netbird/relay/auth/hmac/token_test.go

package hmac

import (
	"crypto/sha1"
	"crypto/sha256"
	"encoding/base64"
	"strconv"
	"testing"
	"time"
)

func TestGenerateCredentials(t *testing.T) {
	secret := "secret"
	timeToLive := 1 * time.Hour
	v := NewTimedHMAC(secret, timeToLive)

	creds, err := v.GenerateToken(sha1.New)
	if err != nil {
		t.Fatalf("expected no error, got %v", err)
	}

	if creds.Payload == "" {
		t.Fatalf("expected non-empty payload")
	}

	_, err = strconv.ParseInt(creds.Payload, 10, 64)
	if err != nil {
		t.Fatalf("expected payload to be a valid unix timestamp, got %v", err)
	}

	_, err = base64.StdEncoding.DecodeString(creds.Signature)
	if err != nil {
		t.Fatalf("expected signature to be base64 encoded, got %v", err)
	}
}

func TestValidateCredentials(t *testing.T) {
	secret := "supersecret"
	timeToLive := 1 * time.Hour
	manager := NewTimedHMAC(secret, timeToLive)

	// Test valid token
	creds, err := manager.GenerateToken(sha1.New)
	if err != nil {
		t.Fatalf("expected no error, got %v", err)
	}

	if err := manager.Validate(sha1.New, *creds); err != nil {
		t.Fatalf("expected valid token: %s", err)
	}
}

func TestInvalidSignature(t *testing.T) {
	secret := "supersecret"
	timeToLive := 1 * time.Hour
	manager := NewTimedHMAC(secret, timeToLive)

	creds, err := manager.GenerateToken(sha256.New)
	if err != nil {
		t.Fatalf("expected no error, got %v", err)
	}

	invalidCreds := &Token{
		Payload:   creds.Payload,
		Signature: "invalidsignature",
	}

	if err = manager.Validate(sha1.New, *invalidCreds); err == nil {
		t.Fatalf("expected invalid token due to signature mismatch")
	}
}

func TestExpired(t *testing.T) {
	secret := "supersecret"
	v := NewTimedHMAC(secret, -1*time.Hour)
	expiredCreds, err := v.GenerateToken(sha256.New)
	if err != nil {
		t.Fatalf("expected no error, got %v", err)
	}

	if err = v.Validate(sha1.New, *expiredCreds); err == nil {
		t.Fatalf("expected invalid token due to expiration")
	}
}

func TestInvalidPayload(t *testing.T) {
	secret := "supersecret"
	timeToLive := 1 * time.Hour
	v := NewTimedHMAC(secret, timeToLive)

	creds, err := v.GenerateToken(sha256.New)
	if err != nil {
		t.Fatalf("expected no error, got %v", err)
	}

	// Test invalid payload
	invalidPayloadCreds := &Token{
		Payload:   "invalidtimestamp",
		Signature: creds.Signature,
	}

	if err = v.Validate(sha1.New, *invalidPayloadCreds); err == nil {
		t.Fatalf("expected invalid token due to invalid payload")
	}
}
[relay] Feature/relay integration (#2244) This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port. - Adds new relay implementation with websocket with single port relaying mechanism - refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection - peer connections are faster since it connects first to relay and then upgrades to P2P - maintains compatibility with old clients by not using the new relay - updates infrastructure scripts with new relay service 2024-09-08 12:06:14 +02:00			`package hmac`

			`import (`
			`"crypto/sha1"`
			`"crypto/sha256"`
			`"encoding/base64"`
			`"strconv"`
			`"testing"`
			`"time"`
			`)`

			`func TestGenerateCredentials(t *testing.T) {`
			`secret := "secret"`
			`timeToLive := 1 * time.Hour`
			`v := NewTimedHMAC(secret, timeToLive)`

			`creds, err := v.GenerateToken(sha1.New)`
			`if err != nil {`
			`t.Fatalf("expected no error, got %v", err)`
			`}`

			`if creds.Payload == "" {`
			`t.Fatalf("expected non-empty payload")`
			`}`

			`_, err = strconv.ParseInt(creds.Payload, 10, 64)`
			`if err != nil {`
			`t.Fatalf("expected payload to be a valid unix timestamp, got %v", err)`
			`}`

			`_, err = base64.StdEncoding.DecodeString(creds.Signature)`
			`if err != nil {`
			`t.Fatalf("expected signature to be base64 encoded, got %v", err)`
			`}`
			`}`

			`func TestValidateCredentials(t *testing.T) {`
			`secret := "supersecret"`
			`timeToLive := 1 * time.Hour`
			`manager := NewTimedHMAC(secret, timeToLive)`

			`// Test valid token`
			`creds, err := manager.GenerateToken(sha1.New)`
			`if err != nil {`
			`t.Fatalf("expected no error, got %v", err)`
			`}`

			`if err := manager.Validate(sha1.New, *creds); err != nil {`
			`t.Fatalf("expected valid token: %s", err)`
			`}`
			`}`

			`func TestInvalidSignature(t *testing.T) {`
			`secret := "supersecret"`
			`timeToLive := 1 * time.Hour`
			`manager := NewTimedHMAC(secret, timeToLive)`

			`creds, err := manager.GenerateToken(sha256.New)`
			`if err != nil {`
			`t.Fatalf("expected no error, got %v", err)`
			`}`

			`invalidCreds := &Token{`
			`Payload: creds.Payload,`
			`Signature: "invalidsignature",`
			`}`

			`if err = manager.Validate(sha1.New, *invalidCreds); err == nil {`
			`t.Fatalf("expected invalid token due to signature mismatch")`
			`}`
			`}`

			`func TestExpired(t *testing.T) {`
			`secret := "supersecret"`
			`v := NewTimedHMAC(secret, -1*time.Hour)`
			`expiredCreds, err := v.GenerateToken(sha256.New)`
			`if err != nil {`
			`t.Fatalf("expected no error, got %v", err)`
			`}`

			`if err = v.Validate(sha1.New, *expiredCreds); err == nil {`
			`t.Fatalf("expected invalid token due to expiration")`
			`}`
			`}`

			`func TestInvalidPayload(t *testing.T) {`
			`secret := "supersecret"`
			`timeToLive := 1 * time.Hour`
			`v := NewTimedHMAC(secret, timeToLive)`

			`creds, err := v.GenerateToken(sha256.New)`
			`if err != nil {`
			`t.Fatalf("expected no error, got %v", err)`
			`}`

			`// Test invalid payload`
			`invalidPayloadCreds := &Token{`
			`Payload: "invalidtimestamp",`
			`Signature: creds.Signature,`
			`}`

			`if err = v.Validate(sha1.New, *invalidPayloadCreds); err == nil {`
			`t.Fatalf("expected invalid token due to invalid payload")`
			`}`
			`}`