open-vault/audit/hashstructure_test.go

267 lines
6.4 KiB
Go
Raw Normal View History

2015-04-21 15:02:03 +00:00
package audit
import (
"context"
"crypto/sha256"
"fmt"
2015-04-21 15:02:03 +00:00
"reflect"
"testing"
2015-04-27 22:54:14 +00:00
"time"
2016-01-26 17:47:04 +00:00
"github.com/hashicorp/vault/helper/certutil"
"github.com/hashicorp/vault/helper/salt"
"github.com/hashicorp/vault/helper/wrapping"
"github.com/hashicorp/vault/logical"
2015-04-27 22:54:14 +00:00
"github.com/mitchellh/copystructure"
2015-04-21 15:02:03 +00:00
)
2015-04-27 22:54:14 +00:00
func TestCopy_auth(t *testing.T) {
// Make a non-pointer one so that it can't be modified directly
expected := logical.Auth{
LeaseOptions: logical.LeaseOptions{
TTL: 1 * time.Hour,
2015-04-27 22:54:14 +00:00
},
ClientToken: "foo",
}
auth := expected
// Copy it
dup, err := copystructure.Copy(&auth)
if err != nil {
t.Fatalf("err: %s", err)
}
// Check equality
auth2 := dup.(*logical.Auth)
if !reflect.DeepEqual(*auth2, expected) {
t.Fatalf("bad:\n\n%#v\n\n%#v", *auth2, expected)
}
}
func TestCopy_request(t *testing.T) {
// Make a non-pointer one so that it can't be modified directly
expected := logical.Request{
Data: map[string]interface{}{
"foo": "bar",
},
2017-01-04 21:44:03 +00:00
WrapInfo: &logical.RequestWrapInfo{
TTL: 60 * time.Second,
},
2015-04-27 22:54:14 +00:00
}
arg := expected
// Copy it
dup, err := copystructure.Copy(&arg)
if err != nil {
t.Fatalf("err: %s", err)
}
// Check equality
arg2 := dup.(*logical.Request)
if !reflect.DeepEqual(*arg2, expected) {
t.Fatalf("bad:\n\n%#v\n\n%#v", *arg2, expected)
}
}
func TestCopy_response(t *testing.T) {
// Make a non-pointer one so that it can't be modified directly
expected := logical.Response{
Data: map[string]interface{}{
"foo": "bar",
},
WrapInfo: &wrapping.ResponseWrapInfo{
TTL: 60,
Token: "foo",
CreationTime: time.Now(),
WrappedAccessor: "abcd1234",
2016-05-08 01:08:13 +00:00
},
2015-04-27 22:54:14 +00:00
}
arg := expected
// Copy it
dup, err := copystructure.Copy(&arg)
if err != nil {
t.Fatalf("err: %s", err)
}
// Check equality
arg2 := dup.(*logical.Response)
if !reflect.DeepEqual(*arg2, expected) {
t.Fatalf("bad:\n\n%#v\n\n%#v", *arg2, expected)
}
}
func TestHashString(t *testing.T) {
inmemStorage := &logical.InmemStorage{}
inmemStorage.Put(context.Background(), &logical.StorageEntry{
Key: "salt",
Value: []byte("foo"),
})
localSalt, err := salt.NewSalt(context.Background(), inmemStorage, &salt.Config{
HMAC: sha256.New,
HMACType: "hmac-sha256",
})
if err != nil {
t.Fatalf("Error instantiating salt: %s", err)
}
out := HashString(localSalt, "foo")
if out != "hmac-sha256:08ba357e274f528065766c770a639abf6809b39ccfd37c2a3157c7f51954da0a" {
t.Fatalf("err: HashString output did not match expected")
}
}
func TestHash(t *testing.T) {
now := time.Now()
2015-06-19 10:31:19 +00:00
cases := []struct {
Input interface{}
Output interface{}
NonHMACDataKeys []string
}{
{
&logical.Auth{ClientToken: "foo"},
&logical.Auth{ClientToken: "hmac-sha256:08ba357e274f528065766c770a639abf6809b39ccfd37c2a3157c7f51954da0a"},
nil,
},
{
&logical.Request{
Data: map[string]interface{}{
2016-01-26 17:47:04 +00:00
"foo": "bar",
"baz": "foobar",
2016-01-26 17:47:04 +00:00
"private_key_type": certutil.PrivateKeyType("rsa"),
},
},
&logical.Request{
Data: map[string]interface{}{
2016-01-26 17:47:04 +00:00
"foo": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
"baz": "foobar",
2016-01-26 17:47:04 +00:00
"private_key_type": "hmac-sha256:995230dca56fffd310ff591aa404aab52b2abb41703c787cfa829eceb4595bf1",
},
},
[]string{"baz"},
},
{
&logical.Response{
Data: map[string]interface{}{
"foo": "bar",
"baz": "foobar",
// Responses can contain time values, so test that with
// a known fixed value.
"bar": now,
},
WrapInfo: &wrapping.ResponseWrapInfo{
TTL: 60,
Token: "bar",
2017-11-13 20:31:32 +00:00
Accessor: "flimflam",
CreationTime: now,
WrappedAccessor: "bar",
2016-05-08 01:08:13 +00:00
},
},
&logical.Response{
Data: map[string]interface{}{
"foo": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
"baz": "foobar",
"bar": now.Format(time.RFC3339Nano),
},
WrapInfo: &wrapping.ResponseWrapInfo{
TTL: 60,
Token: "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
2017-11-13 20:31:32 +00:00
Accessor: "hmac-sha256:7c9c6fe666d0af73b3ebcfbfabe6885015558213208e6635ba104047b22f6390",
CreationTime: now,
WrappedAccessor: "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
2016-05-08 01:08:13 +00:00
},
},
[]string{"baz"},
},
2015-04-22 05:42:37 +00:00
{
"foo",
"foo",
nil,
2015-04-22 05:42:37 +00:00
},
2015-06-19 10:31:19 +00:00
{
&logical.Auth{
LeaseOptions: logical.LeaseOptions{
TTL: 1 * time.Hour,
2015-06-19 10:31:19 +00:00
},
ClientToken: "foo",
},
&logical.Auth{
LeaseOptions: logical.LeaseOptions{
TTL: 1 * time.Hour,
2015-06-19 10:31:19 +00:00
},
ClientToken: "hmac-sha256:08ba357e274f528065766c770a639abf6809b39ccfd37c2a3157c7f51954da0a",
2015-06-19 10:31:19 +00:00
},
nil,
2015-06-19 10:31:19 +00:00
},
}
inmemStorage := &logical.InmemStorage{}
inmemStorage.Put(context.Background(), &logical.StorageEntry{
Key: "salt",
Value: []byte("foo"),
})
localSalt, err := salt.NewSalt(context.Background(), inmemStorage, &salt.Config{
HMAC: sha256.New,
HMACType: "hmac-sha256",
})
if err != nil {
t.Fatalf("Error instantiating salt: %s", err)
}
for _, tc := range cases {
input := fmt.Sprintf("%#v", tc.Input)
if err := Hash(localSalt, tc.Input, tc.NonHMACDataKeys); err != nil {
t.Fatalf("err: %s\n\n%s", err, input)
}
2017-11-13 20:31:32 +00:00
if _, ok := tc.Input.(*logical.Response); ok {
if !reflect.DeepEqual(tc.Input.(*logical.Response).WrapInfo, tc.Output.(*logical.Response).WrapInfo) {
t.Fatalf("bad:\nInput:\n%s\nTest case input:\n%#v\nTest case output:\n%#v", input, tc.Input.(*logical.Response).WrapInfo, tc.Output.(*logical.Response).WrapInfo)
2017-11-13 20:31:32 +00:00
}
}
if !reflect.DeepEqual(tc.Input, tc.Output) {
t.Fatalf("bad:\nInput:\n%s\nTest case input:\n%#v\nTest case output:\n%#v", input, tc.Input, tc.Output)
}
}
}
2015-04-21 15:02:03 +00:00
func TestHashWalker(t *testing.T) {
replaceText := "foo"
cases := []struct {
Input interface{}
Output interface{}
}{
{
map[string]interface{}{
"hello": "foo",
},
map[string]interface{}{
"hello": replaceText,
},
},
{
map[string]interface{}{
"hello": []interface{}{"world"},
},
map[string]interface{}{
"hello": []interface{}{replaceText},
},
},
}
for _, tc := range cases {
output, err := HashStructure(tc.Input, func(string) string {
return replaceText
}, []string{})
2015-04-21 15:02:03 +00:00
if err != nil {
t.Fatalf("err: %s\n\n%#v", err, tc.Input)
}
if !reflect.DeepEqual(output, tc.Output) {
t.Fatalf("bad:\n\n%#v\n\n%#v", tc.Input, output)
}
}
}