2018-02-01 01:04:56 +01:00
|
|
|
package macaroons_test
|
|
|
|
|
|
|
|
import (
|
2019-09-23 16:34:58 +02:00
|
|
|
"context"
|
2018-02-01 01:04:56 +01:00
|
|
|
"io/ioutil"
|
|
|
|
"os"
|
|
|
|
"path"
|
|
|
|
"testing"
|
|
|
|
|
2020-01-10 03:45:26 +01:00
|
|
|
"github.com/lightningnetwork/lnd/channeldb/kvdb"
|
2018-02-01 01:04:56 +01:00
|
|
|
"github.com/lightningnetwork/lnd/macaroons"
|
|
|
|
|
2018-06-05 03:34:16 +02:00
|
|
|
"github.com/btcsuite/btcwallet/snacl"
|
2020-10-06 17:23:29 +02:00
|
|
|
"github.com/stretchr/testify/require"
|
2018-02-01 01:04:56 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestStore(t *testing.T) {
|
|
|
|
tempDir, err := ioutil.TempDir("", "macaroonstore-")
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
|
|
|
defer func() {
|
|
|
|
_ = os.RemoveAll(tempDir)
|
|
|
|
}()
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-01-10 03:45:26 +01:00
|
|
|
db, err := kvdb.Create(
|
|
|
|
kvdb.BoltBackendName, path.Join(tempDir, "weks.db"), true,
|
|
|
|
)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
|
|
|
store, err := macaroons.NewRootKeyStorage(db)
|
|
|
|
if err != nil {
|
2020-10-06 17:23:29 +02:00
|
|
|
_ = db.Close()
|
2018-02-01 01:04:56 +01:00
|
|
|
t.Fatalf("Error creating root key store: %v", err)
|
|
|
|
}
|
2020-10-06 17:23:29 +02:00
|
|
|
defer func() {
|
|
|
|
_ = store.Close()
|
|
|
|
}()
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2019-09-23 16:34:58 +02:00
|
|
|
_, _, err = store.RootKey(context.TODO())
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrStoreLocked, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2019-09-23 16:34:58 +02:00
|
|
|
_, err = store.Get(context.TODO(), nil)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrStoreLocked, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
|
|
|
pw := []byte("weks")
|
|
|
|
err = store.CreateUnlock(&pw)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-07-23 18:26:59 +02:00
|
|
|
// Check ErrContextRootKeyID is returned when no root key ID found in
|
|
|
|
// context.
|
|
|
|
_, _, err = store.RootKey(context.TODO())
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrContextRootKeyID, err)
|
2020-07-23 18:26:59 +02:00
|
|
|
|
|
|
|
// Check ErrMissingRootKeyID is returned when empty root key ID is used.
|
2020-10-06 17:23:29 +02:00
|
|
|
emptyKeyID := make([]byte, 0)
|
2020-07-23 18:26:59 +02:00
|
|
|
badCtx := macaroons.ContextWithRootKeyID(context.TODO(), emptyKeyID)
|
|
|
|
_, _, err = store.RootKey(badCtx)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrMissingRootKeyID, err)
|
2020-07-23 18:26:59 +02:00
|
|
|
|
|
|
|
// Create a context with illegal root key ID value.
|
|
|
|
encryptedKeyID := []byte("enckey")
|
|
|
|
badCtx = macaroons.ContextWithRootKeyID(context.TODO(), encryptedKeyID)
|
|
|
|
_, _, err = store.RootKey(badCtx)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrKeyValueForbidden, err)
|
2020-07-23 18:26:59 +02:00
|
|
|
|
|
|
|
// Create a context with root key ID value.
|
|
|
|
ctx := macaroons.ContextWithRootKeyID(
|
|
|
|
context.TODO(), macaroons.DefaultRootKeyID,
|
|
|
|
)
|
|
|
|
key, id, err := store.RootKey(ctx)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
2020-07-23 18:26:59 +02:00
|
|
|
|
2018-02-01 01:04:56 +01:00
|
|
|
rootID := id
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.DefaultRootKeyID, rootID)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-07-23 18:26:59 +02:00
|
|
|
key2, err := store.Get(ctx, id)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, key, key2)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
|
|
|
badpw := []byte("badweks")
|
|
|
|
err = store.CreateUnlock(&badpw)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrAlreadyUnlocked, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-10-06 17:23:29 +02:00
|
|
|
_ = store.Close()
|
2020-01-10 03:45:26 +01:00
|
|
|
|
2018-02-01 01:04:56 +01:00
|
|
|
// Between here and the re-opening of the store, it's possible to get
|
|
|
|
// a double-close, but that's not such a big deal since the tests will
|
|
|
|
// fail anyway in that case.
|
2020-01-10 03:45:26 +01:00
|
|
|
db, err = kvdb.Create(
|
|
|
|
kvdb.BoltBackendName, path.Join(tempDir, "weks.db"), true,
|
|
|
|
)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
|
|
|
store, err = macaroons.NewRootKeyStorage(db)
|
|
|
|
if err != nil {
|
2020-10-06 17:23:29 +02:00
|
|
|
_ = db.Close()
|
2018-02-01 01:04:56 +01:00
|
|
|
t.Fatalf("Error creating root key store: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
err = store.CreateUnlock(&badpw)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, snacl.ErrInvalidPassword, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
|
|
|
err = store.CreateUnlock(nil)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrPasswordRequired, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-07-23 18:26:59 +02:00
|
|
|
_, _, err = store.RootKey(ctx)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrStoreLocked, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-07-23 18:26:59 +02:00
|
|
|
_, err = store.Get(ctx, nil)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.Equal(t, macaroons.ErrStoreLocked, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
|
|
|
err = store.CreateUnlock(&pw)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-07-23 18:26:59 +02:00
|
|
|
key, err = store.Get(ctx, rootID)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, key, key2)
|
2018-02-01 01:04:56 +01:00
|
|
|
|
2020-07-23 18:26:59 +02:00
|
|
|
key, id, err = store.RootKey(ctx)
|
2020-10-06 17:23:29 +02:00
|
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, key, key2)
|
|
|
|
require.Equal(t, rootID, id)
|
2018-02-01 01:04:56 +01:00
|
|
|
}
|