lnd/macaroons/bake_test.go

59 lines
1.6 KiB
Go
Raw Permalink Normal View History

package macaroons_test
import (
"context"
"encoding/hex"
"testing"
"github.com/lightningnetwork/lnd/macaroons"
"github.com/stretchr/testify/require"
"google.golang.org/grpc/metadata"
"gopkg.in/macaroon-bakery.v2/bakery"
)
// TestBakeFromRootKey tests that a macaroon can be baked from a root key
// directly without needing to create a store or service first.
func TestBakeFromRootKey(t *testing.T) {
// Create a test store and unlock it.
_, store := newTestStore(t)
pw := []byte("weks")
err := store.CreateUnlock(&pw)
require.NoError(t, err)
// Force the store to create a new random root key.
key, id, err := store.RootKey(defaultRootKeyIDContext)
require.NoError(t, err)
require.Len(t, key, 32)
tmpKey, err := store.Get(defaultRootKeyIDContext, id)
require.NoError(t, err)
require.Equal(t, key, tmpKey)
// Create a service that uses the root key store.
service, err := macaroons.NewService(store, "lnd", false)
require.NoError(t, err, "Error creating new service")
defer func() {
require.NoError(t, service.Close())
}()
// Call the BakeFromRootKey function that derives a macaroon directly
// from the root key.
perms := []bakery.Op{{Entity: "foo", Action: "bar"}}
mac, err := macaroons.BakeFromRootKey(key, perms)
require.NoError(t, err)
macaroonBytes, err := mac.MarshalBinary()
require.NoError(t, err)
md := metadata.New(map[string]string{
"macaroon": hex.EncodeToString(macaroonBytes),
})
macCtx := metadata.NewIncomingContext(context.Background(), md)
// The macaroon should be valid for the service, since the root key was
// the same.
err = service.ValidateMacaroon(macCtx, nil, "baz")
require.NoError(t, err)
}