github.com/decred/dcrlnd@v0.7.6/cmd/dcrlncli/macaroon_jar_test.go (about) 1 package main 2 3 import ( 4 "encoding/hex" 5 "testing" 6 7 "github.com/stretchr/testify/require" 8 "gopkg.in/macaroon.v2" 9 ) 10 11 var ( 12 dummyMacStr = "0201047465737402067788991234560000062052d26ed139ea5af8" + 13 "3e675500c4ccb2471f62191b745bab820f129e5588a255d2" 14 dummyMac, _ = hex.DecodeString(dummyMacStr) 15 encryptedEntry = &macaroonEntry{ 16 Name: "encryptedMac", 17 Data: "snacl:exX8xbUOb6Gih88ybL2jZGo+DBDPU2tYKkvo0eVVmbDGDoFP" + 18 "zlv5xvqNK5eml0LKLcB8LdZRw43qXK1W2OLs/gBAAAAAAAAACAAA" + 19 "AAAAAAABAAAAAAAAAA==:C8TN/aDOvSLiBCX+IdoPTx+UUWhVdGj" + 20 "NQvbcaWp+KXQWqPfpRZpjJQ6B2PDx5mJxImcezJGPx8ShAqMdxWe" + 21 "l2precU+1cOjk7HQFkYuu943eJ00s6JerAY+ssg==", 22 } 23 plaintextEntry = &macaroonEntry{ 24 Name: "plaintextMac", 25 Data: dummyMacStr, 26 } 27 28 testPassword = []byte("S3curePazzw0rd") 29 pwCallback = func(string) ([]byte, error) { 30 return testPassword, nil 31 } 32 noPwCallback = func(string) ([]byte, error) { 33 return nil, nil 34 } 35 ) 36 37 // TestMacaroonJarEncrypted tests that a macaroon can be stored and retrieved 38 // safely by encrypting/decrypting it with a password. 39 func TestMacaroonJarEncrypted(t *testing.T) { 40 // Create a new macaroon entry from the dummy macaroon and encrypt it 41 // with the test password. 42 newEntry := &macaroonEntry{ 43 Name: "encryptedMac", 44 } 45 err := newEntry.storeMacaroon(toMacaroon(t, dummyMac), testPassword) 46 require.NoError(t, err) 47 48 // Now decrypt it again and make sure we get the same content back. 49 mac, err := newEntry.loadMacaroon(pwCallback) 50 require.NoError(t, err) 51 macBytes, err := mac.MarshalBinary() 52 require.NoError(t, err) 53 require.Equal(t, dummyMac, macBytes) 54 55 // The encrypted data of the entry we just created shouldn't be the 56 // same as our test entry because of the salt snacl uses. 57 require.NotEqual(t, encryptedEntry.Data, newEntry.Data) 58 59 // Decrypt the hard coded test entry and make sure the decrypted content 60 // matches our created entry. 61 mac, err = encryptedEntry.loadMacaroon(pwCallback) 62 require.NoError(t, err) 63 macBytes, err = mac.MarshalBinary() 64 require.NoError(t, err) 65 require.Equal(t, dummyMac, macBytes) 66 } 67 68 // TestMacaroonJarPlaintext tests that a macaroon can be stored and retrieved 69 // as plaintext as well. 70 func TestMacaroonJarPlaintext(t *testing.T) { 71 // Create a new macaroon entry from the dummy macaroon and encrypt it 72 // with the test password. 73 newEntry := &macaroonEntry{ 74 Name: "plaintextMac", 75 } 76 err := newEntry.storeMacaroon(toMacaroon(t, dummyMac), nil) 77 require.NoError(t, err) 78 79 // Now decrypt it again and make sure we get the same content back. 80 mac, err := newEntry.loadMacaroon(noPwCallback) 81 require.NoError(t, err) 82 macBytes, err := mac.MarshalBinary() 83 require.NoError(t, err) 84 require.Equal(t, dummyMac, macBytes) 85 require.Equal(t, plaintextEntry.Data, newEntry.Data) 86 87 // Load the hard coded plaintext test entry and make sure the loaded 88 // content matches our created entry. 89 mac, err = plaintextEntry.loadMacaroon(noPwCallback) 90 require.NoError(t, err) 91 macBytes, err = mac.MarshalBinary() 92 require.NoError(t, err) 93 require.Equal(t, dummyMac, macBytes) 94 } 95 96 func toMacaroon(t *testing.T, macData []byte) *macaroon.Macaroon { 97 mac := &macaroon.Macaroon{} 98 err := mac.UnmarshalBinary(macData) 99 require.NoError(t, err) 100 101 return mac 102 }