github.com/MetalBlockchain/metalgo@v1.11.9/network/peer/ip_test.go (about) 1 // Copyright (C) 2019-2024, Ava Labs, Inc. All rights reserved. 2 // See the file LICENSE for licensing terms. 3 4 package peer 5 6 import ( 7 "crypto" 8 "net/netip" 9 "testing" 10 "time" 11 12 "github.com/stretchr/testify/require" 13 14 "github.com/MetalBlockchain/metalgo/staking" 15 "github.com/MetalBlockchain/metalgo/utils/crypto/bls" 16 ) 17 18 func TestSignedIpVerify(t *testing.T) { 19 tlsCert1, err := staking.NewTLSCert() 20 require.NoError(t, err) 21 cert1, err := staking.ParseCertificate(tlsCert1.Leaf.Raw) 22 require.NoError(t, err) 23 tlsKey1 := tlsCert1.PrivateKey.(crypto.Signer) 24 blsKey1, err := bls.NewSecretKey() 25 require.NoError(t, err) 26 27 tlsCert2, err := staking.NewTLSCert() 28 require.NoError(t, err) 29 cert2, err := staking.ParseCertificate(tlsCert2.Leaf.Raw) 30 require.NoError(t, err) 31 32 now := time.Now() 33 addrPort := netip.AddrPortFrom( 34 netip.AddrFrom4([4]byte{1, 2, 3, 4}), 35 1, 36 ) 37 38 type test struct { 39 name string 40 tlsSigner crypto.Signer 41 blsSigner *bls.SecretKey 42 expectedCert *staking.Certificate 43 ip UnsignedIP 44 maxTimestamp time.Time 45 expectedErr error 46 } 47 48 tests := []test{ 49 { 50 name: "valid (before max time)", 51 tlsSigner: tlsKey1, 52 blsSigner: blsKey1, 53 expectedCert: cert1, 54 ip: UnsignedIP{ 55 AddrPort: addrPort, 56 Timestamp: uint64(now.Unix()) - 1, 57 }, 58 maxTimestamp: now, 59 expectedErr: nil, 60 }, 61 { 62 name: "valid (at max time)", 63 tlsSigner: tlsKey1, 64 blsSigner: blsKey1, 65 expectedCert: cert1, 66 ip: UnsignedIP{ 67 AddrPort: addrPort, 68 Timestamp: uint64(now.Unix()), 69 }, 70 maxTimestamp: now, 71 expectedErr: nil, 72 }, 73 { 74 name: "timestamp too far ahead", 75 tlsSigner: tlsKey1, 76 blsSigner: blsKey1, 77 expectedCert: cert1, 78 ip: UnsignedIP{ 79 AddrPort: addrPort, 80 Timestamp: uint64(now.Unix()) + 1, 81 }, 82 maxTimestamp: now, 83 expectedErr: errTimestampTooFarInFuture, 84 }, 85 { 86 name: "sig from wrong cert", 87 tlsSigner: tlsKey1, 88 blsSigner: blsKey1, 89 expectedCert: cert2, // note this isn't cert1 90 ip: UnsignedIP{ 91 Timestamp: uint64(now.Unix()), 92 }, 93 maxTimestamp: now, 94 expectedErr: errInvalidTLSSignature, 95 }, 96 } 97 98 for _, tt := range tests { 99 t.Run(tt.name, func(t *testing.T) { 100 signedIP, err := tt.ip.Sign(tt.tlsSigner, tt.blsSigner) 101 require.NoError(t, err) 102 103 err = signedIP.Verify(tt.expectedCert, tt.maxTimestamp) 104 require.ErrorIs(t, err, tt.expectedErr) 105 }) 106 } 107 }