github.com/aavshr/aws-sdk-go@v1.41.3/service/cloudfront/sign/policy_test.go (about) 1 package sign 2 3 import ( 4 "bytes" 5 "crypto" 6 "crypto/rsa" 7 "crypto/sha1" 8 "encoding/base64" 9 "encoding/json" 10 "fmt" 11 "math/rand" 12 "strings" 13 "testing" 14 "time" 15 ) 16 17 func TestEpochTimeMarshal(t *testing.T) { 18 v := AWSEpochTime{time.Now()} 19 b, err := v.MarshalJSON() 20 if err != nil { 21 t.Fatalf("Unexpected error, %#v", err) 22 } 23 24 expected := fmt.Sprintf(`{"AWS:EpochTime":%d}`, v.UTC().Unix()) 25 if string(b) != expected { 26 t.Errorf("Expected marshaled time to match, expect: %s, actual: %s", 27 expected, string(b)) 28 } 29 } 30 31 func TestEpochTimeUnmarshal(t *testing.T) { 32 now := time.Now().Round(time.Second) 33 data := fmt.Sprintf(`{"AWS:EpochTime":%d}`, now.Unix()) 34 var v AWSEpochTime 35 err := json.Unmarshal([]byte(data), &v) 36 if err != nil { 37 t.Fatalf("Unexpected error, %#v", err) 38 } 39 40 expected := now.UTC() 41 if v.Time != expected { 42 t.Errorf("Expected unmarshaled time to match, expect: %s, actual: %s", 43 expected, v.Time) 44 } 45 } 46 47 var testCreateResource = []struct { 48 scheme, u string 49 expect string 50 errPrefix string 51 }{ 52 { 53 "https", "https://example.com/a?b=1&c=2", 54 "https://example.com/a?b=1&c=2", "", 55 }, 56 { 57 "https", "https://example.com/a?b=1", 58 "https://example.com/a?b=1", "", 59 }, 60 { 61 "http", "http*://example.com/a?b=1", 62 "http*://example.com/a?b=1", "", 63 }, 64 { 65 "rtmp", "https://example.com/a?b=1", 66 "a?b=1", "", 67 }, 68 { 69 "rtmp", "https://example.com/a?b=1&c=2", 70 "a?b=1&c=2", "", 71 }, 72 { 73 "ftp", "ftp://example.com/a?b=1", 74 "", "invalid URL scheme", 75 }, 76 } 77 78 func TestCreateResource(t *testing.T) { 79 for i, v := range testCreateResource { 80 r, err := CreateResource(v.scheme, v.u) 81 if err != nil { 82 if v.errPrefix == "" { 83 t.Errorf("%d, Unexpected error %s", i, err.Error()) 84 continue 85 } 86 if !strings.HasPrefix(err.Error(), v.errPrefix) { 87 t.Errorf("%d, Expected to find prefix\nexpect: %s\nactual: %s", i, v.errPrefix, err.Error()) 88 continue 89 } 90 } else if v.errPrefix != "" { 91 t.Errorf("%d, Expected error %s", i, v.errPrefix) 92 continue 93 } 94 95 if v.expect != r { 96 t.Errorf("%d, Expected to find prefix\nexpect: %s\nactual: %s", i, v.expect, r) 97 } 98 } 99 } 100 101 var testTime = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC) 102 103 func TestEncodePolicy(t *testing.T) { 104 const ( 105 expectedJSONPolicy = `{"Statement":[{"Resource":"https://example.com/a","Condition":{"DateLessThan":{"AWS:EpochTime":1257894000}}}]}` 106 expectedB64Policy = `eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9hIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk0MDAwfX19XX0=` 107 ) 108 p := NewCannedPolicy("https://example.com/a", testTime) 109 110 b64Policy, jsonPolicy, err := encodePolicy(p) 111 if err != nil { 112 t.Fatalf("Unexpected error, %#v", err) 113 } 114 115 if string(jsonPolicy) != expectedJSONPolicy { 116 t.Errorf("Expected json encoding to match, \nexpect: %s\nactual: %s\n", expectedJSONPolicy, jsonPolicy) 117 } 118 119 if string(b64Policy) != expectedB64Policy { 120 t.Errorf("Expected b64 encoding to match, \nexpect: %s\nactual: %s\n", expectedB64Policy, b64Policy) 121 } 122 } 123 124 func TestEncodePolicyWithQueryParams(t *testing.T) { 125 const ( 126 expectedJSONPolicy = `{"Statement":[{"Resource":"https://example.com/a?b=1&c=2","Condition":{"DateLessThan":{"AWS:EpochTime":1257894000}}}]}` 127 expectedB64Policy = `eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9hP2I9MSZjPTIiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTQwMDB9fX1dfQ==` 128 ) 129 p := NewCannedPolicy("https://example.com/a?b=1&c=2", testTime) 130 131 b64Policy, jsonPolicy, err := encodePolicy(p) 132 if err != nil { 133 t.Fatalf("Unexpected error, %#v", err) 134 } 135 136 if string(jsonPolicy) != expectedJSONPolicy { 137 t.Errorf("Expected json encoding to match, \nexpect: %s\nactual: %s\n", expectedJSONPolicy, jsonPolicy) 138 } 139 140 if string(b64Policy) != expectedB64Policy { 141 t.Errorf("Expected b64 encoding to match, \nexpect: %s\nactual: %s\n", expectedB64Policy, b64Policy) 142 } 143 } 144 145 func TestSignEncodedPolicy(t *testing.T) { 146 p := NewCannedPolicy("https://example.com/a", testTime) 147 _, jsonPolicy, err := encodePolicy(p) 148 if err != nil { 149 t.Fatalf("Unexpected policy encode error, %#v", err) 150 } 151 152 r := newRandomReader(rand.New(rand.NewSource(1))) 153 154 privKey, err := rsa.GenerateKey(r, 1024) 155 if err != nil { 156 t.Fatalf("Unexpected priv key error, %#v", err) 157 } 158 159 b64Signature, err := signEncodedPolicy(r, jsonPolicy, privKey) 160 if err != nil { 161 t.Fatalf("Unexpected policy sign error, %#v", err) 162 } 163 164 hash := sha1.New() 165 if _, err = bytes.NewReader(jsonPolicy).WriteTo(hash); err != nil { 166 t.Fatalf("Unexpected hash error, %#v", err) 167 } 168 169 decodedSig, err := base64.StdEncoding.DecodeString(string(b64Signature)) 170 if err != nil { 171 t.Fatalf("Unexpected base64 decode signature, %#v", err) 172 } 173 174 if err := rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA1, hash.Sum(nil), decodedSig); err != nil { 175 t.Fatalf("Unable to verify signature, %#v", err) 176 } 177 } 178 179 func TestAWSEscape(t *testing.T) { 180 expect := "a-b_c~" 181 actual := []byte("a+b=c/") 182 awsEscapeEncoded(actual) 183 if string(actual) != expect { 184 t.Errorf("expect: %s, actual: %s", expect, string(actual)) 185 } 186 }