Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(166)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go

Issue 2943403003: token-server: Fix panic when generating machine token for unrecognized machine. (Closed)
Patch Set: flatten Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go ('K') | « tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go ('k') | tokenserver/appengine/impl/machinetoken/rpc_mocks_test.go » ('j') | tokenserver/appengine/impl/machinetoken/rpc_mocks_test.go » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package machinetoken 5 package machinetoken
6 6
7 import ( 7 import (
8 "crypto/x509" 8 "crypto/x509"
9 "net" 9 "net"
10 "testing" 10 "testing"
11 "time" 11 "time"
12 12
13 "golang.org/x/net/context" 13 "golang.org/x/net/context"
14 14
15 "github.com/luci/luci-go/common/clock" 15 "github.com/luci/luci-go/common/clock"
16 "github.com/luci/luci-go/common/proto/google" 16 "github.com/luci/luci-go/common/proto/google"
17 "github.com/luci/luci-go/server/auth" 17 "github.com/luci/luci-go/server/auth"
18 "github.com/luci/luci-go/server/auth/authtest" 18 "github.com/luci/luci-go/server/auth/authtest"
19 19
20 "github.com/luci/luci-go/tokenserver/api" 20 "github.com/luci/luci-go/tokenserver/api"
21 "github.com/luci/luci-go/tokenserver/api/admin/v1"
21 "github.com/luci/luci-go/tokenserver/api/minter/v1" 22 "github.com/luci/luci-go/tokenserver/api/minter/v1"
22 "github.com/luci/luci-go/tokenserver/appengine/impl/certconfig" 23 "github.com/luci/luci-go/tokenserver/appengine/impl/certconfig"
23 24
24 . "github.com/smartystreets/goconvey/convey" 25 . "github.com/smartystreets/goconvey/convey"
25 ) 26 )
26 27
27 func TestMintMachineTokenRPC(t *testing.T) { 28 func TestMintMachineTokenRPC(t *testing.T) {
28 » Convey("works", t, func() { 29 » t.Parallel()
29 » » ctx := auth.WithState(testingContext(), &authtest.FakeState{ 30
31 » Convey("Successful RPC", t, func() {
32 » » ctx := auth.WithState(testingContext(testingCA), &authtest.FakeS tate{
30 PeerIPOverride: net.ParseIP("127.10.10.10"), 33 PeerIPOverride: net.ParseIP("127.10.10.10"),
31 }) 34 })
32 35
33 var loggedInfo *MintedTokenInfo 36 var loggedInfo *MintedTokenInfo
34 impl := MintMachineTokenRPC{ 37 impl := MintMachineTokenRPC{
35 Signer: testingSigner(), 38 Signer: testingSigner(),
36 CheckCertificate: func(_ context.Context, cert *x509.Cer tificate) (*certconfig.CA, error) { 39 CheckCertificate: func(_ context.Context, cert *x509.Cer tificate) (*certconfig.CA, error) {
37 return &testingCA, nil 40 return &testingCA, nil
38 }, 41 },
39 LogToken: func(c context.Context, info *MintedTokenInfo) error { 42 LogToken: func(c context.Context, info *MintedTokenInfo) error {
(...skipping 26 matching lines...) Expand all
66 IssuedAt: 1422936306, 69 IssuedAt: 1422936306,
67 Lifetime: 3600, 70 Lifetime: 3600,
68 CaId: 123, 71 CaId: 123,
69 CertSn: 4096, 72 CertSn: 4096,
70 }, 73 },
71 CA: &testingCA, 74 CA: &testingCA,
72 PeerIP: net.ParseIP("127.10.10.10"), 75 PeerIP: net.ParseIP("127.10.10.10"),
73 RequestID: "gae-request-id", 76 RequestID: "gae-request-id",
74 }) 77 })
75 }) 78 })
79
80 Convey("Unsuccessful RPC", t, func() {
81 // Modify testing CA to have no domains whitelisted.
82 testingCA := certconfig.CA{
83 CN: "Fake CA: fake.ca",
84 ParsedConfig: &admin.CertificateAuthorityConfig{
85 UniqueId: 123,
86 },
87 }
88 ctx := auth.WithState(testingContext(testingCA), &authtest.FakeS tate{
89 PeerIPOverride: net.ParseIP("127.10.10.10"),
90 })
91
92 impl := MintMachineTokenRPC{
93 Signer: testingSigner(),
94 CheckCertificate: func(_ context.Context, cert *x509.Cer tificate) (*certconfig.CA, error) {
95 return &testingCA, nil
96 },
97 LogToken: func(c context.Context, info *MintedTokenInfo) error {
98 panic("must not be called") // we log only succe ssfully generated tokens
99 },
100 }
101
102 // This request is structurally valid, but forbidden by CA confi g. It
103 // generates MintMachineTokenResponse with non-zero error code.
104 resp, err := impl.MintMachineToken(ctx, testingMachineTokenReque st(ctx))
105 So(err, ShouldBeNil)
106 So(resp, ShouldResemble, &minter.MintMachineTokenResponse{
107 ServiceVersion: "unit-tests/mocked-ver",
108 ErrorCode: minter.ErrorCode_BAD_TOKEN_ARGUMENTS,
109 ErrorMessage: `the domain "fake.domain" is not whiteli sted in the config`,
110 })
111 })
76 } 112 }
OLDNEW
« tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go ('K') | « tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go ('k') | tokenserver/appengine/impl/machinetoken/rpc_mocks_test.go » ('j') | tokenserver/appengine/impl/machinetoken/rpc_mocks_test.go » ('J')

Powered by Google App Engine
This is Rietveld 408576698