open-vault/sdk/logical/token_test.go

107 lines
3.0 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package logical
import (
"crypto/sha256"
"encoding/base64"
"encoding/json"
"testing"
)
func TestJSONSerialization(t *testing.T) {
tt := TokenTypeDefaultBatch
s, err := json.Marshal(tt)
if err != nil {
t.Fatal(err)
}
var utt TokenType
err = json.Unmarshal(s, &utt)
if err != nil {
t.Fatal(err)
}
if tt != utt {
t.Fatalf("expected %v, got %v", tt, utt)
}
utt = TokenTypeDefault
err = json.Unmarshal([]byte(`"default-batch"`), &utt)
if err != nil {
t.Fatal(err)
}
if tt != utt {
t.Fatalf("expected %v, got %v", tt, utt)
}
// Test on an empty value, which should unmarshal into TokenTypeDefault
tt = TokenTypeDefault
err = json.Unmarshal([]byte(`""`), &utt)
if err != nil {
t.Fatal(err)
}
if tt != utt {
t.Fatalf("expected %v, got %v", tt, utt)
}
}
// TestCreateClientID verifies that CreateClientID uses the entity ID for a token
// entry if one exists, and creates an appropriate client ID otherwise.
func TestCreateClientID(t *testing.T) {
entry := TokenEntry{NamespaceID: "namespaceFoo", Policies: []string{"bar", "baz", "foo", "banana"}}
id, isTWE := entry.CreateClientID()
if !isTWE {
t.Fatalf("TWE token should return true value in isTWE bool")
}
expectedIDPlaintext := "banana" + string(SortedPoliciesTWEDelimiter) + "bar" +
string(SortedPoliciesTWEDelimiter) + "baz" +
string(SortedPoliciesTWEDelimiter) + "foo" + string(ClientIDTWEDelimiter) + "namespaceFoo"
hashed := sha256.Sum256([]byte(expectedIDPlaintext))
expectedID := base64.StdEncoding.EncodeToString(hashed[:])
if expectedID != id {
t.Fatalf("wrong ID: expected %s, found %s", expectedID, id)
}
// Test with entityID
entry = TokenEntry{EntityID: "entityFoo", NamespaceID: "namespaceFoo", Policies: []string{"bar", "baz", "foo", "banana"}}
id, isTWE = entry.CreateClientID()
if isTWE {
t.Fatalf("token with entity should return false value in isTWE bool")
}
if id != "entityFoo" {
t.Fatalf("client ID should be entity ID")
}
// Test without namespace
entry = TokenEntry{Policies: []string{"bar", "baz", "foo", "banana"}}
id, isTWE = entry.CreateClientID()
if !isTWE {
t.Fatalf("TWE token should return true value in isTWE bool")
}
expectedIDPlaintext = "banana" + string(SortedPoliciesTWEDelimiter) + "bar" +
string(SortedPoliciesTWEDelimiter) + "baz" +
string(SortedPoliciesTWEDelimiter) + "foo" + string(ClientIDTWEDelimiter)
hashed = sha256.Sum256([]byte(expectedIDPlaintext))
expectedID = base64.StdEncoding.EncodeToString(hashed[:])
if expectedID != id {
t.Fatalf("wrong ID: expected %s, found %s", expectedID, id)
}
// Test without policies
entry = TokenEntry{NamespaceID: "namespaceFoo"}
id, isTWE = entry.CreateClientID()
if !isTWE {
t.Fatalf("TWE token should return true value in isTWE bool")
}
expectedIDPlaintext = "namespaceFoo"
hashed = sha256.Sum256([]byte(expectedIDPlaintext))
expectedID = base64.StdEncoding.EncodeToString(hashed[:])
if expectedID != id {
t.Fatalf("wrong ID: expected %s, found %s", expectedID, id)
}
}