forked from taskcluster/taskcluster
-
Notifications
You must be signed in to change notification settings - Fork 0
/
creds_hmac_test.go
74 lines (69 loc) · 2.55 KB
/
creds_hmac_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package tcclient
import (
"encoding/json"
"io/ioutil"
"reflect"
"testing"
"time"
)
type TempCredsTestCase struct {
Description string `json:"description"`
PermCreds *Credentials `json:"permCreds"`
Seed string `json:"seed"`
Start string `json:"start"`
Expiry string `json:"expiry"`
TempCredsName string `json:"tempCredsName"`
TempCredsScopes []string `json:"tempCredsScopes"`
ExpectedTempCreds *Credentials `json:"expectedTempCreds"`
}
func Test_StaticTempCreds(t *testing.T) {
bytes, err := ioutil.ReadFile("testcases.json")
if err != nil {
t.Fatalf("Could not read file testcases.json so could not run tests: %s", err)
}
var testCases []TempCredsTestCase
err = json.Unmarshal(bytes, &testCases)
if err != nil {
t.Fatalf("Could not interpret contents of file testcases.json as json so could not run tests: %s", err)
}
for _, testCase := range testCases {
testCreds(t, &testCase)
}
}
func testCreds(t *testing.T, tc *TempCredsTestCase) {
t.Logf("Testing " + tc.Description)
start, _ := time.Parse(time.RFC3339, tc.Start)
expiry, _ := time.Parse(time.RFC3339, tc.Expiry)
permCreds := tc.PermCreds
tempCreds, err := permCreds.CreateNamedTemporaryCredentials(
tc.TempCredsName,
time.Hour, // arbitrary value, we update further down
tc.TempCredsScopes...,
)
if err != nil {
t.Fatalf("Could not create temp creds from permanent creds: %s", err)
}
cert, err := tempCreds.Cert()
if err != nil {
t.Fatalf("Could not parse certificate of generated temp creds: %s", err)
}
cert.Seed = tc.Seed
tempCreds.AccessToken, err = generateTemporaryAccessToken(permCreds.AccessToken, cert.Seed)
if err != nil {
t.Fatalf("Could not generate access token for temp creds: %s", err)
}
cert.Start = start.UnixNano() / 1e6
cert.Expiry = expiry.UnixNano() / 1e6
cert.Sign(permCreds.AccessToken, tempCreds.ClientID)
certBytes, err := json.Marshal(cert)
if err != nil {
t.Fatalf("Could not convert updated certificate into a string: %s", err)
}
tempCreds.Certificate = string(certBytes)
expected := tc.ExpectedTempCreds
if !reflect.DeepEqual(expected, tempCreds) {
t.Logf("Unexpected temp creds generated")
t.Logf("Expected:\nAccessToken: %q\nAuthorizedScopes: %q\nClientId: %q\nCertificate: %q", expected.AccessToken, expected.AuthorizedScopes, expected.ClientID, expected.Certificate)
t.Errorf("Actual:\nAccessToken: %q\nAuthorizedScopes: %q\nClientId: %q\nCertificate: %q", tempCreds.AccessToken, tempCreds.AuthorizedScopes, tempCreds.ClientID, tempCreds.Certificate)
}
}