-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
service_test.go
136 lines (124 loc) · 4.05 KB
/
service_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
package macaroons_test
import (
"context"
"encoding/hex"
"io/ioutil"
"os"
"path"
"testing"
"github.com/coreos/bbolt"
"github.com/lightningnetwork/lnd/macaroons"
"google.golang.org/grpc/metadata"
"gopkg.in/macaroon-bakery.v2/bakery"
"gopkg.in/macaroon-bakery.v2/bakery/checkers"
)
var (
testOperation = bakery.Op{
Entity: "testEntity",
Action: "read",
}
defaultPw = []byte("hello")
)
// setupTestRootKeyStorage creates a dummy root key storage by
// creating a temporary macaroons.db and initializing it with the
// default password of 'hello'. Only the path to the temporary
// DB file is returned, because the service will open the file
// and read the store on its own.
func setupTestRootKeyStorage(t *testing.T) string {
tempDir, err := ioutil.TempDir("", "macaroonstore-")
if err != nil {
t.Fatalf("Error creating temp dir: %v", err)
}
db, err := bbolt.Open(path.Join(tempDir, "macaroons.db"), 0600,
bbolt.DefaultOptions)
if err != nil {
t.Fatalf("Error opening store DB: %v", err)
}
store, err := macaroons.NewRootKeyStorage(db)
if err != nil {
db.Close()
t.Fatalf("Error creating root key store: %v", err)
}
defer store.Close()
err = store.CreateUnlock(&defaultPw)
return tempDir
}
// TestNewService tests the creation of the macaroon service.
func TestNewService(t *testing.T) {
// First, initialize a dummy DB file with a store that the service
// can read from. Make sure the file is removed in the end.
tempDir := setupTestRootKeyStorage(t)
defer os.RemoveAll(tempDir)
// Second, create the new service instance, unlock it and pass in a
// checker that we expect it to add to the bakery.
service, err := macaroons.NewService(tempDir, macaroons.IPLockChecker)
defer service.Close()
if err != nil {
t.Fatalf("Error creating new service: %v", err)
}
err = service.CreateUnlock(&defaultPw)
if err != nil {
t.Fatalf("Error unlocking root key storage: %v", err)
}
// Third, check if the created service can bake macaroons.
macaroon, err := service.Oven.NewMacaroon(nil, bakery.LatestVersion,
nil, testOperation)
if err != nil {
t.Fatalf("Error creating macaroon from service: %v", err)
}
if macaroon.Namespace().String() != "std:" {
t.Fatalf("The created macaroon has an invalid namespace: %s",
macaroon.Namespace().String())
}
// Finally, check if the service has been initialized correctly and
// the checker has been added.
var checkerFound = false
checker := service.Checker.FirstPartyCaveatChecker.(*checkers.Checker)
for _, info := range checker.Info() {
if info.Name == "ipaddr" &&
info.Prefix == "" &&
info.Namespace == "std" {
checkerFound = true
}
}
if !checkerFound {
t.Fatalf("Checker '%s' not found in service.", "ipaddr")
}
}
// TestValidateMacaroon tests the validation of a macaroon that is in an
// incoming context.
func TestValidateMacaroon(t *testing.T) {
// First, initialize the service and unlock it.
tempDir := setupTestRootKeyStorage(t)
defer os.RemoveAll(tempDir)
service, err := macaroons.NewService(tempDir, macaroons.IPLockChecker)
defer service.Close()
if err != nil {
t.Fatalf("Error creating new service: %v", err)
}
err = service.CreateUnlock(&defaultPw)
if err != nil {
t.Fatalf("Error unlocking root key storage: %v", err)
}
// Then, create a new macaroon that we can serialize.
macaroon, err := service.Oven.NewMacaroon(nil, bakery.LatestVersion,
nil, testOperation)
if err != nil {
t.Fatalf("Error creating macaroon from service: %v", err)
}
macaroonBinary, err := macaroon.M().MarshalBinary()
if err != nil {
t.Fatalf("Error serializing macaroon: %v", err)
}
// Because the macaroons are always passed in a context, we need to
// mock one that has just the serialized macaroon as a value.
md := metadata.New(map[string]string{
"macaroon": hex.EncodeToString(macaroonBinary),
})
mockContext := metadata.NewIncomingContext(context.Background(), md)
// Finally, validate the macaroon against the required permissions.
err = service.ValidateMacaroon(mockContext, []bakery.Op{testOperation})
if err != nil {
t.Fatalf("Error validating the macaroon: %v", err)
}
}