Skip to content
Snippets Groups Projects
Commit 39eec7d2 authored by ale's avatar ale
Browse files

Add serialization/deserialization tests

parent 8b0ecbb9
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/sso/test/Makefile.am
+ 2
0
View file @ 39eec7d2
include $(top_srcdir)/Makefile.defs include $(top_srcdir)/Makefile.defs
AUTOMAKE_OPTIONS = serial-tests
check_PROGRAMS = \ check_PROGRAMS = \
sso_unittest \ sso_unittest \
tweetnacl_unittest tweetnacl_unittest
......
src/sso/test/fuzz_signed.c
+ 3
0
View file @ 39eec7d2
...@@ -32,6 +32,8 @@ static inline const unsigned char *get_secret_key() { ...@@ -32,6 +32,8 @@ static inline const unsigned char *get_secret_key() {
return secret_key; return secret_key;
} }
static char *static_groups[] = {"g1", "g2", NULL};
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
unsigned char *buf; unsigned char *buf;
unsigned char *b64buf; unsigned char *b64buf;
...@@ -52,6 +54,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ...@@ -52,6 +54,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
r = sso_ticket_open(&tkt, (const char *)b64buf, get_public_key()); r = sso_ticket_open(&tkt, (const char *)b64buf, get_public_key());
if (r == SSO_OK) { if (r == SSO_OK) {
sso_validate(tkt, "svc", "domain", NULL, static_groups);
sso_ticket_free(tkt); sso_ticket_free(tkt);
} }
......
src/sso/test/sso_unittest.cc
+ 49
6
View file @ 39eec7d2
...@@ -98,13 +98,19 @@ protected: ...@@ -98,13 +98,19 @@ protected:
char *sign_ticket(sso_ticket_t t) { char *sign_ticket(sso_ticket_t t) {
char buf[1024]; char buf[1024];
EXPECT_EQ(0, sso_ticket_sign(t, secret_key, buf, sizeof(buf))); EXPECT_EQ(0, sso_ticket_sign(t, secret_key, buf, sizeof(buf)));
return strdup(buf);
}
// Return a signed ticket, for test data generation.
char *sign_and_free_ticket(sso_ticket_t t) {
char *res = sign_ticket(t);
// No further use for the original ticket. // No further use for the original ticket.
sso_ticket_free(t); sso_ticket_free(t);
return strdup(buf); return res;
} }
// Sign a ticket with a random secret key. // Sign a ticket with a random secret key.
char *sign_ticket_with_random_key(sso_ticket_t t) { char *sign_and_free_ticket_with_random_key(sso_ticket_t t) {
unsigned char pk[SSO_PUBLIC_KEY_SIZE], sk[SSO_SECRET_KEY_SIZE]; unsigned char pk[SSO_PUBLIC_KEY_SIZE], sk[SSO_SECRET_KEY_SIZE];
sso_generate_keys(pk, sk); sso_generate_keys(pk, sk);
char buf[1024]; char buf[1024];
...@@ -177,20 +183,20 @@ struct open_testdata { ...@@ -177,20 +183,20 @@ struct open_testdata {
TEST_F(SSO, Open) { TEST_F(SSO, Open) {
const char *groups[] = {"users", "wheel", "daemon", NULL}; const char *groups[] = {"users", "wheel", "daemon", NULL};
struct open_testdata td[] = { struct open_testdata td[] = {
{sign_ticket( {sign_and_free_ticket(
sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200)), sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200)),
0}, 0},
{sign_ticket( {sign_and_free_ticket(
sso_ticket_new("user", "service/", "domain", NULL, groups, 7200)), sso_ticket_new("user", "service/", "domain", NULL, groups, 7200)),
0}, 0},
{sign_ticket(sso_ticket_new("user", "", "", NULL, NULL, 7200)), 0}, {sign_and_free_ticket(sso_ticket_new("user", "", "", NULL, NULL, 7200)), 0},
{sign_string("5|user|service/|domain|1414402999|"), {sign_string("5|user|service/|domain|1414402999|"),
SSO_ERR_UNSUPPORTED_VERSION}, SSO_ERR_UNSUPPORTED_VERSION},
{sign_string("4|definitely not a ticket"), SSO_ERR_DESERIALIZATION}, {sign_string("4|definitely not a ticket"), SSO_ERR_DESERIALIZATION},
{sign_string("4||||||"), 0}, {sign_string("4||||||"), 0},
{sign_ticket_with_random_key( {sign_and_free_ticket_with_random_key(
sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200)), sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200)),
SSO_ERR_BAD_SIGNATURE}, SSO_ERR_BAD_SIGNATURE},
...@@ -332,6 +338,43 @@ TEST_F(SSO, Validation) { ...@@ -332,6 +338,43 @@ TEST_F(SSO, Validation) {
} }
} }
static bool is_ticket_equal(sso_ticket_t a, sso_ticket_t b) {
return (!strcmp(a->user, b->user) &&
!strcmp(a->service, b->service) &&
!strcmp(a->domain, b->domain) &&
!strcmp(a->nonce ?: "NULL", b->nonce ?: "NULL") &&
a->expires == b->expires);
}
TEST_F(SSO, Serialization) {
const char *groups_ok[] = {"users", "admins", NULL};
const char *groups_fail[] = {"users", "others", NULL};
sso_ticket_t td[] = {
sso_ticket_new("user", "service/", "domain", NULL, groups_ok, 7200),
sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200),
sso_ticket_new("user", "service/", "domain", NULL, groups_fail, 7200),
sso_ticket_new("user", "service/", "other", NULL, groups_ok, 7200),
sso_ticket_new("user", "other/", "domain", NULL, groups_ok, 7200),
sso_ticket_new("user", "service/", "domain", NULL, NULL, -1000),
sso_ticket_new("user", "service/", "domain", "testnonce", NULL, 7200),
sso_ticket_new("user", "service/", "domain", "badnonce", NULL, 7200),
sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200),
NULL,
};
for (sso_ticket_t *tdp = td; *tdp; tdp++) {
sso_ticket_t cur = *tdp, deserialized = NULL;
char *serialized;
serialized = sign_ticket(cur);
EXPECT_EQ(SSO_OK, sso_ticket_open(&deserialized, serialized, public_key));
EXPECT_NE(cur, deserialized);
EXPECT_EQ(true, is_ticket_equal(cur, deserialized));
free(serialized);
}
}
} // namespace } // namespace
int main(int argc, char **argv) { int main(int argc, char **argv) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment