153 lines
4.7 KiB
Go
153 lines
4.7 KiB
Go
package nonce
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/letsencrypt/boulder/metrics"
|
|
"github.com/letsencrypt/boulder/test"
|
|
)
|
|
|
|
func TestValidNonce(t *testing.T) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
n, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
test.Assert(t, ns.Valid(n), fmt.Sprintf("Did not recognize fresh nonce %s", n))
|
|
}
|
|
|
|
func TestAlreadyUsed(t *testing.T) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
n, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
test.Assert(t, ns.Valid(n), "Did not recognize fresh nonce")
|
|
test.Assert(t, !ns.Valid(n), "Recognized the same nonce twice")
|
|
}
|
|
|
|
func TestRejectMalformed(t *testing.T) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
n, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
test.Assert(t, !ns.Valid("asdf"+n), "Accepted an invalid nonce")
|
|
}
|
|
|
|
func TestRejectShort(t *testing.T) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
test.Assert(t, !ns.Valid("aGkK"), "Accepted an invalid nonce")
|
|
}
|
|
|
|
func TestRejectUnknown(t *testing.T) {
|
|
ns1, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
ns2, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
|
|
n, err := ns1.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
test.Assert(t, !ns2.Valid(n), "Accepted a foreign nonce")
|
|
}
|
|
|
|
func TestRejectTooLate(t *testing.T) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
|
|
ns.latest = 2
|
|
n, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
ns.latest = 1
|
|
test.Assert(t, !ns.Valid(n), "Accepted a nonce with a too-high counter")
|
|
}
|
|
|
|
func TestRejectTooEarly(t *testing.T) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
|
|
n0, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
|
|
for range ns.maxUsed {
|
|
n, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
if !ns.Valid(n) {
|
|
t.Errorf("generated invalid nonce")
|
|
}
|
|
}
|
|
|
|
n1, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
n2, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
n3, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
|
|
test.Assert(t, ns.Valid(n3), "Rejected a valid nonce")
|
|
test.Assert(t, ns.Valid(n2), "Rejected a valid nonce")
|
|
test.Assert(t, ns.Valid(n1), "Rejected a valid nonce")
|
|
test.Assert(t, !ns.Valid(n0), "Accepted a nonce that we should have forgotten")
|
|
}
|
|
|
|
func BenchmarkNonces(b *testing.B) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "")
|
|
if err != nil {
|
|
b.Fatal("creating nonce service", err)
|
|
}
|
|
|
|
for range ns.maxUsed {
|
|
n, err := ns.Nonce()
|
|
if err != nil {
|
|
b.Fatal("noncing", err)
|
|
}
|
|
if !ns.Valid(n) {
|
|
b.Fatal("generated invalid nonce")
|
|
}
|
|
}
|
|
|
|
b.ResetTimer()
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
for pb.Next() {
|
|
n, err := ns.Nonce()
|
|
if err != nil {
|
|
b.Fatal("noncing", err)
|
|
}
|
|
if !ns.Valid(n) {
|
|
b.Fatal("generated invalid nonce")
|
|
}
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestNoncePrefixing(t *testing.T) {
|
|
ns, err := NewNonceService(metrics.NoopRegisterer, 0, "aluminum")
|
|
test.AssertNotError(t, err, "Could not create nonce service")
|
|
|
|
n, err := ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
test.Assert(t, ns.Valid(n), "Valid nonce rejected")
|
|
|
|
n, err = ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
n = n[1:]
|
|
test.Assert(t, !ns.Valid(n), "Valid nonce with incorrect prefix accepted")
|
|
|
|
n, err = ns.Nonce()
|
|
test.AssertNotError(t, err, "Could not create nonce")
|
|
test.Assert(t, !ns.Valid(n[6:]), "Valid nonce without prefix accepted")
|
|
}
|
|
|
|
func TestNoncePrefixValidation(t *testing.T) {
|
|
_, err := NewNonceService(metrics.NoopRegisterer, 0, "whatsup")
|
|
test.AssertError(t, err, "NewNonceService didn't fail with short prefix")
|
|
_, err = NewNonceService(metrics.NoopRegisterer, 0, "whatsup!")
|
|
test.AssertError(t, err, "NewNonceService didn't fail with invalid base64")
|
|
_, err = NewNonceService(metrics.NoopRegisterer, 0, "whatsupp")
|
|
test.AssertNotError(t, err, "NewNonceService failed with valid nonce prefix")
|
|
}
|
|
|
|
func TestDerivePrefix(t *testing.T) {
|
|
prefix := DerivePrefix("192.168.1.1:8080", []byte("3b8c758dd85e113ea340ce0b3a99f389d40a308548af94d1730a7692c1874f1f"))
|
|
test.AssertEquals(t, prefix, "P9qQaK4o")
|
|
}
|