| 43 | panic(err) |
| 44 | } |
| 45 | return u |
| 46 | } |
| 47 | |
| 48 | // Shorthands for getting blessings for Ali and Bob. |
| 49 | A = func(as security.Blessings, extension string) security.Blessings { return bless(ali, as, extension) } |
| 50 | B = func(as security.Blessings, extension string) security.Blessings { return bless(bob, as, extension) } |
| 51 | |
| 52 | authorizer defaultAuthorizer |
| 53 | ) |
| 54 | // Make ali, bob (the two ends) recognize all three blessings |
| 55 | for ip, p := range []security.Principal{pali, pbob} { |
| 56 | for _, b := range []security.Blessings{ali, bob, che} { |
| 57 | if err := p.AddToRoots(b); err != nil { |
| 58 | t.Fatalf("%d: %v - %v", ip, b, err) |
| 59 | } |
| 60 | } |
| 61 | } |
| 62 | // All tests are run as if "ali" is the local end and "bob" is the remote. |
| 63 | tests := []struct { |
| 64 | local, remote security.Blessings |
| 65 | authorized bool |
| 66 | }{ |
| 67 | {ali, ali, true}, |
| 68 | {ali, bob, false}, |
| 69 | {ali, B(ali, "friend"), true}, // ali talking to ali/friend |
| 70 | {A(bob, "friend"), bob, true}, // bob/friend talking to bob |
| 71 | {A(che, "friend"), B(che, "family"), false}, // che/friend talking to che/family |
| 72 | {U(ali, A(bob, "friend"), A(che, "friend")), |
| 73 | U(bob, B(che, "family")), |
| 74 | true}, // {ali, bob/friend, che/friend} talking to {bob, che/family} |
| 75 | } |
| 76 | for _, test := range tests { |
| 77 | err := authorizer.Authorize(&mockSecurityContext{ |
| 78 | p: pali, |
| 79 | l: test.local, |
| 80 | r: test.remote, |
| 81 | }) |
| 82 | if (err == nil) != test.authorized { |
| 83 | t.Errorf("Local:%v Remote:%v. Got %v", test.local, test.remote, err) |
| 84 | } |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | type mockSecurityContext struct { |
| 89 | security.Context |
| 90 | p security.Principal |
| 91 | l, r security.Blessings |
| 92 | } |
| 93 | |
| 94 | func (c *mockSecurityContext) LocalPrincipal() security.Principal { return c.p } |
| 95 | func (c *mockSecurityContext) LocalBlessings() security.Blessings { return c.l } |
| 96 | func (c *mockSecurityContext) RemoteBlessings() security.Blessings { return c.r } |
