diff options
| author | cerevra <cerevra@yandex-team.ru> | 2022-02-10 16:45:58 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:58 +0300 |
| commit | bf41dd01f6c920583e9faae7cd55ed25e547e052 (patch) | |
| tree | ec7c8c285ffa648a5c5efeff453787a15ab811ac /library/cpp/tvmauth/src | |
| parent | e2c3e3004f7cd68441cefcfa4aaccd3d8051c846 (diff) | |
| download | ydb-bf41dd01f6c920583e9faae7cd55ed25e547e052.tar.gz | |
Restoring authorship annotation for <cerevra@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'library/cpp/tvmauth/src')
41 files changed, 1804 insertions, 1804 deletions
diff --git a/library/cpp/tvmauth/src/parser.cpp b/library/cpp/tvmauth/src/parser.cpp index 358de58d365..b91b96bf3bc 100644 --- a/library/cpp/tvmauth/src/parser.cpp +++ b/library/cpp/tvmauth/src/parser.cpp @@ -2,26 +2,26 @@ #include "utils.h" -#include <library/cpp/tvmauth/exception.h> +#include <library/cpp/tvmauth/exception.h> #include <util/generic/strbuf.h> #include <util/string/split.h> #include <ctime> -namespace NTvmAuth { +namespace NTvmAuth { TString TParserTvmKeys::ParseStrV1(TStringBuf str) { while (str && str.back() == '\n') { str.Chop(1); } - TStringBuf ver = str.NextTok(DELIM); + TStringBuf ver = str.NextTok(DELIM); if (!str || !ver || ver != "1") { - throw TMalformedTvmKeysException() << "Malformed TVM keys"; + throw TMalformedTvmKeysException() << "Malformed TVM keys"; } TString res = NUtils::Base64url2bin(str); if (res.empty()) { - throw TMalformedTvmKeysException() << "Malformed TVM keys"; + throw TMalformedTvmKeysException() << "Malformed TVM keys"; } return res; } @@ -39,25 +39,25 @@ namespace NTvmAuth { TParserTickets::TRes TParserTickets::ParseV3(TStringBuf body, const NRw::TPublicKeys& keys, TStringBuf type) { TStrRes str = ParseStrV3(body, type); TRes res(str.Status); - if (str.Status != ETicketStatus::Ok) { + if (str.Status != ETicketStatus::Ok) { return TRes(str.Status); } if (!res.Ticket.ParseFromString(str.Proto)) { - res.Status = ETicketStatus::Malformed; + res.Status = ETicketStatus::Malformed; return res; } if (res.Ticket.expirationtime() <= time(nullptr)) { - res.Status = ETicketStatus::Expired; + res.Status = ETicketStatus::Expired; return res; } auto itKey = keys.find(res.Ticket.keyid()); if (itKey == keys.end()) { - res.Status = ETicketStatus::MissingKey; + res.Status = ETicketStatus::MissingKey; return res; } if (!itKey->second.CheckSign(str.ForCheck, str.Sign)) { - res.Status = ETicketStatus::SignBroken; + res.Status = ETicketStatus::SignBroken; return res; } return res; @@ -66,32 +66,32 @@ namespace NTvmAuth { TParserTickets::TStrRes TParserTickets::ParseStrV3(TStringBuf body, TStringBuf type) { TStringBuf forCheck = body; TStringBuf version = body.NextTok(DELIM); - if (!body || version.size() != 1) { - return {ETicketStatus::Malformed, {}, {}, {}}; - } + if (!body || version.size() != 1) { + return {ETicketStatus::Malformed, {}, {}, {}}; + } if (version != "3") { - return {ETicketStatus::UnsupportedVersion, {}, {}, {}}; + return {ETicketStatus::UnsupportedVersion, {}, {}, {}}; } TStringBuf ticketType = body.NextTok(DELIM); if (ticketType != type) { - return {ETicketStatus::InvalidTicketType, {}, {}, {}}; + return {ETicketStatus::InvalidTicketType, {}, {}, {}}; } TStringBuf proto = body.NextTok(DELIM); TStringBuf sign = body.NextTok(DELIM); if (!proto || !sign || body.size() > 0) { - return {ETicketStatus::Malformed, {}, {}, {}}; + return {ETicketStatus::Malformed, {}, {}, {}}; } TString protoBin = NUtils::Base64url2bin(proto); TString signBin = NUtils::Base64url2bin(sign); if (!protoBin || !signBin) { - return {ETicketStatus::Malformed, {}, {}, {}}; + return {ETicketStatus::Malformed, {}, {}, {}}; } - return {ETicketStatus::Ok, std::move(protoBin), std::move(signBin), forCheck.Chop(sign.size())}; + return {ETicketStatus::Ok, std::move(protoBin), std::move(signBin), forCheck.Chop(sign.size())}; } -} +} diff --git a/library/cpp/tvmauth/src/parser.h b/library/cpp/tvmauth/src/parser.h index 678e7094446..5424ff1f3a8 100644 --- a/library/cpp/tvmauth/src/parser.h +++ b/library/cpp/tvmauth/src/parser.h @@ -1,17 +1,17 @@ #pragma once -#include <library/cpp/tvmauth/src/protos/ticket2.pb.h> -#include <library/cpp/tvmauth/src/rw/keys.h> +#include <library/cpp/tvmauth/src/protos/ticket2.pb.h> +#include <library/cpp/tvmauth/src/rw/keys.h> -#include <library/cpp/tvmauth/ticket_status.h> +#include <library/cpp/tvmauth/ticket_status.h> #include <util/generic/fwd.h> #include <string> -namespace NTvmAuth { +namespace NTvmAuth { struct TParserTvmKeys { - static inline const char DELIM = ':'; + static inline const char DELIM = ':'; static TString ParseStrV1(TStringBuf str); }; @@ -22,12 +22,12 @@ namespace NTvmAuth { static TStringBuf ServiceFlag(); struct TRes { - TRes(ETicketStatus status) + TRes(ETicketStatus status) : Status(status) { } - ETicketStatus Status; + ETicketStatus Status; ticket2::Ticket Ticket; }; @@ -35,7 +35,7 @@ namespace NTvmAuth { // private: struct TStrRes { - const ETicketStatus Status; + const ETicketStatus Status; TString Proto; TString Sign; @@ -48,4 +48,4 @@ namespace NTvmAuth { }; static TStrRes ParseStrV3(TStringBuf body, TStringBuf type); }; -} +} diff --git a/library/cpp/tvmauth/src/protos/ticket2.proto b/library/cpp/tvmauth/src/protos/ticket2.proto index 66c00a7d01c..97faf48a4f5 100644 --- a/library/cpp/tvmauth/src/protos/ticket2.proto +++ b/library/cpp/tvmauth/src/protos/ticket2.proto @@ -1,8 +1,8 @@ package ticket2; -option go_package = "a.yandex-team.ru/library/cpp/tvmauth/src/protos"; - -import "library/cpp/tvmauth/src/protos/tvm_keys.proto"; +option go_package = "a.yandex-team.ru/library/cpp/tvmauth/src/protos"; + +import "library/cpp/tvmauth/src/protos/tvm_keys.proto"; message User { required uint64 uid = 1; diff --git a/library/cpp/tvmauth/src/protos/tvm_keys.proto b/library/cpp/tvmauth/src/protos/tvm_keys.proto index 9ba42dbf805..5c85fd2a703 100644 --- a/library/cpp/tvmauth/src/protos/tvm_keys.proto +++ b/library/cpp/tvmauth/src/protos/tvm_keys.proto @@ -1,9 +1,9 @@ package tvm_keys; -option go_package = "a.yandex-team.ru/library/cpp/tvmauth/src/protos"; - +option go_package = "a.yandex-team.ru/library/cpp/tvmauth/src/protos"; + enum KeyType { - RabinWilliams = 0; + RabinWilliams = 0; } enum BbEnvType { diff --git a/library/cpp/tvmauth/src/protos/ya.make b/library/cpp/tvmauth/src/protos/ya.make index c2d579dc400..78d7c812afb 100644 --- a/library/cpp/tvmauth/src/protos/ya.make +++ b/library/cpp/tvmauth/src/protos/ya.make @@ -1,9 +1,9 @@ PROTO_LIBRARY() -OWNER(g:passport_infra) - -INCLUDE_TAGS(GO_PROTO) +OWNER(g:passport_infra) +INCLUDE_TAGS(GO_PROTO) + SRCS( ticket2.proto tvm_keys.proto diff --git a/library/cpp/tvmauth/src/rw/keys.cpp b/library/cpp/tvmauth/src/rw/keys.cpp index 5395287f5cb..d37587c451f 100644 --- a/library/cpp/tvmauth/src/rw/keys.cpp +++ b/library/cpp/tvmauth/src/rw/keys.cpp @@ -2,137 +2,137 @@ #include "rw.h" -#include <library/cpp/openssl/init/init.h> - +#include <library/cpp/openssl/init/init.h> + #include <contrib/libs/openssl/include/openssl/evp.h> #include <util/generic/strbuf.h> -#include <util/generic/yexception.h> - -namespace { - struct TInit { - TInit() { - InitOpenSSL(); - } - } INIT; -} - -namespace NTvmAuth { +#include <util/generic/yexception.h> + +namespace { + struct TInit { + TInit() { + InitOpenSSL(); + } + } INIT; +} + +namespace NTvmAuth { namespace NRw { - namespace NPrivate { - void TRwDestroyer::Destroy(TRwInternal* o) { - RwFree(o); - } - - class TArrayDestroyer { - public: - static void Destroy(unsigned char* o) { - free(o); - } - }; - } - - static TString SerializeRW(TRwKey* rw, int (*func)(const TRwKey*, unsigned char**)) { + namespace NPrivate { + void TRwDestroyer::Destroy(TRwInternal* o) { + RwFree(o); + } + + class TArrayDestroyer { + public: + static void Destroy(unsigned char* o) { + free(o); + } + }; + } + + static TString SerializeRW(TRwKey* rw, int (*func)(const TRwKey*, unsigned char**)) { unsigned char* buf = nullptr; int size = func(rw, &buf); - THolder<unsigned char, NPrivate::TArrayDestroyer> guard(buf); + THolder<unsigned char, NPrivate::TArrayDestroyer> guard(buf); return TString((char*)buf, size); } - TKeyPair GenKeyPair(size_t size) { - TRw rw(RwNew()); - RwGenerateKey(rw.Get(), size); - - TRw skey(RwPrivateKeyDup(rw.Get())); - TRw vkey(RwPublicKeyDup(rw.Get())); - - TKeyPair res; - res.Private = SerializeRW(skey.Get(), &i2d_RWPrivateKey); - res.Public = SerializeRW(vkey.Get(), &i2d_RWPublicKey); - - TRwPrivateKey prKey(res.Private, 0); - TRwPublicKey pubKey(res.Public); - - const TStringBuf msg = "Test test test test test"; - - Y_ENSURE(pubKey.CheckSign(msg, prKey.SignTicket(msg)), "Failed to gen keys"); - - return res; + TKeyPair GenKeyPair(size_t size) { + TRw rw(RwNew()); + RwGenerateKey(rw.Get(), size); + + TRw skey(RwPrivateKeyDup(rw.Get())); + TRw vkey(RwPublicKeyDup(rw.Get())); + + TKeyPair res; + res.Private = SerializeRW(skey.Get(), &i2d_RWPrivateKey); + res.Public = SerializeRW(vkey.Get(), &i2d_RWPublicKey); + + TRwPrivateKey prKey(res.Private, 0); + TRwPublicKey pubKey(res.Public); + + const TStringBuf msg = "Test test test test test"; + + Y_ENSURE(pubKey.CheckSign(msg, prKey.SignTicket(msg)), "Failed to gen keys"); + + return res; } TRwPrivateKey::TRwPrivateKey(TStringBuf body, TKeyId id) - : Id_(id) - , Rw_(Deserialize(body)) - , SignLen_(RwModSize(Rw_.Get())) + : Id_(id) + , Rw_(Deserialize(body)) + , SignLen_(RwModSize(Rw_.Get())) { - Y_ENSURE(SignLen_ > 0, "Private key has bad len: " << SignLen_); + Y_ENSURE(SignLen_ > 0, "Private key has bad len: " << SignLen_); } TKeyId TRwPrivateKey::GetId() const { - return Id_; + return Id_; } TString TRwPrivateKey::SignTicket(TStringBuf ticket) const { - TString res(SignLen_, 0x00); - - int len = RwPssrSignMsg(ticket.size(), - (const unsigned char*)ticket.data(), - (unsigned char*)res.data(), - Rw_.Get(), - (EVP_MD*)EVP_sha256()); - - Y_ENSURE(len > 0 && len <= SignLen_, "Signing failed. len: " << len); - - res.resize(len); - return res; + TString res(SignLen_, 0x00); + + int len = RwPssrSignMsg(ticket.size(), + (const unsigned char*)ticket.data(), + (unsigned char*)res.data(), + Rw_.Get(), + (EVP_MD*)EVP_sha256()); + + Y_ENSURE(len > 0 && len <= SignLen_, "Signing failed. len: " << len); + + res.resize(len); + return res; } TRw TRwPrivateKey::Deserialize(TStringBuf key) { - TRwKey* rw = nullptr; + TRwKey* rw = nullptr; auto data = reinterpret_cast<const unsigned char*>(key.data()); if (!d2i_RWPrivateKey(&rw, &data, key.size())) { - ythrow yexception() << "Private key is malformed"; + ythrow yexception() << "Private key is malformed"; } - return TRw(rw); + return TRw(rw); } TRwPublicKey::TRwPublicKey(TStringBuf body) - : Rw_(Deserialize(body)) + : Rw_(Deserialize(body)) { } bool TRwPublicKey::CheckSign(TStringBuf ticket, TStringBuf sign) const { - int result = RwPssrVerifyMsg(ticket.size(), - (const unsigned char*)ticket.data(), - (unsigned char*)sign.data(), - sign.size(), - Rw_.Get(), - (EVP_MD*)EVP_sha256()); - - Y_ENSURE(result >= 0, "Failed to check sign: " << result); + int result = RwPssrVerifyMsg(ticket.size(), + (const unsigned char*)ticket.data(), + (unsigned char*)sign.data(), + sign.size(), + Rw_.Get(), + (EVP_MD*)EVP_sha256()); + + Y_ENSURE(result >= 0, "Failed to check sign: " << result); return result; } TRw TRwPublicKey::Deserialize(TStringBuf key) { - TRwKey* rw = nullptr; + TRwKey* rw = nullptr; auto data = reinterpret_cast<const unsigned char*>(key.data()); - auto status = d2i_RWPublicKey(&rw, &data, key.size()); - - TRw res(rw); - Y_ENSURE(status, "Public key is malformed: " << key); - return res; - } - - TSecureHeap::TSecureHeap(size_t totalSize, int minChunkSize) { - CRYPTO_secure_malloc_init(totalSize, minChunkSize); - } - - TSecureHeap::~TSecureHeap() { - CRYPTO_secure_malloc_done(); - } - - void TSecureHeap::Init(size_t totalSize, int minChunkSize) { - Singleton<TSecureHeap>(totalSize, minChunkSize); + auto status = d2i_RWPublicKey(&rw, &data, key.size()); + + TRw res(rw); + Y_ENSURE(status, "Public key is malformed: " << key); + return res; } + + TSecureHeap::TSecureHeap(size_t totalSize, int minChunkSize) { + CRYPTO_secure_malloc_init(totalSize, minChunkSize); + } + + TSecureHeap::~TSecureHeap() { + CRYPTO_secure_malloc_done(); + } + + void TSecureHeap::Init(size_t totalSize, int minChunkSize) { + Singleton<TSecureHeap>(totalSize, minChunkSize); + } } } diff --git a/library/cpp/tvmauth/src/rw/keys.h b/library/cpp/tvmauth/src/rw/keys.h index e02b7e72a17..1070b78358a 100644 --- a/library/cpp/tvmauth/src/rw/keys.h +++ b/library/cpp/tvmauth/src/rw/keys.h @@ -1,29 +1,29 @@ #pragma once -#include <util/generic/ptr.h> -#include <util/generic/string.h> +#include <util/generic/ptr.h> +#include <util/generic/string.h> #include <unordered_map> -struct TRwInternal; +struct TRwInternal; -namespace NTvmAuth { +namespace NTvmAuth { namespace NRw { - namespace NPrivate { - class TRwDestroyer { - public: - static void Destroy(TRwInternal* o); - }; - } - - using TRw = THolder<TRwInternal, NPrivate::TRwDestroyer>; - using TKeyId = ui32; - + namespace NPrivate { + class TRwDestroyer { + public: + static void Destroy(TRwInternal* o); + }; + } + + using TRw = THolder<TRwInternal, NPrivate::TRwDestroyer>; + using TKeyId = ui32; + struct TKeyPair { - TString Private; - TString Public; + TString Private; + TString Public; }; - TKeyPair GenKeyPair(size_t size); + TKeyPair GenKeyPair(size_t size); class TRwPrivateKey { public: @@ -35,9 +35,9 @@ namespace NTvmAuth { private: static TRw Deserialize(TStringBuf key); - TKeyId Id_; - TRw Rw_; - int SignLen_; + TKeyId Id_; + TRw Rw_; + int SignLen_; }; class TRwPublicKey { @@ -49,17 +49,17 @@ namespace NTvmAuth { private: static TRw Deserialize(TStringBuf key); - TRw Rw_; + TRw Rw_; }; using TPublicKeys = std::unordered_map<TKeyId, TRwPublicKey>; - - class TSecureHeap { - public: - TSecureHeap(size_t totalSize, int minChunkSize); - ~TSecureHeap(); - - static void Init(size_t totalSize = 16 * 1024 * 1024, int minChunkSize = 16); - }; + + class TSecureHeap { + public: + TSecureHeap(size_t totalSize, int minChunkSize); + ~TSecureHeap(); + + static void Init(size_t totalSize = 16 * 1024 * 1024, int minChunkSize = 16); + }; } } diff --git a/library/cpp/tvmauth/src/rw/rw.h b/library/cpp/tvmauth/src/rw/rw.h index cbff96b85d1..1f8805dab30 100644 --- a/library/cpp/tvmauth/src/rw/rw.h +++ b/library/cpp/tvmauth/src/rw/rw.h @@ -7,79 +7,79 @@ extern "C" { #endif - typedef struct { - BIGNUM* S; - } TRwSignature; - - /*Rabin–Williams*/ - typedef struct TRwInternal TRwKey; - - typedef struct { - TRwSignature* (*RwSign)(const unsigned char* dgst, const int dlen, TRwKey* rw); - int (*RwVerify)(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); - int (*RwApply)(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); - } TRwMethod; - - struct TRwInternal { - /* first private multiplier */ - BIGNUM* P; - /* second private multiplier */ - BIGNUM* Q; - /* n = p*q - RW modulus */ - BIGNUM* N; - /* precomputed 2^((3q-5)/8) mod q */ - BIGNUM* Twomq; - /* precomputed 2^((9p-11)/8) mod p*/ - BIGNUM* Twomp; - /* precomputed q^(p-2) == q^(-1) mod p */ - BIGNUM* Iqmp; - /* (q+1) / 8 */ - BIGNUM* Dq; - /* (p-3) / 8 */ - BIGNUM* Dp; - /* functions for working with RW */ - const TRwMethod* Meth; - }; - - TRwSignature* RwSignatureNew(void); - void RwSignatureFree(TRwSignature* a); - - /* RW signing functions */ - /* the function can put some tmp values to rw */ - int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md); - int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md); - - /* RW-PSS verification functions */ - int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); - int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); - - /* internal functions, use them only if you know what you're doing */ - int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw); - int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw); - - const TRwMethod* RwDefaultMethods(void); - - TRwKey* RwNew(void); - void RwFree(TRwKey* r); - int RwSize(const TRwKey* rw); - int RwModSize(const TRwKey* rw); - - TRwKey* RwPublicKeyDup(TRwKey* rw); - TRwKey* RwPrivateKeyDup(TRwKey* rw); - - // NOLINTNEXTLINE(readability-identifier-naming) - TRwKey* d2i_RWPublicKey(TRwKey** a, const unsigned char** pp, long length); - // NOLINTNEXTLINE(readability-identifier-naming) - TRwKey* d2i_RWPrivateKey(TRwKey** a, const unsigned char** pp, long length); - - int RwGenerateKey(TRwKey* a, int bits); - // NOLINTNEXTLINE(readability-identifier-naming) - int i2d_RWPublicKey(const TRwKey* a, unsigned char** pp); - // NOLINTNEXTLINE(readability-identifier-naming) - int i2d_RWPrivateKey(const TRwKey* a, unsigned char** pp); - - int RwPaddingAddPssr(const TRwKey* rw, unsigned char* EM, const unsigned char* mHash, const EVP_MD* Hash, int sLen); - int RwVerifyPssr(const TRwKey* rw, const unsigned char* mHash, const EVP_MD* Hash, const unsigned char* EM, int sLen); + typedef struct { + BIGNUM* S; + } TRwSignature; + + /*Rabin–Williams*/ + typedef struct TRwInternal TRwKey; + + typedef struct { + TRwSignature* (*RwSign)(const unsigned char* dgst, const int dlen, TRwKey* rw); + int (*RwVerify)(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); + int (*RwApply)(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); + } TRwMethod; + + struct TRwInternal { + /* first private multiplier */ + BIGNUM* P; + /* second private multiplier */ + BIGNUM* Q; + /* n = p*q - RW modulus */ + BIGNUM* N; + /* precomputed 2^((3q-5)/8) mod q */ + BIGNUM* Twomq; + /* precomputed 2^((9p-11)/8) mod p*/ + BIGNUM* Twomp; + /* precomputed q^(p-2) == q^(-1) mod p */ + BIGNUM* Iqmp; + /* (q+1) / 8 */ + BIGNUM* Dq; + /* (p-3) / 8 */ + BIGNUM* Dp; + /* functions for working with RW */ + const TRwMethod* Meth; + }; + + TRwSignature* RwSignatureNew(void); + void RwSignatureFree(TRwSignature* a); + + /* RW signing functions */ + /* the function can put some tmp values to rw */ + int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md); + int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md); + + /* RW-PSS verification functions */ + int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); + int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); + + /* internal functions, use them only if you know what you're doing */ + int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw); + int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw); + + const TRwMethod* RwDefaultMethods(void); + + TRwKey* RwNew(void); + void RwFree(TRwKey* r); + int RwSize(const TRwKey* rw); + int RwModSize(const TRwKey* rw); + + TRwKey* RwPublicKeyDup(TRwKey* rw); + TRwKey* RwPrivateKeyDup(TRwKey* rw); + + // NOLINTNEXTLINE(readability-identifier-naming) + TRwKey* d2i_RWPublicKey(TRwKey** a, const unsigned char** pp, long length); + // NOLINTNEXTLINE(readability-identifier-naming) + TRwKey* d2i_RWPrivateKey(TRwKey** a, const unsigned char** pp, long length); + + int RwGenerateKey(TRwKey* a, int bits); + // NOLINTNEXTLINE(readability-identifier-naming) + int i2d_RWPublicKey(const TRwKey* a, unsigned char** pp); + // NOLINTNEXTLINE(readability-identifier-naming) + int i2d_RWPrivateKey(const TRwKey* a, unsigned char** pp); + + int RwPaddingAddPssr(const TRwKey* rw, unsigned char* EM, const unsigned char* mHash, const EVP_MD* Hash, int sLen); + int RwVerifyPssr(const TRwKey* rw, const unsigned char* mHash, const EVP_MD* Hash, const unsigned char* EM, int sLen); #ifdef __cplusplus } diff --git a/library/cpp/tvmauth/src/rw/rw_asn1.c b/library/cpp/tvmauth/src/rw/rw_asn1.c index 76682dcff47..0eb7134fdb5 100644 --- a/library/cpp/tvmauth/src/rw/rw_asn1.c +++ b/library/cpp/tvmauth/src/rw/rw_asn1.c @@ -8,16 +8,16 @@ /* Override the default new methods */ /* This callback is used by OpenSSL's ASN.1 parser */ -static int SignatureCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { +static int SignatureCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { (void)it; (void)exarg; if (operation == ASN1_OP_NEW_PRE) { - TRwSignature* sig; - sig = OPENSSL_malloc(sizeof(TRwSignature)); + TRwSignature* sig; + sig = OPENSSL_malloc(sizeof(TRwSignature)); if (!sig) return 0; - sig->S = NULL; + sig->S = NULL; *pval = (ASN1_VALUE*)sig; return 2; } @@ -25,25 +25,25 @@ static int SignatureCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* } /* ASN.1 structure representing RW signature value */ -ASN1_SEQUENCE_cb(TRwSignature, SignatureCallback) = { - ASN1_SIMPLE(TRwSignature, S, BIGNUM), -} ASN1_SEQUENCE_END_cb(TRwSignature, TRwSignature) +ASN1_SEQUENCE_cb(TRwSignature, SignatureCallback) = { + ASN1_SIMPLE(TRwSignature, S, BIGNUM), +} ASN1_SEQUENCE_END_cb(TRwSignature, TRwSignature) - /* i2d_ and d2i functions implementation for RW */ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwSignature, TRwSignature, TRwSignature) + /* i2d_ and d2i functions implementation for RW */ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwSignature, TRwSignature, TRwSignature) /* Override the default free and new methods */ - static int RwCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { + static int RwCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { (void)it; (void)exarg; if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE*)RwNew(); + *pval = (ASN1_VALUE*)RwNew(); if (*pval) return 2; return 0; } else if (operation == ASN1_OP_FREE_PRE) { - RwFree((TRwKey*)*pval); + RwFree((TRwKey*)*pval); *pval = NULL; return 2; } @@ -51,31 +51,31 @@ ASN1_SEQUENCE_cb(TRwSignature, SignatureCallback) = { } /* ASN.1 representation of RW's private key */ -ASN1_SEQUENCE_cb(RWPrivateKey, RwCallback) = { - ASN1_SIMPLE(TRwKey, N, BIGNUM), - ASN1_SIMPLE(TRwKey, P, CBIGNUM), - ASN1_SIMPLE(TRwKey, Q, CBIGNUM), - ASN1_SIMPLE(TRwKey, Iqmp, CBIGNUM), - ASN1_SIMPLE(TRwKey, Dq, CBIGNUM), - ASN1_SIMPLE(TRwKey, Dp, CBIGNUM), - ASN1_SIMPLE(TRwKey, Twomp, CBIGNUM), - ASN1_SIMPLE(TRwKey, Twomq, CBIGNUM)} ASN1_SEQUENCE_END_cb(TRwKey, RWPrivateKey); +ASN1_SEQUENCE_cb(RWPrivateKey, RwCallback) = { + ASN1_SIMPLE(TRwKey, N, BIGNUM), + ASN1_SIMPLE(TRwKey, P, CBIGNUM), + ASN1_SIMPLE(TRwKey, Q, CBIGNUM), + ASN1_SIMPLE(TRwKey, Iqmp, CBIGNUM), + ASN1_SIMPLE(TRwKey, Dq, CBIGNUM), + ASN1_SIMPLE(TRwKey, Dp, CBIGNUM), + ASN1_SIMPLE(TRwKey, Twomp, CBIGNUM), + ASN1_SIMPLE(TRwKey, Twomq, CBIGNUM)} ASN1_SEQUENCE_END_cb(TRwKey, RWPrivateKey); -/* i2d_ and d2i_ functions for RW's private key */ -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPrivateKey, RWPrivateKey); +/* i2d_ and d2i_ functions for RW's private key */ +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPrivateKey, RWPrivateKey); -/* ASN.1 representation of RW public key */ -ASN1_SEQUENCE_cb(RWPublicKey, RwCallback) = { - ASN1_SIMPLE(TRwKey, N, BIGNUM), -} ASN1_SEQUENCE_END_cb(TRwKey, RWPublicKey); +/* ASN.1 representation of RW public key */ +ASN1_SEQUENCE_cb(RWPublicKey, RwCallback) = { + ASN1_SIMPLE(TRwKey, N, BIGNUM), +} ASN1_SEQUENCE_END_cb(TRwKey, RWPublicKey); -/* i2d_ and d2i functions for RW public key */ -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPublicKey, RWPublicKey); +/* i2d_ and d2i functions for RW public key */ +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPublicKey, RWPublicKey); -TRwKey* RwPublicKeyDup(TRwKey* rw) { +TRwKey* RwPublicKeyDup(TRwKey* rw) { return ASN1_item_dup(ASN1_ITEM_rptr(RWPublicKey), rw); } -TRwKey* RwPrivateKeyDup(TRwKey* rw) { +TRwKey* RwPrivateKeyDup(TRwKey* rw) { return ASN1_item_dup(ASN1_ITEM_rptr(RWPrivateKey), rw); } diff --git a/library/cpp/tvmauth/src/rw/rw_key.c b/library/cpp/tvmauth/src/rw/rw_key.c index 8375c3ca20c..35a7b60112b 100644 --- a/library/cpp/tvmauth/src/rw/rw_key.c +++ b/library/cpp/tvmauth/src/rw/rw_key.c @@ -2,7 +2,7 @@ #include <contrib/libs/openssl/include/openssl/rand.h> -int RwGenerateKey(TRwKey* rw, int bits) { +int RwGenerateKey(TRwKey* rw, int bits) { int ok = 0; BN_CTX* ctx = NULL; @@ -13,25 +13,25 @@ int RwGenerateKey(TRwKey* rw, int bits) { int bitsq = bits - bitsp; /* make sure that all components are not null */ - if ((ctx = BN_CTX_secure_new()) == NULL) + if ((ctx = BN_CTX_secure_new()) == NULL) goto err; if (!rw) goto err; - if (!rw->N && ((rw->N = BN_new()) == NULL)) + if (!rw->N && ((rw->N = BN_new()) == NULL)) goto err; - if (!rw->P && ((rw->P = BN_new()) == NULL)) + if (!rw->P && ((rw->P = BN_new()) == NULL)) goto err; - if (!rw->Q && ((rw->Q = BN_new()) == NULL)) + if (!rw->Q && ((rw->Q = BN_new()) == NULL)) goto err; - if (!rw->Iqmp && ((rw->Iqmp = BN_new()) == NULL)) + if (!rw->Iqmp && ((rw->Iqmp = BN_new()) == NULL)) goto err; - if (!rw->Twomq && ((rw->Twomq = BN_new()) == NULL)) + if (!rw->Twomq && ((rw->Twomq = BN_new()) == NULL)) goto err; - if (!rw->Twomp && ((rw->Twomp = BN_new()) == NULL)) + if (!rw->Twomp && ((rw->Twomp = BN_new()) == NULL)) goto err; - if (!rw->Dq && ((rw->Dq = BN_new()) == NULL)) + if (!rw->Dq && ((rw->Dq = BN_new()) == NULL)) goto err; - if (!rw->Dp && ((rw->Dp = BN_new()) == NULL)) + if (!rw->Dp && ((rw->Dp = BN_new()) == NULL)) goto err; BN_CTX_start(ctx); @@ -60,32 +60,32 @@ int RwGenerateKey(TRwKey* rw, int bits) { /* add == 8 */ /* rem == 3 */ /* safe == 0 as we don't need (p-1)/2 to be also prime */ - if (!BN_generate_prime_ex(rw->P, bitsp, 0, mod8, rem3, NULL)) + if (!BN_generate_prime_ex(rw->P, bitsp, 0, mod8, rem3, NULL)) goto err; /* generate q */ /* add == 8 */ /* rem == 7 */ /* safe == 0 */ - if (!BN_generate_prime_ex(rw->Q, bitsq, 0, mod8, rem7, NULL)) + if (!BN_generate_prime_ex(rw->Q, bitsq, 0, mod8, rem7, NULL)) goto err; /* n == p*q */ - if (!BN_mul(rw->N, rw->P, rw->Q, ctx)) + if (!BN_mul(rw->N, rw->P, rw->Q, ctx)) goto err; /* n == 5 mod 8 ? */ - if (!BN_nnmod(nmod, rw->N, mod8, ctx)) + if (!BN_nnmod(nmod, rw->N, mod8, ctx)) goto err; if (BN_ucmp(rem5, nmod) != 0) goto err; /* q^(-1) mod p */ - if (!BN_mod_inverse(rw->Iqmp, rw->Q, rw->P, ctx)) + if (!BN_mod_inverse(rw->Iqmp, rw->Q, rw->P, ctx)) goto err; /* twomqexp = (3q-5)/8 */ - if (!BN_copy(twomqexp, rw->Q)) + if (!BN_copy(twomqexp, rw->Q)) goto err; if (!BN_mul_word(twomqexp, 3)) goto err; @@ -93,11 +93,11 @@ int RwGenerateKey(TRwKey* rw, int bits) { goto err; if (!BN_rshift(twomqexp, twomqexp, 3)) goto err; - if (!BN_mod_exp(rw->Twomq, two, twomqexp, rw->Q, ctx)) + if (!BN_mod_exp(rw->Twomq, two, twomqexp, rw->Q, ctx)) goto err; /* twompexp = (9p-11)/8 */ - if (!BN_copy(twompexp, rw->P)) + if (!BN_copy(twompexp, rw->P)) goto err; if (!BN_mul_word(twompexp, 9)) goto err; @@ -105,23 +105,23 @@ int RwGenerateKey(TRwKey* rw, int bits) { goto err; if (!BN_rshift(twompexp, twompexp, 3)) goto err; - if (!BN_mod_exp(rw->Twomp, two, twompexp, rw->P, ctx)) + if (!BN_mod_exp(rw->Twomp, two, twompexp, rw->P, ctx)) goto err; /* dp = (p-3) / 8 */ - if (!BN_copy(rw->Dp, rw->P)) + if (!BN_copy(rw->Dp, rw->P)) goto err; - if (!BN_sub_word(rw->Dp, 3)) + if (!BN_sub_word(rw->Dp, 3)) goto err; - if (!BN_rshift(rw->Dp, rw->Dp, 3)) + if (!BN_rshift(rw->Dp, rw->Dp, 3)) goto err; /* dq = (q+1) / 8 */ - if (!BN_copy(rw->Dq, rw->Q)) + if (!BN_copy(rw->Dq, rw->Q)) goto err; - if (!BN_add_word(rw->Dq, 1)) + if (!BN_add_word(rw->Dq, 1)) goto err; - if (!BN_rshift(rw->Dq, rw->Dq, 3)) + if (!BN_rshift(rw->Dq, rw->Dq, 3)) goto err; ok = 1; diff --git a/library/cpp/tvmauth/src/rw/rw_lib.c b/library/cpp/tvmauth/src/rw/rw_lib.c index 94d94caa4a3..d4b1e067669 100644 --- a/library/cpp/tvmauth/src/rw/rw_lib.c +++ b/library/cpp/tvmauth/src/rw/rw_lib.c @@ -4,52 +4,52 @@ #include <stdio.h> -TRwKey* RwNew(void) { - TRwKey* ret = NULL; +TRwKey* RwNew(void) { + TRwKey* ret = NULL; - ret = (TRwKey*)malloc(sizeof(TRwKey)); + ret = (TRwKey*)malloc(sizeof(TRwKey)); if (ret == NULL) { return (NULL); } - ret->Meth = RwDefaultMethods(); + ret->Meth = RwDefaultMethods(); - ret->P = NULL; - ret->Q = NULL; - ret->N = NULL; - ret->Iqmp = NULL; - ret->Twomq = NULL; - ret->Twomp = NULL; - ret->Dp = NULL; - ret->Dq = NULL; + ret->P = NULL; + ret->Q = NULL; + ret->N = NULL; + ret->Iqmp = NULL; + ret->Twomq = NULL; + ret->Twomp = NULL; + ret->Dp = NULL; + ret->Dq = NULL; return ret; } -void RwFree(TRwKey* r) { +void RwFree(TRwKey* r) { if (r == NULL) return; - if (r->P != NULL) - BN_clear_free(r->P); - if (r->Q != NULL) - BN_clear_free(r->Q); - if (r->N != NULL) - BN_clear_free(r->N); - if (r->Iqmp != NULL) - BN_clear_free(r->Iqmp); - if (r->Dp != NULL) - BN_clear_free(r->Dp); - if (r->Dq != NULL) - BN_clear_free(r->Dq); - if (r->Twomp != NULL) - BN_clear_free(r->Twomp); - if (r->Twomq != NULL) - BN_clear_free(r->Twomq); + if (r->P != NULL) + BN_clear_free(r->P); + if (r->Q != NULL) + BN_clear_free(r->Q); + if (r->N != NULL) + BN_clear_free(r->N); + if (r->Iqmp != NULL) + BN_clear_free(r->Iqmp); + if (r->Dp != NULL) + BN_clear_free(r->Dp); + if (r->Dq != NULL) + BN_clear_free(r->Dq); + if (r->Twomp != NULL) + BN_clear_free(r->Twomp); + if (r->Twomq != NULL) + BN_clear_free(r->Twomq); - free(r); + free(r); } -int RwSize(const TRwKey* r) { +int RwSize(const TRwKey* r) { int ret = 0, i = 0; ASN1_INTEGER bs; unsigned char buf[4]; /* 4 bytes looks really small. @@ -57,7 +57,7 @@ int RwSize(const TRwKey* r) { beyond the first byte, as long as the second parameter is NULL. */ - i = BN_num_bits(r->N); + i = BN_num_bits(r->N); bs.length = (i + 7) / 8; bs.data = buf; bs.type = V_ASN1_INTEGER; @@ -70,8 +70,8 @@ int RwSize(const TRwKey* r) { return ret; } -int RwModSize(const TRwKey* rw) { - if (rw == NULL || rw->N == NULL) +int RwModSize(const TRwKey* rw) { + if (rw == NULL || rw->N == NULL) return 0; - return BN_num_bytes(rw->N); + return BN_num_bytes(rw->N); } diff --git a/library/cpp/tvmauth/src/rw/rw_ossl.c b/library/cpp/tvmauth/src/rw/rw_ossl.c index 951752bdb3b..cfac5eb28ac 100644 --- a/library/cpp/tvmauth/src/rw/rw_ossl.c +++ b/library/cpp/tvmauth/src/rw/rw_ossl.c @@ -7,19 +7,19 @@ //#define FAULT_TOLERANCE_CHECK #ifdef RW_PRINT_DEBUG - #include <stdio.h> + #include <stdio.h> #endif -static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw); -static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); -static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); +static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw); +static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); +static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); -static TRwMethod rw_default_meth = { - RwDoSign, - RwDoVerify, - RwDoApply}; +static TRwMethod rw_default_meth = { + RwDoSign, + RwDoVerify, + RwDoApply}; -const TRwMethod* RwDefaultMethods(void) { +const TRwMethod* RwDefaultMethods(void) { return &rw_default_meth; } @@ -33,29 +33,29 @@ static void print_bn(char* name, BIGNUM* value) { OPENSSL_free(str_repr); } - #define DEBUG_PRINT_BN(s, x) \ - do { \ - print_bn((s), (x)); \ - } while (0); - #define DEBUG_PRINT_RW(r) \ - do { \ - DEBUG_PRINT_BN("rw->p", (r)->p); \ - DEBUG_PRINT_BN("rw->q", (r)->q); \ - DEBUG_PRINT_BN("rw->n", (r)->n); \ - DEBUG_PRINT_BN("rw->iqmp", (r)->iqmp); \ - DEBUG_PRINT_BN("rw->twomp", (r)->twomp); \ - DEBUG_PRINT_BN("rw->twomq", (r)->twomq); \ - DEBUG_PRINT_BN("rw->dp", (r)->dp); \ - DEBUG_PRINT_BN("rw->dq", (r)->dq); \ - } while (0); - #define DEBUG_PRINTF(s, v) \ - do { \ - printf((s), (v)); \ - } while (0); + #define DEBUG_PRINT_BN(s, x) \ + do { \ + print_bn((s), (x)); \ + } while (0); + #define DEBUG_PRINT_RW(r) \ + do { \ + DEBUG_PRINT_BN("rw->p", (r)->p); \ + DEBUG_PRINT_BN("rw->q", (r)->q); \ + DEBUG_PRINT_BN("rw->n", (r)->n); \ + DEBUG_PRINT_BN("rw->iqmp", (r)->iqmp); \ + DEBUG_PRINT_BN("rw->twomp", (r)->twomp); \ + DEBUG_PRINT_BN("rw->twomq", (r)->twomq); \ + DEBUG_PRINT_BN("rw->dp", (r)->dp); \ + DEBUG_PRINT_BN("rw->dq", (r)->dq); \ + } while (0); + #define DEBUG_PRINTF(s, v) \ + do { \ + printf((s), (v)); \ + } while (0); #else - #define DEBUG_PRINT_BN(s, x) - #define DEBUG_PRINT_RW(r) - #define DEBUG_PRINTF(s, v) + #define DEBUG_PRINT_BN(s, x) + #define DEBUG_PRINT_RW(r) + #define DEBUG_PRINTF(s, v) #endif /* @@ -73,18 +73,18 @@ static void print_bn(char* name, BIGNUM* value) { * 8. Compute s = Y^2 mod pq * 9. Fault tolerance: if efs^2 mod pq != h start over */ -static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { +static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { BIGNUM *m, *U, *V, *tmp, *m_q, *m_p, *tmp2; /* additional variables to avoid "if" statements */ BIGNUM *tmp_mp, *tmp_U, *tmp_V; - TRwSignature* ret = NULL; + TRwSignature* ret = NULL; BN_CTX* ctx = NULL; int ok = 0, e = 0, f = 0; - if (!rw || !rw->P || !rw->Q || !rw->N || !rw->Iqmp || !rw->Dp || !rw->Dq || !rw->Twomp || !rw->Twomq) + if (!rw || !rw->P || !rw->Q || !rw->N || !rw->Iqmp || !rw->Dp || !rw->Dq || !rw->Twomp || !rw->Twomq) goto err; - if ((ctx = BN_CTX_secure_new()) == NULL) + if ((ctx = BN_CTX_secure_new()) == NULL) goto err; BN_CTX_start(ctx); @@ -105,40 +105,40 @@ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { if (!BN_bin2bn(dgst, dlen, m)) goto err; - if (BN_ucmp(m, rw->N) >= 0) + if (BN_ucmp(m, rw->N) >= 0) goto err; /* check if m % 16 == 12 */ - if (BN_mod_word(m, 16) != 12) + if (BN_mod_word(m, 16) != 12) goto err; DEBUG_PRINT_BN("m", m) /* TODO: optimization to avoid memory allocation? */ - if ((ret = RwSignatureNew()) == NULL) + if ((ret = RwSignatureNew()) == NULL) goto err; /* memory allocation */ - if ((ret->S = BN_new()) == NULL) + if ((ret->S = BN_new()) == NULL) goto err; /* m_q = m mod q */ - if (!BN_nnmod(m_q, m, rw->Q, ctx)) + if (!BN_nnmod(m_q, m, rw->Q, ctx)) goto err; /* m_p = m mod p */ - if (!BN_nnmod(m_p, m, rw->P, ctx)) + if (!BN_nnmod(m_p, m, rw->P, ctx)) goto err; DEBUG_PRINT_BN("m_p", m_p) DEBUG_PRINT_BN("m_q", m_q) /* U = h ** ((q+1)/8) mod q */ - if (!BN_mod_exp(U, m_q, rw->Dq, rw->Q, ctx)) + if (!BN_mod_exp(U, m_q, rw->Dq, rw->Q, ctx)) goto err; DEBUG_PRINT_BN("U", U) /* tmp = U^4 - h mod q */ - if (!BN_mod_sqr(tmp, U, rw->Q, ctx)) + if (!BN_mod_sqr(tmp, U, rw->Q, ctx)) goto err; - if (!BN_mod_sqr(tmp, tmp, rw->Q, ctx)) + if (!BN_mod_sqr(tmp, tmp, rw->Q, ctx)) goto err; DEBUG_PRINT_BN("U**4 mod q", tmp) @@ -151,35 +151,35 @@ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { if e == -1: m_p = tmp_mp if e == 1: m_p = m_p */ - if (!BN_sub(tmp_mp, rw->P, m_p)) + if (!BN_sub(tmp_mp, rw->P, m_p)) goto err; m_p = (BIGNUM*)((1 - ((1 + e) >> 1)) * (BN_ULONG)tmp_mp + ((1 + e) >> 1) * (BN_ULONG)m_p); DEBUG_PRINT_BN("eh mod p", m_p) /* V = (eh) ** ((p-3)/8) */ - if (!BN_mod_exp(V, m_p, rw->Dp, rw->P, ctx)) + if (!BN_mod_exp(V, m_p, rw->Dp, rw->P, ctx)) goto err; DEBUG_PRINT_BN("V == ((eh) ** ((p-3)/8))", V) /* (eh) ** 2 */ - if (!BN_mod_sqr(tmp2, m_p, rw->P, ctx)) + if (!BN_mod_sqr(tmp2, m_p, rw->P, ctx)) goto err; DEBUG_PRINT_BN("(eh)**2", tmp2) /* V ** 4 */ - if (!BN_mod_sqr(tmp, V, rw->P, ctx)) + if (!BN_mod_sqr(tmp, V, rw->P, ctx)) goto err; - if (!BN_mod_sqr(tmp, tmp, rw->P, ctx)) + if (!BN_mod_sqr(tmp, tmp, rw->P, ctx)) goto err; DEBUG_PRINT_BN("V**4", tmp) /* V**4 * (eh)**2 */ - if (!BN_mod_mul(tmp, tmp, tmp2, rw->P, ctx)) + if (!BN_mod_mul(tmp, tmp, tmp2, rw->P, ctx)) goto err; DEBUG_PRINT_BN("tmp = (V**4 * (eh)**2) mod p", tmp) /* tmp = tmp - eh mod p */ - if (!BN_mod_sub(tmp, tmp, m_p, rw->P, ctx)) + if (!BN_mod_sub(tmp, tmp, m_p, rw->P, ctx)) goto err; /* f = 1 if zero else 2 */ @@ -198,7 +198,7 @@ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { #else if (f == 2) { - if (!BN_mod_mul(U, U, rw->Twomq, rw->Q, ctx)) + if (!BN_mod_mul(U, U, rw->Twomq, rw->Q, ctx)) goto err; } @@ -207,14 +207,14 @@ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { DEBUG_PRINT_BN("W", U) /* V ** 3 */ - if (!BN_mod_sqr(tmp, V, rw->P, ctx)) + if (!BN_mod_sqr(tmp, V, rw->P, ctx)) goto err; - if (!BN_mod_mul(V, V, tmp, rw->P, ctx)) + if (!BN_mod_mul(V, V, tmp, rw->P, ctx)) goto err; DEBUG_PRINT_BN("V**3", V) /* *(eh) */ - if (!BN_mod_mul(V, V, m_p, rw->P, ctx)) + if (!BN_mod_mul(V, V, m_p, rw->P, ctx)) goto err; DEBUG_PRINT_BN("V**3 * (eh) mod p", V) @@ -228,7 +228,7 @@ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { #else if (f == 2) { - if (!BN_mod_mul(V, V, rw->Twomp, rw->P, ctx)) + if (!BN_mod_mul(V, V, rw->Twomp, rw->P, ctx)) goto err; } @@ -237,24 +237,24 @@ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { DEBUG_PRINT_BN("X", V) /* W = U, X = V */ - if (!BN_mod_sub(V, V, U, rw->P, ctx)) + if (!BN_mod_sub(V, V, U, rw->P, ctx)) goto err; DEBUG_PRINT_BN("X - W mod p", V) - if (!BN_mod_mul(V, V, rw->Iqmp, rw->P, ctx)) + if (!BN_mod_mul(V, V, rw->Iqmp, rw->P, ctx)) goto err; DEBUG_PRINT_BN("q**(p-2) * (X-W) mod p", V) - if (!BN_mul(V, V, rw->Q, ctx)) + if (!BN_mul(V, V, rw->Q, ctx)) goto err; DEBUG_PRINT_BN("q * prev mod p", V) - if (!BN_mod_add(V, U, V, rw->N, ctx)) + if (!BN_mod_add(V, U, V, rw->N, ctx)) goto err; DEBUG_PRINT_BN("Y", V) /* now V = Y */ - if (!BN_mod_sqr(V, V, rw->N, ctx)) + if (!BN_mod_sqr(V, V, rw->N, ctx)) goto err; DEBUG_PRINT_BN("s", V) @@ -287,13 +287,13 @@ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { #endif /* making the "principal square root" to be "|principal| square root" */ - if (!BN_sub(tmp, rw->N, V)) + if (!BN_sub(tmp, rw->N, V)) goto err; /* if tmp = MIN(V, rw->n - V) */ tmp = BN_ucmp(tmp, V) >= 0 ? V : tmp; - if (!BN_copy(ret->S, tmp)) + if (!BN_copy(ret->S, tmp)) goto err; ok = 1; @@ -304,23 +304,23 @@ err: BN_CTX_free(ctx); } if (!ok) { - RwSignatureFree(ret); + RwSignatureFree(ret); ret = NULL; } return ret; } -static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw) { +static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw) { BIGNUM *m = NULL, *x = NULL, *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL; BN_CTX* ctx = NULL; BN_ULONG rest1 = 0, rest2 = 0; int retval = 0; - if (!rw || !rw->N || !sig || !sig->S) + if (!rw || !rw->N || !sig || !sig->S) goto err; - if ((ctx = BN_CTX_secure_new()) == NULL) + if ((ctx = BN_CTX_secure_new()) == NULL) goto err; BN_CTX_start(ctx); @@ -333,7 +333,7 @@ static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig if (!BN_bin2bn(dgst, dgst_len, m)) goto err; /* dgst too big */ - if (!BN_copy(t1, rw->N)) + if (!BN_copy(t1, rw->N)) goto err; if (!BN_sub_word(t1, 1)) goto err; @@ -341,28 +341,28 @@ static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig goto err; /* check m and rw->n relation */ - if (BN_ucmp(m, rw->N) >= 0) + if (BN_ucmp(m, rw->N) >= 0) goto err; rest1 = BN_mod_word(m, 16); if (rest1 != 12) goto err; - if (BN_ucmp(t1, sig->S) < 0) + if (BN_ucmp(t1, sig->S) < 0) goto err; - if (BN_is_negative(sig->S)) + if (BN_is_negative(sig->S)) goto err; - if (!BN_mod_sqr(t1, sig->S, rw->N, ctx)) + if (!BN_mod_sqr(t1, sig->S, rw->N, ctx)) goto err; - if (!BN_sub(t2, rw->N, t1)) + if (!BN_sub(t2, rw->N, t1)) goto err; if (!BN_lshift1(t1d, t1)) goto err; if (!BN_lshift1(t2d, t2)) goto err; - rest1 = BN_mod_word(t1, 16); - rest2 = BN_mod_word(t2, 16); + rest1 = BN_mod_word(t1, 16); + rest2 = BN_mod_word(t2, 16); /* mod 16 */ if (rest1 == 12) { @@ -396,12 +396,12 @@ err: return retval; } -static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { +static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { BIGNUM *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL, *rs = NULL; BN_ULONG rest1 = 0, rest2 = 0; int retval = 0; - if (!rw || !rw->N || !x || !ctx || !r) + if (!rw || !rw->N || !x || !ctx || !r) goto err; DEBUG_PRINT_BN("Signature = x = ", x) @@ -414,7 +414,7 @@ static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { t1d = BN_CTX_get(ctx); t2d = BN_CTX_get(ctx); - if (!BN_copy(t1, rw->N)) + if (!BN_copy(t1, rw->N)) goto err; if (!BN_sub_word(t1, 1)) goto err; @@ -422,7 +422,7 @@ static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { goto err; /* check m and rw->n relation */ - if (BN_ucmp(x, rw->N) >= 0) + if (BN_ucmp(x, rw->N) >= 0) goto err; if (BN_ucmp(t1, x) < 0) @@ -430,11 +430,11 @@ static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { if (BN_is_negative(x)) goto err; - if (!BN_mod_sqr(t1, x, rw->N, ctx)) + if (!BN_mod_sqr(t1, x, rw->N, ctx)) goto err; DEBUG_PRINT_BN("x**2 mod n", t1) - if (!BN_sub(t2, rw->N, t1)) + if (!BN_sub(t2, rw->N, t1)) goto err; DEBUG_PRINT_BN("n - x**2", t2) @@ -443,8 +443,8 @@ static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { if (!BN_lshift1(t2d, t2)) goto err; - rest1 = BN_mod_word(t1, 16); - rest2 = BN_mod_word(t2, 16); + rest1 = BN_mod_word(t1, 16); + rest2 = BN_mod_word(t2, 16); /* mod 16 */ if (rest1 == 12) { diff --git a/library/cpp/tvmauth/src/rw/rw_pss.c b/library/cpp/tvmauth/src/rw/rw_pss.c index 3bf6e2b99ab..4535cd236c0 100644 --- a/library/cpp/tvmauth/src/rw/rw_pss.c +++ b/library/cpp/tvmauth/src/rw/rw_pss.c @@ -72,21 +72,21 @@ static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; -static int PkcS1MgF1(unsigned char *mask, const int len, const unsigned char *seed, const int seedlen, const EVP_MD *dgst) { - int i, outlen = 0; +static int PkcS1MgF1(unsigned char *mask, const int len, const unsigned char *seed, const int seedlen, const EVP_MD *dgst) { + int i, outlen = 0; unsigned char cnt[4]; - EVP_MD_CTX* c = EVP_MD_CTX_create(); + EVP_MD_CTX* c = EVP_MD_CTX_create(); unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; int rv = -1; - if (!c) { - return rv; - } - + if (!c) { + return rv; + } + mdlen = EVP_MD_size(dgst); - if (mdlen < 0 || seedlen < 0) + if (mdlen < 0 || seedlen < 0) goto err; for (i = 0; outlen < len; i++) { @@ -95,15 +95,15 @@ static int PkcS1MgF1(unsigned char *mask, const int len, const unsigned char *se cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - if (!EVP_DigestInit_ex(c,dgst, NULL) || !EVP_DigestUpdate(c, seed, seedlen) || !EVP_DigestUpdate(c, cnt, 4)) + if (!EVP_DigestInit_ex(c,dgst, NULL) || !EVP_DigestUpdate(c, seed, seedlen) || !EVP_DigestUpdate(c, cnt, 4)) goto err; if (outlen + mdlen <= len) { - if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) + if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) goto err; outlen += mdlen; } else { - if (!EVP_DigestFinal_ex(c, md, NULL)) + if (!EVP_DigestFinal_ex(c, md, NULL)) goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; @@ -112,22 +112,22 @@ static int PkcS1MgF1(unsigned char *mask, const int len, const unsigned char *se rv = 0; err: - EVP_MD_CTX_destroy(c); + EVP_MD_CTX_destroy(c); return rv; } -int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Hash, const unsigned char *EM, int sLen) { +int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Hash, const unsigned char *EM, int sLen) { int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; const unsigned char *H = NULL; unsigned char *DB = NULL; - EVP_MD_CTX* ctx = NULL; + EVP_MD_CTX* ctx = NULL; unsigned char H_[EVP_MAX_MD_SIZE]; const EVP_MD *mgf1Hash = Hash; - ctx = EVP_MD_CTX_create(); - if (!ctx) { - return ret; - } + ctx = EVP_MD_CTX_create(); + if (!ctx) { + return ret; + } hLen = EVP_MD_size(Hash); if (hLen < 0) @@ -143,14 +143,14 @@ int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Has else if (sLen < -2) goto err; - { - int bits = BN_num_bits(rw->N); - if (bits <= 0) - goto err; - - MSBits = (bits - 1) & 0x7; - } - emLen = RwModSize(rw); + { + int bits = BN_num_bits(rw->N); + if (bits <= 0) + goto err; + + MSBits = (bits - 1) & 0x7; + } + emLen = RwModSize(rw); if (EM[0] & (0xFF << MSBits)) { goto err; @@ -164,23 +164,23 @@ int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Has if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */ goto err; - if (emLen < 1) - goto err; - + if (emLen < 1) + goto err; + if (EM[emLen - 1] != 0xbc) goto err; maskedDBLen = emLen - hLen - 1; - if (maskedDBLen <= 0) - goto err; - + if (maskedDBLen <= 0) + goto err; + H = EM + maskedDBLen; - DB = malloc(maskedDBLen); + DB = malloc(maskedDBLen); if (!DB) goto err; - if (PkcS1MgF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) + if (PkcS1MgF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) goto err; for (i = 0; i < maskedDBLen; i++) @@ -197,24 +197,24 @@ int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Has if (sLen >= 0 && (maskedDBLen - i) != sLen) goto err; - if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) + if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { - if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) + if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) goto err; } - if (!EVP_DigestFinal_ex(ctx, H_, NULL)) + if (!EVP_DigestFinal_ex(ctx, H_, NULL)) goto err; ret = memcmp(H, H_, hLen) ? 0 : 1; err: if (DB) - free(DB); + free(DB); - EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctx); return ret; } @@ -226,14 +226,14 @@ err: Hash - EVP_MD() that will be used to pad sLen - random salt len (usually == hashLen) */ -int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *mHash, const EVP_MD *Hash, int sLen) { +int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *mHash, const EVP_MD *Hash, int sLen) { int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; unsigned char *H = NULL, *salt = NULL, *p = NULL; const EVP_MD *mgf1Hash = Hash; - EVP_MD_CTX* ctx = EVP_MD_CTX_create(); - if (!ctx) { - return ret; - } + EVP_MD_CTX* ctx = EVP_MD_CTX_create(); + if (!ctx) { + return ret; + } hLen = EVP_MD_size(Hash); if (hLen < 0) @@ -249,20 +249,20 @@ int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *m else if (sLen < -2) goto err; - { - int bits = BN_num_bits(rw->N); - if (bits <= 0) - goto err; - MSBits = (bits - 1) & 0x7; - } - emLen = RwModSize(rw); - if (emLen <= 0) - goto err; + { + int bits = BN_num_bits(rw->N); + if (bits <= 0) + goto err; + MSBits = (bits - 1) & 0x7; + } + emLen = RwModSize(rw); + if (emLen <= 0) + goto err; if (MSBits == 0) { *EM++ = 0; emLen--; - fprintf(stderr, "MSBits == 0\n"); + fprintf(stderr, "MSBits == 0\n"); } if (sLen == -2) { @@ -272,28 +272,28 @@ int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *m goto err; if (sLen > 0) { - salt = malloc(sLen); + salt = malloc(sLen); if (!salt) goto err; if (RAND_bytes(salt, sLen) <= 0) goto err; } maskedDBLen = emLen - hLen - 1; - if (maskedDBLen < 0) - goto err; + if (maskedDBLen < 0) + goto err; H = EM + maskedDBLen; - if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) + if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; - if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) + if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) goto err; - if (!EVP_DigestFinal_ex(ctx, H, NULL)) + if (!EVP_DigestFinal_ex(ctx, H, NULL)) goto err; /* Generate dbMask in place then perform XOR on it */ - if (PkcS1MgF1(EM, maskedDBLen, H, hLen, mgf1Hash)) + if (PkcS1MgF1(EM, maskedDBLen, H, hLen, mgf1Hash)) goto err; p = EM; @@ -319,10 +319,10 @@ int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *m ret = 1; err: - EVP_MD_CTX_destroy(ctx); - + EVP_MD_CTX_destroy(ctx); + if (salt) - free(salt); + free(salt); return ret; } diff --git a/library/cpp/tvmauth/src/rw/rw_pss_sign.c b/library/cpp/tvmauth/src/rw/rw_pss_sign.c index 59897f1cf56..f1ae46f140c 100644 --- a/library/cpp/tvmauth/src/rw/rw_pss_sign.c +++ b/library/cpp/tvmauth/src/rw/rw_pss_sign.c @@ -2,44 +2,44 @@ #include <contrib/libs/openssl/include/openssl/evp.h> -//#define DBG_FUZZING - -int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw) { +//#define DBG_FUZZING + +int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw) { int i, j, num, k, r = -1; BN_CTX* ctx = NULL; BIGNUM *f = NULL, *ret = NULL; - if ((ctx = BN_CTX_secure_new()) == NULL) + if ((ctx = BN_CTX_secure_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); ret = BN_CTX_get(ctx); - num = BN_num_bytes(rw->N); - - if (num <= 0) - goto err; + num = BN_num_bytes(rw->N); + if (num <= 0) + goto err; + if (!f || !ret) goto err; if (BN_bin2bn(from, flen, f) == NULL) goto err; - if (BN_ucmp(f, rw->N) >= 0) + if (BN_ucmp(f, rw->N) >= 0) goto err; - if (!rw->Meth->RwApply(ret, f, ctx, rw)) + if (!rw->Meth->RwApply(ret, f, ctx, rw)) goto err; j = BN_num_bytes(ret); - if (num < j || j < 0) - goto err; - - i = BN_bn2bin(ret, to + num - j); - if (i < 0 || i > num) - goto err; - + if (num < j || j < 0) + goto err; + + i = BN_bn2bin(ret, to + num - j); + if (i < 0 || i > num) + goto err; + for (k = 0; k < (num - i); k++) to[k] = 0; r = num; @@ -52,46 +52,46 @@ err: return r; } -int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md) { - unsigned char* padding = NULL; +int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md) { + unsigned char* padding = NULL; int result = 0; if (from == NULL || to == NULL || rw == NULL || md == NULL) return 0; - int digest_size = EVP_MD_size(md); - int sig_size = RwModSize(rw); - - if (digest_size <= 0 || sig_size <= 0) - return 0; - - int tries = 50; - do { - if (padding != NULL) { - free(padding); -#ifdef DBG_FUZZING - fprintf(stderr, "Padding regenerating required\n"); -#endif - } - - padding = malloc(sig_size); - if (padding == NULL) - return 0; - - if (!RwPaddingAddPssr(rw, padding, from, md, digest_size)) - goto err; - } while (padding[0] == 0x00 && tries-- > 0); - - result = RwNoPaddingSign(sig_size, padding, to, rw); + int digest_size = EVP_MD_size(md); + int sig_size = RwModSize(rw); + + if (digest_size <= 0 || sig_size <= 0) + return 0; + + int tries = 50; + do { + if (padding != NULL) { + free(padding); +#ifdef DBG_FUZZING + fprintf(stderr, "Padding regenerating required\n"); +#endif + } + + padding = malloc(sig_size); + if (padding == NULL) + return 0; + + if (!RwPaddingAddPssr(rw, padding, from, md, digest_size)) + goto err; + } while (padding[0] == 0x00 && tries-- > 0); + + result = RwNoPaddingSign(sig_size, padding, to, rw); err: if (padding != NULL) - free(padding); + free(padding); return result; } -int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md) { +int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md) { EVP_MD_CTX* mdctx = NULL; unsigned char* digest = NULL; unsigned int digestLen; @@ -100,7 +100,7 @@ int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, if (msg == NULL || to == NULL || rw == NULL || md == NULL) goto err; - if (rw->P == NULL || rw->Q == NULL) + if (rw->P == NULL || rw->Q == NULL) goto err; if ((mdctx = EVP_MD_CTX_create()) == NULL) @@ -112,63 +112,63 @@ int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) goto err; - if ((digest = (unsigned char*)malloc(EVP_MD_size(md))) == NULL) + if ((digest = (unsigned char*)malloc(EVP_MD_size(md))) == NULL) goto err; if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) goto err; - result = RwPssrSignHash(digest, to, rw, md); + result = RwPssrSignHash(digest, to, rw, md); err: if (mdctx != NULL) EVP_MD_CTX_destroy(mdctx); if (digest != NULL) - free(digest); + free(digest); return result; } -int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { +int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { unsigned char* buffer = NULL; int buffer_len; - int salt_size; + int salt_size; int result = 0; if (from == NULL || sig == NULL || rw == NULL || md == NULL) return 0; - if (rw->N == NULL || rw->Meth == NULL) + if (rw->N == NULL || rw->Meth == NULL) return 0; salt_size = EVP_MD_size(md); - if (salt_size <= 0) - return 0; - - buffer_len = RwModSize(rw); - if (buffer_len <= 0) - return 0; - - buffer = (unsigned char*)malloc(buffer_len); - if (buffer == NULL) - return 0; + if (salt_size <= 0) + return 0; + + buffer_len = RwModSize(rw); + if (buffer_len <= 0) + return 0; + + buffer = (unsigned char*)malloc(buffer_len); + if (buffer == NULL) + return 0; - if (RwApply(sig_len, sig, buffer, rw) <= 0) + if (RwApply(sig_len, sig, buffer, rw) <= 0) goto err; - if (RwVerifyPssr(rw, from, md, buffer, salt_size) <= 0) + if (RwVerifyPssr(rw, from, md, buffer, salt_size) <= 0) goto err; result = 1; err: if (buffer != NULL) - free(buffer); + free(buffer); return result; } -int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { +int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { EVP_MD_CTX* mdctx = NULL; unsigned char* digest = NULL; unsigned int digestLen = 0; @@ -177,7 +177,7 @@ int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned c if (msg == NULL || msgLen == 0 || sig == NULL || rw == NULL || md == NULL) goto err; - if (rw->N == NULL) + if (rw->N == NULL) goto err; if ((mdctx = EVP_MD_CTX_create()) == NULL) @@ -186,26 +186,26 @@ int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned c if (1 != EVP_DigestInit_ex(mdctx, md, NULL)) goto err; - int size_to_alloc = EVP_MD_size(md); - if (size_to_alloc <= 0) - goto err; - - if ((digest = (unsigned char*)malloc(size_to_alloc)) == NULL) + int size_to_alloc = EVP_MD_size(md); + if (size_to_alloc <= 0) goto err; + if ((digest = (unsigned char*)malloc(size_to_alloc)) == NULL) + goto err; + if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) goto err; if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) goto err; - result = RwPssrVerifyHash(digest, sig, sig_len, rw, md); + result = RwPssrVerifyHash(digest, sig, sig_len, rw, md); err: if (mdctx != NULL) EVP_MD_CTX_destroy(mdctx); if (digest != NULL) - free(digest); + free(digest); return result; } diff --git a/library/cpp/tvmauth/src/rw/rw_sign.c b/library/cpp/tvmauth/src/rw/rw_sign.c index e320808dd3b..e070d6e7c13 100644 --- a/library/cpp/tvmauth/src/rw/rw_sign.c +++ b/library/cpp/tvmauth/src/rw/rw_sign.c @@ -1,36 +1,36 @@ #include "rw.h" -TRwSignature* RwSignatureNew(void) { - TRwSignature* sig = NULL; - sig = malloc(sizeof(TRwSignature)); +TRwSignature* RwSignatureNew(void) { + TRwSignature* sig = NULL; + sig = malloc(sizeof(TRwSignature)); if (!sig) return NULL; - sig->S = NULL; + sig->S = NULL; return sig; } -void RwSignatureFree(TRwSignature* sig) { +void RwSignatureFree(TRwSignature* sig) { if (sig) { - if (sig->S) - BN_free(sig->S); - free(sig); + if (sig->S) + BN_free(sig->S); + free(sig); } } -int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw) { - int i = 0, r = 0, num = -1; - TRwSignature* sig = NULL; +int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw) { + int i = 0, r = 0, num = -1; + TRwSignature* sig = NULL; - if (!rw || !rw->N || !rw->Meth || !rw->Meth->RwSign || !from || !to) + if (!rw || !rw->N || !rw->Meth || !rw->Meth->RwSign || !from || !to) + goto err; + + if ((sig = rw->Meth->RwSign(from, flen, rw)) == NULL) goto err; + num = BN_num_bytes(rw->N); - if ((sig = rw->Meth->RwSign(from, flen, rw)) == NULL) - goto err; - num = BN_num_bytes(rw->N); - - r = BN_bn2bin(sig->S, to); - if (r < 0) - goto err; + r = BN_bn2bin(sig->S, to); + if (r < 0) + goto err; /* put zeroes to the rest of the 'to' buffer */ for (i = r; i < num; i++) { @@ -39,7 +39,7 @@ int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwK err: if (sig != NULL) { - RwSignatureFree(sig); + RwSignatureFree(sig); } return r; diff --git a/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp b/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp index 73f1b1d7691..bef9d9d25ae 100644 --- a/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp +++ b/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp @@ -1,5 +1,5 @@ -#include <library/cpp/tvmauth/src/rw/keys.h> -#include <library/cpp/tvmauth/src/rw/rw.h> +#include <library/cpp/tvmauth/src/rw/keys.h> +#include <library/cpp/tvmauth/src/rw/rw.h> #include <library/cpp/string_utils/base64/base64.h> #include <library/cpp/testing/unittest/registar.h> @@ -7,36 +7,36 @@ #include <contrib/libs/openssl/include/openssl/bn.h> #include <contrib/libs/openssl/include/openssl/evp.h> -namespace NTvmAuth { +namespace NTvmAuth { /* returns 0 in case of error */ - int MakeKeysRw(TRwKey** skey, TRwKey** vkey) { + int MakeKeysRw(TRwKey** skey, TRwKey** vkey) { int result = 0; - TRwKey* rw = RwNew(); + TRwKey* rw = RwNew(); do { - RwGenerateKey(rw, 2048); + RwGenerateKey(rw, 2048); if (rw == nullptr) { - printf("RwGenerateKey failed\n"); + printf("RwGenerateKey failed\n"); break; /* failed */ } - printf("RW key bits: %d\n", BN_num_bits(rw->N)); + printf("RW key bits: %d\n", BN_num_bits(rw->N)); /* Set signing key */ - *skey = RwPrivateKeyDup(rw); + *skey = RwPrivateKeyDup(rw); if (*skey == nullptr) { - printf("RwPrivateKeyDup failed\n"); + printf("RwPrivateKeyDup failed\n"); break; } /* Set verifier key */ - *vkey = RwPublicKeyDup(rw); + *vkey = RwPublicKeyDup(rw); if (*vkey == nullptr) { - printf("RwPublicKeyDup failed\n"); + printf("RwPublicKeyDup failed\n"); break; } @@ -45,14 +45,14 @@ namespace NTvmAuth { } while (0); if (rw) { - RwFree(rw); + RwFree(rw); rw = nullptr; } return result; } - static void PrintIt(const char* label, const unsigned char* buff, size_t len) { + static void PrintIt(const char* label, const unsigned char* buff, size_t len) { if (!buff || !len) return; @@ -65,26 +65,26 @@ namespace NTvmAuth { printf("\n"); } - int TestSignVerify() { - TRwKey *skey = nullptr, *vkey = nullptr; + int TestSignVerify() { + TRwKey *skey = nullptr, *vkey = nullptr; const char* msg = "Test test test test test"; unsigned int msg_len = 0; int res = 0; msg_len = (unsigned int)strlen(msg); - if (MakeKeysRw(&skey, &vkey)) { - unsigned char* sign = new unsigned char[RwModSize(skey) + 10]; - int sign_len; - printf("RwModSize(skey) returned %d\n", RwModSize(skey)); - memset(sign, 0x00, RwModSize(skey) + 10); + if (MakeKeysRw(&skey, &vkey)) { + unsigned char* sign = new unsigned char[RwModSize(skey) + 10]; + int sign_len; + printf("RwModSize(skey) returned %d\n", RwModSize(skey)); + memset(sign, 0x00, RwModSize(skey) + 10); printf("--- Signing call ---\n"); - if ((sign_len = RwPssrSignMsg(msg_len, (unsigned char*)msg, sign, skey, (EVP_MD*)EVP_sha256())) != 0) { + if ((sign_len = RwPssrSignMsg(msg_len, (unsigned char*)msg, sign, skey, (EVP_MD*)EVP_sha256())) != 0) { #ifdef RW_PRINT_DEBUG BIGNUM* s = BN_new(); #endif printf("\n"); - PrintIt("Signature", sign, RwModSize(skey)); + PrintIt("Signature", sign, RwModSize(skey)); #ifdef RW_PRINT_DEBUG BN_bin2bn(sign, RW_mod_size(skey), s); @@ -95,42 +95,42 @@ namespace NTvmAuth { #endif printf("--- Verification call ---\n"); - if (RwPssrVerifyMsg(msg_len, (unsigned char*)msg, sign, sign_len, vkey, (EVP_MD*)EVP_sha256())) { + if (RwPssrVerifyMsg(msg_len, (unsigned char*)msg, sign, sign_len, vkey, (EVP_MD*)EVP_sha256())) { printf("Verification: success!\n"); res = 1; } else { printf("Verification: failed!\n"); - printf("RwPssrVerifyMsg failed!\n"); + printf("RwPssrVerifyMsg failed!\n"); return 1; } } else { - printf("RwPssrSignMsg failed!\n"); + printf("RwPssrSignMsg failed!\n"); return 1; } if (sign != nullptr) - delete[] sign; + delete[] sign; } else { - printf("MakeKeysRw failed!\n"); + printf("MakeKeysRw failed!\n"); return 1; } if (skey != nullptr) { - RwFree(skey); + RwFree(skey); } if (vkey != nullptr) - RwFree(vkey); + RwFree(vkey); return res; } } -using namespace NTvmAuth; +using namespace NTvmAuth; Y_UNIT_TEST_SUITE(Rw) { Y_UNIT_TEST(SignVerify) { for (int i = 1; i < 10; ++i) { - UNIT_ASSERT_VALUES_EQUAL(1, TestSignVerify()); + UNIT_ASSERT_VALUES_EQUAL(1, TestSignVerify()); } } @@ -142,10 +142,10 @@ Y_UNIT_TEST_SUITE(Rw) { NRw::TRwPrivateKey priv3(Base64Decode("MIICVAKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KPgjE"), 0); - UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey("asdzxcv", 0), yexception); + UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey("asdzxcv", 0), yexception); UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey(Base64Decode("AKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KP"), 0), - yexception); + yexception); UNIT_ASSERT(!priv.SignTicket("").empty()); } @@ -155,8 +155,8 @@ Y_UNIT_TEST_SUITE(Rw) { NRw::TRwPublicKey pub2(Base64Decode("MIIBBQKCAQEA4RATOfumLD1n6ICrW5biaAl9VldinczmkNPjpUWwc3gs8PnkCrtdnPFmpBwW3gjHdSNU1OuEg5A6K1o1xiGv9sU-jd88zQBOdK6E2zwnJnkK6bNusKE2H2CLqg3aMWCmTa9JbzSy1uO7wa-xCqqNUuCko-2lyv12HhL1ICIH951SHDa4qO1U5xZhhlUAnqWi9R4tYDeMiF41WdOjwT2fg8UkbusThmxa3yjCXjD7OyjshPtukN8Tl3UyGtV_s2CLnE3f28VAi-AVW8FtgL22xbGhuyEplXRrtF1E5oV7NSqxH1FS0SYROA8ffYQGV5tfx5WDFHiXDEP6BzoVfeBDRQ==")); NRw::TRwPublicKey pub3(Base64Decode("MIGDAoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK4ZDDYRiM18fL8d58clfFAoCo-_EEMowqQeBXnxa0zqsLyNGL2x1f-KDY0=")); - UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey("asdzxcv"), yexception); - UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey(Base64Decode("AoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK40")), yexception); + UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey("asdzxcv"), yexception); + UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey(Base64Decode("AoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK40")), yexception); UNIT_ASSERT(!pub.CheckSign("~~~", "~~~")); } @@ -181,20 +181,20 @@ Y_UNIT_TEST_SUITE(Rw) { } Y_UNIT_TEST(Keygen) { - for (size_t idx = 0; idx < 100; ++idx) { - NRw::TKeyPair pair = NRw::GenKeyPair(1024); - NRw::TRwPrivateKey priv(pair.Private, 0); - NRw::TRwPublicKey pub(pair.Public); - - const TString data = "my magic data"; - TStringStream s; - s << "data='" << data << "'."; - s << "private='" << Base64Encode(pair.Private) << "'."; - s << "public='" << Base64Encode(pair.Public) << "'."; - TString sign; - UNIT_ASSERT_NO_EXCEPTION_C(sign = priv.SignTicket(data), s.Str()); - s << "sign='" << Base64Encode(sign) << "'."; - UNIT_ASSERT_C(pub.CheckSign(data, sign), s.Str()); - } + for (size_t idx = 0; idx < 100; ++idx) { + NRw::TKeyPair pair = NRw::GenKeyPair(1024); + NRw::TRwPrivateKey priv(pair.Private, 0); + NRw::TRwPublicKey pub(pair.Public); + + const TString data = "my magic data"; + TStringStream s; + s << "data='" << data << "'."; + s << "private='" << Base64Encode(pair.Private) << "'."; + s << "public='" << Base64Encode(pair.Public) << "'."; + TString sign; + UNIT_ASSERT_NO_EXCEPTION_C(sign = priv.SignTicket(data), s.Str()); + s << "sign='" << Base64Encode(sign) << "'."; + UNIT_ASSERT_C(pub.CheckSign(data, sign), s.Str()); + } } } diff --git a/library/cpp/tvmauth/src/rw/ut/ya.make b/library/cpp/tvmauth/src/rw/ut/ya.make index 81dda796416..eccbf89bc18 100644 --- a/library/cpp/tvmauth/src/rw/ut/ya.make +++ b/library/cpp/tvmauth/src/rw/ut/ya.make @@ -1,10 +1,10 @@ -UNITTEST_FOR(library/cpp/tvmauth/src/rw) +UNITTEST_FOR(library/cpp/tvmauth/src/rw) -OWNER( - g:passport_infra - e-sidorov - ezaitov -) +OWNER( + g:passport_infra + e-sidorov + ezaitov +) SRCS( rw_ut.cpp diff --git a/library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp b/library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp index 31a599c9968..792308f48ba 100644 --- a/library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp +++ b/library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp @@ -1,32 +1,32 @@ -#include <library/cpp/tvmauth/src/rw/keys.h> - +#include <library/cpp/tvmauth/src/rw/keys.h> + #include <library/cpp/string_utils/base64/base64.h> - -#include <util/generic/yexception.h> - -using namespace NTvmAuth; - -const TString DATA = "my magic data"; - -int main(int, char**) { - const NRw::TKeyPair pair = NRw::GenKeyPair(1024); - const NRw::TRwPrivateKey priv(pair.Private, 0); - const NRw::TRwPublicKey pub(pair.Public); - - Cout << "data='" << DATA << "'." - << "private='" << Base64Encode(pair.Private) << "'." - << "public='" << Base64Encode(pair.Public) << "'."; - - TString sign; - try { - sign = priv.SignTicket(DATA); - Cout << "sign='" << Base64Encode(sign) << "'."; - Y_ENSURE(pub.CheckSign(DATA, sign)); - } catch (const std::exception& e) { - Cout << "what='" << e.what() << "'" << Endl; - return 1; - } - Cout << Endl; - - return 0; -} + +#include <util/generic/yexception.h> + +using namespace NTvmAuth; + +const TString DATA = "my magic data"; + +int main(int, char**) { + const NRw::TKeyPair pair = NRw::GenKeyPair(1024); + const NRw::TRwPrivateKey priv(pair.Private, 0); + const NRw::TRwPublicKey pub(pair.Public); + + Cout << "data='" << DATA << "'." + << "private='" << Base64Encode(pair.Private) << "'." + << "public='" << Base64Encode(pair.Public) << "'."; + + TString sign; + try { + sign = priv.SignTicket(DATA); + Cout << "sign='" << Base64Encode(sign) << "'."; + Y_ENSURE(pub.CheckSign(DATA, sign)); + } catch (const std::exception& e) { + Cout << "what='" << e.what() << "'" << Endl; + return 1; + } + Cout << Endl; + + return 0; +} diff --git a/library/cpp/tvmauth/src/rw/ut_large/gen/ya.make b/library/cpp/tvmauth/src/rw/ut_large/gen/ya.make index 7b62d5c726e..cfe165160a2 100644 --- a/library/cpp/tvmauth/src/rw/ut_large/gen/ya.make +++ b/library/cpp/tvmauth/src/rw/ut_large/gen/ya.make @@ -1,14 +1,14 @@ -PROGRAM() - -OWNER(g:passport_infra) - -SRCS( - main.cpp -) - -PEERDIR( +PROGRAM() + +OWNER(g:passport_infra) + +SRCS( + main.cpp +) + +PEERDIR( library/cpp/string_utils/base64 - library/cpp/tvmauth/src/rw -) - -END() + library/cpp/tvmauth/src/rw +) + +END() diff --git a/library/cpp/tvmauth/src/rw/ut_large/test.py b/library/cpp/tvmauth/src/rw/ut_large/test.py index 0cf95d98485..8fb0c0f91ce 100644 --- a/library/cpp/tvmauth/src/rw/ut_large/test.py +++ b/library/cpp/tvmauth/src/rw/ut_large/test.py @@ -1,35 +1,35 @@ -from __future__ import print_function - -import os -import subprocess -import sys - -import yatest.common as yc - - -def test_fuzzing(): - errfile = './errfile' - outfile = './outfile' - env = os.environ.copy() - - for number in range(25000): - with open(errfile, 'w') as fe: - with open(outfile, 'w') as fo: - p = subprocess.Popen( - [ - yc.build_path('library/cpp/tvmauth/src/rw/ut_large/gen/gen'), - ], - env=env, - stdout=fo, - stderr=fe, - ) - code = p.wait() - - with open(errfile) as fe: - all = fe.read() - if all != '': - with open(outfile) as fo: - print(fo.read(), file=sys.stderr) - assert all == '' - - assert code == 0 +from __future__ import print_function + +import os +import subprocess +import sys + +import yatest.common as yc + + +def test_fuzzing(): + errfile = './errfile' + outfile = './outfile' + env = os.environ.copy() + + for number in range(25000): + with open(errfile, 'w') as fe: + with open(outfile, 'w') as fo: + p = subprocess.Popen( + [ + yc.build_path('library/cpp/tvmauth/src/rw/ut_large/gen/gen'), + ], + env=env, + stdout=fo, + stderr=fe, + ) + code = p.wait() + + with open(errfile) as fe: + all = fe.read() + if all != '': + with open(outfile) as fo: + print(fo.read(), file=sys.stderr) + assert all == '' + + assert code == 0 diff --git a/library/cpp/tvmauth/src/rw/ut_large/ya.make b/library/cpp/tvmauth/src/rw/ut_large/ya.make index 54f82065e7a..f4095eef290 100644 --- a/library/cpp/tvmauth/src/rw/ut_large/ya.make +++ b/library/cpp/tvmauth/src/rw/ut_large/ya.make @@ -1,17 +1,17 @@ PY2TEST() - -OWNER(g:passport_infra) - + +OWNER(g:passport_infra) + TEST_SRCS(test.py) + +DEPENDS(library/cpp/tvmauth/src/rw/ut_large/gen) + +TAG(ya:fat) -DEPENDS(library/cpp/tvmauth/src/rw/ut_large/gen) - -TAG(ya:fat) - -SIZE(LARGE) - -END() - +SIZE(LARGE) + +END() + RECURSE( gen ) diff --git a/library/cpp/tvmauth/src/rw/ya.make b/library/cpp/tvmauth/src/rw/ya.make index e2ef68d4163..fffadceb30d 100644 --- a/library/cpp/tvmauth/src/rw/ya.make +++ b/library/cpp/tvmauth/src/rw/ya.make @@ -1,14 +1,14 @@ LIBRARY(ticket_parser) OWNER( - g:passport_infra + g:passport_infra e-sidorov - ezaitov + ezaitov ) PEERDIR( contrib/libs/openssl - library/cpp/openssl/init + library/cpp/openssl/init ) SRCS( @@ -23,8 +23,8 @@ SRCS( ) END() - -RECURSE_FOR_TESTS( - ut - ut_large -) + +RECURSE_FOR_TESTS( + ut + ut_large +) diff --git a/library/cpp/tvmauth/src/service_impl.cpp b/library/cpp/tvmauth/src/service_impl.cpp index 528a244647d..b27727494ca 100644 --- a/library/cpp/tvmauth/src/service_impl.cpp +++ b/library/cpp/tvmauth/src/service_impl.cpp @@ -3,139 +3,139 @@ #include "parser.h" #include "utils.h" -#include <library/cpp/tvmauth/exception.h> -#include <library/cpp/tvmauth/ticket_status.h> +#include <library/cpp/tvmauth/exception.h> +#include <library/cpp/tvmauth/ticket_status.h> #include <util/generic/strbuf.h> #include <util/string/cast.h> #include <util/string/split.h> -namespace NTvmAuth { - static const char* EX_MSG = "Method cannot be used in non-valid ticket"; - - TCheckedServiceTicket::TImpl::operator bool() const { - return (Status_ == ETicketStatus::Ok); +namespace NTvmAuth { + static const char* EX_MSG = "Method cannot be used in non-valid ticket"; + + TCheckedServiceTicket::TImpl::operator bool() const { + return (Status_ == ETicketStatus::Ok); } - TTvmId TCheckedServiceTicket::TImpl::GetSrc() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - return ProtobufTicket_.service().srcclientid(); + TTvmId TCheckedServiceTicket::TImpl::GetSrc() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + return ProtobufTicket_.service().srcclientid(); } - const TScopes& TCheckedServiceTicket::TImpl::GetScopes() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - if (CachedScopes_.empty()) { - for (const auto& el : ProtobufTicket_.service().scopes()) { - CachedScopes_.push_back(el); + const TScopes& TCheckedServiceTicket::TImpl::GetScopes() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + if (CachedScopes_.empty()) { + for (const auto& el : ProtobufTicket_.service().scopes()) { + CachedScopes_.push_back(el); } } - return CachedScopes_; + return CachedScopes_; } - bool TCheckedServiceTicket::TImpl::HasScope(TStringBuf scopeName) const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - return std::binary_search(ProtobufTicket_.service().scopes().begin(), ProtobufTicket_.service().scopes().end(), scopeName); + bool TCheckedServiceTicket::TImpl::HasScope(TStringBuf scopeName) const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + return std::binary_search(ProtobufTicket_.service().scopes().begin(), ProtobufTicket_.service().scopes().end(), scopeName); } - ETicketStatus TCheckedServiceTicket::TImpl::GetStatus() const { - return Status_; + ETicketStatus TCheckedServiceTicket::TImpl::GetStatus() const { + return Status_; } - time_t TCheckedServiceTicket::TImpl::GetExpirationTime() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - return ProtobufTicket_.expirationtime(); + time_t TCheckedServiceTicket::TImpl::GetExpirationTime() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + return ProtobufTicket_.expirationtime(); } - TString TCheckedServiceTicket::TImpl::DebugInfo() const { - if (CachedDebugInfo_) { - return CachedDebugInfo_; - } - - if (Status_ == ETicketStatus::Malformed) { - CachedDebugInfo_ = "status=malformed;"; - return CachedDebugInfo_; + TString TCheckedServiceTicket::TImpl::DebugInfo() const { + if (CachedDebugInfo_) { + return CachedDebugInfo_; + } + + if (Status_ == ETicketStatus::Malformed) { + CachedDebugInfo_ = "status=malformed;"; + return CachedDebugInfo_; } - + TString targetString = "ticket_type="; - targetString.reserve(256); - if (Status_ == ETicketStatus::InvalidTicketType) { + targetString.reserve(256); + if (Status_ == ETicketStatus::InvalidTicketType) { targetString.append("not-serv;"); - CachedDebugInfo_ = targetString; + CachedDebugInfo_ = targetString; return targetString; } - + targetString.append("serv"); - if (ProtobufTicket_.has_expirationtime()) - targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime())); - if (ProtobufTicket_.service().has_srcclientid()) { - targetString.append(";src=").append(IntToString<10>(ProtobufTicket_.service().srcclientid())); - } - if (ProtobufTicket_.service().has_dstclientid()) { - targetString.append(";dst=").append(IntToString<10>(ProtobufTicket_.service().dstclientid())); - } - for (const auto& scope : ProtobufTicket_.service().scopes()) { + if (ProtobufTicket_.has_expirationtime()) + targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime())); + if (ProtobufTicket_.service().has_srcclientid()) { + targetString.append(";src=").append(IntToString<10>(ProtobufTicket_.service().srcclientid())); + } + if (ProtobufTicket_.service().has_dstclientid()) { + targetString.append(";dst=").append(IntToString<10>(ProtobufTicket_.service().dstclientid())); + } + for (const auto& scope : ProtobufTicket_.service().scopes()) { targetString.append(";scope=").append(scope); } - if (ProtobufTicket_.service().has_issueruid()) { - targetString.append(";issuer_uid=").append(IntToString<10>(ProtobufTicket_.service().GetissuerUid())); - } + if (ProtobufTicket_.service().has_issueruid()) { + targetString.append(";issuer_uid=").append(IntToString<10>(ProtobufTicket_.service().GetissuerUid())); + } targetString.append(";"); - - CachedDebugInfo_ = targetString; + + CachedDebugInfo_ = targetString; return targetString; } - TMaybe<TUid> TCheckedServiceTicket::TImpl::GetIssuerUid() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - return ProtobufTicket_.service().has_issueruid() - ? ProtobufTicket_.service().GetissuerUid() - : TMaybe<TUid>(); - } - - void TCheckedServiceTicket::TImpl::SetStatus(ETicketStatus status) { - Status_ = status; - } - - TCheckedServiceTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket) - : Status_(status) - , ProtobufTicket_(std::move(protobufTicket)) + TMaybe<TUid> TCheckedServiceTicket::TImpl::GetIssuerUid() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + return ProtobufTicket_.service().has_issueruid() + ? ProtobufTicket_.service().GetissuerUid() + : TMaybe<TUid>(); + } + + void TCheckedServiceTicket::TImpl::SetStatus(ETicketStatus status) { + Status_ = status; + } + + TCheckedServiceTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket) + : Status_(status) + , ProtobufTicket_(std::move(protobufTicket)) { } - TServiceTicketImplPtr TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus status, - TTvmId src, - TMaybe<TUid> issuerUid) { - ticket2::Ticket proto; - proto.mutable_service()->set_srcclientid(src); - proto.mutable_service()->set_dstclientid(100500); - if (issuerUid) { - proto.mutable_service()->set_issueruid(*issuerUid); - } - return MakeHolder<TImpl>(status, std::move(proto)); - } - - TServiceContext::TImpl::TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse) - : Secret_(ParseSecret(secretBase64)) - , SelfTvmId_(selfTvmId) + TServiceTicketImplPtr TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus status, + TTvmId src, + TMaybe<TUid> issuerUid) { + ticket2::Ticket proto; + proto.mutable_service()->set_srcclientid(src); + proto.mutable_service()->set_dstclientid(100500); + if (issuerUid) { + proto.mutable_service()->set_issueruid(*issuerUid); + } + return MakeHolder<TImpl>(status, std::move(proto)); + } + + TServiceContext::TImpl::TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse) + : Secret_(ParseSecret(secretBase64)) + , SelfTvmId_(selfTvmId) { ResetKeys(tvmKeysResponse); } - TServiceContext::TImpl::TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse) - : SelfTvmId_(selfTvmId) + TServiceContext::TImpl::TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse) + : SelfTvmId_(selfTvmId) { ResetKeys(tvmKeysResponse); } - TServiceContext::TImpl::TImpl(TStringBuf secretBase64) - : Secret_(ParseSecret(secretBase64)) - { - } - + TServiceContext::TImpl::TImpl(TStringBuf secretBase64) + : Secret_(ParseSecret(secretBase64)) + { + } + void TServiceContext::TImpl::ResetKeys(TStringBuf tvmKeysResponse) { tvm_keys::Keys protoKeys; if (!protoKeys.ParseFromString(TParserTvmKeys::ParseStrV1(tvmKeysResponse))) { - ythrow TMalformedTvmKeysException() << "Malformed TVM keys"; + ythrow TMalformedTvmKeysException() << "Malformed TVM keys"; } NRw::TPublicKeys keys; @@ -146,41 +146,41 @@ namespace NTvmAuth { } if (keys.empty()) { - ythrow TEmptyTvmKeysException() << "Empty TVM keys"; + ythrow TEmptyTvmKeysException() << "Empty TVM keys"; } - Keys_ = std::move(keys); + Keys_ = std::move(keys); } TServiceTicketImplPtr TServiceContext::TImpl::Check(TStringBuf ticketBody) const { - if (Keys_.empty()) { - ythrow TEmptyTvmKeysException() << "Empty TVM keys"; - } - - TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::ServiceFlag()); - if (res.Status != ETicketStatus::Ok) { - return MakeHolder<TCheckedServiceTicket::TImpl>(res.Status, std::move(res.Ticket)); + if (Keys_.empty()) { + ythrow TEmptyTvmKeysException() << "Empty TVM keys"; + } + + TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::ServiceFlag()); + if (res.Status != ETicketStatus::Ok) { + return MakeHolder<TCheckedServiceTicket::TImpl>(res.Status, std::move(res.Ticket)); } - const ETicketStatus status = CheckProtobufServiceTicket(res.Ticket); - return MakeHolder<TCheckedServiceTicket::TImpl>(status, std::move(res.Ticket)); + const ETicketStatus status = CheckProtobufServiceTicket(res.Ticket); + return MakeHolder<TCheckedServiceTicket::TImpl>(status, std::move(res.Ticket)); } TString TServiceContext::TImpl::SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes) const { - if (Secret_.Value().empty()) { - ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty"; + if (Secret_.Value().empty()) { + ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty"; } - return NUtils::SignCgiParamsForTvm(Secret_, ts, dst, scopes); + return NUtils::SignCgiParamsForTvm(Secret_, ts, dst, scopes); } - ETicketStatus TServiceContext::TImpl::CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const { + ETicketStatus TServiceContext::TImpl::CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const { if (!ticket.has_service()) { - return ETicketStatus::Malformed; + return ETicketStatus::Malformed; } - if (ticket.service().dstclientid() != SelfTvmId_) { - return ETicketStatus::InvalidDst; + if (ticket.service().dstclientid() != SelfTvmId_) { + return ETicketStatus::InvalidDst; } - return ETicketStatus::Ok; + return ETicketStatus::Ok; } TString TServiceContext::TImpl::ParseSecret(TStringBuf secretBase64) { @@ -188,16 +188,16 @@ namespace NTvmAuth { secretBase64.Chop(1); } - if (secretBase64.empty()) { - ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty"; - } - + if (secretBase64.empty()) { + ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty"; + } + const TString secret = NUtils::Base64url2bin(secretBase64); if (secret.empty()) { - ythrow TMalformedTvmSecretException() << "Malformed TVM secret: invalid base64url"; + ythrow TMalformedTvmSecretException() << "Malformed TVM secret: invalid base64url"; } return secret; } -} +} diff --git a/library/cpp/tvmauth/src/service_impl.h b/library/cpp/tvmauth/src/service_impl.h index 18dd4ec335f..1009ea094b6 100644 --- a/library/cpp/tvmauth/src/service_impl.h +++ b/library/cpp/tvmauth/src/service_impl.h @@ -1,59 +1,59 @@ #pragma once -#include <library/cpp/tvmauth/src/protos/ticket2.pb.h> -#include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h> -#include <library/cpp/tvmauth/src/rw/keys.h> +#include <library/cpp/tvmauth/src/protos/ticket2.pb.h> +#include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h> +#include <library/cpp/tvmauth/src/rw/keys.h> -#include <library/cpp/tvmauth/type.h> -#include <library/cpp/tvmauth/deprecated/service_context.h> +#include <library/cpp/tvmauth/type.h> +#include <library/cpp/tvmauth/deprecated/service_context.h> -#include <library/cpp/charset/ci_string.h> -#include <library/cpp/string_utils/secret_string/secret_string.h> - -#include <util/generic/maybe.h> +#include <library/cpp/charset/ci_string.h> +#include <library/cpp/string_utils/secret_string/secret_string.h> +#include <util/generic/maybe.h> + #include <string> -namespace NTvmAuth { - using TServiceTicketImplPtr = THolder<TCheckedServiceTicket::TImpl>; - class TCheckedServiceTicket::TImpl { +namespace NTvmAuth { + using TServiceTicketImplPtr = THolder<TCheckedServiceTicket::TImpl>; + class TCheckedServiceTicket::TImpl { public: explicit operator bool() const; - TTvmId GetSrc() const; + TTvmId GetSrc() const; const TScopes& GetScopes() const; bool HasScope(TStringBuf scopeName) const; - ETicketStatus GetStatus() const; + ETicketStatus GetStatus() const; time_t GetExpirationTime() const; TString DebugInfo() const; - TMaybe<TUid> GetIssuerUid() const; - - void SetStatus(ETicketStatus status); + TMaybe<TUid> GetIssuerUid() const; + void SetStatus(ETicketStatus status); + /*! * Constructor for creation invalid ticket storing error status in TServiceContext * @param status * @param protobufTicket */ - TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket); - - static TServiceTicketImplPtr CreateTicketForTests(ETicketStatus status, - TTvmId src, - TMaybe<TUid> issuerUid); + TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket); + static TServiceTicketImplPtr CreateTicketForTests(ETicketStatus status, + TTvmId src, + TMaybe<TUid> issuerUid); + private: - ETicketStatus Status_; - ticket2::Ticket ProtobufTicket_; - mutable TScopes CachedScopes_; - mutable TString CachedDebugInfo_; + ETicketStatus Status_; + ticket2::Ticket ProtobufTicket_; + mutable TScopes CachedScopes_; + mutable TString CachedDebugInfo_; }; class TServiceContext::TImpl { public: - TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse); - TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse); - TImpl(TStringBuf secretBase64); + TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse); + TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse); + TImpl(TStringBuf secretBase64); void ResetKeys(TStringBuf tvmKeysResponse); @@ -61,17 +61,17 @@ namespace NTvmAuth { TString SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes = TStringBuf()) const; const NRw::TPublicKeys& GetKeys() const { // for tests - return Keys_; + return Keys_; } private: - ETicketStatus CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const; + ETicketStatus CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const; static TString ParseSecret(TStringBuf secretBase64); - NRw::TPublicKeys Keys_; - const NSecretString::TSecretString Secret_; - const TTvmId SelfTvmId_ = 0; + NRw::TPublicKeys Keys_; + const NSecretString::TSecretString Secret_; + const TTvmId SelfTvmId_ = 0; - ::google::protobuf::LogSilencer LogSilencer_; + ::google::protobuf::LogSilencer LogSilencer_; }; -} +} diff --git a/library/cpp/tvmauth/src/service_ticket.cpp b/library/cpp/tvmauth/src/service_ticket.cpp index 077049ef3ad..70e9e60f667 100644 --- a/library/cpp/tvmauth/src/service_ticket.cpp +++ b/library/cpp/tvmauth/src/service_ticket.cpp @@ -1,41 +1,41 @@ -#include "service_impl.h" - -#include <library/cpp/tvmauth/checked_service_ticket.h> - -namespace NTvmAuth { - static const char* EX_MSG = "Ticket already moved out"; - - TCheckedServiceTicket::TCheckedServiceTicket(THolder<TImpl> impl) - : Impl_(std::move(impl)) - { - } - - TCheckedServiceTicket::TCheckedServiceTicket(TCheckedServiceTicket&& o) = default; - TCheckedServiceTicket& TCheckedServiceTicket::operator=(TCheckedServiceTicket&& o) = default; - TCheckedServiceTicket::~TCheckedServiceTicket() = default; - - TCheckedServiceTicket::operator bool() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->operator bool(); - } - - TTvmId TCheckedServiceTicket::GetSrc() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetSrc(); - } - - ETicketStatus TCheckedServiceTicket::GetStatus() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetStatus(); - } - - TString TCheckedServiceTicket::DebugInfo() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->DebugInfo(); - } - - TMaybe<TUid> TCheckedServiceTicket::GetIssuerUid() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetIssuerUid(); - } -} +#include "service_impl.h" + +#include <library/cpp/tvmauth/checked_service_ticket.h> + +namespace NTvmAuth { + static const char* EX_MSG = "Ticket already moved out"; + + TCheckedServiceTicket::TCheckedServiceTicket(THolder<TImpl> impl) + : Impl_(std::move(impl)) + { + } + + TCheckedServiceTicket::TCheckedServiceTicket(TCheckedServiceTicket&& o) = default; + TCheckedServiceTicket& TCheckedServiceTicket::operator=(TCheckedServiceTicket&& o) = default; + TCheckedServiceTicket::~TCheckedServiceTicket() = default; + + TCheckedServiceTicket::operator bool() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->operator bool(); + } + + TTvmId TCheckedServiceTicket::GetSrc() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetSrc(); + } + + ETicketStatus TCheckedServiceTicket::GetStatus() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetStatus(); + } + + TString TCheckedServiceTicket::DebugInfo() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->DebugInfo(); + } + + TMaybe<TUid> TCheckedServiceTicket::GetIssuerUid() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetIssuerUid(); + } +} diff --git a/library/cpp/tvmauth/src/status.cpp b/library/cpp/tvmauth/src/status.cpp index 1b08fc098f9..fb871b40dc6 100644 --- a/library/cpp/tvmauth/src/status.cpp +++ b/library/cpp/tvmauth/src/status.cpp @@ -1,32 +1,32 @@ -#include <library/cpp/tvmauth/ticket_status.h> +#include <library/cpp/tvmauth/ticket_status.h> -#include <util/generic/yexception.h> - -namespace NTvmAuth { - TStringBuf StatusToString(ETicketStatus st) { +#include <util/generic/yexception.h> + +namespace NTvmAuth { + TStringBuf StatusToString(ETicketStatus st) { switch (st) { - case ETicketStatus::Ok: + case ETicketStatus::Ok: return "OK"; - case ETicketStatus::Expired: + case ETicketStatus::Expired: return "Expired ticket"; - case ETicketStatus::InvalidBlackboxEnv: + case ETicketStatus::InvalidBlackboxEnv: return "Invalid BlackBox environment"; - case ETicketStatus::InvalidDst: + case ETicketStatus::InvalidDst: return "Invalid ticket destination"; - case ETicketStatus::InvalidTicketType: + case ETicketStatus::InvalidTicketType: return "Invalid ticket type"; - case ETicketStatus::Malformed: + case ETicketStatus::Malformed: return "Malformed ticket"; - case ETicketStatus::MissingKey: - return "Context does not have required key to check ticket: public keys are too old"; - case ETicketStatus::SignBroken: + case ETicketStatus::MissingKey: + return "Context does not have required key to check ticket: public keys are too old"; + case ETicketStatus::SignBroken: return "Invalid ticket signature"; - case ETicketStatus::UnsupportedVersion: + case ETicketStatus::UnsupportedVersion: return "Unsupported ticket version"; - case ETicketStatus::NoRoles: - return "Subject (src or defaultUid) does not have any roles in IDM"; + case ETicketStatus::NoRoles: + return "Subject (src or defaultUid) does not have any roles in IDM"; } - ythrow yexception() << "Unexpected status: " << static_cast<int>(st); + ythrow yexception() << "Unexpected status: " << static_cast<int>(st); } -} +} diff --git a/library/cpp/tvmauth/src/unittest.cpp b/library/cpp/tvmauth/src/unittest.cpp index 5133d79ea9d..c0191d3fc61 100644 --- a/library/cpp/tvmauth/src/unittest.cpp +++ b/library/cpp/tvmauth/src/unittest.cpp @@ -1,14 +1,14 @@ -#include "service_impl.h" -#include "user_impl.h" - -#include <library/cpp/tvmauth/unittest.h> - -namespace NTvmAuth::NUnittest { - TCheckedServiceTicket CreateServiceTicket(ETicketStatus status, TTvmId src, TMaybe<TUid> issuerUid) { - return TCheckedServiceTicket(TCheckedServiceTicket::TImpl::CreateTicketForTests(status, src, issuerUid)); - } - - TCheckedUserTicket CreateUserTicket(ETicketStatus status, TUid defaultUid, const TScopes& scopes, const TUids& uids, EBlackboxEnv env) { - return TCheckedUserTicket(TCheckedUserTicket::TImpl::CreateTicketForTests(status, defaultUid, scopes, uids, env)); - } -} +#include "service_impl.h" +#include "user_impl.h" + +#include <library/cpp/tvmauth/unittest.h> + +namespace NTvmAuth::NUnittest { + TCheckedServiceTicket CreateServiceTicket(ETicketStatus status, TTvmId src, TMaybe<TUid> issuerUid) { + return TCheckedServiceTicket(TCheckedServiceTicket::TImpl::CreateTicketForTests(status, src, issuerUid)); + } + + TCheckedUserTicket CreateUserTicket(ETicketStatus status, TUid defaultUid, const TScopes& scopes, const TUids& uids, EBlackboxEnv env) { + return TCheckedUserTicket(TCheckedUserTicket::TImpl::CreateTicketForTests(status, defaultUid, scopes, uids, env)); + } +} diff --git a/library/cpp/tvmauth/src/user_impl.cpp b/library/cpp/tvmauth/src/user_impl.cpp index 33002968d29..2cd24f07aac 100644 --- a/library/cpp/tvmauth/src/user_impl.cpp +++ b/library/cpp/tvmauth/src/user_impl.cpp @@ -2,8 +2,8 @@ #include "parser.h" -#include <library/cpp/tvmauth/exception.h> -#include <library/cpp/tvmauth/ticket_status.h> +#include <library/cpp/tvmauth/exception.h> +#include <library/cpp/tvmauth/ticket_status.h> #include <util/generic/strbuf.h> #include <util/string/cast.h> @@ -11,9 +11,9 @@ #include <algorithm> -namespace NTvmAuth { - static const char* EX_MSG = "Method cannot be used in non-valid ticket"; - +namespace NTvmAuth { + static const char* EX_MSG = "Method cannot be used in non-valid ticket"; + TStringBuf GetBlackboxEnvAsString(EBlackboxEnv environment) { switch (environment) { case (EBlackboxEnv::Prod): @@ -31,77 +31,77 @@ namespace NTvmAuth { } } - TCheckedUserTicket::TImpl::operator bool() const { - return (Status_ == ETicketStatus::Ok); + TCheckedUserTicket::TImpl::operator bool() const { + return (Status_ == ETicketStatus::Ok); } - TUid TCheckedUserTicket::TImpl::GetDefaultUid() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - return ProtobufTicket_.user().defaultuid(); + TUid TCheckedUserTicket::TImpl::GetDefaultUid() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + return ProtobufTicket_.user().defaultuid(); } - time_t TCheckedUserTicket::TImpl::GetExpirationTime() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - return ProtobufTicket_.expirationtime(); + time_t TCheckedUserTicket::TImpl::GetExpirationTime() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + return ProtobufTicket_.expirationtime(); } - const TScopes& TCheckedUserTicket::TImpl::GetScopes() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - if (CachedScopes_.empty()) { - for (const auto& el : ProtobufTicket_.user().scopes()) { - CachedScopes_.push_back(el); + const TScopes& TCheckedUserTicket::TImpl::GetScopes() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + if (CachedScopes_.empty()) { + for (const auto& el : ProtobufTicket_.user().scopes()) { + CachedScopes_.push_back(el); } } - return CachedScopes_; + return CachedScopes_; } - bool TCheckedUserTicket::TImpl::HasScope(TStringBuf scopeName) const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - return std::binary_search(ProtobufTicket_.user().scopes().begin(), ProtobufTicket_.user().scopes().end(), scopeName); + bool TCheckedUserTicket::TImpl::HasScope(TStringBuf scopeName) const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + return std::binary_search(ProtobufTicket_.user().scopes().begin(), ProtobufTicket_.user().scopes().end(), scopeName); } - ETicketStatus TCheckedUserTicket::TImpl::GetStatus() const { - return Status_; + ETicketStatus TCheckedUserTicket::TImpl::GetStatus() const { + return Status_; } - const TUids& TCheckedUserTicket::TImpl::GetUids() const { - Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); - if (CachedUids_.empty()) { - for (const auto& user : ProtobufTicket_.user().users()) { - CachedUids_.push_back(user.uid()); + const TUids& TCheckedUserTicket::TImpl::GetUids() const { + Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); + if (CachedUids_.empty()) { + for (const auto& user : ProtobufTicket_.user().users()) { + CachedUids_.push_back(user.uid()); } } - return CachedUids_; + return CachedUids_; } - TString TCheckedUserTicket::TImpl::DebugInfo() const { - if (CachedDebugInfo_) { - return CachedDebugInfo_; - } - - if (Status_ == ETicketStatus::Malformed) { - CachedDebugInfo_ = "status=malformed;"; - return CachedDebugInfo_; + TString TCheckedUserTicket::TImpl::DebugInfo() const { + if (CachedDebugInfo_) { + return CachedDebugInfo_; + } + + if (Status_ == ETicketStatus::Malformed) { + CachedDebugInfo_ = "status=malformed;"; + return CachedDebugInfo_; } - + TString targetString = "ticket_type="; - targetString.reserve(256); - if (Status_ == ETicketStatus::InvalidTicketType) { + targetString.reserve(256); + if (Status_ == ETicketStatus::InvalidTicketType) { targetString.append("not-user;"); - CachedDebugInfo_ = targetString; + CachedDebugInfo_ = targetString; return targetString; } - + targetString.append("user"); - if (ProtobufTicket_.expirationtime() > 0) - targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime())); - for (const auto& scope : ProtobufTicket_.user().scopes()) { + if (ProtobufTicket_.expirationtime() > 0) + targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime())); + for (const auto& scope : ProtobufTicket_.user().scopes()) { targetString.append(";scope=").append(scope); } - - if (ProtobufTicket_.user().defaultuid() > 0) - targetString.append(";default_uid=").append(IntToString<10>(ProtobufTicket_.user().defaultuid())); - for (const auto& user : ProtobufTicket_.user().users()) { + + if (ProtobufTicket_.user().defaultuid() > 0) + targetString.append(";default_uid=").append(IntToString<10>(ProtobufTicket_.user().defaultuid())); + for (const auto& user : ProtobufTicket_.user().users()) { targetString.append(";uid=").append(IntToString<10>(user.uid())); } @@ -109,66 +109,66 @@ namespace NTvmAuth { EBlackboxEnv environment = static_cast<EBlackboxEnv>(ProtobufTicket_.user().env()); targetString.append(GetBlackboxEnvAsString(environment)); targetString.append(";"); - - CachedDebugInfo_ = targetString; + + CachedDebugInfo_ = targetString; return targetString; } - EBlackboxEnv TCheckedUserTicket::TImpl::GetEnv() const { - return (EBlackboxEnv)ProtobufTicket_.user().env(); - } - - void TCheckedUserTicket::TImpl::SetStatus(ETicketStatus status) { - Status_ = status; - } - - TCheckedUserTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket) - : Status_(status) - , ProtobufTicket_(std::move(protobufTicket)) + EBlackboxEnv TCheckedUserTicket::TImpl::GetEnv() const { + return (EBlackboxEnv)ProtobufTicket_.user().env(); + } + + void TCheckedUserTicket::TImpl::SetStatus(ETicketStatus status) { + Status_ = status; + } + + TCheckedUserTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket) + : Status_(status) + , ProtobufTicket_(std::move(protobufTicket)) { } - TUserTicketImplPtr TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus status, - TUid defaultUid, - TScopes scopes, - TUids uids, - EBlackboxEnv env) { - auto prepareCont = [](auto& cont) { - std::sort(cont.begin(), cont.end()); - cont.erase(std::unique(cont.begin(), cont.end()), cont.end()); - }; - auto erase = [](auto& cont, auto val) { - auto it = std::find(cont.begin(), cont.end(), val); - if (it != cont.end()) { - cont.erase(it); - } - }; - - prepareCont(scopes); - erase(scopes, ""); - - uids.push_back(defaultUid); - prepareCont(uids); - erase(uids, 0); - Y_ENSURE(!uids.empty(), "User ticket cannot contain empty uid list"); - - ticket2::Ticket proto; - for (TUid uid : uids) { - proto.mutable_user()->add_users()->set_uid(uid); - } - proto.mutable_user()->set_defaultuid(defaultUid); - proto.mutable_user()->set_entrypoint(100500); - for (TStringBuf scope : scopes) { - proto.mutable_user()->add_scopes(TString(scope)); - } - - proto.mutable_user()->set_env((tvm_keys::BbEnvType)env); - - return MakeHolder<TImpl>(status, std::move(proto)); - } - + TUserTicketImplPtr TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus status, + TUid defaultUid, + TScopes scopes, + TUids uids, + EBlackboxEnv env) { + auto prepareCont = [](auto& cont) { + std::sort(cont.begin(), cont.end()); + cont.erase(std::unique(cont.begin(), cont.end()), cont.end()); + }; + auto erase = [](auto& cont, auto val) { + auto it = std::find(cont.begin(), cont.end(), val); + if (it != cont.end()) { + cont.erase(it); + } + }; + + prepareCont(scopes); + erase(scopes, ""); + + uids.push_back(defaultUid); + prepareCont(uids); + erase(uids, 0); + Y_ENSURE(!uids.empty(), "User ticket cannot contain empty uid list"); + + ticket2::Ticket proto; + for (TUid uid : uids) { + proto.mutable_user()->add_users()->set_uid(uid); + } + proto.mutable_user()->set_defaultuid(defaultUid); + proto.mutable_user()->set_entrypoint(100500); + for (TStringBuf scope : scopes) { + proto.mutable_user()->add_scopes(TString(scope)); + } + + proto.mutable_user()->set_env((tvm_keys::BbEnvType)env); + + return MakeHolder<TImpl>(status, std::move(proto)); + } + TUserContext::TImpl::TImpl(EBlackboxEnv env, TStringBuf tvmKeysResponse) - : Env_(env) + : Env_(env) { ResetKeys(tvmKeysResponse); } @@ -176,66 +176,66 @@ namespace NTvmAuth { void TUserContext::TImpl::ResetKeys(TStringBuf tvmKeysResponse) { tvm_keys::Keys protoKeys; if (!protoKeys.ParseFromString(TParserTvmKeys::ParseStrV1(tvmKeysResponse))) { - ythrow TMalformedTvmKeysException() << "Malformed TVM keys"; + ythrow TMalformedTvmKeysException() << "Malformed TVM keys"; } NRw::TPublicKeys keys; for (int idx = 0; idx < protoKeys.bb_size(); ++idx) { const tvm_keys::BbKey& k = protoKeys.bb(idx); - if (IsAllowed(k.env())) { + if (IsAllowed(k.env())) { keys.emplace(k.gen().id(), k.gen().body()); } } if (keys.empty()) { - ythrow TEmptyTvmKeysException() << "Empty TVM keys"; + ythrow TEmptyTvmKeysException() << "Empty TVM keys"; } - Keys_ = std::move(keys); + Keys_ = std::move(keys); } TUserTicketImplPtr TUserContext::TImpl::Check(TStringBuf ticketBody) const { - TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::UserFlag()); - ETicketStatus status = CheckProtobufUserTicket(res.Ticket); + TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::UserFlag()); + ETicketStatus status = CheckProtobufUserTicket(res.Ticket); - if (res.Status != ETicketStatus::Ok && !(res.Status == ETicketStatus::MissingKey && status == ETicketStatus::InvalidBlackboxEnv)) { + if (res.Status != ETicketStatus::Ok && !(res.Status == ETicketStatus::MissingKey && status == ETicketStatus::InvalidBlackboxEnv)) { status = res.Status; } - return MakeHolder<TCheckedUserTicket::TImpl>(status, std::move(res.Ticket)); + return MakeHolder<TCheckedUserTicket::TImpl>(status, std::move(res.Ticket)); } - ETicketStatus TUserContext::TImpl::CheckProtobufUserTicket(const ticket2::Ticket& ticket) const { + ETicketStatus TUserContext::TImpl::CheckProtobufUserTicket(const ticket2::Ticket& ticket) const { if (!ticket.has_user()) { - return ETicketStatus::Malformed; + return ETicketStatus::Malformed; } - if (!IsAllowed(ticket.user().env())) { - return ETicketStatus::InvalidBlackboxEnv; + if (!IsAllowed(ticket.user().env())) { + return ETicketStatus::InvalidBlackboxEnv; } - return ETicketStatus::Ok; + return ETicketStatus::Ok; } const NRw::TPublicKeys& TUserContext::TImpl::GetKeys() const { - return Keys_; + return Keys_; } - bool TUserContext::TImpl::IsAllowed(tvm_keys::BbEnvType env) const { - if (env == tvm_keys::Prod && (Env_ == EBlackboxEnv::Prod || Env_ == EBlackboxEnv::Stress)) { + bool TUserContext::TImpl::IsAllowed(tvm_keys::BbEnvType env) const { + if (env == tvm_keys::Prod && (Env_ == EBlackboxEnv::Prod || Env_ == EBlackboxEnv::Stress)) { return true; } - if (env == tvm_keys::ProdYateam && Env_ == EBlackboxEnv::ProdYateam) { + if (env == tvm_keys::ProdYateam && Env_ == EBlackboxEnv::ProdYateam) { return true; } - if (env == tvm_keys::Test && Env_ == EBlackboxEnv::Test) { + if (env == tvm_keys::Test && Env_ == EBlackboxEnv::Test) { return true; } - if (env == tvm_keys::TestYateam && Env_ == EBlackboxEnv::TestYateam) { + if (env == tvm_keys::TestYateam && Env_ == EBlackboxEnv::TestYateam) { return true; } - if (env == tvm_keys::Stress && Env_ == EBlackboxEnv::Stress) { + if (env == tvm_keys::Stress && Env_ == EBlackboxEnv::Stress) { return true; } return false; } -} +} diff --git a/library/cpp/tvmauth/src/user_impl.h b/library/cpp/tvmauth/src/user_impl.h index e3f1099b907..7be3b9b4ea8 100644 --- a/library/cpp/tvmauth/src/user_impl.h +++ b/library/cpp/tvmauth/src/user_impl.h @@ -1,18 +1,18 @@ #pragma once -#include <library/cpp/tvmauth/src/protos/ticket2.pb.h> -#include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h> -#include <library/cpp/tvmauth/src/rw/keys.h> +#include <library/cpp/tvmauth/src/protos/ticket2.pb.h> +#include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h> +#include <library/cpp/tvmauth/src/rw/keys.h> -#include <library/cpp/tvmauth/deprecated/user_context.h> +#include <library/cpp/tvmauth/deprecated/user_context.h> -#include <library/cpp/charset/ci_string.h> +#include <library/cpp/charset/ci_string.h> #include <unordered_map> -namespace NTvmAuth { - using TUserTicketImplPtr = THolder<TCheckedUserTicket::TImpl>; - class TCheckedUserTicket::TImpl { +namespace NTvmAuth { + using TUserTicketImplPtr = THolder<TCheckedUserTicket::TImpl>; + class TCheckedUserTicket::TImpl { public: explicit operator bool() const; @@ -20,36 +20,36 @@ namespace NTvmAuth { time_t GetExpirationTime() const; const TScopes& GetScopes() const; bool HasScope(TStringBuf scopeName) const; - ETicketStatus GetStatus() const; + ETicketStatus GetStatus() const; const TUids& GetUids() const; TString DebugInfo() const; - EBlackboxEnv GetEnv() const; - - void SetStatus(ETicketStatus status); - + EBlackboxEnv GetEnv() const; + + void SetStatus(ETicketStatus status); + /*! * Constructor for creation invalid ticket storing error status in TServiceContext * @param status * @param protobufTicket */ - TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket); - - static TUserTicketImplPtr CreateTicketForTests(ETicketStatus status, - TUid defaultUid, - TScopes scopes, - TUids uids, - EBlackboxEnv env = EBlackboxEnv::Test); - + TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket); + + static TUserTicketImplPtr CreateTicketForTests(ETicketStatus status, + TUid defaultUid, + TScopes scopes, + TUids uids, + EBlackboxEnv env = EBlackboxEnv::Test); + private: static const int MaxUserCount = 15; - ETicketStatus Status_; - ticket2::Ticket ProtobufTicket_; - mutable TScopes CachedScopes_; - mutable TUids CachedUids_; - mutable TString CachedDebugInfo_; + ETicketStatus Status_; + ticket2::Ticket ProtobufTicket_; + mutable TScopes CachedScopes_; + mutable TUids CachedUids_; + mutable TString CachedDebugInfo_; }; class TUserContext::TImpl { @@ -60,13 +60,13 @@ namespace NTvmAuth { TUserTicketImplPtr Check(TStringBuf ticketBody) const; const NRw::TPublicKeys& GetKeys() const; - bool IsAllowed(tvm_keys::BbEnvType env) const; + bool IsAllowed(tvm_keys::BbEnvType env) const; private: - ETicketStatus CheckProtobufUserTicket(const ticket2::Ticket& ticket) const; + ETicketStatus CheckProtobufUserTicket(const ticket2::Ticket& ticket) const; - NRw::TPublicKeys Keys_; - EBlackboxEnv Env_; - ::google::protobuf::LogSilencer LogSilencer_; + NRw::TPublicKeys Keys_; + EBlackboxEnv Env_; + ::google::protobuf::LogSilencer LogSilencer_; }; -} +} diff --git a/library/cpp/tvmauth/src/user_ticket.cpp b/library/cpp/tvmauth/src/user_ticket.cpp index 3e4e0c03645..0df1d5157af 100644 --- a/library/cpp/tvmauth/src/user_ticket.cpp +++ b/library/cpp/tvmauth/src/user_ticket.cpp @@ -1,56 +1,56 @@ -#include "user_impl.h" - -#include <library/cpp/tvmauth/checked_user_ticket.h> - -namespace NTvmAuth { - static const char* EX_MSG = "Ticket already moved out"; - - TCheckedUserTicket::TCheckedUserTicket(THolder<TCheckedUserTicket::TImpl> impl) - : Impl_(std::move(impl)) - { - } - - TCheckedUserTicket::TCheckedUserTicket(TCheckedUserTicket&& o) = default; - TCheckedUserTicket::~TCheckedUserTicket() = default; - TCheckedUserTicket& TCheckedUserTicket::operator=(TCheckedUserTicket&& o) = default; - - TCheckedUserTicket::operator bool() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->operator bool(); - } - - const TUids& TCheckedUserTicket::GetUids() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetUids(); - } - - TUid TCheckedUserTicket::GetDefaultUid() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetDefaultUid(); - } - - const TScopes& TCheckedUserTicket::GetScopes() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetScopes(); - } - - bool TCheckedUserTicket::HasScope(TStringBuf scopeName) const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->HasScope(scopeName); - } - - ETicketStatus TCheckedUserTicket::GetStatus() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetStatus(); - } - - TString TCheckedUserTicket::DebugInfo() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->DebugInfo(); - } - - EBlackboxEnv TCheckedUserTicket::GetEnv() const { - Y_ENSURE(Impl_, EX_MSG); - return Impl_->GetEnv(); - } -} +#include "user_impl.h" + +#include <library/cpp/tvmauth/checked_user_ticket.h> + +namespace NTvmAuth { + static const char* EX_MSG = "Ticket already moved out"; + + TCheckedUserTicket::TCheckedUserTicket(THolder<TCheckedUserTicket::TImpl> impl) + : Impl_(std::move(impl)) + { + } + + TCheckedUserTicket::TCheckedUserTicket(TCheckedUserTicket&& o) = default; + TCheckedUserTicket::~TCheckedUserTicket() = default; + TCheckedUserTicket& TCheckedUserTicket::operator=(TCheckedUserTicket&& o) = default; + + TCheckedUserTicket::operator bool() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->operator bool(); + } + + const TUids& TCheckedUserTicket::GetUids() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetUids(); + } + + TUid TCheckedUserTicket::GetDefaultUid() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetDefaultUid(); + } + + const TScopes& TCheckedUserTicket::GetScopes() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetScopes(); + } + + bool TCheckedUserTicket::HasScope(TStringBuf scopeName) const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->HasScope(scopeName); + } + + ETicketStatus TCheckedUserTicket::GetStatus() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetStatus(); + } + + TString TCheckedUserTicket::DebugInfo() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->DebugInfo(); + } + + EBlackboxEnv TCheckedUserTicket::GetEnv() const { + Y_ENSURE(Impl_, EX_MSG); + return Impl_->GetEnv(); + } +} diff --git a/library/cpp/tvmauth/src/ut/parser_ut.cpp b/library/cpp/tvmauth/src/ut/parser_ut.cpp index 530f45331a2..b6c6ef467b2 100644 --- a/library/cpp/tvmauth/src/ut/parser_ut.cpp +++ b/library/cpp/tvmauth/src/ut/parser_ut.cpp @@ -1,13 +1,13 @@ -#include <library/cpp/tvmauth/src/parser.h> -#include <library/cpp/tvmauth/src/utils.h> +#include <library/cpp/tvmauth/src/parser.h> +#include <library/cpp/tvmauth/src/utils.h> -#include <library/cpp/tvmauth/exception.h> -#include <library/cpp/tvmauth/ticket_status.h> +#include <library/cpp/tvmauth/exception.h> +#include <library/cpp/tvmauth/ticket_status.h> #include <library/cpp/testing/unittest/registar.h> - + Y_UNIT_TEST_SUITE(ParserTestSuite) { - using namespace NTvmAuth; + using namespace NTvmAuth; Y_UNIT_TEST(Keys) { UNIT_ASSERT_EXCEPTION(TParserTvmKeys::ParseStrV1("2:asds"), TMalformedTvmKeysException); @@ -18,69 +18,69 @@ Y_UNIT_TEST_SUITE(ParserTestSuite) { } Y_UNIT_TEST(TicketsStrV3) { - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Ok, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Ok, NUtils::Base64url2bin("CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg"), NUtils::Base64url2bin("ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"), "3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:"}), TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::UnsupportedVersion, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::UnsupportedVersion, {}, {}, {}}), TParserTickets::ParseStrV3("2:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::InvalidTicketType, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::InvalidTicketType, {}, {}, {}}), TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", TParserTickets::UserFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, {}, {}, {}}), TParserTickets::ParseStrV3("3:serv::ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, {}, {}, {}}), TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:", TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, {}, {}, {}}), TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA:asd", TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, {}, {}, {}}), TParserTickets::ParseStrV3("3:serv:CgY+-*/IDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, {}, {}, {}}), TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERme/*-+H_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("", - TParserTickets::ServiceFlag())); - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("'", - TParserTickets::ServiceFlag())); + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, + {}, + {}, + {}}), + TParserTickets::ParseStrV3("", + TParserTickets::ServiceFlag())); + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, + {}, + {}, + {}}), + TParserTickets::ParseStrV3("'", + TParserTickets::ServiceFlag())); // Invalid proto - UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Ok, + UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Ok, NUtils::Base64url2bin("YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg"), NUtils::Base64url2bin("ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"), "3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:"}), @@ -91,50 +91,50 @@ Y_UNIT_TEST_SUITE(ParserTestSuite) { Y_UNIT_TEST(TicketsV3) { NRw::TPublicKeys pub; - UNIT_ASSERT_EQUAL(ETicketStatus::Malformed, + UNIT_ASSERT_EQUAL(ETicketStatus::Malformed, TParserTickets::ParseV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERme/*-+H_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", pub, TParserTickets::ServiceFlag()) .Status); // Invalid proto - UNIT_ASSERT_EQUAL(ETicketStatus::Malformed, + UNIT_ASSERT_EQUAL(ETicketStatus::Malformed, TParserTickets::ParseV3("3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", pub, TParserTickets::ServiceFlag()) .Status); // Expire time == 100500 - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, TParserTickets::ParseV3("3:serv:CBAQlJEGIhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:HEzPbsjULegBvgX3nqwFX0GfVhESmN1kEWyeT7U03KAR-sQnNYgm6IuN-b9-lQYQKAJSW6p8ffyucC1yDrWSWRxXVzHJUxAVW4hnbiFDtXrurnEdpMK3izKbmTY25PJ4vH3_TkRXk-_oSAE8RvIFKXlh-aw1tezbXBUpJKvyJ0w", pub, TParserTickets::ServiceFlag()) .Status); - UNIT_ASSERT_EQUAL(ETicketStatus::MissingKey, + UNIT_ASSERT_EQUAL(ETicketStatus::MissingKey, TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", pub, TParserTickets::ServiceFlag()) .Status); pub.emplace(16, NRw::TRwPublicKey(NUtils::Base64url2bin("MIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbN"))); - UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, + UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMa:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", pub, TParserTickets::ServiceFlag()) .Status); - UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, + UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qa", pub, TParserTickets::ServiceFlag()) .Status); - UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, - TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:EbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", + UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, + TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:EbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", pub, TParserTickets::ServiceFlag()) .Status); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", pub, TParserTickets::ServiceFlag()) diff --git a/library/cpp/tvmauth/src/ut/public_ut.cpp b/library/cpp/tvmauth/src/ut/public_ut.cpp index 74a483d57bd..ba7c5afa862 100644 --- a/library/cpp/tvmauth/src/ut/public_ut.cpp +++ b/library/cpp/tvmauth/src/ut/public_ut.cpp @@ -1,197 +1,197 @@ -// DO_NOT_STYLE -#include <library/cpp/tvmauth/src/service_impl.h> -#include <library/cpp/tvmauth/src/user_impl.h> +// DO_NOT_STYLE +#include <library/cpp/tvmauth/src/service_impl.h> +#include <library/cpp/tvmauth/src/user_impl.h> -#include <library/cpp/tvmauth/exception.h> -#include <library/cpp/tvmauth/ticket_status.h> -#include <library/cpp/tvmauth/unittest.h> +#include <library/cpp/tvmauth/exception.h> +#include <library/cpp/tvmauth/ticket_status.h> +#include <library/cpp/tvmauth/unittest.h> #include <library/cpp/testing/unittest/registar.h> - -using namespace NTvmAuth; - + +using namespace NTvmAuth; + Y_UNIT_TEST_SUITE(CommonPublicInterfaceTestSuite){ Y_UNIT_TEST(StatusTest){ UNIT_ASSERT_VALUES_EQUAL("OK", - StatusToString(ETicketStatus::Ok)); + StatusToString(ETicketStatus::Ok)); UNIT_ASSERT_VALUES_EQUAL("Expired ticket", - StatusToString(ETicketStatus::Expired)); + StatusToString(ETicketStatus::Expired)); UNIT_ASSERT_VALUES_EQUAL("Invalid BlackBox environment", - StatusToString(ETicketStatus::InvalidBlackboxEnv)); + StatusToString(ETicketStatus::InvalidBlackboxEnv)); UNIT_ASSERT_VALUES_EQUAL("Invalid ticket destination", - StatusToString(ETicketStatus::InvalidDst)); + StatusToString(ETicketStatus::InvalidDst)); UNIT_ASSERT_VALUES_EQUAL("Invalid ticket type", - StatusToString(ETicketStatus::InvalidTicketType)); + StatusToString(ETicketStatus::InvalidTicketType)); UNIT_ASSERT_VALUES_EQUAL("Malformed ticket", - StatusToString(ETicketStatus::Malformed)); + StatusToString(ETicketStatus::Malformed)); UNIT_ASSERT_VALUES_EQUAL("Invalid ticket signature", - StatusToString(ETicketStatus::SignBroken)); + StatusToString(ETicketStatus::SignBroken)); UNIT_ASSERT_VALUES_EQUAL("Context does not have required key to check ticket: public keys are too old", - StatusToString(ETicketStatus::MissingKey)); + StatusToString(ETicketStatus::MissingKey)); UNIT_ASSERT_VALUES_EQUAL("Unsupported ticket version", - StatusToString(ETicketStatus::UnsupportedVersion)); + StatusToString(ETicketStatus::UnsupportedVersion)); } -} +} Y_UNIT_TEST_SUITE(PublicInterfaceServiceTestSuite) { static const TString EMPTY_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAE"; static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; static const TString MALFORMED_TVM_SECRET = "adcvxcv./-+"; - static const TTvmId NOT_OUR_ID = 27; - static const TTvmId OUR_ID = 28; + static const TTvmId NOT_OUR_ID = 27; + static const TTvmId OUR_ID = 28; static const TString SECRET = "GRMJrKnj4fOVnvOqe-WyD1"; static const TString SERVICE_TICKET_PROTOBUF = "CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My"; - static const TTvmId SRC_ID = 229; + static const TTvmId SRC_ID = 229; static const TString UNSUPPORTED_VERSION_SERVICE_TICKET = "2:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; static const TString VALID_SERVICE_TICKET_2 = "3:serv:CBAQ__________9_IskICOUBEBwaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTk:JYmABAVLM6y7_T4n1pRcwBfwDfzMV4JJ3cpbEG617zdGgKRZwL7MalsYn5bq1F2ibujMrsF9nzZf8l4s_e-Ivjkz_xu4KMzSp-pUh9V7XIF_smj0WHYpv6gOvWNuK8uIvlZTTKwtQX0qZOL9m-MEeZiHoQPKZGCfJ_qxMUp-J8I"; static const TString VALID_SERVICE_TICKET_3 = "3:serv:CBAQ__________9_IgUI5QEQHA:Sd6tmA1CNy2Nf7XevC3x7zr2DrGNRmcl-TxUsDtDW2xI3YXyCxBltWeg0-KtDlqyYuPOP5Jd_-XXNA12KlOPnNzrz3jm-5z8uQl6CjCcrVHUHJ75pGC8r9UOlS8cOgeXQB5dYP-fOWyo5CNadlozx1S2meCIxncbQRV1kCBi4KU"; - Y_UNIT_TEST(BlackboxTvmIdTest) { - UNIT_ASSERT_VALUES_EQUAL("222", NBlackboxTvmId::Prod); - UNIT_ASSERT_VALUES_EQUAL("224", NBlackboxTvmId::Test); - UNIT_ASSERT_VALUES_EQUAL("223", NBlackboxTvmId::ProdYateam); - UNIT_ASSERT_VALUES_EQUAL("225", NBlackboxTvmId::TestYateam); - UNIT_ASSERT_VALUES_EQUAL("226", NBlackboxTvmId::Stress); - UNIT_ASSERT_VALUES_EQUAL("239", NBlackboxTvmId::Mimino); - } + Y_UNIT_TEST(BlackboxTvmIdTest) { + UNIT_ASSERT_VALUES_EQUAL("222", NBlackboxTvmId::Prod); + UNIT_ASSERT_VALUES_EQUAL("224", NBlackboxTvmId::Test); + UNIT_ASSERT_VALUES_EQUAL("223", NBlackboxTvmId::ProdYateam); + UNIT_ASSERT_VALUES_EQUAL("225", NBlackboxTvmId::TestYateam); + UNIT_ASSERT_VALUES_EQUAL("226", NBlackboxTvmId::Stress); + UNIT_ASSERT_VALUES_EQUAL("239", NBlackboxTvmId::Mimino); + } Y_UNIT_TEST(Case1Test) { - TServiceContext context1(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context1(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); TServiceContext context2 = std::move(context1); TServiceContext context3(std::move(context2)); - TCheckedServiceTicket checkedTicket1 = context3.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket1.GetStatus()); - TCheckedServiceTicket checkedTicket2 = std::move(checkedTicket1); - TCheckedServiceTicket checkedTicket3(std::move(checkedTicket2)); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket3.GetStatus()); + TCheckedServiceTicket checkedTicket1 = context3.Check(VALID_SERVICE_TICKET_1); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket1.GetStatus()); + TCheckedServiceTicket checkedTicket2 = std::move(checkedTicket1); + TCheckedServiceTicket checkedTicket3(std::move(checkedTicket2)); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket3.GetStatus()); } Y_UNIT_TEST(ContextExceptionsTest) { - UNIT_ASSERT_EXCEPTION(TServiceContext(SECRET, OUR_ID, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); - UNIT_ASSERT_EXCEPTION(TServiceContext(SECRET, OUR_ID, EMPTY_TVM_KEYS), TEmptyTvmKeysException); - UNIT_ASSERT_EXCEPTION(TServiceContext(MALFORMED_TVM_SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS), TMalformedTvmSecretException); - } + UNIT_ASSERT_EXCEPTION(TServiceContext(SECRET, OUR_ID, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); + UNIT_ASSERT_EXCEPTION(TServiceContext(SECRET, OUR_ID, EMPTY_TVM_KEYS), TEmptyTvmKeysException); + UNIT_ASSERT_EXCEPTION(TServiceContext(MALFORMED_TVM_SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS), TMalformedTvmSecretException); + } Y_UNIT_TEST(ContextSignTest) { - TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_VALUES_EQUAL( "NsPTYak4Cfk-4vgau5lab3W4GPiTtb2etuj3y4MDPrk", - context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "")); - } + context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "")); + } Y_UNIT_TEST(ContextSignExceptionTest) { - TServiceContext context = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_EXCEPTION( context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", ""), TMalformedTvmSecretException ); - - context = TServiceContext::SigningFactory(SECRET); - UNIT_ASSERT_NO_EXCEPTION( - context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "") - ); - } + + context = TServiceContext::SigningFactory(SECRET); + UNIT_ASSERT_NO_EXCEPTION( + context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "") + ); + } Y_UNIT_TEST(ContextCheckExceptionTest) { - TServiceContext context = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_NO_EXCEPTION( - context.Check("ABCDE") - ); - - context = TServiceContext::SigningFactory(SECRET); - UNIT_ASSERT_EXCEPTION( - context.Check("ABCDE"), - TEmptyTvmKeysException - ); - } - - + TServiceContext context = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + UNIT_ASSERT_NO_EXCEPTION( + context.Check("ABCDE") + ); + + context = TServiceContext::SigningFactory(SECRET); + UNIT_ASSERT_EXCEPTION( + context.Check("ABCDE"), + TEmptyTvmKeysException + ); + } + + Y_UNIT_TEST(ContextTest) { - TServiceContext context1(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - TServiceContext context2 = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - } + TServiceContext context1(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context2 = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + } Y_UNIT_TEST(Ticket1Test) { - TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket.GetSrc()); - UNIT_ASSERT_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess2;", checkedTicket.DebugInfo()); - } + UNIT_ASSERT_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess2;", checkedTicket.DebugInfo()); + } Y_UNIT_TEST(Ticket2Test) { - TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_2); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;", checkedTicket.DebugInfo()); - } - + } + Y_UNIT_TEST(Ticket3Test) { - TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_3); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;", checkedTicket.DebugInfo()); - } + } Y_UNIT_TEST(TicketCheckingTest) { - TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto ticket = context.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, ticket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, ticket.GetStatus()); UNIT_ASSERT_EQUAL(SRC_ID, ticket.GetSrc()); - } + } Y_UNIT_TEST(TicketErrorsTest) { - TServiceContext context(SECRET, NOT_OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context(SECRET, NOT_OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket1 = context.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::InvalidDst, checkedTicket1.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::InvalidDst, checkedTicket1.GetStatus()); auto checkedTicket2 = context.Check(UNSUPPORTED_VERSION_SERVICE_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket2.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket2.GetStatus()); auto checkedTicket3 = context.Check(EXPIRED_SERVICE_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket3.GetStatus()); - } + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket3.GetStatus()); + } Y_UNIT_TEST(TicketExceptionsTest) { - TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(EXPIRED_SERVICE_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket.GetStatus()); UNIT_ASSERT(!bool(checkedTicket)); UNIT_ASSERT_EXCEPTION(checkedTicket.GetSrc(), TNotAllowedException); UNIT_ASSERT_NO_EXCEPTION(bool(checkedTicket)); UNIT_ASSERT_NO_EXCEPTION(checkedTicket.DebugInfo()); UNIT_ASSERT_NO_EXCEPTION(checkedTicket.GetStatus()); - } + } Y_UNIT_TEST(RemoveSignatureTest) { UNIT_ASSERT_VALUES_EQUAL("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + NUtils::RemoveTicketSignature("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); UNIT_ASSERT_VALUES_EQUAL("2:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("2:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + NUtils::RemoveTicketSignature("2:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); UNIT_ASSERT_VALUES_EQUAL("4:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("4:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + NUtils::RemoveTicketSignature("4:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); UNIT_ASSERT_VALUES_EQUAL("3.serv.ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("3.serv.ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); + NUtils::RemoveTicketSignature("3.serv.ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); UNIT_ASSERT_VALUES_EQUAL("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:", - NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); UNIT_ASSERT_VALUES_EQUAL("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:", - NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); UNIT_ASSERT_VALUES_EQUAL("3:serv:", - NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); + NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); UNIT_ASSERT_VALUES_EQUAL("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf", - NUtils::RemoveTicketSignature("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf")); - } + NUtils::RemoveTicketSignature("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf")); + } Y_UNIT_TEST(ResetKeysTest) { - TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - TCheckedServiceTicket checkedTicket = context.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); - } -} + TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TCheckedServiceTicket checkedTicket = context.Check(VALID_SERVICE_TICKET_1); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + } +} Y_UNIT_TEST_SUITE(PublicInterfaceUserTestSuite) { static const TString EMPTY_TVM_KEYS = "1:EpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQY"; @@ -204,34 +204,34 @@ Y_UNIT_TEST_SUITE(PublicInterfaceUserTestSuite) { static const TString VALID_USER_TICKET_3 = "3:user:CA0Q__________9_Go8bCgIIAAoCCAEKAggCCgIIAwoCCAQKAggFCgIIBgoCCAcKAggICgIICQoCCAoKAggLCgIIDAoCCA0KAggOCgIIDwoCCBAKAggRCgIIEgoCCBMKAggUCgIIFQoCCBYKAggXCgIIGAoCCBkKAggaCgIIGwoCCBwKAggdCgIIHgoCCB8KAgggCgIIIQoCCCIKAggjCgIIJAoCCCUKAggmCgIIJwoCCCgKAggpCgIIKgoCCCsKAggsCgIILQoCCC4KAggvCgIIMAoCCDEKAggyCgIIMwoCCDQKAgg1CgIINgoCCDcKAgg4CgIIOQoCCDoKAgg7CgIIPAoCCD0KAgg-CgIIPwoCCEAKAghBCgIIQgoCCEMKAghECgIIRQoCCEYKAghHCgIISAoCCEkKAghKCgIISwoCCEwKAghNCgIITgoCCE8KAghQCgIIUQoCCFIKAghTCgIIVAoCCFUKAghWCgIIVwoCCFgKAghZCgIIWgoCCFsKAghcCgIIXQoCCF4KAghfCgIIYAoCCGEKAghiCgIIYwoCCGQKAghlCgIIZgoCCGcKAghoCgIIaQoCCGoKAghrCgIIbAoCCG0KAghuCgIIbwoCCHAKAghxCgIIcgoCCHMKAgh0CgIIdQoCCHYKAgh3CgIIeAoCCHkKAgh6CgIIewoCCHwKAgh9CgIIfgoCCH8KAwiAAQoDCIEBCgMIggEKAwiDAQoDCIQBCgMIhQEKAwiGAQoDCIcBCgMIiAEKAwiJAQoDCIoBCgMIiwEKAwiMAQoDCI0BCgMIjgEKAwiPAQoDCJABCgMIkQEKAwiSAQoDCJMBCgMIlAEKAwiVAQoDCJYBCgMIlwEKAwiYAQoDCJkBCgMImgEKAwibAQoDCJwBCgMInQEKAwieAQoDCJ8BCgMIoAEKAwihAQoDCKIBCgMIowEKAwikAQoDCKUBCgMIpgEKAwinAQoDCKgBCgMIqQEKAwiqAQoDCKsBCgMIrAEKAwitAQoDCK4BCgMIrwEKAwiwAQoDCLEBCgMIsgEKAwizAQoDCLQBCgMItQEKAwi2AQoDCLcBCgMIuAEKAwi5AQoDCLoBCgMIuwEKAwi8AQoDCL0BCgMIvgEKAwi_AQoDCMABCgMIwQEKAwjCAQoDCMMBCgMIxAEKAwjFAQoDCMYBCgMIxwEKAwjIAQoDCMkBCgMIygEKAwjLAQoDCMwBCgMIzQEKAwjOAQoDCM8BCgMI0AEKAwjRAQoDCNIBCgMI0wEKAwjUAQoDCNUBCgMI1gEKAwjXAQoDCNgBCgMI2QEKAwjaAQoDCNsBCgMI3AEKAwjdAQoDCN4BCgMI3wEKAwjgAQoDCOEBCgMI4gEKAwjjAQoDCOQBCgMI5QEKAwjmAQoDCOcBCgMI6AEKAwjpAQoDCOoBCgMI6wEKAwjsAQoDCO0BCgMI7gEKAwjvAQoDCPABCgMI8QEKAwjyAQoDCPMBCgMI9AEKAwj1AQoDCPYBCgMI9wEKAwj4AQoDCPkBCgMI-gEKAwj7AQoDCPwBCgMI_QEKAwj-AQoDCP8BCgMIgAIKAwiBAgoDCIICCgMIgwIKAwiEAgoDCIUCCgMIhgIKAwiHAgoDCIgCCgMIiQIKAwiKAgoDCIsCCgMIjAIKAwiNAgoDCI4CCgMIjwIKAwiQAgoDCJECCgMIkgIKAwiTAgoDCJQCCgMIlQIKAwiWAgoDCJcCCgMImAIKAwiZAgoDCJoCCgMImwIKAwicAgoDCJ0CCgMIngIKAwifAgoDCKACCgMIoQIKAwiiAgoDCKMCCgMIpAIKAwilAgoDCKYCCgMIpwIKAwioAgoDCKkCCgMIqgIKAwirAgoDCKwCCgMIrQIKAwiuAgoDCK8CCgMIsAIKAwixAgoDCLICCgMIswIKAwi0AgoDCLUCCgMItgIKAwi3AgoDCLgCCgMIuQIKAwi6AgoDCLsCCgMIvAIKAwi9AgoDCL4CCgMIvwIKAwjAAgoDCMECCgMIwgIKAwjDAgoDCMQCCgMIxQIKAwjGAgoDCMcCCgMIyAIKAwjJAgoDCMoCCgMIywIKAwjMAgoDCM0CCgMIzgIKAwjPAgoDCNACCgMI0QIKAwjSAgoDCNMCCgMI1AIKAwjVAgoDCNYCCgMI1wIKAwjYAgoDCNkCCgMI2gIKAwjbAgoDCNwCCgMI3QIKAwjeAgoDCN8CCgMI4AIKAwjhAgoDCOICCgMI4wIKAwjkAgoDCOUCCgMI5gIKAwjnAgoDCOgCCgMI6QIKAwjqAgoDCOsCCgMI7AIKAwjtAgoDCO4CCgMI7wIKAwjwAgoDCPECCgMI8gIKAwjzAgoDCPQCCgMI9QIKAwj2AgoDCPcCCgMI-AIKAwj5AgoDCPoCCgMI-wIKAwj8AgoDCP0CCgMI_gIKAwj_AgoDCIADCgMIgQMKAwiCAwoDCIMDCgMIhAMKAwiFAwoDCIYDCgMIhwMKAwiIAwoDCIkDCgMIigMKAwiLAwoDCIwDCgMIjQMKAwiOAwoDCI8DCgMIkAMKAwiRAwoDCJIDCgMIkwMKAwiUAwoDCJUDCgMIlgMKAwiXAwoDCJgDCgMImQMKAwiaAwoDCJsDCgMInAMKAwidAwoDCJ4DCgMInwMKAwigAwoDCKEDCgMIogMKAwijAwoDCKQDCgMIpQMKAwimAwoDCKcDCgMIqAMKAwipAwoDCKoDCgMIqwMKAwisAwoDCK0DCgMIrgMKAwivAwoDCLADCgMIsQMKAwiyAwoDCLMDCgMItAMKAwi1AwoDCLYDCgMItwMKAwi4AwoDCLkDCgMIugMKAwi7AwoDCLwDCgMIvQMKAwi-AwoDCL8DCgMIwAMKAwjBAwoDCMIDCgMIwwMKAwjEAwoDCMUDCgMIxgMKAwjHAwoDCMgDCgMIyQMKAwjKAwoDCMsDCgMIzAMKAwjNAwoDCM4DCgMIzwMKAwjQAwoDCNEDCgMI0gMKAwjTAwoDCNQDCgMI1QMKAwjWAwoDCNcDCgMI2AMKAwjZAwoDCNoDCgMI2wMKAwjcAwoDCN0DCgMI3gMKAwjfAwoDCOADCgMI4QMKAwjiAwoDCOMDCgMI5AMKAwjlAwoDCOYDCgMI5wMKAwjoAwoDCOkDCgMI6gMKAwjrAwoDCOwDCgMI7QMKAwjuAwoDCO8DCgMI8AMKAwjxAwoDCPIDCgMI8wMQyAMaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTkgEigB:CX8PIOrxJnQqFXl7wAsiHJ_1VGjoI-asNlCXb8SE8jtI2vdh9x6CqbAurSgIlAAEgotVP-nuUR38x_a9YJuXzmG5AvJ458apWQtODHIDIX6ZaIwMxjS02R7S5LNqXa0gAuU_R6bCWpZdWe2uLMkdpu5KHbDgW08g-uaP_nceDOk"; Y_UNIT_TEST(Case1Test) { - TUserContext context1(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext context1(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - TCheckedUserTicket checkedTicket1 = context1.Check("2:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"); - UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1.GetStatus()); + TCheckedUserTicket checkedTicket1 = context1.Check("2:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"); + UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1.GetStatus()); UNIT_ASSERT(!checkedTicket1); TUserContext context2 = std::move(context1); TUserContext context3(std::move(context2)); - TCheckedUserTicket checkedTicket2 = context3.Check(VALID_USER_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket2.GetStatus()); - TCheckedUserTicket checkedTicket3 = std::move(checkedTicket2); - TCheckedUserTicket checkedTicket4(std::move(checkedTicket3)); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket4.GetStatus()); - } + TCheckedUserTicket checkedTicket2 = context3.Check(VALID_USER_TICKET_1); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket2.GetStatus()); + TCheckedUserTicket checkedTicket3 = std::move(checkedTicket2); + TCheckedUserTicket checkedTicket4(std::move(checkedTicket3)); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket4.GetStatus()); + } Y_UNIT_TEST(ContextTest) { - TUserContext context(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); - } + TUserContext context(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); + } Y_UNIT_TEST(ContextExceptionsTest) { UNIT_ASSERT_EXCEPTION(TUserContext(EBlackboxEnv::Prod, EMPTY_TVM_KEYS), TEmptyTvmKeysException); UNIT_ASSERT_EXCEPTION(TUserContext(EBlackboxEnv::Prod, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); - } + } Y_UNIT_TEST(Ticket1Test) { - TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_EQUAL(TUids({456, 123}), checkedTicket.GetUids()); UNIT_ASSERT_EQUAL(456, checkedTicket.GetDefaultUid()); UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket.GetScopes()); @@ -239,39 +239,39 @@ Y_UNIT_TEST_SUITE(PublicInterfaceUserTestSuite) { UNIT_ASSERT(checkedTicket.HasScope("bb:sess2")); UNIT_ASSERT(!checkedTicket.HasScope("bb:sess3")); UNIT_ASSERT_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess2;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket.DebugInfo()); - } - + } + Y_UNIT_TEST(Ticket2Test) { - TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_2); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket.DebugInfo()); - } + } Y_UNIT_TEST(Ticket3Test) { - TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_3); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;default_uid=456;uid=0;uid=1;uid=2;uid=3;uid=4;uid=5;uid=6;uid=7;uid=8;uid=9;uid=10;uid=11;uid=12;uid=13;uid=14;uid=15;uid=16;uid=17;uid=18;uid=19;uid=20;uid=21;uid=22;uid=23;uid=24;uid=25;uid=26;uid=27;uid=28;uid=29;uid=30;uid=31;uid=32;uid=33;uid=34;uid=35;uid=36;uid=37;uid=38;uid=39;uid=40;uid=41;uid=42;uid=43;uid=44;uid=45;uid=46;uid=47;uid=48;uid=49;uid=50;uid=51;uid=52;uid=53;uid=54;uid=55;uid=56;uid=57;uid=58;uid=59;uid=60;uid=61;uid=62;uid=63;uid=64;uid=65;uid=66;uid=67;uid=68;uid=69;uid=70;uid=71;uid=72;uid=73;uid=74;uid=75;uid=76;uid=77;uid=78;uid=79;uid=80;uid=81;uid=82;uid=83;uid=84;uid=85;uid=86;uid=87;uid=88;uid=89;uid=90;uid=91;uid=92;uid=93;uid=94;uid=95;uid=96;uid=97;uid=98;uid=99;uid=100;uid=101;uid=102;uid=103;uid=104;uid=105;uid=106;uid=107;uid=108;uid=109;uid=110;uid=111;uid=112;uid=113;uid=114;uid=115;uid=116;uid=117;uid=118;uid=119;uid=120;uid=121;uid=122;uid=123;uid=124;uid=125;uid=126;uid=127;uid=128;uid=129;uid=130;uid=131;uid=132;uid=133;uid=134;uid=135;uid=136;uid=137;uid=138;uid=139;uid=140;uid=141;uid=142;uid=143;uid=144;uid=145;uid=146;uid=147;uid=148;uid=149;uid=150;uid=151;uid=152;uid=153;uid=154;uid=155;uid=156;uid=157;uid=158;uid=159;uid=160;uid=161;uid=162;uid=163;uid=164;uid=165;uid=166;uid=167;uid=168;uid=169;uid=170;uid=171;uid=172;uid=173;uid=174;uid=175;uid=176;uid=177;uid=178;uid=179;uid=180;uid=181;uid=182;uid=183;uid=184;uid=185;uid=186;uid=187;uid=188;uid=189;uid=190;uid=191;uid=192;uid=193;uid=194;uid=195;uid=196;uid=197;uid=198;uid=199;uid=200;uid=201;uid=202;uid=203;uid=204;uid=205;uid=206;uid=207;uid=208;uid=209;uid=210;uid=211;uid=212;uid=213;uid=214;uid=215;uid=216;uid=217;uid=218;uid=219;uid=220;uid=221;uid=222;uid=223;uid=224;uid=225;uid=226;uid=227;uid=228;uid=229;uid=230;uid=231;uid=232;uid=233;uid=234;uid=235;uid=236;uid=237;uid=238;uid=239;uid=240;uid=241;uid=242;uid=243;uid=244;uid=245;uid=246;uid=247;uid=248;uid=249;uid=250;uid=251;uid=252;uid=253;uid=254;uid=255;uid=256;uid=257;uid=258;uid=259;uid=260;uid=261;uid=262;uid=263;uid=264;uid=265;uid=266;uid=267;uid=268;uid=269;uid=270;uid=271;uid=272;uid=273;uid=274;uid=275;uid=276;uid=277;uid=278;uid=279;uid=280;uid=281;uid=282;uid=283;uid=284;uid=285;uid=286;uid=287;uid=288;uid=289;uid=290;uid=291;uid=292;uid=293;uid=294;uid=295;uid=296;uid=297;uid=298;uid=299;uid=300;uid=301;uid=302;uid=303;uid=304;uid=305;uid=306;uid=307;uid=308;uid=309;uid=310;uid=311;uid=312;uid=313;uid=314;uid=315;uid=316;uid=317;uid=318;uid=319;uid=320;uid=321;uid=322;uid=323;uid=324;uid=325;uid=326;uid=327;uid=328;uid=329;uid=330;uid=331;uid=332;uid=333;uid=334;uid=335;uid=336;uid=337;uid=338;uid=339;uid=340;uid=341;uid=342;uid=343;uid=344;uid=345;uid=346;uid=347;uid=348;uid=349;uid=350;uid=351;uid=352;uid=353;uid=354;uid=355;uid=356;uid=357;uid=358;uid=359;uid=360;uid=361;uid=362;uid=363;uid=364;uid=365;uid=366;uid=367;uid=368;uid=369;uid=370;uid=371;uid=372;uid=373;uid=374;uid=375;uid=376;uid=377;uid=378;uid=379;uid=380;uid=381;uid=382;uid=383;uid=384;uid=385;uid=386;uid=387;uid=388;uid=389;uid=390;uid=391;uid=392;uid=393;uid=394;uid=395;uid=396;uid=397;uid=398;uid=399;uid=400;uid=401;uid=402;uid=403;uid=404;uid=405;uid=406;uid=407;uid=408;uid=409;uid=410;uid=411;uid=412;uid=413;uid=414;uid=415;uid=416;uid=417;uid=418;uid=419;uid=420;uid=421;uid=422;uid=423;uid=424;uid=425;uid=426;uid=427;uid=428;uid=429;uid=430;uid=431;uid=432;uid=433;uid=434;uid=435;uid=436;uid=437;uid=438;uid=439;uid=440;uid=441;uid=442;uid=443;uid=444;uid=445;uid=446;uid=447;uid=448;uid=449;uid=450;uid=451;uid=452;uid=453;uid=454;uid=455;uid=456;uid=457;uid=458;uid=459;uid=460;uid=461;uid=462;uid=463;uid=464;uid=465;uid=466;uid=467;uid=468;uid=469;uid=470;uid=471;uid=472;uid=473;uid=474;uid=475;uid=476;uid=477;uid=478;uid=479;uid=480;uid=481;uid=482;uid=483;uid=484;uid=485;uid=486;uid=487;uid=488;uid=489;uid=490;uid=491;uid=492;uid=493;uid=494;uid=495;uid=496;uid=497;uid=498;uid=499;env=Test;", checkedTicket.DebugInfo()); - } + } Y_UNIT_TEST(TicketErrorsTest) { - TUserContext contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket1 = contextTest.Check(UNSUPPORTED_VERSION_USER_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1.GetStatus()); auto checkedTicket2 = contextTest.Check(EXPIRED_USER_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket2.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket2.GetStatus()); - TUserContext contextProd(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext contextProd(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket3 = contextProd.Check(VALID_USER_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::InvalidBlackboxEnv, checkedTicket3.GetStatus()); - } + UNIT_ASSERT_EQUAL(ETicketStatus::InvalidBlackboxEnv, checkedTicket3.GetStatus()); + } Y_UNIT_TEST(TicketExceptionsTest) { - TUserContext contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = contextTest.Check(EXPIRED_USER_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket.GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket.GetStatus()); UNIT_ASSERT_EXCEPTION(checkedTicket.GetDefaultUid(), TNotAllowedException); UNIT_ASSERT_EXCEPTION(checkedTicket.GetUids(), TNotAllowedException); @@ -280,11 +280,11 @@ Y_UNIT_TEST_SUITE(PublicInterfaceUserTestSuite) { UNIT_ASSERT_NO_EXCEPTION(bool(checkedTicket)); UNIT_ASSERT_NO_EXCEPTION(checkedTicket.DebugInfo()); UNIT_ASSERT_NO_EXCEPTION(checkedTicket.GetStatus()); - } + } Y_UNIT_TEST(ResetKeysTest) { - TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); - } -} + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + } +} diff --git a/library/cpp/tvmauth/src/ut/service_ut.cpp b/library/cpp/tvmauth/src/ut/service_ut.cpp index 5b6b5143bd3..a632379ddcc 100644 --- a/library/cpp/tvmauth/src/ut/service_ut.cpp +++ b/library/cpp/tvmauth/src/ut/service_ut.cpp @@ -1,21 +1,21 @@ -#include <library/cpp/tvmauth/src/service_impl.h> -#include <library/cpp/tvmauth/src/utils.h> +#include <library/cpp/tvmauth/src/service_impl.h> +#include <library/cpp/tvmauth/src/utils.h> -#include <library/cpp/tvmauth/exception.h> -#include <library/cpp/tvmauth/unittest.h> +#include <library/cpp/tvmauth/exception.h> +#include <library/cpp/tvmauth/unittest.h> #include <library/cpp/testing/unittest/registar.h> - + #include <util/string/cast.h> -using namespace NTvmAuth; +using namespace NTvmAuth; Y_UNIT_TEST_SUITE(ServiceTestSuite) { Y_UNIT_TEST_DECLARE(TicketProtoTest); -} +} -class TTestServiceTicketImpl: public TCheckedServiceTicket::TImpl { - using TCheckedServiceTicket::TImpl::TImpl; +class TTestServiceTicketImpl: public TCheckedServiceTicket::TImpl { + using TCheckedServiceTicket::TImpl::TImpl; Y_UNIT_TEST_FRIEND(ServiceTestSuite, TicketProtoTest); }; @@ -24,133 +24,133 @@ Y_UNIT_TEST_SUITE_IMPLEMENTATION(ServiceTestSuite) { static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; static const TString MALFORMED_TVM_SECRET = "adcvxcv./-+"; - static const TTvmId NOT_OUR_ID = 27; - static const TTvmId OUR_ID = 28; + static const TTvmId NOT_OUR_ID = 27; + static const TTvmId OUR_ID = 28; static const TString SECRET = "GRMJrKnj4fOVnvOqe-WyD1"; static const TString SERVICE_TICKET_PROTOBUF = "CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My"; - static const TTvmId SRC_ID = 229; + static const TTvmId SRC_ID = 229; static const TString UNSUPPORTED_VERSION_SERVICE_TICKET = "2:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; static const TString VALID_SERVICE_TICKET_2 = "3:serv:CBAQ__________9_IskICOUBEBwaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTk:JYmABAVLM6y7_T4n1pRcwBfwDfzMV4JJ3cpbEG617zdGgKRZwL7MalsYn5bq1F2ibujMrsF9nzZf8l4s_e-Ivjkz_xu4KMzSp-pUh9V7XIF_smj0WHYpv6gOvWNuK8uIvlZTTKwtQX0qZOL9m-MEeZiHoQPKZGCfJ_qxMUp-J8I"; static const TString VALID_SERVICE_TICKET_3 = "3:serv:CBAQ__________9_IgUI5QEQHA:Sd6tmA1CNy2Nf7XevC3x7zr2DrGNRmcl-TxUsDtDW2xI3YXyCxBltWeg0-KtDlqyYuPOP5Jd_-XXNA12KlOPnNzrz3jm-5z8uQl6CjCcrVHUHJ75pGC8r9UOlS8cOgeXQB5dYP-fOWyo5CNadlozx1S2meCIxncbQRV1kCBi4KU"; - static const TString VALID_SERVICE_TICKET_ISSUER = "3:serv:CBAQ__________9_IgsI5QEQHCDr1MT4Ag:Gu66XJT_nKnIRJjFy1561wFhIqkJItcSTGftLo7Yvi7i5wIdV-QuKT_-IMPpgjxnnGbt1Dy3Ys2TEoeJAb0TdaCYG1uy3vpoLONmTx9AenN5dx1HHf46cypLK5D3OdiTjxvqI9uGmSIKrSdRxU8gprpu5QiBDPZqVCWhM60FVSY"; + static const TString VALID_SERVICE_TICKET_ISSUER = "3:serv:CBAQ__________9_IgsI5QEQHCDr1MT4Ag:Gu66XJT_nKnIRJjFy1561wFhIqkJItcSTGftLo7Yvi7i5wIdV-QuKT_-IMPpgjxnnGbt1Dy3Ys2TEoeJAb0TdaCYG1uy3vpoLONmTx9AenN5dx1HHf46cypLK5D3OdiTjxvqI9uGmSIKrSdRxU8gprpu5QiBDPZqVCWhM60FVSY"; Y_UNIT_TEST(ContextExceptionsTest) { - UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(SECRET, OUR_ID, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); - UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(SECRET, OUR_ID, EMPTY_TVM_KEYS), TEmptyTvmKeysException); - UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(MALFORMED_TVM_SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS), TMalformedTvmSecretException); - } + UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(SECRET, OUR_ID, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); + UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(SECRET, OUR_ID, EMPTY_TVM_KEYS), TEmptyTvmKeysException); + UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(MALFORMED_TVM_SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS), TMalformedTvmSecretException); + } Y_UNIT_TEST(ContextSignTest) { - TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_VALUES_EQUAL( "NsPTYak4Cfk-4vgau5lab3W4GPiTtb2etuj3y4MDPrk", - context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "")); - } + context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "")); + } Y_UNIT_TEST(Ticket1Test) { - TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket->GetExpirationTime()); UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket->GetSrc()); UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket->GetScopes()); UNIT_ASSERT(checkedTicket->HasScope("bb:sess1")); UNIT_ASSERT(checkedTicket->HasScope("bb:sess2")); UNIT_ASSERT(!checkedTicket->HasScope("bb:sess3")); - UNIT_ASSERT_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess2;", checkedTicket->DebugInfo()); - UNIT_ASSERT(!checkedTicket->GetIssuerUid()); - } + UNIT_ASSERT_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess2;", checkedTicket->DebugInfo()); + UNIT_ASSERT(!checkedTicket->GetIssuerUid()); + } Y_UNIT_TEST(Ticket2Test) { - TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_2); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;", checkedTicket->DebugInfo()); - UNIT_ASSERT(!checkedTicket->GetIssuerUid()); - } + UNIT_ASSERT(!checkedTicket->GetIssuerUid()); + } Y_UNIT_TEST(Ticket3Test) { - TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_3); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;", checkedTicket->DebugInfo()); - UNIT_ASSERT(!checkedTicket->GetIssuerUid()); - } + UNIT_ASSERT(!checkedTicket->GetIssuerUid()); + } Y_UNIT_TEST(TicketIssuerTest) { - TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_ISSUER); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_ISSUER); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;issuer_uid=789654123;", - checkedTicket->DebugInfo()); - UNIT_ASSERT(checkedTicket->GetIssuerUid()); - UNIT_ASSERT_VALUES_EQUAL(789654123, *checkedTicket->GetIssuerUid()); - } - + checkedTicket->DebugInfo()); + UNIT_ASSERT(checkedTicket->GetIssuerUid()); + UNIT_ASSERT_VALUES_EQUAL(789654123, *checkedTicket->GetIssuerUid()); + } + Y_UNIT_TEST(TicketErrorsTest) { - TServiceContext::TImpl context(SECRET, NOT_OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext::TImpl context(SECRET, NOT_OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket1 = context.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::InvalidDst, checkedTicket1->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::InvalidDst, checkedTicket1->GetStatus()); auto checkedTicket2 = context.Check(UNSUPPORTED_VERSION_SERVICE_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket2->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket2->GetStatus()); auto checkedTicket3 = context.Check(EXPIRED_SERVICE_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket3->GetStatus()); - } + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket3->GetStatus()); + } Y_UNIT_TEST(TicketExceptionTest) { - TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(EXPIRED_SERVICE_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket->GetStatus()); UNIT_ASSERT_EXCEPTION(checkedTicket->GetScopes(), TNotAllowedException); UNIT_ASSERT_EXCEPTION(checkedTicket->GetSrc(), TNotAllowedException); UNIT_ASSERT_EXCEPTION(checkedTicket->HasScope(""), TNotAllowedException); UNIT_ASSERT_NO_EXCEPTION(bool(*checkedTicket)); UNIT_ASSERT_NO_EXCEPTION(checkedTicket->DebugInfo()); - } + } Y_UNIT_TEST(TicketProtoTest) { ticket2::Ticket protobufTicket; UNIT_ASSERT(protobufTicket.ParseFromString(NUtils::Base64url2bin(SERVICE_TICKET_PROTOBUF))); - TTestServiceTicketImpl checkedTicket(ETicketStatus::Ok, std::move(protobufTicket)); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); + TTestServiceTicketImpl checkedTicket(ETicketStatus::Ok, std::move(protobufTicket)); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket.GetExpirationTime()); UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket.GetSrc()); - } + } Y_UNIT_TEST(ResetKeysTest) { - TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS); + TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); + context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); - } - - Y_UNIT_TEST(CreateTicketForTests) { - TCheckedServiceTicket t = NTvmAuth::NUnittest::CreateServiceTicket(ETicketStatus::Ok, 42); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, t.GetStatus()); - UNIT_ASSERT_EQUAL(42, t.GetSrc()); - UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;src=42;dst=100500;", t.DebugInfo()); - } - - Y_UNIT_TEST(CreateForTests) { - auto t = TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, {}); - UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); - UNIT_ASSERT_VALUES_EQUAL(456, t->GetSrc()); - UNIT_ASSERT(!t->GetIssuerUid()); - - t = TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, 100800); - UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); - UNIT_ASSERT_VALUES_EQUAL(456, t->GetSrc()); - UNIT_ASSERT(t->GetIssuerUid()); - UNIT_ASSERT_VALUES_EQUAL(*t->GetIssuerUid(), 100800); - - t = TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus::Expired, 456, {}); - UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Expired, t->GetStatus()); - UNIT_ASSERT_EXCEPTION_CONTAINS(t->GetSrc(), TNotAllowedException, "Method cannot be used in non-valid ticket"); - UNIT_ASSERT_EXCEPTION_CONTAINS(t->GetIssuerUid(), TNotAllowedException, "Method cannot be used in non-valid ticket"); - } -} + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + } + + Y_UNIT_TEST(CreateTicketForTests) { + TCheckedServiceTicket t = NTvmAuth::NUnittest::CreateServiceTicket(ETicketStatus::Ok, 42); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, t.GetStatus()); + UNIT_ASSERT_EQUAL(42, t.GetSrc()); + UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;src=42;dst=100500;", t.DebugInfo()); + } + + Y_UNIT_TEST(CreateForTests) { + auto t = TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, {}); + UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); + UNIT_ASSERT_VALUES_EQUAL(456, t->GetSrc()); + UNIT_ASSERT(!t->GetIssuerUid()); + + t = TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, 100800); + UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); + UNIT_ASSERT_VALUES_EQUAL(456, t->GetSrc()); + UNIT_ASSERT(t->GetIssuerUid()); + UNIT_ASSERT_VALUES_EQUAL(*t->GetIssuerUid(), 100800); + + t = TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus::Expired, 456, {}); + UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Expired, t->GetStatus()); + UNIT_ASSERT_EXCEPTION_CONTAINS(t->GetSrc(), TNotAllowedException, "Method cannot be used in non-valid ticket"); + UNIT_ASSERT_EXCEPTION_CONTAINS(t->GetIssuerUid(), TNotAllowedException, "Method cannot be used in non-valid ticket"); + } +} diff --git a/library/cpp/tvmauth/src/ut/user_ut.cpp b/library/cpp/tvmauth/src/ut/user_ut.cpp index c040e94974b..e4b05d261b5 100644 --- a/library/cpp/tvmauth/src/ut/user_ut.cpp +++ b/library/cpp/tvmauth/src/ut/user_ut.cpp @@ -1,19 +1,19 @@ -#include <library/cpp/tvmauth/src/user_impl.h> -#include <library/cpp/tvmauth/src/utils.h> +#include <library/cpp/tvmauth/src/user_impl.h> +#include <library/cpp/tvmauth/src/utils.h> -#include <library/cpp/tvmauth/exception.h> -#include <library/cpp/tvmauth/unittest.h> +#include <library/cpp/tvmauth/exception.h> +#include <library/cpp/tvmauth/unittest.h> #include <library/cpp/testing/unittest/registar.h> - -using namespace NTvmAuth; + +using namespace NTvmAuth; Y_UNIT_TEST_SUITE(UserTestSuite) { Y_UNIT_TEST_DECLARE(TicketProtoTest); -} +} -class TTestUserTicketImpl: TCheckedUserTicket::TImpl { - using TCheckedUserTicket::TImpl::TImpl; +class TTestUserTicketImpl: TCheckedUserTicket::TImpl { + using TCheckedUserTicket::TImpl::TImpl; Y_UNIT_TEST_FRIEND(UserTestSuite, TicketProtoTest); }; @@ -28,64 +28,64 @@ Y_UNIT_TEST_SUITE_IMPLEMENTATION(UserTestSuite) { static const TString VALID_USER_TICKET_3 = "3:user:CA0Q__________9_Go8bCgIIAAoCCAEKAggCCgIIAwoCCAQKAggFCgIIBgoCCAcKAggICgIICQoCCAoKAggLCgIIDAoCCA0KAggOCgIIDwoCCBAKAggRCgIIEgoCCBMKAggUCgIIFQoCCBYKAggXCgIIGAoCCBkKAggaCgIIGwoCCBwKAggdCgIIHgoCCB8KAgggCgIIIQoCCCIKAggjCgIIJAoCCCUKAggmCgIIJwoCCCgKAggpCgIIKgoCCCsKAggsCgIILQoCCC4KAggvCgIIMAoCCDEKAggyCgIIMwoCCDQKAgg1CgIINgoCCDcKAgg4CgIIOQoCCDoKAgg7CgIIPAoCCD0KAgg-CgIIPwoCCEAKAghBCgIIQgoCCEMKAghECgIIRQoCCEYKAghHCgIISAoCCEkKAghKCgIISwoCCEwKAghNCgIITgoCCE8KAghQCgIIUQoCCFIKAghTCgIIVAoCCFUKAghWCgIIVwoCCFgKAghZCgIIWgoCCFsKAghcCgIIXQoCCF4KAghfCgIIYAoCCGEKAghiCgIIYwoCCGQKAghlCgIIZgoCCGcKAghoCgIIaQoCCGoKAghrCgIIbAoCCG0KAghuCgIIbwoCCHAKAghxCgIIcgoCCHMKAgh0CgIIdQoCCHYKAgh3CgIIeAoCCHkKAgh6CgIIewoCCHwKAgh9CgIIfgoCCH8KAwiAAQoDCIEBCgMIggEKAwiDAQoDCIQBCgMIhQEKAwiGAQoDCIcBCgMIiAEKAwiJAQoDCIoBCgMIiwEKAwiMAQoDCI0BCgMIjgEKAwiPAQoDCJABCgMIkQEKAwiSAQoDCJMBCgMIlAEKAwiVAQoDCJYBCgMIlwEKAwiYAQoDCJkBCgMImgEKAwibAQoDCJwBCgMInQEKAwieAQoDCJ8BCgMIoAEKAwihAQoDCKIBCgMIowEKAwikAQoDCKUBCgMIpgEKAwinAQoDCKgBCgMIqQEKAwiqAQoDCKsBCgMIrAEKAwitAQoDCK4BCgMIrwEKAwiwAQoDCLEBCgMIsgEKAwizAQoDCLQBCgMItQEKAwi2AQoDCLcBCgMIuAEKAwi5AQoDCLoBCgMIuwEKAwi8AQoDCL0BCgMIvgEKAwi_AQoDCMABCgMIwQEKAwjCAQoDCMMBCgMIxAEKAwjFAQoDCMYBCgMIxwEKAwjIAQoDCMkBCgMIygEKAwjLAQoDCMwBCgMIzQEKAwjOAQoDCM8BCgMI0AEKAwjRAQoDCNIBCgMI0wEKAwjUAQoDCNUBCgMI1gEKAwjXAQoDCNgBCgMI2QEKAwjaAQoDCNsBCgMI3AEKAwjdAQoDCN4BCgMI3wEKAwjgAQoDCOEBCgMI4gEKAwjjAQoDCOQBCgMI5QEKAwjmAQoDCOcBCgMI6AEKAwjpAQoDCOoBCgMI6wEKAwjsAQoDCO0BCgMI7gEKAwjvAQoDCPABCgMI8QEKAwjyAQoDCPMBCgMI9AEKAwj1AQoDCPYBCgMI9wEKAwj4AQoDCPkBCgMI-gEKAwj7AQoDCPwBCgMI_QEKAwj-AQoDCP8BCgMIgAIKAwiBAgoDCIICCgMIgwIKAwiEAgoDCIUCCgMIhgIKAwiHAgoDCIgCCgMIiQIKAwiKAgoDCIsCCgMIjAIKAwiNAgoDCI4CCgMIjwIKAwiQAgoDCJECCgMIkgIKAwiTAgoDCJQCCgMIlQIKAwiWAgoDCJcCCgMImAIKAwiZAgoDCJoCCgMImwIKAwicAgoDCJ0CCgMIngIKAwifAgoDCKACCgMIoQIKAwiiAgoDCKMCCgMIpAIKAwilAgoDCKYCCgMIpwIKAwioAgoDCKkCCgMIqgIKAwirAgoDCKwCCgMIrQIKAwiuAgoDCK8CCgMIsAIKAwixAgoDCLICCgMIswIKAwi0AgoDCLUCCgMItgIKAwi3AgoDCLgCCgMIuQIKAwi6AgoDCLsCCgMIvAIKAwi9AgoDCL4CCgMIvwIKAwjAAgoDCMECCgMIwgIKAwjDAgoDCMQCCgMIxQIKAwjGAgoDCMcCCgMIyAIKAwjJAgoDCMoCCgMIywIKAwjMAgoDCM0CCgMIzgIKAwjPAgoDCNACCgMI0QIKAwjSAgoDCNMCCgMI1AIKAwjVAgoDCNYCCgMI1wIKAwjYAgoDCNkCCgMI2gIKAwjbAgoDCNwCCgMI3QIKAwjeAgoDCN8CCgMI4AIKAwjhAgoDCOICCgMI4wIKAwjkAgoDCOUCCgMI5gIKAwjnAgoDCOgCCgMI6QIKAwjqAgoDCOsCCgMI7AIKAwjtAgoDCO4CCgMI7wIKAwjwAgoDCPECCgMI8gIKAwjzAgoDCPQCCgMI9QIKAwj2AgoDCPcCCgMI-AIKAwj5AgoDCPoCCgMI-wIKAwj8AgoDCP0CCgMI_gIKAwj_AgoDCIADCgMIgQMKAwiCAwoDCIMDCgMIhAMKAwiFAwoDCIYDCgMIhwMKAwiIAwoDCIkDCgMIigMKAwiLAwoDCIwDCgMIjQMKAwiOAwoDCI8DCgMIkAMKAwiRAwoDCJIDCgMIkwMKAwiUAwoDCJUDCgMIlgMKAwiXAwoDCJgDCgMImQMKAwiaAwoDCJsDCgMInAMKAwidAwoDCJ4DCgMInwMKAwigAwoDCKEDCgMIogMKAwijAwoDCKQDCgMIpQMKAwimAwoDCKcDCgMIqAMKAwipAwoDCKoDCgMIqwMKAwisAwoDCK0DCgMIrgMKAwivAwoDCLADCgMIsQMKAwiyAwoDCLMDCgMItAMKAwi1AwoDCLYDCgMItwMKAwi4AwoDCLkDCgMIugMKAwi7AwoDCLwDCgMIvQMKAwi-AwoDCL8DCgMIwAMKAwjBAwoDCMIDCgMIwwMKAwjEAwoDCMUDCgMIxgMKAwjHAwoDCMgDCgMIyQMKAwjKAwoDCMsDCgMIzAMKAwjNAwoDCM4DCgMIzwMKAwjQAwoDCNEDCgMI0gMKAwjTAwoDCNQDCgMI1QMKAwjWAwoDCNcDCgMI2AMKAwjZAwoDCNoDCgMI2wMKAwjcAwoDCN0DCgMI3gMKAwjfAwoDCOADCgMI4QMKAwjiAwoDCOMDCgMI5AMKAwjlAwoDCOYDCgMI5wMKAwjoAwoDCOkDCgMI6gMKAwjrAwoDCOwDCgMI7QMKAwjuAwoDCO8DCgMI8AMKAwjxAwoDCPIDCgMI8wMQyAMaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTkgEigB:CX8PIOrxJnQqFXl7wAsiHJ_1VGjoI-asNlCXb8SE8jtI2vdh9x6CqbAurSgIlAAEgotVP-nuUR38x_a9YJuXzmG5AvJ458apWQtODHIDIX6ZaIwMxjS02R7S5LNqXa0gAuU_R6bCWpZdWe2uLMkdpu5KHbDgW08g-uaP_nceDOk"; Y_UNIT_TEST(ContextText) { - TUserContext::TImpl context(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl context(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_EQUAL(2, context.GetKeys().size()); - UNIT_ASSERT_NO_EXCEPTION(context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS)); + UNIT_ASSERT_NO_EXCEPTION(context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS)); UNIT_ASSERT_EQUAL(2, context.GetKeys().size()); - } + } Y_UNIT_TEST(ContextEnvTest) { - TUserContext::TImpl p(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl p(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_EQUAL(2, p.GetKeys().size()); - UNIT_ASSERT(p.IsAllowed(tvm_keys::Prod)); - UNIT_ASSERT(!p.IsAllowed(tvm_keys::ProdYateam)); - UNIT_ASSERT(!p.IsAllowed(tvm_keys::Test)); - UNIT_ASSERT(!p.IsAllowed(tvm_keys::TestYateam)); - UNIT_ASSERT(!p.IsAllowed(tvm_keys::Stress)); + UNIT_ASSERT(p.IsAllowed(tvm_keys::Prod)); + UNIT_ASSERT(!p.IsAllowed(tvm_keys::ProdYateam)); + UNIT_ASSERT(!p.IsAllowed(tvm_keys::Test)); + UNIT_ASSERT(!p.IsAllowed(tvm_keys::TestYateam)); + UNIT_ASSERT(!p.IsAllowed(tvm_keys::Stress)); - TUserContext::TImpl pt(EBlackboxEnv::ProdYateam, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl pt(EBlackboxEnv::ProdYateam, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_EQUAL(2, pt.GetKeys().size()); - UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Prod)); - UNIT_ASSERT(pt.IsAllowed(tvm_keys::ProdYateam)); - UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Test)); - UNIT_ASSERT(!pt.IsAllowed(tvm_keys::TestYateam)); - UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Stress)); + UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Prod)); + UNIT_ASSERT(pt.IsAllowed(tvm_keys::ProdYateam)); + UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Test)); + UNIT_ASSERT(!pt.IsAllowed(tvm_keys::TestYateam)); + UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Stress)); - TUserContext::TImpl t(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl t(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_EQUAL(2, t.GetKeys().size()); - UNIT_ASSERT(!t.IsAllowed(tvm_keys::Prod)); - UNIT_ASSERT(!t.IsAllowed(tvm_keys::ProdYateam)); - UNIT_ASSERT(t.IsAllowed(tvm_keys::Test)); - UNIT_ASSERT(!t.IsAllowed(tvm_keys::TestYateam)); - UNIT_ASSERT(!t.IsAllowed(tvm_keys::Stress)); + UNIT_ASSERT(!t.IsAllowed(tvm_keys::Prod)); + UNIT_ASSERT(!t.IsAllowed(tvm_keys::ProdYateam)); + UNIT_ASSERT(t.IsAllowed(tvm_keys::Test)); + UNIT_ASSERT(!t.IsAllowed(tvm_keys::TestYateam)); + UNIT_ASSERT(!t.IsAllowed(tvm_keys::Stress)); - TUserContext::TImpl tt(EBlackboxEnv::TestYateam, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl tt(EBlackboxEnv::TestYateam, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_EQUAL(2, tt.GetKeys().size()); - UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Prod)); - UNIT_ASSERT(!tt.IsAllowed(tvm_keys::ProdYateam)); - UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Test)); - UNIT_ASSERT(tt.IsAllowed(tvm_keys::TestYateam)); - UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Stress)); + UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Prod)); + UNIT_ASSERT(!tt.IsAllowed(tvm_keys::ProdYateam)); + UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Test)); + UNIT_ASSERT(tt.IsAllowed(tvm_keys::TestYateam)); + UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Stress)); - TUserContext::TImpl s(EBlackboxEnv::Stress, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl s(EBlackboxEnv::Stress, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_EQUAL(4, s.GetKeys().size()); - UNIT_ASSERT(s.IsAllowed(tvm_keys::Prod)); - UNIT_ASSERT(!s.IsAllowed(tvm_keys::ProdYateam)); - UNIT_ASSERT(!s.IsAllowed(tvm_keys::Test)); - UNIT_ASSERT(!s.IsAllowed(tvm_keys::TestYateam)); - UNIT_ASSERT(s.IsAllowed(tvm_keys::Stress)); - } + UNIT_ASSERT(s.IsAllowed(tvm_keys::Prod)); + UNIT_ASSERT(!s.IsAllowed(tvm_keys::ProdYateam)); + UNIT_ASSERT(!s.IsAllowed(tvm_keys::Test)); + UNIT_ASSERT(!s.IsAllowed(tvm_keys::TestYateam)); + UNIT_ASSERT(s.IsAllowed(tvm_keys::Stress)); + } Y_UNIT_TEST(ContextExceptionsText) { UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, EMPTY_TVM_KEYS), TEmptyTvmKeysException); UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, "adcvxcv./-+"), TMalformedTvmKeysException); - } + } Y_UNIT_TEST(Ticket1Test) { - TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket->GetExpirationTime()); UNIT_ASSERT_EQUAL(TUids({456, 123}), checkedTicket->GetUids()); UNIT_ASSERT_EQUAL(456, checkedTicket->GetDefaultUid()); @@ -94,33 +94,33 @@ Y_UNIT_TEST_SUITE_IMPLEMENTATION(UserTestSuite) { UNIT_ASSERT(checkedTicket->HasScope("bb:sess2")); UNIT_ASSERT(!checkedTicket->HasScope("bb:sess3")); UNIT_ASSERT_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess2;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket->DebugInfo()); - } + } Y_UNIT_TEST(Ticket2Test) { - TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_2); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket->DebugInfo()); - } + } Y_UNIT_TEST(Ticket3Test) { - TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_3); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;default_uid=456;uid=0;uid=1;uid=2;uid=3;uid=4;uid=5;uid=6;uid=7;uid=8;uid=9;uid=10;uid=11;uid=12;uid=13;uid=14;uid=15;uid=16;uid=17;uid=18;uid=19;uid=20;uid=21;uid=22;uid=23;uid=24;uid=25;uid=26;uid=27;uid=28;uid=29;uid=30;uid=31;uid=32;uid=33;uid=34;uid=35;uid=36;uid=37;uid=38;uid=39;uid=40;uid=41;uid=42;uid=43;uid=44;uid=45;uid=46;uid=47;uid=48;uid=49;uid=50;uid=51;uid=52;uid=53;uid=54;uid=55;uid=56;uid=57;uid=58;uid=59;uid=60;uid=61;uid=62;uid=63;uid=64;uid=65;uid=66;uid=67;uid=68;uid=69;uid=70;uid=71;uid=72;uid=73;uid=74;uid=75;uid=76;uid=77;uid=78;uid=79;uid=80;uid=81;uid=82;uid=83;uid=84;uid=85;uid=86;uid=87;uid=88;uid=89;uid=90;uid=91;uid=92;uid=93;uid=94;uid=95;uid=96;uid=97;uid=98;uid=99;uid=100;uid=101;uid=102;uid=103;uid=104;uid=105;uid=106;uid=107;uid=108;uid=109;uid=110;uid=111;uid=112;uid=113;uid=114;uid=115;uid=116;uid=117;uid=118;uid=119;uid=120;uid=121;uid=122;uid=123;uid=124;uid=125;uid=126;uid=127;uid=128;uid=129;uid=130;uid=131;uid=132;uid=133;uid=134;uid=135;uid=136;uid=137;uid=138;uid=139;uid=140;uid=141;uid=142;uid=143;uid=144;uid=145;uid=146;uid=147;uid=148;uid=149;uid=150;uid=151;uid=152;uid=153;uid=154;uid=155;uid=156;uid=157;uid=158;uid=159;uid=160;uid=161;uid=162;uid=163;uid=164;uid=165;uid=166;uid=167;uid=168;uid=169;uid=170;uid=171;uid=172;uid=173;uid=174;uid=175;uid=176;uid=177;uid=178;uid=179;uid=180;uid=181;uid=182;uid=183;uid=184;uid=185;uid=186;uid=187;uid=188;uid=189;uid=190;uid=191;uid=192;uid=193;uid=194;uid=195;uid=196;uid=197;uid=198;uid=199;uid=200;uid=201;uid=202;uid=203;uid=204;uid=205;uid=206;uid=207;uid=208;uid=209;uid=210;uid=211;uid=212;uid=213;uid=214;uid=215;uid=216;uid=217;uid=218;uid=219;uid=220;uid=221;uid=222;uid=223;uid=224;uid=225;uid=226;uid=227;uid=228;uid=229;uid=230;uid=231;uid=232;uid=233;uid=234;uid=235;uid=236;uid=237;uid=238;uid=239;uid=240;uid=241;uid=242;uid=243;uid=244;uid=245;uid=246;uid=247;uid=248;uid=249;uid=250;uid=251;uid=252;uid=253;uid=254;uid=255;uid=256;uid=257;uid=258;uid=259;uid=260;uid=261;uid=262;uid=263;uid=264;uid=265;uid=266;uid=267;uid=268;uid=269;uid=270;uid=271;uid=272;uid=273;uid=274;uid=275;uid=276;uid=277;uid=278;uid=279;uid=280;uid=281;uid=282;uid=283;uid=284;uid=285;uid=286;uid=287;uid=288;uid=289;uid=290;uid=291;uid=292;uid=293;uid=294;uid=295;uid=296;uid=297;uid=298;uid=299;uid=300;uid=301;uid=302;uid=303;uid=304;uid=305;uid=306;uid=307;uid=308;uid=309;uid=310;uid=311;uid=312;uid=313;uid=314;uid=315;uid=316;uid=317;uid=318;uid=319;uid=320;uid=321;uid=322;uid=323;uid=324;uid=325;uid=326;uid=327;uid=328;uid=329;uid=330;uid=331;uid=332;uid=333;uid=334;uid=335;uid=336;uid=337;uid=338;uid=339;uid=340;uid=341;uid=342;uid=343;uid=344;uid=345;uid=346;uid=347;uid=348;uid=349;uid=350;uid=351;uid=352;uid=353;uid=354;uid=355;uid=356;uid=357;uid=358;uid=359;uid=360;uid=361;uid=362;uid=363;uid=364;uid=365;uid=366;uid=367;uid=368;uid=369;uid=370;uid=371;uid=372;uid=373;uid=374;uid=375;uid=376;uid=377;uid=378;uid=379;uid=380;uid=381;uid=382;uid=383;uid=384;uid=385;uid=386;uid=387;uid=388;uid=389;uid=390;uid=391;uid=392;uid=393;uid=394;uid=395;uid=396;uid=397;uid=398;uid=399;uid=400;uid=401;uid=402;uid=403;uid=404;uid=405;uid=406;uid=407;uid=408;uid=409;uid=410;uid=411;uid=412;uid=413;uid=414;uid=415;uid=416;uid=417;uid=418;uid=419;uid=420;uid=421;uid=422;uid=423;uid=424;uid=425;uid=426;uid=427;uid=428;uid=429;uid=430;uid=431;uid=432;uid=433;uid=434;uid=435;uid=436;uid=437;uid=438;uid=439;uid=440;uid=441;uid=442;uid=443;uid=444;uid=445;uid=446;uid=447;uid=448;uid=449;uid=450;uid=451;uid=452;uid=453;uid=454;uid=455;uid=456;uid=457;uid=458;uid=459;uid=460;uid=461;uid=462;uid=463;uid=464;uid=465;uid=466;uid=467;uid=468;uid=469;uid=470;uid=471;uid=472;uid=473;uid=474;uid=475;uid=476;uid=477;uid=478;uid=479;uid=480;uid=481;uid=482;uid=483;uid=484;uid=485;uid=486;uid=487;uid=488;uid=489;uid=490;uid=491;uid=492;uid=493;uid=494;uid=495;uid=496;uid=497;uid=498;uid=499;env=Test;", checkedTicket->DebugInfo()); - } + } Y_UNIT_TEST(TicketExceptionsTest) { - TUserContext::TImpl contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket1 = contextTest.Check(UNSUPPORTED_VERSION_USER_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1->GetStatus()); auto checkedTicket2 = contextTest.Check(EXPIRED_USER_TICKET); - UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket2->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket2->GetStatus()); - TUserContext::TImpl contextProd(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl contextProd(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket3 = contextProd.Check(VALID_USER_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::InvalidBlackboxEnv, checkedTicket3->GetStatus()); + UNIT_ASSERT_EQUAL(ETicketStatus::InvalidBlackboxEnv, checkedTicket3->GetStatus()); UNIT_ASSERT_EXCEPTION(checkedTicket3->GetDefaultUid(), TNotAllowedException); UNIT_ASSERT_EXCEPTION(checkedTicket3->GetUids(), TNotAllowedException); @@ -129,13 +129,13 @@ Y_UNIT_TEST_SUITE_IMPLEMENTATION(UserTestSuite) { UNIT_ASSERT_NO_EXCEPTION(bool(*checkedTicket3)); UNIT_ASSERT_NO_EXCEPTION(checkedTicket3->DebugInfo()); UNIT_ASSERT_NO_EXCEPTION(checkedTicket3->GetStatus()); - } + } Y_UNIT_TEST(TicketProtoTest) { ticket2::Ticket protobufTicket; UNIT_ASSERT(protobufTicket.ParseFromString(NUtils::Base64url2bin(USER_TICKET_PROTOBUF))); - TTestUserTicketImpl userTicket(ETicketStatus::Ok, std::move(protobufTicket)); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, userTicket.GetStatus()); + TTestUserTicketImpl userTicket(ETicketStatus::Ok, std::move(protobufTicket)); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, userTicket.GetStatus()); UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), userTicket.GetExpirationTime()); UNIT_ASSERT_EQUAL(TUids({456, 123}), userTicket.GetUids()); UNIT_ASSERT_EQUAL(456, userTicket.GetDefaultUid()); @@ -143,74 +143,74 @@ Y_UNIT_TEST_SUITE_IMPLEMENTATION(UserTestSuite) { UNIT_ASSERT(userTicket.HasScope("bb:sess1")); UNIT_ASSERT(userTicket.HasScope("bb:sess2")); UNIT_ASSERT(!userTicket.HasScope("bb:sess3")); - } + } Y_UNIT_TEST(ResetKeysTest) { - TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS); + TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); + context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_USER_TICKET_1); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); - } - - Y_UNIT_TEST(CreateTicketForTests) { - TCheckedUserTicket t = NTvmAuth::NUnittest::CreateUserTicket(ETicketStatus::Ok, 42, {"qwerty", "omg"}, {43, 55, 47}); - UNIT_ASSERT_EQUAL(ETicketStatus::Ok, t.GetStatus()); - UNIT_ASSERT_EQUAL(42, t.GetDefaultUid()); - UNIT_ASSERT_EQUAL(TUids({42, 43, 47, 55}), t.GetUids()); - UNIT_ASSERT_EQUAL(TScopes({"omg", "qwerty"}), t.GetScopes()); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); + } + + Y_UNIT_TEST(CreateTicketForTests) { + TCheckedUserTicket t = NTvmAuth::NUnittest::CreateUserTicket(ETicketStatus::Ok, 42, {"qwerty", "omg"}, {43, 55, 47}); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, t.GetStatus()); + UNIT_ASSERT_EQUAL(42, t.GetDefaultUid()); + UNIT_ASSERT_EQUAL(TUids({42, 43, 47, 55}), t.GetUids()); + UNIT_ASSERT_EQUAL(TScopes({"omg", "qwerty"}), t.GetScopes()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;scope=omg;scope=qwerty;default_uid=42;uid=42;uid=43;uid=47;uid=55;env=Test;", t.DebugInfo()); - } - - Y_UNIT_TEST(CreateForTests) { - TUids uids{456}; - TScopes scopes{"scope1", "scope2", "scope3"}; - TScopes scopesIn{"scope1", "scope2", "scope3", "scope1", ""}; - auto t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, scopesIn, {}); - UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); - UNIT_ASSERT_VALUES_EQUAL(456, t->GetDefaultUid()); - UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); - UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); - - t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, scopesIn, {123, 456, 789}); - UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); - UNIT_ASSERT_VALUES_EQUAL(456, t->GetDefaultUid()); - uids = TUids{123, 456, 789}; - UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); - UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); - - t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, scopesIn, {123, 789}); - UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); - UNIT_ASSERT_VALUES_EQUAL(456, t->GetDefaultUid()); - uids = TUids{123, 456, 789}; - UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); - UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); - - t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 0, scopesIn, {123, 789}); - UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); - UNIT_ASSERT_VALUES_EQUAL(0, t->GetDefaultUid()); - uids = TUids{123, 789}; - UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); - UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); - - UNIT_ASSERT_EXCEPTION_CONTAINS(TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 0, scopesIn, {}), - yexception, - "User ticket cannot contain empty uid list"); - UNIT_ASSERT_EXCEPTION_CONTAINS(TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 0, scopesIn, {0}), - yexception, - "User ticket cannot contain empty uid list"); - } -} - -template <> -void Out<NTvmAuth::TUids>(IOutputStream& o, const NTvmAuth::TUids& v) { - for (const auto& uid : v) { - o << uid << ","; - } -} - -template <> -void Out<NTvmAuth::TScopes>(IOutputStream& o, const NTvmAuth::TScopes& v) { - for (const auto& scope : v) { - o << scope << ","; - } -} + } + + Y_UNIT_TEST(CreateForTests) { + TUids uids{456}; + TScopes scopes{"scope1", "scope2", "scope3"}; + TScopes scopesIn{"scope1", "scope2", "scope3", "scope1", ""}; + auto t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, scopesIn, {}); + UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); + UNIT_ASSERT_VALUES_EQUAL(456, t->GetDefaultUid()); + UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); + UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); + + t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, scopesIn, {123, 456, 789}); + UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); + UNIT_ASSERT_VALUES_EQUAL(456, t->GetDefaultUid()); + uids = TUids{123, 456, 789}; + UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); + UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); + + t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 456, scopesIn, {123, 789}); + UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); + UNIT_ASSERT_VALUES_EQUAL(456, t->GetDefaultUid()); + uids = TUids{123, 456, 789}; + UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); + UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); + + t = TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 0, scopesIn, {123, 789}); + UNIT_ASSERT_VALUES_EQUAL(ETicketStatus::Ok, t->GetStatus()); + UNIT_ASSERT_VALUES_EQUAL(0, t->GetDefaultUid()); + uids = TUids{123, 789}; + UNIT_ASSERT_VALUES_EQUAL(uids, t->GetUids()); + UNIT_ASSERT_VALUES_EQUAL(scopes, t->GetScopes()); + + UNIT_ASSERT_EXCEPTION_CONTAINS(TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 0, scopesIn, {}), + yexception, + "User ticket cannot contain empty uid list"); + UNIT_ASSERT_EXCEPTION_CONTAINS(TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus::Ok, 0, scopesIn, {0}), + yexception, + "User ticket cannot contain empty uid list"); + } +} + +template <> +void Out<NTvmAuth::TUids>(IOutputStream& o, const NTvmAuth::TUids& v) { + for (const auto& uid : v) { + o << uid << ","; + } +} + +template <> +void Out<NTvmAuth::TScopes>(IOutputStream& o, const NTvmAuth::TScopes& v) { + for (const auto& scope : v) { + o << scope << ","; + } +} diff --git a/library/cpp/tvmauth/src/ut/utils_ut.cpp b/library/cpp/tvmauth/src/ut/utils_ut.cpp index c9cb81c36fa..ebf459a3440 100644 --- a/library/cpp/tvmauth/src/ut/utils_ut.cpp +++ b/library/cpp/tvmauth/src/ut/utils_ut.cpp @@ -1,13 +1,13 @@ -#include <library/cpp/tvmauth/src/utils.h> - +#include <library/cpp/tvmauth/src/utils.h> + #include <library/cpp/testing/unittest/registar.h> - -#include <util/generic/maybe.h> - + +#include <util/generic/maybe.h> + Y_UNIT_TEST_SUITE(UtilsTestSuite) { - static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; - static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; - using namespace NTvmAuth; + static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; + static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; + using namespace NTvmAuth; Y_UNIT_TEST(base64Test) { UNIT_ASSERT_VALUES_EQUAL("-hHx", NUtils::Bin2base64url("\xfa\x11\xf1")); @@ -27,69 +27,69 @@ Y_UNIT_TEST_SUITE(UtilsTestSuite) { UNIT_ASSERT_VALUES_EQUAL("\xfa\x11\xf1\xfe\xff", NUtils::Base64url2bin("-hHx_v8=")); UNIT_ASSERT_VALUES_EQUAL("SGVsbG8sIGV2ZXJ5Ym9keSE", - NUtils::Bin2base64url(("Hello, everybody!"))); + NUtils::Bin2base64url(("Hello, everybody!"))); UNIT_ASSERT_VALUES_EQUAL("Hello, everybody!", - NUtils::Base64url2bin(("SGVsbG8sIGV2ZXJ5Ym9keSE"))); + NUtils::Base64url2bin(("SGVsbG8sIGV2ZXJ5Ym9keSE"))); UNIT_ASSERT_VALUES_EQUAL("VGhlIE1hZ2ljIFdvcmRzIGFyZSBTcXVlYW1pc2ggT3NzaWZyYWdl", - NUtils::Bin2base64url(("The Magic Words are Squeamish Ossifrage"))); + NUtils::Bin2base64url(("The Magic Words are Squeamish Ossifrage"))); UNIT_ASSERT_VALUES_EQUAL("The Magic Words are Squeamish Ossifrage", - NUtils::Base64url2bin(("VGhlIE1hZ2ljIFdvcmRzIGFyZSBTcXVlYW1pc2ggT3NzaWZyYWdl"))); + NUtils::Base64url2bin(("VGhlIE1hZ2ljIFdvcmRzIGFyZSBTcXVlYW1pc2ggT3NzaWZyYWdl"))); } Y_UNIT_TEST(sign) { UNIT_ASSERT_VALUES_EQUAL("wkGfeuopf709ozPAeGcDMqtZXPzsWvuNJ1BL586dSug", - NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOVnvOqe-WyD1"), - "1490000000", - "13,19", - "bb:sess,bb:sess2")); + NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOVnvOqe-WyD1"), + "1490000000", + "13,19", + "bb:sess,bb:sess2")); UNIT_ASSERT_VALUES_EQUAL("HANDYrA4ApQMQ5cfSWZk_InHWJffoXAa57P_X_B5s4M", - NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), - "1490000000", - "13,19", - "bb:sess,bb:sess2")); + NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), + "1490000000", + "13,19", + "bb:sess,bb:sess2")); UNIT_ASSERT_VALUES_EQUAL("T-M-3_qtjRM1dR_3hS1CRlHBTZRKK04doHXBJw-5VRk", - NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), - "1490000001", - "13,19", - "bb:sess,bb:sess2")); + NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), + "1490000001", + "13,19", + "bb:sess,bb:sess2")); UNIT_ASSERT_VALUES_EQUAL("gwB6M_9Jij50ZADmlDMnoyLc6AhQmtq6MClgGzO1PBE", - NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), - "1490000001", - "13,19", - "")); - } - - Y_UNIT_TEST(GetExpirationTime) { - UNIT_ASSERT(!NTvmAuth::NInternal::TCanningKnife::GetExpirationTime("3:aadasdasdasdas")); - - UNIT_ASSERT(NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(VALID_SERVICE_TICKET_1)); - UNIT_ASSERT_VALUES_EQUAL(TInstant::Seconds(std::numeric_limits<time_t>::max()), - *NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(VALID_SERVICE_TICKET_1)); - - UNIT_ASSERT(NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(EXPIRED_SERVICE_TICKET)); - UNIT_ASSERT_VALUES_EQUAL(TInstant::Seconds(0), - *NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(EXPIRED_SERVICE_TICKET)); - } - - Y_UNIT_TEST(RemoveSignatureTest) { - UNIT_ASSERT_VALUES_EQUAL("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); - UNIT_ASSERT_VALUES_EQUAL("2:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("2:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); - UNIT_ASSERT_VALUES_EQUAL("4:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("4:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); - UNIT_ASSERT_VALUES_EQUAL("3.serv.ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds", - NUtils::RemoveTicketSignature("3.serv.ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); - UNIT_ASSERT_VALUES_EQUAL("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:", - NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); - UNIT_ASSERT_VALUES_EQUAL("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:", - NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); - UNIT_ASSERT_VALUES_EQUAL("3:serv:", - NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); - UNIT_ASSERT_VALUES_EQUAL("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf", - NUtils::RemoveTicketSignature("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf")); + NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), + "1490000001", + "13,19", + "")); } + + Y_UNIT_TEST(GetExpirationTime) { + UNIT_ASSERT(!NTvmAuth::NInternal::TCanningKnife::GetExpirationTime("3:aadasdasdasdas")); + + UNIT_ASSERT(NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(VALID_SERVICE_TICKET_1)); + UNIT_ASSERT_VALUES_EQUAL(TInstant::Seconds(std::numeric_limits<time_t>::max()), + *NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(VALID_SERVICE_TICKET_1)); + + UNIT_ASSERT(NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(EXPIRED_SERVICE_TICKET)); + UNIT_ASSERT_VALUES_EQUAL(TInstant::Seconds(0), + *NTvmAuth::NInternal::TCanningKnife::GetExpirationTime(EXPIRED_SERVICE_TICKET)); + } + + Y_UNIT_TEST(RemoveSignatureTest) { + UNIT_ASSERT_VALUES_EQUAL("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", + NUtils::RemoveTicketSignature("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + UNIT_ASSERT_VALUES_EQUAL("2:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", + NUtils::RemoveTicketSignature("2:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + UNIT_ASSERT_VALUES_EQUAL("4:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", + NUtils::RemoveTicketSignature("4:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + UNIT_ASSERT_VALUES_EQUAL("3.serv.ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds", + NUtils::RemoveTicketSignature("3.serv.ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); + UNIT_ASSERT_VALUES_EQUAL("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:", + NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + UNIT_ASSERT_VALUES_EQUAL("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:", + NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); + UNIT_ASSERT_VALUES_EQUAL("3:serv:", + NUtils::RemoveTicketSignature("3:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs.asdxcvbxcvniueliuweklsvds")); + UNIT_ASSERT_VALUES_EQUAL("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf", + NUtils::RemoveTicketSignature("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf")); + } } diff --git a/library/cpp/tvmauth/src/ut/version_ut.cpp b/library/cpp/tvmauth/src/ut/version_ut.cpp index eeb95d1cde7..f13d4683e25 100644 --- a/library/cpp/tvmauth/src/ut/version_ut.cpp +++ b/library/cpp/tvmauth/src/ut/version_ut.cpp @@ -1,18 +1,18 @@ -#include <library/cpp/tvmauth/version.h> - -#include <library/cpp/testing/unittest/registar.h> - -#include <regex> - -using namespace NTvmAuth; - -Y_UNIT_TEST_SUITE(VersionTest) { - Y_UNIT_TEST(base64Test) { - const std::regex re(R"(^\d+\.\d+\.\d+$)"); - - for (size_t idx = 0; idx < 2; ++idx) { - TStringBuf ver = LibVersion(); - UNIT_ASSERT(std::regex_match(ver.begin(), ver.end(), re)); - } - } -} +#include <library/cpp/tvmauth/version.h> + +#include <library/cpp/testing/unittest/registar.h> + +#include <regex> + +using namespace NTvmAuth; + +Y_UNIT_TEST_SUITE(VersionTest) { + Y_UNIT_TEST(base64Test) { + const std::regex re(R"(^\d+\.\d+\.\d+$)"); + + for (size_t idx = 0; idx < 2; ++idx) { + TStringBuf ver = LibVersion(); + UNIT_ASSERT(std::regex_match(ver.begin(), ver.end(), re)); + } + } +} diff --git a/library/cpp/tvmauth/src/ut/ya.make b/library/cpp/tvmauth/src/ut/ya.make index 9f510a8363f..7207f503c5d 100644 --- a/library/cpp/tvmauth/src/ut/ya.make +++ b/library/cpp/tvmauth/src/ut/ya.make @@ -1,6 +1,6 @@ -UNITTEST_FOR(library/cpp/tvmauth) +UNITTEST_FOR(library/cpp/tvmauth) -OWNER(g:passport_infra) +OWNER(g:passport_infra) SRCS( parser_ut.cpp @@ -8,7 +8,7 @@ SRCS( service_ut.cpp user_ut.cpp utils_ut.cpp - version_ut.cpp + version_ut.cpp ) END() diff --git a/library/cpp/tvmauth/src/utils.cpp b/library/cpp/tvmauth/src/utils.cpp index d49efa28b5a..7f5346ec29a 100644 --- a/library/cpp/tvmauth/src/utils.cpp +++ b/library/cpp/tvmauth/src/utils.cpp @@ -1,162 +1,162 @@ #include "utils.h" -#include "parser.h" - +#include "parser.h" + #include <contrib/libs/openssl/include/openssl/evp.h> #include <contrib/libs/openssl/include/openssl/hmac.h> #include <contrib/libs/openssl/include/openssl/md5.h> #include <contrib/libs/openssl/include/openssl/sha.h> -#include <util/generic/maybe.h> +#include <util/generic/maybe.h> #include <util/generic/strbuf.h> -#include <array> - +#include <array> + namespace { - constexpr const unsigned char b64_encode[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; - - constexpr std::array<unsigned char, 256> B64Init() { - std::array<unsigned char, 256> buf{}; - for (auto& i : buf) + constexpr const unsigned char b64_encode[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + + constexpr std::array<unsigned char, 256> B64Init() { + std::array<unsigned char, 256> buf{}; + for (auto& i : buf) i = 0xff; for (int i = 0; i < 64; ++i) - buf[b64_encode[i]] = i; + buf[b64_encode[i]] = i; - return buf; + return buf; } - constexpr std::array<unsigned char, 256> b64_decode = B64Init(); -} - -namespace NTvmAuth::NUtils { - TString Bin2base64url(TStringBuf buf) { - if (!buf) { - return TString(); - } - - TString res; - res.resize(((buf.size() + 2) / 3) << 2, 0); - - const unsigned char* pB = (const unsigned char*)buf.data(); - const unsigned char* pE = (const unsigned char*)buf.data() + buf.size(); - unsigned char* p = (unsigned char*)res.data(); - for (; pB + 2 < pE; pB += 3) { - const unsigned char a = *pB; - *p++ = b64_encode[(a >> 2) & 0x3F]; - const unsigned char b = *(pB + 1); - *p++ = b64_encode[((a & 0x3) << 4) | ((b & 0xF0) >> 4)]; - const unsigned char c = *(pB + 2); - *p++ = b64_encode[((b & 0xF) << 2) | ((c & 0xC0) >> 6)]; - *p++ = b64_encode[c & 0x3F]; + constexpr std::array<unsigned char, 256> b64_decode = B64Init(); +} + +namespace NTvmAuth::NUtils { + TString Bin2base64url(TStringBuf buf) { + if (!buf) { + return TString(); + } + + TString res; + res.resize(((buf.size() + 2) / 3) << 2, 0); + + const unsigned char* pB = (const unsigned char*)buf.data(); + const unsigned char* pE = (const unsigned char*)buf.data() + buf.size(); + unsigned char* p = (unsigned char*)res.data(); + for (; pB + 2 < pE; pB += 3) { + const unsigned char a = *pB; + *p++ = b64_encode[(a >> 2) & 0x3F]; + const unsigned char b = *(pB + 1); + *p++ = b64_encode[((a & 0x3) << 4) | ((b & 0xF0) >> 4)]; + const unsigned char c = *(pB + 2); + *p++ = b64_encode[((b & 0xF) << 2) | ((c & 0xC0) >> 6)]; + *p++ = b64_encode[c & 0x3F]; + } + + if (pB < pE) { + const unsigned char a = *pB; + *p++ = b64_encode[(a >> 2) & 0x3F]; + + if (pB == (pE - 1)) { + *p++ = b64_encode[((a & 0x3) << 4)]; + } else { + const unsigned char b = *(pB + 1); + *p++ = b64_encode[((a & 0x3) << 4) | + ((int)(b & 0xF0) >> 4)]; + *p++ = b64_encode[((b & 0xF) << 2)]; + } } - if (pB < pE) { - const unsigned char a = *pB; - *p++ = b64_encode[(a >> 2) & 0x3F]; - - if (pB == (pE - 1)) { - *p++ = b64_encode[((a & 0x3) << 4)]; - } else { - const unsigned char b = *(pB + 1); - *p++ = b64_encode[((a & 0x3) << 4) | - ((int)(b & 0xF0) >> 4)]; - *p++ = b64_encode[((b & 0xF) << 2)]; - } - } - - res.resize(p - (unsigned char*)res.data()); - return res; + res.resize(p - (unsigned char*)res.data()); + return res; } - TString Base64url2bin(TStringBuf buf) { - const unsigned char* bufin = (const unsigned char*)buf.data(); - if (!buf || b64_decode[*bufin] > 63) { - return TString(); - } - const unsigned char* bufend = (const unsigned char*)buf.data() + buf.size(); - while (++bufin < bufend && b64_decode[*bufin] < 64) - ; - int nprbytes = (bufin - (const unsigned char*)buf.data()); - int nbytesdecoded = ((nprbytes + 3) / 4) * 3; - - if (nprbytes < static_cast<int>(buf.size())) { - int left = buf.size() - nprbytes; - while (left--) { - if (*(bufin++) != '=') - return TString(); - } - } - - TString res; - res.resize(nbytesdecoded); - - unsigned char* bufout = (unsigned char*)res.data(); - bufin = (const unsigned char*)buf.data(); - - while (nprbytes > 4) { - unsigned char a = b64_decode[*bufin]; - unsigned char b = b64_decode[bufin[1]]; - *(bufout++) = (unsigned char)(a << 2 | b >> 4); - unsigned char c = b64_decode[bufin[2]]; - *(bufout++) = (unsigned char)(b << 4 | c >> 2); - unsigned char d = b64_decode[bufin[3]]; - *(bufout++) = (unsigned char)(c << 6 | d); - bufin += 4; - nprbytes -= 4; - } - - if (nprbytes == 1) { - return {}; // Impossible + TString Base64url2bin(TStringBuf buf) { + const unsigned char* bufin = (const unsigned char*)buf.data(); + if (!buf || b64_decode[*bufin] > 63) { + return TString(); } - if (nprbytes > 1) { - *(bufout++) = (unsigned char)(b64_decode[*bufin] << 2 | b64_decode[bufin[1]] >> 4); - } - if (nprbytes > 2) { - *(bufout++) = (unsigned char)(b64_decode[bufin[1]] << 4 | b64_decode[bufin[2]] >> 2); - } - if (nprbytes > 3) { - *(bufout++) = (unsigned char)(b64_decode[bufin[2]] << 6 | b64_decode[bufin[3]]); - } - - int diff = (4 - nprbytes) & 3; - if (diff) { - nbytesdecoded -= (4 - nprbytes) & 3; - res.resize(nbytesdecoded); - } - - return res; + const unsigned char* bufend = (const unsigned char*)buf.data() + buf.size(); + while (++bufin < bufend && b64_decode[*bufin] < 64) + ; + int nprbytes = (bufin - (const unsigned char*)buf.data()); + int nbytesdecoded = ((nprbytes + 3) / 4) * 3; + + if (nprbytes < static_cast<int>(buf.size())) { + int left = buf.size() - nprbytes; + while (left--) { + if (*(bufin++) != '=') + return TString(); + } + } + + TString res; + res.resize(nbytesdecoded); + + unsigned char* bufout = (unsigned char*)res.data(); + bufin = (const unsigned char*)buf.data(); + + while (nprbytes > 4) { + unsigned char a = b64_decode[*bufin]; + unsigned char b = b64_decode[bufin[1]]; + *(bufout++) = (unsigned char)(a << 2 | b >> 4); + unsigned char c = b64_decode[bufin[2]]; + *(bufout++) = (unsigned char)(b << 4 | c >> 2); + unsigned char d = b64_decode[bufin[3]]; + *(bufout++) = (unsigned char)(c << 6 | d); + bufin += 4; + nprbytes -= 4; + } + + if (nprbytes == 1) { + return {}; // Impossible + } + if (nprbytes > 1) { + *(bufout++) = (unsigned char)(b64_decode[*bufin] << 2 | b64_decode[bufin[1]] >> 4); + } + if (nprbytes > 2) { + *(bufout++) = (unsigned char)(b64_decode[bufin[1]] << 4 | b64_decode[bufin[2]] >> 2); + } + if (nprbytes > 3) { + *(bufout++) = (unsigned char)(b64_decode[bufin[2]] << 6 | b64_decode[bufin[3]]); + } + + int diff = (4 - nprbytes) & 3; + if (diff) { + nbytesdecoded -= (4 - nprbytes) & 3; + res.resize(nbytesdecoded); + } + + return res; } - TString SignCgiParamsForTvm(TStringBuf secret, TStringBuf ts, TStringBuf dstTvmId, TStringBuf scopes) { - TString data; - data.reserve(ts.size() + dstTvmId.size() + scopes.size() + 3); - const char DELIM = '|'; - data.append(ts).push_back(DELIM); - data.append(dstTvmId).push_back(DELIM); - data.append(scopes).push_back(DELIM); - - TString value(EVP_MAX_MD_SIZE, 0); - unsigned macLen = 0; - - if (!::HMAC(EVP_sha256(), secret.data(), secret.size(), (unsigned char*)data.data(), data.size(), - (unsigned char*)value.data(), &macLen)) - { - return {}; - } - - if (macLen != EVP_MAX_MD_SIZE) { - value.resize(macLen); - } - return Bin2base64url(value); - } -} - -namespace NTvmAuth::NInternal { - TMaybe<TInstant> TCanningKnife::GetExpirationTime(TStringBuf ticket) { - const TParserTickets::TRes res = TParserTickets::ParseV3(ticket, {}, TParserTickets::ServiceFlag()); - - return res.Status == ETicketStatus::MissingKey || res.Status == ETicketStatus::Expired - ? TInstant::Seconds(res.Ticket.expirationtime()) - : TMaybe<TInstant>(); + TString SignCgiParamsForTvm(TStringBuf secret, TStringBuf ts, TStringBuf dstTvmId, TStringBuf scopes) { + TString data; + data.reserve(ts.size() + dstTvmId.size() + scopes.size() + 3); + const char DELIM = '|'; + data.append(ts).push_back(DELIM); + data.append(dstTvmId).push_back(DELIM); + data.append(scopes).push_back(DELIM); + + TString value(EVP_MAX_MD_SIZE, 0); + unsigned macLen = 0; + + if (!::HMAC(EVP_sha256(), secret.data(), secret.size(), (unsigned char*)data.data(), data.size(), + (unsigned char*)value.data(), &macLen)) + { + return {}; + } + + if (macLen != EVP_MAX_MD_SIZE) { + value.resize(macLen); + } + return Bin2base64url(value); } } + +namespace NTvmAuth::NInternal { + TMaybe<TInstant> TCanningKnife::GetExpirationTime(TStringBuf ticket) { + const TParserTickets::TRes res = TParserTickets::ParseV3(ticket, {}, TParserTickets::ServiceFlag()); + + return res.Status == ETicketStatus::MissingKey || res.Status == ETicketStatus::Expired + ? TInstant::Seconds(res.Ticket.expirationtime()) + : TMaybe<TInstant>(); + } +} diff --git a/library/cpp/tvmauth/src/utils.h b/library/cpp/tvmauth/src/utils.h index e5847ac89f5..7a457affb82 100644 --- a/library/cpp/tvmauth/src/utils.h +++ b/library/cpp/tvmauth/src/utils.h @@ -1,30 +1,30 @@ #pragma once -#include <library/cpp/tvmauth/checked_service_ticket.h> -#include <library/cpp/tvmauth/checked_user_ticket.h> -#include <library/cpp/tvmauth/ticket_status.h> +#include <library/cpp/tvmauth/checked_service_ticket.h> +#include <library/cpp/tvmauth/checked_user_ticket.h> +#include <library/cpp/tvmauth/ticket_status.h> -#include <util/datetime/base.h> +#include <util/datetime/base.h> #include <util/generic/fwd.h> -namespace NTvmAuth::NUtils { - TString Bin2base64url(TStringBuf buf); - TString Base64url2bin(TStringBuf buf); +namespace NTvmAuth::NUtils { + TString Bin2base64url(TStringBuf buf); + TString Base64url2bin(TStringBuf buf); - TString SignCgiParamsForTvm(TStringBuf secret, TStringBuf ts, TStringBuf dstTvmId, TStringBuf scopes); -} - -namespace NTvmAuth::NInternal { - class TCanningKnife { - public: - static TCheckedServiceTicket::TImpl* GetS(TCheckedServiceTicket& t) { - return t.Impl_.Release(); - } - - static TCheckedUserTicket::TImpl* GetU(TCheckedUserTicket& t) { - return t.Impl_.Release(); - } - - static TMaybe<TInstant> GetExpirationTime(TStringBuf ticket); - }; -} + TString SignCgiParamsForTvm(TStringBuf secret, TStringBuf ts, TStringBuf dstTvmId, TStringBuf scopes); +} + +namespace NTvmAuth::NInternal { + class TCanningKnife { + public: + static TCheckedServiceTicket::TImpl* GetS(TCheckedServiceTicket& t) { + return t.Impl_.Release(); + } + + static TCheckedUserTicket::TImpl* GetU(TCheckedUserTicket& t) { + return t.Impl_.Release(); + } + + static TMaybe<TInstant> GetExpirationTime(TStringBuf ticket); + }; +} diff --git a/library/cpp/tvmauth/src/version b/library/cpp/tvmauth/src/version index 15a27998172..1bcf861c568 100644 --- a/library/cpp/tvmauth/src/version +++ b/library/cpp/tvmauth/src/version @@ -1 +1 @@ -3.3.0 +3.3.0 diff --git a/library/cpp/tvmauth/src/version.cpp b/library/cpp/tvmauth/src/version.cpp index 6b389213d0a..05709c39299 100644 --- a/library/cpp/tvmauth/src/version.cpp +++ b/library/cpp/tvmauth/src/version.cpp @@ -1,26 +1,26 @@ -#include <library/cpp/resource/resource.h> +#include <library/cpp/resource/resource.h> + +#include <util/string/strip.h> -#include <util/string/strip.h> - -namespace { - class TBuiltinVersion { - public: - TBuiltinVersion() { - Version_ = NResource::Find("/builtin/version"); - StripInPlace(Version_); - } - - TStringBuf Get() const { - return Version_; - } - - private: - TString Version_; - }; -} - -namespace NTvmAuth { +namespace { + class TBuiltinVersion { + public: + TBuiltinVersion() { + Version_ = NResource::Find("/builtin/version"); + StripInPlace(Version_); + } + + TStringBuf Get() const { + return Version_; + } + + private: + TString Version_; + }; +} + +namespace NTvmAuth { TStringBuf LibVersion() { - return Singleton<TBuiltinVersion>()->Get(); + return Singleton<TBuiltinVersion>()->Get(); } -} +} |