github.com/olivere/camlistore@v0.0.0-20140121221811-1b7ac2da0199/server/sigserver/test/10-sign.t (about)

     1  #!/usr/bin/perl
     2  
     3  use strict;
     4  use Test::More;
     5  use FindBin;
     6  use lib "$FindBin::Bin";
     7  use CamsigdTest;
     8  use JSON::Any;
     9  use HTTP::Request::Common;
    10  
    11  my $server = CamsigdTest::start();
    12  ok($server, "Started the server") or BAIL_OUT("can't start the server");
    13  
    14  my $ua = LWP::UserAgent->new;
    15  
    16  use constant CAMLI_SIGNER => "sha1-82e6f3494f698aa498d5906349c0aa0a183d89a6";
    17  
    18  my $j = JSON::Any->new;
    19  my $json = $j->objToJson({ "camliVersion" => 1,
    20                             "camliSigner" => CAMLI_SIGNER,
    21                             "foo" => "bar",
    22                           });
    23  
    24  # Sign it.
    25  my $sjson;
    26  {
    27      my $req = req("sign", { "json" => $json });
    28      my $res = $ua->request($req);
    29      ok($res, "got an HTTP sig response") or done_testing();
    30      ok($res->is_success, "HTTP sig response is successful") or done_testing();
    31      $sjson = $res->content;
    32      print "Got signed: $sjson";
    33      like($sjson, qr/camliSig/, "contains camliSig substring");
    34      
    35      my $sobj = $j->jsonToObj($sjson);
    36      is($sobj->{"foo"}, "bar", "key foo is still bar");
    37      is($sobj->{"camliVersion"}, 1, "key camliVersion is still 1");
    38      ok(defined $sobj->{"camliSig"}, "has camliSig key");
    39      ok(defined $sobj->{"camliSigner"}, "has camliSigner key");
    40      is(scalar keys %$sobj, 4, "total of 3 keys in signed object");
    41  }
    42  
    43  # Verify it.
    44  {
    45      my $req = req("verify", { "sjson" => $sjson });
    46      my $res = $ua->request($req);
    47      ok($res, "got an HTTP verify response") or done_testing();
    48      ok($res->is_success, "HTTP verify response is successful") or done_testing();
    49      print "Verify response: " . $res->content;
    50      my $vobj = $j->jsonToObj($res->content);
    51      ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
    52      ok($vobj->{'signatureValid'}, "signature is valid");
    53      my $vdat = $vobj->{'verifiedData'};
    54      ok(defined($vdat), "has verified data");
    55      is($vdat->{'camliSigner'}, CAMLI_SIGNER, "signer matches");
    56      is($vdat->{'foo'}, "bar")
    57  }
    58  
    59  # Verification that should fail.
    60  {
    61      my $req = req("verify", { "sjson" => "{}" });
    62      my $res = $ua->request($req);
    63      ok($res, "got an HTTP verify response") or done_testing();
    64      ok($res->is_success, "HTTP verify response is successful") or done_testing();
    65      print "Verify response: " . $res->content;
    66      my $vobj = $j->jsonToObj($res->content);
    67      ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
    68      is(0, $vobj->{'signatureValid'}, "signature is properly invalid");
    69      ok(!defined($vobj->{'verifiedData'}), "no verified data key");
    70      ok(defined($vobj->{'errorMessage'}), "has an error message");
    71  }
    72  
    73  # Imposter!  Verification should fail.
    74  {
    75      my $eviljson = q{{"camliVersion":1,"camliSigner":"sha1-82e6f3494f698aa498d5906349c0aa0a183d89a6","foo":"evilbar","camliSig":"iQEcBAABAgAGBQJM+tnUAAoJEIUeCLJL7Fq1ruwH/RplOpmrTK51etXUHayRGN0RM0Jxttjwa0pPuiHr7fJifaZo2pvMZOMAttjFEP/HMjvpSVi8P7awBFXXlCTj0CAlexsmCsPEHzITXe3siFzH+XCSmfHNPYYti0apQ2+OcWNnzqWXLiEfP5yRVXxcxoWuxYlnFu+mfw5VdjrJpIa+n3Ys5D4zUPVCSNtF4XV537czqfd9AiSfKCY/aL2NuZykl4WtP3JgYl8btE84EjNLFasQDstcWOvp7rrP6T8hQQotw5/F4SmmFM6ybkWXk/Wkax3XpzW9qL00VqhxHd4JIWaSzSV/WcSQwCoLWc7uXttOWgVtMIhzpjeMlqt1gc0==QYU2"}};
    76      my $req = req("verify", { "sjson" => $eviljson });
    77      my $res = $ua->request($req);
    78      ok($res, "got an HTTP verify response") or done_testing();
    79      ok($res->is_success, "HTTP verify response is successful") or done_testing();
    80      print "Verify response: " . $res->content;
    81      my $vobj = $j->jsonToObj($res->content);
    82      ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
    83      is(0, $vobj->{'signatureValid'}, "signature is properly invalid");
    84      ok(!defined($vobj->{'verifiedData'}), "no verified data key");
    85      ok(defined($vobj->{'errorMessage'}), "has an error message");
    86      like($vobj->{'errorMessage'}, qr/bad signature: RSA verification error/, "verification error");
    87  }
    88  
    89  done_testing(29);
    90  
    91  sub req {
    92      my ($method, $post_params) = @_;
    93      return POST($server->root . "/camli/sig/" . $method,
    94                  "Authorization" => "Basic dGVzdDp0ZXN0", # test:test
    95                  Content => $post_params);
    96  }