auth_test.go 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
  1. package auth
  2. import (
  3. "encoding/json"
  4. "io/ioutil"
  5. "testing"
  6. )
  7. var (
  8. testProvider Provider
  9. testProviderAD Provider
  10. testKey = "0123456789ABCDEF0123456789ABCDEF"
  11. testAD = []byte{1, 2, 3, 4} // IP address 1.2.3.4
  12. )
  13. func TestNew(t *testing.T) {
  14. _, err := New("ABC", nil)
  15. if err == nil {
  16. t.Fatal("expected failure with improperly-hex-encoded key")
  17. }
  18. testProvider, err = New(testKey, nil)
  19. if err != nil {
  20. t.Fatalf("%v", err)
  21. }
  22. testProviderAD, err = New(testKey, testAD)
  23. if err != nil {
  24. t.Fatalf("%v", err)
  25. }
  26. }
  27. var (
  28. testRequest1A = &AuthenticatedRequest{
  29. Request: []byte(`testing 1 2 3`),
  30. }
  31. testRequest1B = &AuthenticatedRequest{
  32. Request: []byte(`testing 1 2 3`),
  33. }
  34. testRequest2 = &AuthenticatedRequest{
  35. Request: []byte(`testing 3 2 1`),
  36. }
  37. )
  38. // Sanity check: can a newly-generated token be verified?
  39. func TestVerifyTrue(t *testing.T) {
  40. var err error
  41. testRequest1A.Token, err = testProvider.Token(testRequest1A.Request)
  42. if err != nil {
  43. t.Fatalf("%v", err)
  44. }
  45. testRequest1B.Token, err = testProviderAD.Token(testRequest1B.Request)
  46. if err != nil {
  47. t.Fatalf("%v", err)
  48. }
  49. if !testProvider.Verify(testRequest1A) {
  50. t.Fatal("failed to verify request 1A")
  51. }
  52. if !testProviderAD.Verify(testRequest1B) {
  53. t.Fatal("failed to verify request 1B")
  54. }
  55. }
  56. // Sanity check: ensure that additional data is actually used in
  57. // verification.
  58. func TestVerifyAD(t *testing.T) {
  59. if testProvider.Verify(testRequest1B) {
  60. t.Fatal("no-AD provider verifies request with AD")
  61. }
  62. if testProviderAD.Verify(testRequest1A) {
  63. t.Fatal("AD provider verifies request without AD")
  64. }
  65. }
  66. // Sanity check: verification fails if tokens are not the same length.
  67. func TestTokenLength(t *testing.T) {
  68. token := testRequest1A.Token[:]
  69. testRequest1A.Token = testRequest1A.Token[1:]
  70. if testProvider.Verify(testRequest1A) {
  71. t.Fatal("invalid token should not be verified")
  72. }
  73. testRequest1A.Token = token
  74. }
  75. // Sanity check: token fails validation if the request is changed.
  76. func TestBadRequest(t *testing.T) {
  77. testRequest2.Token = testRequest1A.Token
  78. if testProvider.Verify(testRequest2) {
  79. t.Fatal("bad request should fail verification")
  80. }
  81. }
  82. // Sanity check: a null request should fail to verify.
  83. func TestNullRequest(t *testing.T) {
  84. if testProvider.Verify(nil) {
  85. t.Fatal("null request should fail verification")
  86. }
  87. }
  88. // Sanity check: verify a pre-generated authenticated request.
  89. func TestPreGenerated(t *testing.T) {
  90. in, err := ioutil.ReadFile("testdata/authrequest.json")
  91. if err != nil {
  92. t.Fatalf("%v", err)
  93. }
  94. var req AuthenticatedRequest
  95. err = json.Unmarshal(in, &req)
  96. if err != nil {
  97. t.Fatalf("%v", err)
  98. }
  99. if !testProvider.Verify(&req) {
  100. t.Fatal("failed to verify pre-generated request")
  101. }
  102. }
  103. var bmRequest []byte
  104. func TestLoadBenchmarkRequest(t *testing.T) {
  105. in, err := ioutil.ReadFile("testdata/request.json")
  106. if err != nil {
  107. t.Fatalf("%v", err)
  108. }
  109. bmRequest = in
  110. }
  111. func BenchmarkToken(b *testing.B) {
  112. for i := 0; i < b.N; i++ {
  113. _, err := testProvider.Token(bmRequest)
  114. if err != nil {
  115. b.Fatalf("%v", err)
  116. }
  117. }
  118. }
  119. func BenchmarkVerify(b *testing.B) {
  120. token, _ := testProvider.Token(bmRequest)
  121. req := &AuthenticatedRequest{
  122. Token: token,
  123. Request: bmRequest,
  124. }
  125. b.ResetTimer()
  126. for i := 0; i < b.N; i++ {
  127. if !testProvider.Verify(req) {
  128. b.Fatal("failed to verify request")
  129. }
  130. }
  131. }