github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/api_test.go (about) 1 // Copyright 2016 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package libkb 5 6 import ( 7 "crypto/tls" 8 "net/http" 9 "net/url" 10 "testing" 11 12 "github.com/stretchr/testify/require" 13 14 keybase1 "github.com/keybase/client/go/protocol/keybase1" 15 ) 16 17 func TestIsReddit(t *testing.T) { 18 // Test both with and without a subdomain. 19 req, _ := http.NewRequest("GET", "http://reddit.com", nil) 20 if !isReddit(req) { 21 t.Fatal("should be a reddit URL") 22 } 23 req, _ = http.NewRequest("GET", "http://www.reddit.com", nil) 24 if !isReddit(req) { 25 t.Fatal("should be a reddit URL") 26 } 27 // Test a non-reddit URL. 28 req, _ = http.NewRequest("GET", "http://github.com", nil) 29 if isReddit(req) { 30 t.Fatal("should NOT be a reddit URL") 31 } 32 } 33 34 const ( 35 uriExpected = "https://api-1.core.keybaseapi.com" 36 pingExpected = "https://api-1.core.keybaseapi.com/_/api/1.0/ping.json" 37 ) 38 39 func TestProductionCA(t *testing.T) { 40 tc := SetupTest(t, "prod_ca", 1) 41 defer tc.Cleanup() 42 mctx := NewMetaContextForTest(tc) 43 44 t.Log("WARNING: setting run mode to production, be careful:") 45 tc.G.Env.Test.UseProductionRunMode = true 46 47 serverURI, err := tc.G.Env.GetServerURI() 48 require.NoError(t, err) 49 50 if serverURI != uriExpected { 51 t.Fatalf("production server uri: %s, expected %s", serverURI, uriExpected) 52 } 53 54 err = tc.G.ConfigureAPI() 55 require.NoError(t, err) 56 57 // make sure endpoint is correct: 58 arg := APIArg{Endpoint: "ping"} 59 internal, ok := tc.G.API.(*InternalAPIEngine) 60 if !ok { 61 t.Fatal("failed to cast API to internal api engine") 62 } 63 url := internal.getURL(arg, false) 64 if url.String() != pingExpected { 65 t.Fatalf("api url: %s, expected %s", url.String(), pingExpected) 66 } 67 68 _, err = tc.G.API.Post(mctx, arg) 69 if err != nil { 70 t.Fatal(err) 71 } 72 73 _, err = tc.G.API.Get(mctx, arg) 74 if err != nil { 75 t.Fatal(err) 76 } 77 } 78 79 func TestProductionBadCA(t *testing.T) { 80 tc := SetupTest(t, "prod_ca", 1) 81 defer tc.Cleanup() 82 mctx := NewMetaContextForTest(tc) 83 84 t.Log("WARNING: setting run mode to production, be careful:") 85 tc.G.Env.Test.UseProductionRunMode = true 86 87 serverURI, err := tc.G.Env.GetServerURI() 88 require.NoError(t, err) 89 90 if serverURI != uriExpected { 91 t.Fatalf("production server uri: %s, expected %s", serverURI, uriExpected) 92 } 93 94 // change the api CA to one that api.keybase.io doesn't know: 95 apiCAOverrideForTest = unknownCA 96 defer func() { 97 apiCAOverrideForTest = "" 98 }() 99 100 err = tc.G.ConfigureAPI() 101 require.NoError(t, err) 102 103 // make sure endpoint is correct: 104 arg := APIArg{Endpoint: "ping"} 105 internal, ok := tc.G.API.(*InternalAPIEngine) 106 if !ok { 107 t.Fatal("failed to cast API to internal api engine") 108 } 109 iurl := internal.getURL(arg, false) 110 if iurl.String() != pingExpected { 111 t.Fatalf("api url: %s, expected %s", iurl.String(), pingExpected) 112 } 113 114 _, err = tc.G.API.Post(mctx, arg) 115 if err == nil { 116 t.Errorf("api ping POST worked with unknown CA") 117 } else { 118 checkX509Err(t, err) 119 } 120 121 _, err = tc.G.API.Get(mctx, arg) 122 if err == nil { 123 t.Errorf("api ping GET worked with unknown CA") 124 } else { 125 checkX509Err(t, err) 126 } 127 } 128 129 // this error is buried, so dig for it: 130 func checkX509Err(t *testing.T, err error) { 131 if err == nil { 132 t.Fatal("isX509Err called with nil error") 133 } 134 135 a, ok := err.(APINetError) 136 if !ok { 137 t.Errorf("invalid error type: %T, expected libkb.APINetError", err) 138 return 139 } 140 141 b, ok := a.Err.(*url.Error) 142 if !ok { 143 t.Errorf("APINetError err field type: %T, expected *url.Error", a.Err) 144 return 145 } 146 147 _, ok = b.Err.(*tls.CertificateVerificationError) 148 if !ok { 149 t.Errorf("url.Error Err field type: %T, expected x509.UnknownAuthorityError", b.Err) 150 } 151 } 152 153 const unknownCA = `-----BEGIN CERTIFICATE----- 154 MIIFgDCCA2gCCQDF4YJuQAWDqTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC 155 VVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQHDAZCb3N0b24xEzARBgNVBAoMCkV4YW1w 156 bGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxCzAJBgNVBAMMAmNhMSAwHgYJKoZIhvcN 157 AQkBFhFjZXJ0c0BleGFtcGxlLmNvbTAeFw0xNjAyMjUyMTQ3MzhaFw00MzA3MTIy 158 MTQ3MzhaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJv 159 c3RvbjETMBEGA1UECgwKRXhhbXBsZSBDbzEQMA4GA1UECwwHdGVjaG9wczELMAkG 160 A1UEAwwCY2ExIDAeBgkqhkiG9w0BCQEWEWNlcnRzQGV4YW1wbGUuY29tMIICIjAN 161 BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8NScIAfl3DK26CwnMSH1TXKurE/B 162 BOocNApkH/913F28AgxzsS+blsG1IyjSuG9ls5shqlGpWQs1kM9PqFz6Yl5Y3H8b 163 cwY0dWk1RmrZ6EWV/lWuLZxiKB8rBJksUVvdcuhnNpvOjYvkTgL9q7OObMdz3lvH 164 2pqwa8TWgw9EITKCam7i4860qcOoVkhCFitrihg182UmXWmuAZOm5N0R9+Y5t8yQ 165 7S3XKYZLtKND7ZGD51AfjN6TN1jN8kd9KMii7JITtvqsJDOxl0Kzn9fefgnCQF1G 166 P7ilLybId4W5pCO/8mKXb0CQlJ9kAYVfxWPNR87ZQA9KLC8nXu3xWaplXZl7T4Tq 167 wZHD85lbpLurSkJliizwDgs3cootEXs04ssl6SpVnc/Qxat3jomCtmKBtY5Cxvy9 168 IwHmaYWCYAIiPcru8U1cVg3xsH6i2JTz7uZRFvEjhYNqr1o6QnKcJ6cYGs13tYwA 169 57Xl1CVJ8hBMmtlzqbA2xMCbmkpWitjzXyArzQjAD0dDeGmStGOOQqy/N4LJaQ6+ 170 +q2bHpx5Cd6DxNf868iWupuKadT923ZDzAn1PhDWugKQ2BSIzM2O57m1HYmGm3be 171 NpwTYKuZGCDaLwDhnbIICTgQXjyCDTV4TfOKBPzr+i+yAjdjJimXHQ5gy7BMJoO6 172 fOWYqbs8vgvx4WUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAhLLxyfdQdQDdo3YG 173 s1fKqm5lLu0Dx6uzNtIVY0n7vyyAolBVDlJ7Du84b344/U4kRgjNwAx2ZECvWkEZ 174 ov6+VMYX6EkV/0nwRNOoADYO8YVlZzBvwZgA12Vkw9NHje18FnQcS3L4nFjJPFoY 175 UEBhK5qTXqxJ9PK9aBZXIhDT2u/o9xEecuC3kjqNI6bi5zsZ5y04Qulr/1UwWy2e 176 IFFfySdL7kzZkhQAawg/+pNgentVykRRNgCVmFQ4uytTpp45pAtSNBaLm8RCrNGF 177 AybVh7HAW+LwjUOPpYQ38j1neiFS8NFJRKNKS2OtbS743NnYWbYOJdGWH4jwOluL 178 PjckYdTGO82EIjxcGXIF5UPw6W3ozwCqGgO1bCY8tgcjoUPm3hUrTzZ5ueXRUkNI 179 qwPrmvpLUtJjI7prCAsi3gDoL/+t7LNEAYPYreRc+LdvJTRj90WwWCdXTHfSMVjt 180 NN9Mt339LkwXGCb6CavmDgE7oVbrFPSTbeFFPhaheQh7pjLFhl9ZBfE7g3d9oNOX 181 PmyY3I0kAE41RiDMrrxHO3tHv9IaQUUDDcGzIWFJlnbvQRXAsWf/HH56Q0eIAZZp 182 K++p6Mo0K+KCu0IwKwdcTYKqty6xefK83p0j/IWVW29Lka44f+ZAroUlBn1+W4GO 183 sB31+boS8zC7SOmgWuaHeOQdLT8= 184 -----END CERTIFICATE----- 185 ` 186 187 type DummyConfigReader struct { 188 NullConfiguration 189 } 190 191 var _ ConfigReader = (*DummyConfigReader)(nil) 192 193 func (r *DummyConfigReader) GetDeviceID() keybase1.DeviceID { 194 return "dummy-device-id" 195 } 196 197 type DummyUpdaterConfigReader struct{} 198 199 var _ UpdaterConfigReader = (*DummyUpdaterConfigReader)(nil) 200 201 func (r *DummyUpdaterConfigReader) GetInstallID() InstallID { 202 return "dummy-install-id" 203 } 204 205 func TestInstallIDHeaders(t *testing.T) { 206 tc := SetupTest(t, "test", 1) 207 defer tc.Cleanup() 208 mctx := NewMetaContextForTest(tc) 209 210 // Hack in the device ID and install ID with dummy readers. 211 tc.G.Env.config = &DummyConfigReader{} 212 tc.G.Env.updaterConfig = &DummyUpdaterConfigReader{} 213 214 api, err := NewInternalAPIEngine(tc.G) 215 if err != nil { 216 t.Fatal(err) 217 } 218 res, err := api.Get(mctx, APIArg{ 219 Endpoint: "pkg/show", 220 SessionType: APISessionTypeOPTIONAL, 221 Args: HTTPArgs{}, 222 }) 223 if err != nil { 224 t.Fatal(err) 225 } 226 227 deviceID, err := res.Body.AtKey("device_id").GetString() 228 if err != nil { 229 t.Fatal(err) 230 } 231 if deviceID != "dummy-device-id" { 232 t.Fatalf("expected device ID to be reflected back, got %s", res.Body.MarshalPretty()) 233 } 234 235 installID, err := res.Body.AtKey("install_id").GetString() 236 if err != nil { 237 t.Fatal(err) 238 } 239 if installID != "dummy-install-id" { 240 t.Fatalf("expected install ID to be reflected back, got %s", res.Body.MarshalPretty()) 241 } 242 } 243 func TestInstallIDHeadersAnon(t *testing.T) { 244 tc := SetupTest(t, "test", 1) 245 defer tc.Cleanup() 246 mctx := NewMetaContextForTest(tc) 247 248 // Hack in the device ID and install ID with dummy readers. 249 tc.G.Env.config = &DummyConfigReader{} 250 tc.G.Env.updaterConfig = &DummyUpdaterConfigReader{} 251 252 api, err := NewInternalAPIEngine(tc.G) 253 if err != nil { 254 t.Fatal(err) 255 } 256 res, err := api.Get(mctx, APIArg{ 257 Endpoint: "pkg/show", 258 SessionType: APISessionTypeNONE, 259 Args: HTTPArgs{}, 260 }) 261 if err != nil { 262 t.Fatal(err) 263 } 264 265 _, err = res.Body.AtKey("device_id").GetString() 266 if err == nil { 267 t.Fatal("Device ID should not be here") 268 } 269 270 _, err = res.Body.AtKey("install_id").GetString() 271 if err == nil { 272 t.Fatal("Install ID should not be here") 273 } 274 }