mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-15 11:21:04 +01:00
0c039274a4
This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port. - Adds new relay implementation with websocket with single port relaying mechanism - refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection - peer connections are faster since it connects first to relay and then upgrades to P2P - maintains compatibility with old clients by not using the new relay - updates infrastructure scripts with new relay service
106 lines
2.4 KiB
Go
106 lines
2.4 KiB
Go
package hmac
|
|
|
|
import (
|
|
"crypto/sha1"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"strconv"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestGenerateCredentials(t *testing.T) {
|
|
secret := "secret"
|
|
timeToLive := 1 * time.Hour
|
|
v := NewTimedHMAC(secret, timeToLive)
|
|
|
|
creds, err := v.GenerateToken(sha1.New)
|
|
if err != nil {
|
|
t.Fatalf("expected no error, got %v", err)
|
|
}
|
|
|
|
if creds.Payload == "" {
|
|
t.Fatalf("expected non-empty payload")
|
|
}
|
|
|
|
_, err = strconv.ParseInt(creds.Payload, 10, 64)
|
|
if err != nil {
|
|
t.Fatalf("expected payload to be a valid unix timestamp, got %v", err)
|
|
}
|
|
|
|
_, err = base64.StdEncoding.DecodeString(creds.Signature)
|
|
if err != nil {
|
|
t.Fatalf("expected signature to be base64 encoded, got %v", err)
|
|
}
|
|
}
|
|
|
|
func TestValidateCredentials(t *testing.T) {
|
|
secret := "supersecret"
|
|
timeToLive := 1 * time.Hour
|
|
manager := NewTimedHMAC(secret, timeToLive)
|
|
|
|
// Test valid token
|
|
creds, err := manager.GenerateToken(sha1.New)
|
|
if err != nil {
|
|
t.Fatalf("expected no error, got %v", err)
|
|
}
|
|
|
|
if err := manager.Validate(sha1.New, *creds); err != nil {
|
|
t.Fatalf("expected valid token: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestInvalidSignature(t *testing.T) {
|
|
secret := "supersecret"
|
|
timeToLive := 1 * time.Hour
|
|
manager := NewTimedHMAC(secret, timeToLive)
|
|
|
|
creds, err := manager.GenerateToken(sha256.New)
|
|
if err != nil {
|
|
t.Fatalf("expected no error, got %v", err)
|
|
}
|
|
|
|
invalidCreds := &Token{
|
|
Payload: creds.Payload,
|
|
Signature: "invalidsignature",
|
|
}
|
|
|
|
if err = manager.Validate(sha1.New, *invalidCreds); err == nil {
|
|
t.Fatalf("expected invalid token due to signature mismatch")
|
|
}
|
|
}
|
|
|
|
func TestExpired(t *testing.T) {
|
|
secret := "supersecret"
|
|
v := NewTimedHMAC(secret, -1*time.Hour)
|
|
expiredCreds, err := v.GenerateToken(sha256.New)
|
|
if err != nil {
|
|
t.Fatalf("expected no error, got %v", err)
|
|
}
|
|
|
|
if err = v.Validate(sha1.New, *expiredCreds); err == nil {
|
|
t.Fatalf("expected invalid token due to expiration")
|
|
}
|
|
}
|
|
|
|
func TestInvalidPayload(t *testing.T) {
|
|
secret := "supersecret"
|
|
timeToLive := 1 * time.Hour
|
|
v := NewTimedHMAC(secret, timeToLive)
|
|
|
|
creds, err := v.GenerateToken(sha256.New)
|
|
if err != nil {
|
|
t.Fatalf("expected no error, got %v", err)
|
|
}
|
|
|
|
// Test invalid payload
|
|
invalidPayloadCreds := &Token{
|
|
Payload: "invalidtimestamp",
|
|
Signature: creds.Signature,
|
|
}
|
|
|
|
if err = v.Validate(sha1.New, *invalidPayloadCreds); err == nil {
|
|
t.Fatalf("expected invalid token due to invalid payload")
|
|
}
|
|
}
|