forked from keybase/kbfs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathroot_metadata_signed_test.go
79 lines (63 loc) · 2.14 KB
/
root_metadata_signed_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
// Copyright 2017 Keybase Inc. All rights reserved.
// Use of this source code is governed by a BSD
// license that can be found in the LICENSE file.
package kbfsmd
import (
"context"
"testing"
"time"
"github.com/keybase/client/go/protocol/keybase1"
"github.com/keybase/kbfs/kbfscodec"
"github.com/keybase/kbfs/kbfscrypto"
"github.com/keybase/kbfs/tlf"
"github.com/stretchr/testify/require"
)
func testRootMetadataSignedFinalVerify(t *testing.T, ver MetadataVer) {
tlfID := tlf.FakeID(1, tlf.Private)
uid := keybase1.MakeTestUID(1)
bh, err := tlf.MakeHandle(
[]keybase1.UserOrTeamID{uid.AsUserOrTeam()}, nil, nil, nil, nil)
require.NoError(t, err)
brmd, err := MakeInitialRootMetadata(ver, tlfID, bh)
require.NoError(t, err)
ctx := context.Background()
codec := kbfscodec.NewMsgpack()
signer := kbfscrypto.SigningKeySigner{
Key: kbfscrypto.MakeFakeSigningKeyOrBust("key"),
}
extra := FakeInitialRekey(brmd, bh, kbfscrypto.TLFPublicKey{})
brmd.SetLastModifyingWriter(uid)
brmd.SetLastModifyingUser(uid)
brmd.SetSerializedPrivateMetadata([]byte{42})
err = brmd.SignWriterMetadataInternally(ctx, codec, signer)
require.NoError(t, err)
rmds, err := SignRootMetadata(ctx, codec, signer, signer, brmd)
require.NoError(t, err)
// verify it
err = rmds.IsValidAndSigned(ctx, codec, nil, extra)
require.NoError(t, err)
ext, err := tlf.NewHandleExtension(
tlf.HandleExtensionFinalized, 1, "fake user", time.Now())
require.NoError(t, err)
// make a final copy
rmds2, err := rmds.MakeFinalCopy(codec, ext)
require.NoError(t, err)
// verify the finalized copy
err = rmds2.IsValidAndSigned(ctx, codec, nil, extra)
require.NoError(t, err)
// touch something the server shouldn't be allowed to edit for
// finalized metadata and verify verification failure.
md3, err := rmds2.MD.DeepCopy(codec)
require.NoError(t, err)
md3.SetRekeyBit()
rmds3 := rmds2
rmds2.MD = md3
err = rmds3.IsValidAndSigned(ctx, codec, nil, extra)
require.NotNil(t, err)
}
func TestRootMetadataSigned(t *testing.T) {
tests := []func(*testing.T, MetadataVer){
testRootMetadataSignedFinalVerify,
}
runTestsOverMetadataVers(t, "testRootMetadataSigned", tests)
}