github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/domain_test.go

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/domain_test.go (about)

     1  // Copyright (c) 2014, Google Inc.  All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package tao
    16  
    17  import (
    18  	"io/ioutil"
    19  	"os"
    20  	"path"
    21  	"testing"
    22  
    23  	"github.com/golang/protobuf/proto"
    24  	"github.com/jlmucb/cloudproxy/go/tao/auth"
    25  )
    26  
    27  var testDomainPassword = []byte(`insecure dummy password`)
    28  var authPrin = auth.NewKeyPrin([]byte(`fake key`))
    29  
    30  func testNewACLDomain(t *testing.T) (*Domain, string) {
    31  	tmpdir, err := ioutil.TempDir("/tmp", "acl_domain_test")
    32  	if err != nil {
    33  		t.Fatal("Couldn't get a temp directory for the new ACL guard:", err)
    34  	}
    35  
    36  	var dcfg DomainConfig
    37  	dcfg.DomainInfo = &DomainDetails{
    38  		Name:           proto.String("Test"),
    39  		PolicyKeysPath: proto.String("keys"),
    40  		GuardType:      proto.String("ACLs"),
    41  	}
    42  	dcfg.SetDefaults()
    43  	dcfg.AclGuardInfo = &ACLGuardDetails{SignedAclsPath: proto.String("acls")}
    44  	d, err := CreateDomain(dcfg, path.Join(tmpdir, "tao.config"), testDomainPassword)
    45  	if err != nil {
    46  		os.RemoveAll(tmpdir)
    47  		t.Fatal("Couldn't create a domain:", err)
    48  	}
    49  
    50  	return d, tmpdir
    51  }
    52  
    53  func TestDomainACLSaveAndLoad(t *testing.T) {
    54  	d, tmpdir := testNewACLDomain(t)
    55  	defer os.RemoveAll(tmpdir)
    56  
    57  	d.Guard.Authorize(authPrin, "Execute", nil)
    58  	if err := d.Save(); err != nil {
    59  		t.Fatal("Couldn't save the ACL-based domain:", err)
    60  	}
    61  	d2, err := LoadDomain(path.Join(tmpdir, "tao.config"), testDomainPassword)
    62  	if err != nil {
    63  		t.Fatal("Couldn't load the ACL domain:", err)
    64  	}
    65  
    66  	if !d.Subprincipal().Identical(d2.Subprincipal()) {
    67  		t.Fatal("The subprincipal of the loaded domain was not the same as the original")
    68  	}
    69  
    70  	if d.String() != d2.String() {
    71  		t.Fatal("The name of the loaded ACL domain is not the same as the original")
    72  	}
    73  
    74  	if d.Guard.String() != d2.Guard.String() {
    75  		t.Fatal("The string representation of the loaded guard didn't match the original")
    76  	}
    77  }
    78  
    79  func testNewDatalogDomain(t *testing.T) (*Domain, string) {
    80  	tmpdir, err := ioutil.TempDir("/tmp", "datalog_domain_test")
    81  	if err != nil {
    82  		t.Fatal("Couldn't get a temp directory for the new ACL guard:", err)
    83  	}
    84  
    85  	var dcfg DomainConfig
    86  	dcfg.DomainInfo = &DomainDetails{
    87  		Name:           proto.String("Test"),
    88  		PolicyKeysPath: proto.String("keys"),
    89  		GuardType:      proto.String("Datalog"),
    90  	}
    91  	dcfg.SetDefaults()
    92  	dcfg.DatalogGuardInfo = &DatalogGuardDetails{SignedRulesPath: proto.String(path.Join(tmpdir, "policy_rules"))}
    93  	d, err := CreateDomain(dcfg, path.Join(tmpdir, "tao.config"), testDomainPassword)
    94  	if err != nil {
    95  		os.RemoveAll(tmpdir)
    96  		t.Fatal("Couldn't create a domain:", err)
    97  	}
    98  
    99  	return d, tmpdir
   100  }
   101  
   102  func TestDomainDatalogSaveAndLoad(t *testing.T) {
   103  	d, tmpdir := testNewDatalogDomain(t)
   104  	defer os.RemoveAll(tmpdir)
   105  
   106  	if err := d.Guard.Authorize(authPrin, "Execute", nil); err != nil {
   107  		t.Fatal("Couldn't authorize a simple key principal to Execute:", err)
   108  	}
   109  	if err := d.Save(); err != nil {
   110  		t.Fatal("Couldn't save the original domain after authorization:", err)
   111  	}
   112  
   113  	d2, err := LoadDomain(path.Join(tmpdir, "tao.config"), testDomainPassword)
   114  	if err != nil {
   115  		t.Fatal("Couldn't load the datalog domain:", err)
   116  	}
   117  
   118  	if !d.Subprincipal().Identical(d2.Subprincipal()) {
   119  		t.Fatal("The subprincipal of the loaded domain was not the same as the original")
   120  	}
   121  
   122  	if d.String() != d2.String() {
   123  		t.Fatal("The string representation of the loaded datalog domain is not the same as the original")
   124  	}
   125  
   126  	if d.Guard.String() != d2.Guard.String() {
   127  		t.Fatal("The string representation of the loaded datalog guard didn't match the original")
   128  	}
   129  }