160 lines
3.3 KiB
Go
160 lines
3.3 KiB
Go
package auth
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
"testing"
|
|
)
|
|
|
|
var (
|
|
testProvider Provider
|
|
testProviderAD Provider
|
|
testKey = "0123456789ABCDEF0123456789ABCDEF"
|
|
testAD = []byte{1, 2, 3, 4} // IP address 1.2.3.4
|
|
)
|
|
|
|
func TestNew(t *testing.T) {
|
|
_, err := New("ABC", nil)
|
|
if err == nil {
|
|
t.Fatal("expected failure with improperly-hex-encoded key")
|
|
}
|
|
|
|
testProvider, err = New(testKey, nil)
|
|
if err != nil {
|
|
t.Fatalf("%v", err)
|
|
}
|
|
|
|
testProviderAD, err = New(testKey, testAD)
|
|
if err != nil {
|
|
t.Fatalf("%v", err)
|
|
}
|
|
|
|
}
|
|
|
|
var (
|
|
testRequest1A = &AuthenticatedRequest{
|
|
Request: []byte(`testing 1 2 3`),
|
|
}
|
|
testRequest1B = &AuthenticatedRequest{
|
|
Request: []byte(`testing 1 2 3`),
|
|
}
|
|
testRequest2 = &AuthenticatedRequest{
|
|
Request: []byte(`testing 3 2 1`),
|
|
}
|
|
)
|
|
|
|
// Sanity check: can a newly-generated token be verified?
|
|
func TestVerifyTrue(t *testing.T) {
|
|
var err error
|
|
|
|
testRequest1A.Token, err = testProvider.Token(testRequest1A.Request)
|
|
if err != nil {
|
|
t.Fatalf("%v", err)
|
|
}
|
|
|
|
testRequest1B.Token, err = testProviderAD.Token(testRequest1B.Request)
|
|
if err != nil {
|
|
t.Fatalf("%v", err)
|
|
}
|
|
|
|
if !testProvider.Verify(testRequest1A) {
|
|
t.Fatal("failed to verify request 1A")
|
|
}
|
|
|
|
if !testProviderAD.Verify(testRequest1B) {
|
|
t.Fatal("failed to verify request 1B")
|
|
}
|
|
}
|
|
|
|
// Sanity check: ensure that additional data is actually used in
|
|
// verification.
|
|
func TestVerifyAD(t *testing.T) {
|
|
if testProvider.Verify(testRequest1B) {
|
|
t.Fatal("no-AD provider verifies request with AD")
|
|
}
|
|
|
|
if testProviderAD.Verify(testRequest1A) {
|
|
t.Fatal("AD provider verifies request without AD")
|
|
}
|
|
}
|
|
|
|
// Sanity check: verification fails if tokens are not the same length.
|
|
func TestTokenLength(t *testing.T) {
|
|
token := testRequest1A.Token[:]
|
|
testRequest1A.Token = testRequest1A.Token[1:]
|
|
|
|
if testProvider.Verify(testRequest1A) {
|
|
t.Fatal("invalid token should not be verified")
|
|
}
|
|
|
|
testRequest1A.Token = token
|
|
}
|
|
|
|
// Sanity check: token fails validation if the request is changed.
|
|
func TestBadRequest(t *testing.T) {
|
|
testRequest2.Token = testRequest1A.Token
|
|
if testProvider.Verify(testRequest2) {
|
|
t.Fatal("bad request should fail verification")
|
|
}
|
|
}
|
|
|
|
// Sanity check: a null request should fail to verify.
|
|
func TestNullRequest(t *testing.T) {
|
|
if testProvider.Verify(nil) {
|
|
t.Fatal("null request should fail verification")
|
|
}
|
|
}
|
|
|
|
// Sanity check: verify a pre-generated authenticated request.
|
|
func TestPreGenerated(t *testing.T) {
|
|
in, err := ioutil.ReadFile("testdata/authrequest.json")
|
|
if err != nil {
|
|
t.Fatalf("%v", err)
|
|
}
|
|
|
|
var req AuthenticatedRequest
|
|
err = json.Unmarshal(in, &req)
|
|
if err != nil {
|
|
t.Fatalf("%v", err)
|
|
}
|
|
|
|
if !testProvider.Verify(&req) {
|
|
t.Fatal("failed to verify pre-generated request")
|
|
}
|
|
}
|
|
|
|
var bmRequest []byte
|
|
|
|
func TestLoadBenchmarkRequest(t *testing.T) {
|
|
in, err := ioutil.ReadFile("testdata/request.json")
|
|
if err != nil {
|
|
t.Fatalf("%v", err)
|
|
}
|
|
|
|
bmRequest = in
|
|
}
|
|
|
|
func BenchmarkToken(b *testing.B) {
|
|
for i := 0; i < b.N; i++ {
|
|
_, err := testProvider.Token(bmRequest)
|
|
if err != nil {
|
|
b.Fatalf("%v", err)
|
|
}
|
|
}
|
|
}
|
|
|
|
func BenchmarkVerify(b *testing.B) {
|
|
token, _ := testProvider.Token(bmRequest)
|
|
req := &AuthenticatedRequest{
|
|
Token: token,
|
|
Request: bmRequest,
|
|
}
|
|
b.ResetTimer()
|
|
|
|
for i := 0; i < b.N; i++ {
|
|
if !testProvider.Verify(req) {
|
|
b.Fatal("failed to verify request")
|
|
}
|
|
}
|
|
}
|