123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 |
- package auth
- import (
- "encoding/json"
- "io/ioutil"
- "testing"
- )
- var (
- testProvider Provider
- testProviderAD Provider
- testKey = "0123456789ABCDEF0123456789ABCDEF"
- testAD = []byte{1, 2, 3, 4} // IP address 1.2.3.4
- )
- func TestNew(t *testing.T) {
- _, err := New("ABC", nil)
- if err == nil {
- t.Fatal("expected failure with improperly-hex-encoded key")
- }
- testProvider, err = New(testKey, nil)
- if err != nil {
- t.Fatalf("%v", err)
- }
- testProviderAD, err = New(testKey, testAD)
- if err != nil {
- t.Fatalf("%v", err)
- }
- }
- var (
- testRequest1A = &AuthenticatedRequest{
- Request: []byte(`testing 1 2 3`),
- }
- testRequest1B = &AuthenticatedRequest{
- Request: []byte(`testing 1 2 3`),
- }
- testRequest2 = &AuthenticatedRequest{
- Request: []byte(`testing 3 2 1`),
- }
- )
- // Sanity check: can a newly-generated token be verified?
- func TestVerifyTrue(t *testing.T) {
- var err error
- testRequest1A.Token, err = testProvider.Token(testRequest1A.Request)
- if err != nil {
- t.Fatalf("%v", err)
- }
- testRequest1B.Token, err = testProviderAD.Token(testRequest1B.Request)
- if err != nil {
- t.Fatalf("%v", err)
- }
- if !testProvider.Verify(testRequest1A) {
- t.Fatal("failed to verify request 1A")
- }
- if !testProviderAD.Verify(testRequest1B) {
- t.Fatal("failed to verify request 1B")
- }
- }
- // Sanity check: ensure that additional data is actually used in
- // verification.
- func TestVerifyAD(t *testing.T) {
- if testProvider.Verify(testRequest1B) {
- t.Fatal("no-AD provider verifies request with AD")
- }
- if testProviderAD.Verify(testRequest1A) {
- t.Fatal("AD provider verifies request without AD")
- }
- }
- // Sanity check: verification fails if tokens are not the same length.
- func TestTokenLength(t *testing.T) {
- token := testRequest1A.Token[:]
- testRequest1A.Token = testRequest1A.Token[1:]
- if testProvider.Verify(testRequest1A) {
- t.Fatal("invalid token should not be verified")
- }
- testRequest1A.Token = token
- }
- // Sanity check: token fails validation if the request is changed.
- func TestBadRequest(t *testing.T) {
- testRequest2.Token = testRequest1A.Token
- if testProvider.Verify(testRequest2) {
- t.Fatal("bad request should fail verification")
- }
- }
- // Sanity check: a null request should fail to verify.
- func TestNullRequest(t *testing.T) {
- if testProvider.Verify(nil) {
- t.Fatal("null request should fail verification")
- }
- }
- // Sanity check: verify a pre-generated authenticated request.
- func TestPreGenerated(t *testing.T) {
- in, err := ioutil.ReadFile("testdata/authrequest.json")
- if err != nil {
- t.Fatalf("%v", err)
- }
- var req AuthenticatedRequest
- err = json.Unmarshal(in, &req)
- if err != nil {
- t.Fatalf("%v", err)
- }
- if !testProvider.Verify(&req) {
- t.Fatal("failed to verify pre-generated request")
- }
- }
- var bmRequest []byte
- func TestLoadBenchmarkRequest(t *testing.T) {
- in, err := ioutil.ReadFile("testdata/request.json")
- if err != nil {
- t.Fatalf("%v", err)
- }
- bmRequest = in
- }
- func BenchmarkToken(b *testing.B) {
- for i := 0; i < b.N; i++ {
- _, err := testProvider.Token(bmRequest)
- if err != nil {
- b.Fatalf("%v", err)
- }
- }
- }
- func BenchmarkVerify(b *testing.B) {
- token, _ := testProvider.Token(bmRequest)
- req := &AuthenticatedRequest{
- Token: token,
- Request: bmRequest,
- }
- b.ResetTimer()
- for i := 0; i < b.N; i++ {
- if !testProvider.Verify(req) {
- b.Fatal("failed to verify request")
- }
- }
- }
|