github.com/dolthub/dolt/go@v0.40.5-0.20240520175717-68db7794bea6/libraries/doltcore/remotesrv/sealer_test.go (about)

     1  // Copyright 2022 Dolthub, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package remotesrv
    16  
    17  import (
    18  	"crypto/rand"
    19  	"encoding/base64"
    20  	"fmt"
    21  	"net/url"
    22  	"testing"
    23  	"time"
    24  
    25  	"github.com/stretchr/testify/assert"
    26  )
    27  
    28  func TestSingleSymmetricKeySealer(t *testing.T) {
    29  	s, err := NewSingleSymmetricKeySealer()
    30  	assert.NoError(t, err)
    31  	assert.NotNil(t, s)
    32  
    33  	u := &url.URL{
    34  		Scheme: "https",
    35  		Host:   "remotesapi.dolthub.com:443",
    36  		Path:   "somedatabasename/sometablefilename",
    37  	}
    38  	sealed, err := s.Seal(u)
    39  	assert.NoError(t, err)
    40  	unsealed, err := s.Unseal(sealed)
    41  	assert.NoError(t, err)
    42  	assert.Equal(t, u, unsealed)
    43  
    44  	corruptednbf := &(*sealed)
    45  	ps := corruptednbf.Query()
    46  	ps.Set("nbf", fmt.Sprintf("%v", time.Now()))
    47  	corruptednbf.RawQuery = ps.Encode()
    48  	unsealed, err = s.Unseal(corruptednbf)
    49  	assert.Error(t, err)
    50  
    51  	nonbf := &(*sealed)
    52  	ps = nonbf.Query()
    53  	ps.Del("nbf")
    54  	nonbf.RawQuery = ps.Encode()
    55  	unsealed, err = s.Unseal(nonbf)
    56  	assert.Error(t, err)
    57  
    58  	corruptedexp := &(*sealed)
    59  	ps = corruptedexp.Query()
    60  	ps.Set("exp", fmt.Sprintf("%v", time.Now()))
    61  	corruptedexp.RawQuery = ps.Encode()
    62  	unsealed, err = s.Unseal(corruptedexp)
    63  	assert.Error(t, err)
    64  
    65  	noexp := &(*sealed)
    66  	ps = noexp.Query()
    67  	ps.Del("exp")
    68  	noexp.RawQuery = ps.Encode()
    69  	unsealed, err = s.Unseal(noexp)
    70  	assert.Error(t, err)
    71  
    72  	corruptednonce := &(*sealed)
    73  	ps = corruptednonce.Query()
    74  	var differentnonce [12]byte
    75  	_, err = rand.Read(differentnonce[:])
    76  	assert.NoError(t, err)
    77  	ps.Set("nonce", base64.RawURLEncoding.EncodeToString(differentnonce[:]))
    78  	corruptednonce.RawQuery = ps.Encode()
    79  	unsealed, err = s.Unseal(corruptednonce)
    80  	assert.Error(t, err)
    81  
    82  	nononce := &(*sealed)
    83  	ps = nononce.Query()
    84  	ps.Del("nonce")
    85  	nononce.RawQuery = ps.Encode()
    86  	unsealed, err = s.Unseal(nononce)
    87  	assert.Error(t, err)
    88  }