package stfe import ( "bytes" "testing" "crypto" "crypto/sha256" "crypto/x509" cttestdata "github.com/google/certificate-transparency-go/trillian/testdata" "github.com/system-transparency/stfe/x509util" "github.com/system-transparency/stfe/x509util/testdata" ) var ( testHashLen = 31 testMaxRange = int64(3) testMaxChain = int64(3) testTreeId = int64(0) testPrefix = "test" testHashType = crypto.SHA256 testExtKeyUsage = []x509.ExtKeyUsage{} ) func TestNewLogParameters(t *testing.T) { anchors, err := x509util.NewCertificateList(testdata.TrustAnchors) if err != nil { t.Fatalf("must decode trust anchors: %v", err) } signer, err := x509util.NewEd25519PrivateKey(testdata.LogPrivateKey) if err != nil { t.Fatalf("must decode private key: %v", err) } pub, err := x509.MarshalPKIXPublicKey(signer.Public()) if err != nil { t.Fatalf("must encode public key: %v", err) } hasher := sha256.New() hasher.Write(pub) logId := hasher.Sum(nil) for _, table := range []struct { description string treeId int64 prefix string maxRange int64 maxChain int64 anchors []*x509.Certificate signer crypto.Signer wantErr bool }{ { description: "invalid signer: nil", treeId: testTreeId, prefix: testPrefix, maxRange: 0, maxChain: testMaxChain, anchors: anchors, signer: nil, wantErr: true, }, { description: "no trust anchors", treeId: testTreeId, prefix: testPrefix, maxRange: testMaxRange, maxChain: testMaxChain, anchors: []*x509.Certificate{}, signer: signer, wantErr: true, }, { description: "invalid max range", treeId: testTreeId, prefix: testPrefix, maxRange: 0, maxChain: testMaxChain, anchors: anchors, signer: signer, wantErr: true, }, { description: "invalid max chain", treeId: testTreeId, prefix: testPrefix, maxRange: testMaxRange, maxChain: 0, anchors: anchors, signer: signer, wantErr: true, }, { description: "public key marshal failure", treeId: testTreeId, prefix: testPrefix, maxRange: testMaxRange, maxChain: testMaxChain, anchors: anchors, signer: cttestdata.NewSignerWithFixedSig("no pub", testSignature), wantErr: true, }, { description: "valid log parameters", treeId: testTreeId, prefix: testPrefix, maxRange: testMaxRange, maxChain: testMaxChain, anchors: anchors, signer: signer, }, } { lp, err := NewLogParameters(table.treeId, table.prefix, table.anchors, table.signer, table.maxRange, table.maxChain) if got, want := err != nil, table.wantErr; got != want { t.Errorf("got error=%v but wanted %v in test %q: %v", got, want, table.description, err) } if err != nil { continue } if got, want := lp.LogId, logId; !bytes.Equal(got, want) { t.Errorf("got log id %X but wanted %X in test %q", got, want, table.description) } if got, want := lp.TreeId, testTreeId; got != want { t.Errorf("got tree id %d but wanted %d in test %q", got, want, table.description) } if got, want := lp.Prefix, testPrefix; got != want { t.Errorf("got prefix %s but wanted %s in test %q", got, want, table.description) } if got, want := lp.MaxRange, testMaxRange; got != want { t.Errorf("got max range %d but wanted %d in test %q", got, want, table.description) } if got, want := lp.MaxChain, testMaxChain; got != want { t.Errorf("got max chain %d but wanted %d in test %q", got, want, table.description) } if got, want := lp.MaxChain, testMaxChain; got != want { t.Errorf("got max chain %d but wanted %d in test %q", got, want, table.description) } if got, want := len(lp.AnchorList), len(anchors); got != want { t.Errorf("got %d anchors but wanted %d in test %q", got, want, table.description) } if got, want := len(lp.AnchorPool.Subjects()), len(anchors); got != want { t.Errorf("got %d anchors in pool but wanted %d in test %q", got, want, table.description) } } } // TestHandlers checks that we configured all endpoints and that there are no // unexpected ones. func TestHandlers(t *testing.T) { endpoints := map[Endpoint]bool{ EndpointAddEntry: false, EndpointGetEntries: false, EndpointGetSth: false, EndpointGetProofByHash: false, EndpointGetConsistencyProof: false, EndpointGetAnchors: false, } i := NewInstance(makeTestLogParameters(t, nil), nil, testDeadline) for _, handler := range i.Handlers() { if _, ok := endpoints[handler.endpoint]; !ok { t.Errorf("got unexpected endpoint: %s", handler.endpoint) } endpoints[handler.endpoint] = true } for endpoint, ok := range endpoints { if !ok { t.Errorf("endpoint %s is not configured", endpoint) } } } func TestEndpointPath(t *testing.T) { base, prefix := "http://example.com", "test" for _, table := range []struct { endpoint Endpoint want string }{ { endpoint: EndpointAddEntry, want: "http://example.com/test/add-entry", }, { endpoint: EndpointGetEntries, want: "http://example.com/test/get-entries", }, { endpoint: EndpointGetProofByHash, want: "http://example.com/test/get-proof-by-hash", }, { endpoint: EndpointGetConsistencyProof, want: "http://example.com/test/get-consistency-proof", }, { endpoint: EndpointGetSth, want: "http://example.com/test/get-sth", }, { endpoint: EndpointGetAnchors, want: "http://example.com/test/get-anchors", }, } { if got, want := table.endpoint.Path(base, prefix), table.want; got != want { t.Errorf("got %s but wanted %s with multiple components", got, want) } if got, want := table.endpoint.Path(base+"/"+prefix), table.want; got != want { t.Errorf("got %s but wanted %s with one component", got, want) } } } // makeTestLogParameters makes a collection of test log parameters that // correspond to testLogId, testTreeId, testPrefix, testMaxRange, testMaxChain, // the anchors in testdata.TrustAnchors, testHashType, and an optional signer. func makeTestLogParameters(t *testing.T, signer crypto.Signer) *LogParameters { anchors, err := x509util.NewCertificateList(testdata.TrustAnchors) if err != nil { t.Fatalf("must decode trust anchors: %v", err) } return &LogParameters{ LogId: testLogId, TreeId: testTreeId, Prefix: testPrefix, MaxRange: testMaxRange, MaxChain: testMaxChain, AnchorPool: x509util.NewCertPool(anchors), AnchorList: anchors, KeyUsage: testExtKeyUsage, Signer: signer, HashType: testHashType, } }