2015-04-21 15:02:03 +00:00
package audit
import (
2018-01-19 06:44:44 +00:00
"context"
2015-09-18 21:36:42 +00:00
"crypto/sha256"
2015-04-22 05:41:53 +00:00
"fmt"
2015-04-21 15:02:03 +00:00
"reflect"
"testing"
2015-04-27 22:54:14 +00:00
"time"
2015-04-22 05:41:53 +00:00
2016-01-26 17:47:04 +00:00
"github.com/hashicorp/vault/helper/certutil"
2015-09-18 21:36:42 +00:00
"github.com/hashicorp/vault/helper/salt"
2017-04-24 19:15:01 +00:00
"github.com/hashicorp/vault/helper/wrapping"
2015-04-22 05:41:53 +00:00
"github.com/hashicorp/vault/logical"
2015-04-27 22:54:14 +00:00
"github.com/mitchellh/copystructure"
2015-04-21 15:02:03 +00:00
)
2015-04-27 22:54:14 +00:00
func TestCopy_auth ( t * testing . T ) {
// Make a non-pointer one so that it can't be modified directly
expected := logical . Auth {
LeaseOptions : logical . LeaseOptions {
2018-04-03 16:20:20 +00:00
TTL : 1 * time . Hour ,
2015-04-27 22:54:14 +00:00
} ,
ClientToken : "foo" ,
}
auth := expected
// Copy it
dup , err := copystructure . Copy ( & auth )
if err != nil {
t . Fatalf ( "err: %s" , err )
}
// Check equality
auth2 := dup . ( * logical . Auth )
if ! reflect . DeepEqual ( * auth2 , expected ) {
t . Fatalf ( "bad:\n\n%#v\n\n%#v" , * auth2 , expected )
}
}
func TestCopy_request ( t * testing . T ) {
// Make a non-pointer one so that it can't be modified directly
expected := logical . Request {
Data : map [ string ] interface { } {
"foo" : "bar" ,
} ,
2017-01-04 21:44:03 +00:00
WrapInfo : & logical . RequestWrapInfo {
TTL : 60 * time . Second ,
} ,
2015-04-27 22:54:14 +00:00
}
arg := expected
// Copy it
dup , err := copystructure . Copy ( & arg )
if err != nil {
t . Fatalf ( "err: %s" , err )
}
// Check equality
arg2 := dup . ( * logical . Request )
if ! reflect . DeepEqual ( * arg2 , expected ) {
t . Fatalf ( "bad:\n\n%#v\n\n%#v" , * arg2 , expected )
}
}
func TestCopy_response ( t * testing . T ) {
// Make a non-pointer one so that it can't be modified directly
expected := logical . Response {
Data : map [ string ] interface { } {
"foo" : "bar" ,
} ,
2017-04-24 19:15:01 +00:00
WrapInfo : & wrapping . ResponseWrapInfo {
2016-06-13 23:58:17 +00:00
TTL : 60 ,
Token : "foo" ,
CreationTime : time . Now ( ) ,
WrappedAccessor : "abcd1234" ,
2016-05-08 01:08:13 +00:00
} ,
2015-04-27 22:54:14 +00:00
}
arg := expected
// Copy it
dup , err := copystructure . Copy ( & arg )
if err != nil {
t . Fatalf ( "err: %s" , err )
}
// Check equality
arg2 := dup . ( * logical . Response )
if ! reflect . DeepEqual ( * arg2 , expected ) {
t . Fatalf ( "bad:\n\n%#v\n\n%#v" , * arg2 , expected )
}
}
2015-11-19 01:26:03 +00:00
func TestHashString ( t * testing . T ) {
inmemStorage := & logical . InmemStorage { }
2018-01-19 06:44:44 +00:00
inmemStorage . Put ( context . Background ( ) , & logical . StorageEntry {
2015-11-19 01:26:03 +00:00
Key : "salt" ,
Value : [ ] byte ( "foo" ) ,
} )
2018-03-08 19:21:11 +00:00
localSalt , err := salt . NewSalt ( context . Background ( ) , inmemStorage , & salt . Config {
2015-11-19 01:26:03 +00:00
HMAC : sha256 . New ,
HMACType : "hmac-sha256" ,
} )
if err != nil {
t . Fatalf ( "Error instantiating salt: %s" , err )
}
out := HashString ( localSalt , "foo" )
if out != "hmac-sha256:08ba357e274f528065766c770a639abf6809b39ccfd37c2a3157c7f51954da0a" {
t . Fatalf ( "err: HashString output did not match expected" )
}
}
2015-04-22 05:41:53 +00:00
func TestHash ( t * testing . T ) {
2016-07-07 21:44:14 +00:00
now := time . Now ( )
2015-06-19 10:31:19 +00:00
2015-04-22 05:41:53 +00:00
cases := [ ] struct {
2018-03-02 17:18:39 +00:00
Input interface { }
Output interface { }
NonHMACDataKeys [ ] string
2015-04-22 05:41:53 +00:00
} {
{
& logical . Auth { ClientToken : "foo" } ,
2015-09-18 21:36:42 +00:00
& logical . Auth { ClientToken : "hmac-sha256:08ba357e274f528065766c770a639abf6809b39ccfd37c2a3157c7f51954da0a" } ,
2018-03-02 17:18:39 +00:00
nil ,
2015-04-22 05:41:53 +00:00
} ,
{
& logical . Request {
Data : map [ string ] interface { } {
2016-01-26 17:47:04 +00:00
"foo" : "bar" ,
2018-03-02 17:18:39 +00:00
"baz" : "foobar" ,
2016-01-26 17:47:04 +00:00
"private_key_type" : certutil . PrivateKeyType ( "rsa" ) ,
2015-04-22 05:41:53 +00:00
} ,
} ,
& logical . Request {
Data : map [ string ] interface { } {
2016-01-26 17:47:04 +00:00
"foo" : "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317" ,
2018-03-02 17:18:39 +00:00
"baz" : "foobar" ,
2016-01-26 17:47:04 +00:00
"private_key_type" : "hmac-sha256:995230dca56fffd310ff591aa404aab52b2abb41703c787cfa829eceb4595bf1" ,
2015-04-22 05:41:53 +00:00
} ,
} ,
2018-03-02 17:18:39 +00:00
[ ] string { "baz" } ,
2015-04-22 05:41:53 +00:00
} ,
{
& logical . Response {
Data : map [ string ] interface { } {
"foo" : "bar" ,
2018-03-02 17:18:39 +00:00
"baz" : "foobar" ,
2017-05-08 18:06:08 +00:00
// Responses can contain time values, so test that with
// a known fixed value.
2017-05-08 18:19:42 +00:00
"bar" : now ,
2015-04-22 05:41:53 +00:00
} ,
2017-04-24 19:15:01 +00:00
WrapInfo : & wrapping . ResponseWrapInfo {
2016-06-13 23:58:17 +00:00
TTL : 60 ,
Token : "bar" ,
2017-11-13 20:31:32 +00:00
Accessor : "flimflam" ,
2016-06-13 23:58:17 +00:00
CreationTime : now ,
WrappedAccessor : "bar" ,
2016-05-08 01:08:13 +00:00
} ,
2015-04-22 05:41:53 +00:00
} ,
& logical . Response {
Data : map [ string ] interface { } {
2015-09-18 21:36:42 +00:00
"foo" : "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317" ,
2018-03-02 17:18:39 +00:00
"baz" : "foobar" ,
2017-05-08 18:19:42 +00:00
"bar" : now . Format ( time . RFC3339Nano ) ,
2015-04-22 05:41:53 +00:00
} ,
2017-04-24 19:15:01 +00:00
WrapInfo : & wrapping . ResponseWrapInfo {
2016-06-13 23:58:17 +00:00
TTL : 60 ,
Token : "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317" ,
2017-11-13 20:31:32 +00:00
Accessor : "hmac-sha256:7c9c6fe666d0af73b3ebcfbfabe6885015558213208e6635ba104047b22f6390" ,
2016-06-13 23:58:17 +00:00
CreationTime : now ,
WrappedAccessor : "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317" ,
2016-05-08 01:08:13 +00:00
} ,
2015-04-22 05:41:53 +00:00
} ,
2018-03-02 17:18:39 +00:00
[ ] string { "baz" } ,
2015-04-22 05:41:53 +00:00
} ,
2015-04-22 05:42:37 +00:00
{
"foo" ,
"foo" ,
2018-03-02 17:18:39 +00:00
nil ,
2015-04-22 05:42:37 +00:00
} ,
2015-06-19 10:31:19 +00:00
{
& logical . Auth {
LeaseOptions : logical . LeaseOptions {
2018-04-03 16:20:20 +00:00
TTL : 1 * time . Hour ,
2015-06-19 10:31:19 +00:00
} ,
ClientToken : "foo" ,
} ,
& logical . Auth {
LeaseOptions : logical . LeaseOptions {
2018-04-03 16:20:20 +00:00
TTL : 1 * time . Hour ,
2015-06-19 10:31:19 +00:00
} ,
2015-09-18 21:36:42 +00:00
ClientToken : "hmac-sha256:08ba357e274f528065766c770a639abf6809b39ccfd37c2a3157c7f51954da0a" ,
2015-06-19 10:31:19 +00:00
} ,
2018-03-02 17:18:39 +00:00
nil ,
2015-06-19 10:31:19 +00:00
} ,
2015-04-22 05:41:53 +00:00
}
2015-09-19 15:29:31 +00:00
inmemStorage := & logical . InmemStorage { }
2018-01-19 06:44:44 +00:00
inmemStorage . Put ( context . Background ( ) , & logical . StorageEntry {
2015-09-19 15:29:31 +00:00
Key : "salt" ,
Value : [ ] byte ( "foo" ) ,
} )
2018-03-08 19:21:11 +00:00
localSalt , err := salt . NewSalt ( context . Background ( ) , inmemStorage , & salt . Config {
2015-09-19 15:29:31 +00:00
HMAC : sha256 . New ,
HMACType : "hmac-sha256" ,
2015-09-18 21:36:42 +00:00
} )
if err != nil {
t . Fatalf ( "Error instantiating salt: %s" , err )
}
2015-04-22 05:41:53 +00:00
for _ , tc := range cases {
input := fmt . Sprintf ( "%#v" , tc . Input )
2018-03-02 17:18:39 +00:00
if err := Hash ( localSalt , tc . Input , tc . NonHMACDataKeys ) ; err != nil {
2015-04-22 05:41:53 +00:00
t . Fatalf ( "err: %s\n\n%s" , err , input )
}
2017-11-13 20:31:32 +00:00
if _ , ok := tc . Input . ( * logical . Response ) ; ok {
if ! reflect . DeepEqual ( tc . Input . ( * logical . Response ) . WrapInfo , tc . Output . ( * logical . Response ) . WrapInfo ) {
2018-03-02 17:18:39 +00:00
t . Fatalf ( "bad:\nInput:\n%s\nTest case input:\n%#v\nTest case output:\n%#v" , input , tc . Input . ( * logical . Response ) . WrapInfo , tc . Output . ( * logical . Response ) . WrapInfo )
2017-11-13 20:31:32 +00:00
}
}
2015-04-22 05:41:53 +00:00
if ! reflect . DeepEqual ( tc . Input , tc . Output ) {
2018-03-02 17:18:39 +00:00
t . Fatalf ( "bad:\nInput:\n%s\nTest case input:\n%#v\nTest case output:\n%#v" , input , tc . Input , tc . Output )
2015-04-22 05:41:53 +00:00
}
}
}
2015-04-21 15:02:03 +00:00
func TestHashWalker ( t * testing . T ) {
replaceText := "foo"
cases := [ ] struct {
Input interface { }
Output interface { }
} {
{
map [ string ] interface { } {
"hello" : "foo" ,
} ,
map [ string ] interface { } {
"hello" : replaceText ,
} ,
} ,
{
map [ string ] interface { } {
"hello" : [ ] interface { } { "world" } ,
} ,
map [ string ] interface { } {
"hello" : [ ] interface { } { replaceText } ,
} ,
} ,
}
for _ , tc := range cases {
2015-09-18 21:36:42 +00:00
output , err := HashStructure ( tc . Input , func ( string ) string {
return replaceText
2018-03-02 17:18:39 +00:00
} , [ ] string { } )
2015-04-21 15:02:03 +00:00
if err != nil {
t . Fatalf ( "err: %s\n\n%#v" , err , tc . Input )
}
if ! reflect . DeepEqual ( output , tc . Output ) {
t . Fatalf ( "bad:\n\n%#v\n\n%#v" , tc . Input , output )
}
}
}