github.com/MetalBlockchain/metalgo@v1.11.9/network/peer/ip_test.go (about)

     1  // Copyright (C) 2019-2024, Ava Labs, Inc. All rights reserved.
     2  // See the file LICENSE for licensing terms.
     3  
     4  package peer
     5  
     6  import (
     7  	"crypto"
     8  	"net/netip"
     9  	"testing"
    10  	"time"
    11  
    12  	"github.com/stretchr/testify/require"
    13  
    14  	"github.com/MetalBlockchain/metalgo/staking"
    15  	"github.com/MetalBlockchain/metalgo/utils/crypto/bls"
    16  )
    17  
    18  func TestSignedIpVerify(t *testing.T) {
    19  	tlsCert1, err := staking.NewTLSCert()
    20  	require.NoError(t, err)
    21  	cert1, err := staking.ParseCertificate(tlsCert1.Leaf.Raw)
    22  	require.NoError(t, err)
    23  	tlsKey1 := tlsCert1.PrivateKey.(crypto.Signer)
    24  	blsKey1, err := bls.NewSecretKey()
    25  	require.NoError(t, err)
    26  
    27  	tlsCert2, err := staking.NewTLSCert()
    28  	require.NoError(t, err)
    29  	cert2, err := staking.ParseCertificate(tlsCert2.Leaf.Raw)
    30  	require.NoError(t, err)
    31  
    32  	now := time.Now()
    33  	addrPort := netip.AddrPortFrom(
    34  		netip.AddrFrom4([4]byte{1, 2, 3, 4}),
    35  		1,
    36  	)
    37  
    38  	type test struct {
    39  		name         string
    40  		tlsSigner    crypto.Signer
    41  		blsSigner    *bls.SecretKey
    42  		expectedCert *staking.Certificate
    43  		ip           UnsignedIP
    44  		maxTimestamp time.Time
    45  		expectedErr  error
    46  	}
    47  
    48  	tests := []test{
    49  		{
    50  			name:         "valid (before max time)",
    51  			tlsSigner:    tlsKey1,
    52  			blsSigner:    blsKey1,
    53  			expectedCert: cert1,
    54  			ip: UnsignedIP{
    55  				AddrPort:  addrPort,
    56  				Timestamp: uint64(now.Unix()) - 1,
    57  			},
    58  			maxTimestamp: now,
    59  			expectedErr:  nil,
    60  		},
    61  		{
    62  			name:         "valid (at max time)",
    63  			tlsSigner:    tlsKey1,
    64  			blsSigner:    blsKey1,
    65  			expectedCert: cert1,
    66  			ip: UnsignedIP{
    67  				AddrPort:  addrPort,
    68  				Timestamp: uint64(now.Unix()),
    69  			},
    70  			maxTimestamp: now,
    71  			expectedErr:  nil,
    72  		},
    73  		{
    74  			name:         "timestamp too far ahead",
    75  			tlsSigner:    tlsKey1,
    76  			blsSigner:    blsKey1,
    77  			expectedCert: cert1,
    78  			ip: UnsignedIP{
    79  				AddrPort:  addrPort,
    80  				Timestamp: uint64(now.Unix()) + 1,
    81  			},
    82  			maxTimestamp: now,
    83  			expectedErr:  errTimestampTooFarInFuture,
    84  		},
    85  		{
    86  			name:         "sig from wrong cert",
    87  			tlsSigner:    tlsKey1,
    88  			blsSigner:    blsKey1,
    89  			expectedCert: cert2, // note this isn't cert1
    90  			ip: UnsignedIP{
    91  				Timestamp: uint64(now.Unix()),
    92  			},
    93  			maxTimestamp: now,
    94  			expectedErr:  errInvalidTLSSignature,
    95  		},
    96  	}
    97  
    98  	for _, tt := range tests {
    99  		t.Run(tt.name, func(t *testing.T) {
   100  			signedIP, err := tt.ip.Sign(tt.tlsSigner, tt.blsSigner)
   101  			require.NoError(t, err)
   102  
   103  			err = signedIP.Verify(tt.expectedCert, tt.maxTimestamp)
   104  			require.ErrorIs(t, err, tt.expectedErr)
   105  		})
   106  	}
   107  }