github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/apps/newfileproxy/common/common_test.go (about) 1 // Copyright (c) 2016, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package common 16 17 import ( 18 "crypto/rand" 19 "crypto/x509" 20 "fmt" 21 "io/ioutil" 22 "math/big" 23 "strconv" 24 "testing" 25 "time" 26 27 "github.com/jlmucb/cloudproxy/go/apps/newfileproxy/resourcemanager" 28 ) 29 30 func TestNonceSignVerify(t *testing.T) { 31 privateKey, err := GenerateUserPublicKey() 32 if err != nil { 33 t.Fatal("Can't generate key") 34 } 35 keyData, err := MakeUserKeyStructure(privateKey, "TestUser", privateKey, nil) 36 if err != nil { 37 t.Fatal("Can't get keyData") 38 } 39 certificate, err := x509.ParseCertificate(keyData.Cert) 40 if err != nil { 41 t.Fatal("Can't parse certificate") 42 } 43 var nonce [32]byte 44 rand.Read(nonce[:]) 45 s1, s2, err := SignNonce(nonce[:], privateKey) 46 if err != nil { 47 t.Fatal("Can't sign nonce") 48 } 49 if !VerifyNonceSignature(nonce[:], s1, s2, certificate) { 50 t.Fatal("Can't verify") 51 } else { 52 fmt.Printf("Verifies") 53 } 54 } 55 56 func TestAuthorization(t *testing.T) { 57 serverData := new(ServerData) 58 serverData.InitServerData() 59 connectionData := new(ServerConnectionData) 60 if serverData == nil { 61 t.Fatal("TestAuthorization: bad serverData init\n") 62 } 63 if connectionData == nil { 64 t.Fatal("TestAuthorization: bad connectionData init\n") 65 } 66 67 // Make up 6 principals 68 var p[6] *resourcemanager.PrincipalInfo 69 for i := 0; i < 6; i++ { 70 userName := "TestUser" + strconv.Itoa(i) 71 key, err := GenerateUserPublicKey() 72 if err != nil { 73 t.Fatal("TestAuthorization: Can't generate public key\n") 74 } 75 keyData, err:= MakeUserKeyStructure(key, userName, key, nil) 76 if err != nil { 77 t.Fatal("TestAuthorization: Can't make key structure\n") 78 } 79 keyData.Certificate, err = x509.ParseCertificate(keyData.Cert) 80 if err != nil { 81 t.Fatal("TestAuthorization: parse certificate\n") 82 } 83 p[i] = new(resourcemanager.PrincipalInfo) 84 p[i].Name = &userName 85 p[i].Cert = keyData.Cert 86 } 87 88 // Add three resources 89 var r[3] *resourcemanager.ResourceInfo 90 for i := 0; i < 3; i++ { 91 r[i] = new(resourcemanager.ResourceInfo) 92 resourceName := "Resource" + strconv.Itoa(i) 93 r[i].Name = &resourceName 94 rType := int32(resourcemanager.ResourceType_FILE) 95 r[i].Type = &rType 96 } 97 98 // Principals 0, 1, 2 are verified; 3, 4, 5 aren't. 99 for i := 0; i < 3; i++ { 100 connectionData.Principals = append(connectionData.Principals, p[i]) 101 } 102 103 cp := resourcemanager.MakeCombinedPrincipalFromOne(p[0]) 104 r[0].Owners = append(r[0].Owners, cp) 105 cp = resourcemanager.MakeCombinedPrincipalFromOne(p[5]) 106 r[1].Owners = append(r[1].Owners, cp) 107 cp = resourcemanager.MakeCombinedPrincipalFromTwo(p[0], p[1]) 108 r[2].Owners = append(r[2].Owners, cp) 109 110 // Test owner authorization 111 serviceType := ServiceType(ServiceType_ADDOWNER) 112 if (!IsAuthorized(serviceType, serverData, connectionData, r[0])) { 113 t.Fatal("TestAuthorization: access to Resource0 doesn't pass but should\n") 114 } 115 if (IsAuthorized(serviceType, serverData, connectionData, r[1])) { 116 t.Fatal("TestAuthorization: access to Resource1 passes but shouldn't\n") 117 } 118 if (!IsAuthorized(serviceType, serverData, connectionData, r[2])) { 119 t.Fatal("TestAuthorization: access to Resource0 doesn't pass but should\n") 120 } 121 } 122 123 func TestSignature(t *testing.T) { 124 serialNumber := new(big.Int).SetInt64(1) 125 userName := "RootKey" 126 notBefore := time.Now() 127 validFor := 365 * 24 * time.Hour 128 notAfter := notBefore.Add(validFor) 129 130 rootKey, err := GenerateUserPublicKey() 131 if err != nil { 132 t.Fatal("TestSignature: Generate root key fails\n"); 133 } 134 signerPriv := interface{}(rootKey) 135 subjectPub := interface{}(rootKey.Public()) 136 rootCert, err := CreateKeyCertificate(*serialNumber, userName, "", "US", 137 signerPriv, nil, "", userName, "US", subjectPub, 138 notBefore, notAfter, true, x509.KeyUsageCertSign) 139 if err != nil { 140 t.Fatal("TestSignature: CreateKeyCertificate fails: ", err); 141 } 142 _ = ioutil.WriteFile("./tmptest/rootCert", rootCert, 0666) 143 signerCertificate, err := x509.ParseCertificate(rootCert) 144 if err != nil { 145 t.Fatal("TestSignature: Can't parse root certificate\n"); 146 } 147 fmt.Printf("Root cert : %x\n", signerCertificate) 148 ok, _, err := VerifyCertificateChain(signerCertificate, nil, signerCertificate) 149 if !ok { 150 t.Fatal("TestSignature: root certificate fails verify: ", err); 151 } 152 153 serialNumber.SetInt64(2) 154 subjectKey, err := GenerateUserPublicKey() 155 if err != nil { 156 t.Fatal("TestSignature: Generate subject key fails\n"); 157 } 158 subjectPub = interface{}(subjectKey.Public()) 159 subjectUserName := "SubjectUser" 160 subjectCert, err := CreateKeyCertificate(*serialNumber, "Google", "", "US", 161 signerPriv, signerCertificate, "", subjectUserName, "US", subjectPub, 162 notBefore, notAfter, false, 163 x509.KeyUsageCertSign|x509.KeyUsageKeyAgreement|x509.KeyUsageDigitalSignature) 164 if err != nil { 165 t.Fatal("TestSignature: CreateKeyCertificate fails\n"); 166 } 167 subjectCertificate, err := x509.ParseCertificate(subjectCert) 168 if err != nil { 169 t.Fatal("TestSignature: Can't parse subject certificate\n"); 170 } 171 ok, _, err = VerifyCertificateChain(signerCertificate, nil, subjectCertificate) 172 if !ok { 173 t.Fatal("TestSignature: subject certificate fails verify: ", err); 174 } 175 fmt.Printf("TestSignature succeeds") 176 } 177 178 func TestServices(t *testing.T) { 179 fmt.Printf("TestServices succeeds") 180 } 181