154 lines
4.6 KiB
Go
154 lines
4.6 KiB
Go
package verifier
|
|
|
|
import (
|
|
"context"
|
|
"crypto/ed25519"
|
|
"encoding/base64"
|
|
"strconv"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
// generateTestKeyPair generates a new ED25519 key pair for testing.
|
|
func generateTestKeyPair() (string, string) {
|
|
publicKey, privateKey, _ := ed25519.GenerateKey(nil)
|
|
return base64.StdEncoding.EncodeToString(privateKey), base64.StdEncoding.EncodeToString(publicKey)
|
|
}
|
|
|
|
// signTestData creates a valid signature for test cases.
|
|
func signTestData(privateKeyBase64 string, body []byte, createdAt, expiresAt int64) string {
|
|
privateKeyBytes, _ := base64.StdEncoding.DecodeString(privateKeyBase64)
|
|
privateKey := ed25519.PrivateKey(privateKeyBytes)
|
|
|
|
signingString := hash(body, createdAt, expiresAt)
|
|
signature := ed25519.Sign(privateKey, []byte(signingString))
|
|
|
|
return base64.StdEncoding.EncodeToString(signature)
|
|
}
|
|
|
|
// TestVerifySuccessCases tests all valid signature verification cases.
|
|
func TestVerifySuccess(t *testing.T) {
|
|
privateKeyBase64, publicKeyBase64 := generateTestKeyPair()
|
|
|
|
tests := []struct {
|
|
name string
|
|
body []byte
|
|
createdAt int64
|
|
expiresAt int64
|
|
}{
|
|
{
|
|
name: "Valid Signature",
|
|
body: []byte("Test Payload"),
|
|
createdAt: time.Now().Unix(),
|
|
expiresAt: time.Now().Unix() + 3600,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
signature := signTestData(privateKeyBase64, tt.body, tt.createdAt, tt.expiresAt)
|
|
header := `Signature created="` + strconv.FormatInt(tt.createdAt, 10) +
|
|
`", expires="` + strconv.FormatInt(tt.expiresAt, 10) +
|
|
`", signature="` + signature + `"`
|
|
|
|
verifier, close, _ := New(context.Background(), &Config{})
|
|
valid, err := verifier.Verify(context.Background(), tt.body, []byte(header), publicKeyBase64)
|
|
|
|
if err != nil {
|
|
t.Fatalf("Expected no error, but got: %v", err)
|
|
}
|
|
if !valid {
|
|
t.Fatal("Expected signature verification to succeed")
|
|
}
|
|
if close != nil {
|
|
if err := close(); err != nil {
|
|
t.Fatalf("Test %q failed: cleanup function returned an error: %v", tt.name, err)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
// TestVerifyFailureCases tests all invalid signature verification cases.
|
|
func TestVerifyFailure(t *testing.T) {
|
|
privateKeyBase64, publicKeyBase64 := generateTestKeyPair()
|
|
_, wrongPublicKeyBase64 := generateTestKeyPair()
|
|
|
|
tests := []struct {
|
|
name string
|
|
body []byte
|
|
header string
|
|
pubKey string
|
|
}{
|
|
{
|
|
name: "Missing Authorization Header",
|
|
body: []byte("Test Payload"),
|
|
header: "",
|
|
pubKey: publicKeyBase64,
|
|
},
|
|
{
|
|
name: "Malformed Header",
|
|
body: []byte("Test Payload"),
|
|
header: `InvalidSignature created="wrong"`,
|
|
pubKey: publicKeyBase64,
|
|
},
|
|
{
|
|
name: "Invalid Base64 Signature",
|
|
body: []byte("Test Payload"),
|
|
header: `Signature created="` + strconv.FormatInt(time.Now().Unix(), 10) +
|
|
`", expires="` + strconv.FormatInt(time.Now().Unix()+3600, 10) +
|
|
`", signature="!!INVALIDBASE64!!"`,
|
|
pubKey: publicKeyBase64,
|
|
},
|
|
{
|
|
name: "Expired Signature",
|
|
body: []byte("Test Payload"),
|
|
header: `Signature created="` + strconv.FormatInt(time.Now().Unix()-7200, 10) +
|
|
`", expires="` + strconv.FormatInt(time.Now().Unix()-3600, 10) +
|
|
`", signature="` + signTestData(privateKeyBase64, []byte("Test Payload"), time.Now().Unix()-7200, time.Now().Unix()-3600) + `"`,
|
|
pubKey: publicKeyBase64,
|
|
},
|
|
{
|
|
name: "Invalid Public Key",
|
|
body: []byte("Test Payload"),
|
|
header: `Signature created="` + strconv.FormatInt(time.Now().Unix(), 10) +
|
|
`", expires="` + strconv.FormatInt(time.Now().Unix()+3600, 10) +
|
|
`", signature="` + signTestData(privateKeyBase64, []byte("Test Payload"), time.Now().Unix(), time.Now().Unix()+3600) + `"`,
|
|
pubKey: wrongPublicKeyBase64,
|
|
},
|
|
{
|
|
name: "Invalid Expires Timestamp",
|
|
body: []byte("Test Payload"),
|
|
header: `Signature created="` + strconv.FormatInt(time.Now().Unix(), 10) +
|
|
`", expires="invalid_timestamp"`,
|
|
pubKey: publicKeyBase64,
|
|
},
|
|
{
|
|
name: "Signature Missing in Headers",
|
|
body: []byte("Test Payload"),
|
|
header: `Signature created="` + strconv.FormatInt(time.Now().Unix(), 10) +
|
|
`", expires="` + strconv.FormatInt(time.Now().Unix()+3600, 10) + `"`,
|
|
pubKey: publicKeyBase64,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
verifier, close, _ := New(context.Background(), &Config{})
|
|
valid, err := verifier.Verify(context.Background(), tt.body, []byte(tt.header), tt.pubKey)
|
|
|
|
if err == nil {
|
|
t.Fatal("Expected an error but got none")
|
|
}
|
|
if valid {
|
|
t.Fatal("Expected verification to fail")
|
|
}
|
|
if close != nil {
|
|
if err := close(); err != nil {
|
|
t.Fatalf("Test %q failed: cleanup function returned an error: %v", tt.name, err)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|