diff options
| author | ppodolsky <ppodolsky@yandex-team.ru> | 2022-02-10 16:48:03 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:48:03 +0300 |
| commit | ff24d93e6130e0944ce0c9e2d2f54e1e88fc08dd (patch) | |
| tree | 5f33d1a762f7b540dff1883c83c71b391876a558 /library/cpp/tvmauth | |
| parent | 02eacb2e0795d01f1d266d68904068b3789750f5 (diff) | |
| download | ydb-ff24d93e6130e0944ce0c9e2d2f54e1e88fc08dd.tar.gz | |
Restoring authorship annotation for <ppodolsky@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'library/cpp/tvmauth')
37 files changed, 2233 insertions, 2233 deletions
diff --git a/library/cpp/tvmauth/exception.h b/library/cpp/tvmauth/exception.h index f528886b95..a738a2fb9a 100644 --- a/library/cpp/tvmauth/exception.h +++ b/library/cpp/tvmauth/exception.h @@ -1,20 +1,20 @@ -#pragma once - -#include <util/generic/yexception.h> - -#include <exception> - +#pragma once + +#include <util/generic/yexception.h> + +#include <exception> + namespace NTvmAuth { - class TTvmException: public yexception { - }; - class TContextException: public TTvmException { - }; - class TMalformedTvmSecretException: public TContextException { - }; - class TMalformedTvmKeysException: public TContextException { - }; - class TEmptyTvmKeysException: public TContextException { - }; - class TNotAllowedException: public TTvmException { - }; + class TTvmException: public yexception { + }; + class TContextException: public TTvmException { + }; + class TMalformedTvmSecretException: public TContextException { + }; + class TMalformedTvmKeysException: public TContextException { + }; + class TEmptyTvmKeysException: public TContextException { + }; + class TNotAllowedException: public TTvmException { + }; } diff --git a/library/cpp/tvmauth/src/parser.cpp b/library/cpp/tvmauth/src/parser.cpp index 358de58d36..dc96bfeed4 100644 --- a/library/cpp/tvmauth/src/parser.cpp +++ b/library/cpp/tvmauth/src/parser.cpp @@ -1,97 +1,97 @@ -#include "parser.h" - -#include "utils.h" - +#include "parser.h" + +#include "utils.h" + #include <library/cpp/tvmauth/exception.h> - -#include <util/generic/strbuf.h> -#include <util/string/split.h> - -#include <ctime> - + +#include <util/generic/strbuf.h> +#include <util/string/split.h> + +#include <ctime> + namespace NTvmAuth { - TString TParserTvmKeys::ParseStrV1(TStringBuf str) { - while (str && str.back() == '\n') { - str.Chop(1); - } - + TString TParserTvmKeys::ParseStrV1(TStringBuf str) { + while (str && str.back() == '\n') { + str.Chop(1); + } + TStringBuf ver = str.NextTok(DELIM); - if (!str || !ver || ver != "1") { + if (!str || !ver || ver != "1") { throw TMalformedTvmKeysException() << "Malformed TVM keys"; - } - TString res = NUtils::Base64url2bin(str); - if (res.empty()) { + } + TString res = NUtils::Base64url2bin(str); + if (res.empty()) { throw TMalformedTvmKeysException() << "Malformed TVM keys"; - } - return res; - } - - TStringBuf TParserTickets::UserFlag() { - static const char BUF_[] = "user"; - return TStringBuf(BUF_, sizeof(BUF_) - 1); - } - - TStringBuf TParserTickets::ServiceFlag() { - static const char BUF_[] = "serv"; - return TStringBuf(BUF_, sizeof(BUF_) - 1); - } - - TParserTickets::TRes TParserTickets::ParseV3(TStringBuf body, const NRw::TPublicKeys& keys, TStringBuf type) { - TStrRes str = ParseStrV3(body, type); - TRes res(str.Status); + } + return res; + } + + TStringBuf TParserTickets::UserFlag() { + static const char BUF_[] = "user"; + return TStringBuf(BUF_, sizeof(BUF_) - 1); + } + + TStringBuf TParserTickets::ServiceFlag() { + static const char BUF_[] = "serv"; + return TStringBuf(BUF_, sizeof(BUF_) - 1); + } + + TParserTickets::TRes TParserTickets::ParseV3(TStringBuf body, const NRw::TPublicKeys& keys, TStringBuf type) { + TStrRes str = ParseStrV3(body, type); + TRes res(str.Status); if (str.Status != ETicketStatus::Ok) { - return TRes(str.Status); - } - if (!res.Ticket.ParseFromString(str.Proto)) { + return TRes(str.Status); + } + if (!res.Ticket.ParseFromString(str.Proto)) { res.Status = ETicketStatus::Malformed; - return res; - } - if (res.Ticket.expirationtime() <= time(nullptr)) { + return res; + } + if (res.Ticket.expirationtime() <= time(nullptr)) { res.Status = ETicketStatus::Expired; - return res; - } - - auto itKey = keys.find(res.Ticket.keyid()); - if (itKey == keys.end()) { + return res; + } + + auto itKey = keys.find(res.Ticket.keyid()); + if (itKey == keys.end()) { res.Status = ETicketStatus::MissingKey; - return res; - } - if (!itKey->second.CheckSign(str.ForCheck, str.Sign)) { + return res; + } + if (!itKey->second.CheckSign(str.ForCheck, str.Sign)) { res.Status = ETicketStatus::SignBroken; - return res; - } - return res; - } - - TParserTickets::TStrRes TParserTickets::ParseStrV3(TStringBuf body, TStringBuf type) { - TStringBuf forCheck = body; - TStringBuf version = body.NextTok(DELIM); + return res; + } + return res; + } + + TParserTickets::TStrRes TParserTickets::ParseStrV3(TStringBuf body, TStringBuf type) { + TStringBuf forCheck = body; + TStringBuf version = body.NextTok(DELIM); if (!body || version.size() != 1) { return {ETicketStatus::Malformed, {}, {}, {}}; } - if (version != "3") { + if (version != "3") { return {ETicketStatus::UnsupportedVersion, {}, {}, {}}; - } - - TStringBuf ticketType = body.NextTok(DELIM); - if (ticketType != type) { + } + + TStringBuf ticketType = body.NextTok(DELIM); + if (ticketType != type) { return {ETicketStatus::InvalidTicketType, {}, {}, {}}; - } - - TStringBuf proto = body.NextTok(DELIM); - TStringBuf sign = body.NextTok(DELIM); - - if (!proto || !sign || body.size() > 0) { + } + + TStringBuf proto = body.NextTok(DELIM); + TStringBuf sign = body.NextTok(DELIM); + + if (!proto || !sign || body.size() > 0) { return {ETicketStatus::Malformed, {}, {}, {}}; - } - - TString protoBin = NUtils::Base64url2bin(proto); - TString signBin = NUtils::Base64url2bin(sign); - - if (!protoBin || !signBin) { + } + + TString protoBin = NUtils::Base64url2bin(proto); + TString signBin = NUtils::Base64url2bin(sign); + + if (!protoBin || !signBin) { return {ETicketStatus::Malformed, {}, {}, {}}; - } - + } + return {ETicketStatus::Ok, std::move(protoBin), std::move(signBin), forCheck.Chop(sign.size())}; - } + } } diff --git a/library/cpp/tvmauth/src/parser.h b/library/cpp/tvmauth/src/parser.h index 678e709444..279c15beef 100644 --- a/library/cpp/tvmauth/src/parser.h +++ b/library/cpp/tvmauth/src/parser.h @@ -1,51 +1,51 @@ -#pragma once - +#pragma once + #include <library/cpp/tvmauth/src/protos/ticket2.pb.h> #include <library/cpp/tvmauth/src/rw/keys.h> - + #include <library/cpp/tvmauth/ticket_status.h> - -#include <util/generic/fwd.h> - -#include <string> - + +#include <util/generic/fwd.h> + +#include <string> + namespace NTvmAuth { - struct TParserTvmKeys { + struct TParserTvmKeys { static inline const char DELIM = ':'; - static TString ParseStrV1(TStringBuf str); - }; - - struct TParserTickets { - static const char DELIM = ':'; - - static TStringBuf UserFlag(); - static TStringBuf ServiceFlag(); - - struct TRes { + static TString ParseStrV1(TStringBuf str); + }; + + struct TParserTickets { + static const char DELIM = ':'; + + static TStringBuf UserFlag(); + static TStringBuf ServiceFlag(); + + struct TRes { TRes(ETicketStatus status) - : Status(status) - { - } - + : Status(status) + { + } + ETicketStatus Status; - - ticket2::Ticket Ticket; - }; - static TRes ParseV3(TStringBuf body, const NRw::TPublicKeys& keys, TStringBuf type); - - // private: - struct TStrRes { + + ticket2::Ticket Ticket; + }; + static TRes ParseV3(TStringBuf body, const NRw::TPublicKeys& keys, TStringBuf type); + + // private: + struct TStrRes { const ETicketStatus Status; - - TString Proto; - TString Sign; - - TStringBuf ForCheck; - - bool operator==(const TStrRes& o) const { // for tests - return Status == o.Status && Proto == o.Proto && Sign == o.Sign && ForCheck == o.ForCheck; - } - }; - static TStrRes ParseStrV3(TStringBuf body, TStringBuf type); - }; + + TString Proto; + TString Sign; + + TStringBuf ForCheck; + + bool operator==(const TStrRes& o) const { // for tests + return Status == o.Status && Proto == o.Proto && Sign == o.Sign && ForCheck == o.ForCheck; + } + }; + static TStrRes ParseStrV3(TStringBuf body, TStringBuf type); + }; } diff --git a/library/cpp/tvmauth/src/protos/ticket2.proto b/library/cpp/tvmauth/src/protos/ticket2.proto index 66c00a7d01..3914f440fb 100644 --- a/library/cpp/tvmauth/src/protos/ticket2.proto +++ b/library/cpp/tvmauth/src/protos/ticket2.proto @@ -1,31 +1,31 @@ -package ticket2; - +package ticket2; + option go_package = "a.yandex-team.ru/library/cpp/tvmauth/src/protos"; import "library/cpp/tvmauth/src/protos/tvm_keys.proto"; - -message User { - required uint64 uid = 1; -} - -message UserTicket { - repeated User users = 1; - required uint64 defaultUid = 2; - repeated string scopes = 3; - required uint32 entryPoint = 4; - required tvm_keys.BbEnvType env = 5; -} - -message ServiceTicket { - required uint32 srcClientId = 1; - required uint32 dstClientId = 2; - repeated string scopes = 3; - optional uint64 issuerUid = 4; -} - -message Ticket { - required uint32 keyId = 1; - required int64 expirationTime = 2; - optional UserTicket user = 3; - optional ServiceTicket service = 4; -} + +message User { + required uint64 uid = 1; +} + +message UserTicket { + repeated User users = 1; + required uint64 defaultUid = 2; + repeated string scopes = 3; + required uint32 entryPoint = 4; + required tvm_keys.BbEnvType env = 5; +} + +message ServiceTicket { + required uint32 srcClientId = 1; + required uint32 dstClientId = 2; + repeated string scopes = 3; + optional uint64 issuerUid = 4; +} + +message Ticket { + required uint32 keyId = 1; + required int64 expirationTime = 2; + optional UserTicket user = 3; + optional ServiceTicket service = 4; +} diff --git a/library/cpp/tvmauth/src/protos/tvm_keys.proto b/library/cpp/tvmauth/src/protos/tvm_keys.proto index 9ba42dbf80..fa16904d1b 100644 --- a/library/cpp/tvmauth/src/protos/tvm_keys.proto +++ b/library/cpp/tvmauth/src/protos/tvm_keys.proto @@ -1,36 +1,36 @@ -package tvm_keys; - +package tvm_keys; + option go_package = "a.yandex-team.ru/library/cpp/tvmauth/src/protos"; -enum KeyType { +enum KeyType { RabinWilliams = 0; -} - -enum BbEnvType { - Prod = 0; - Test = 1; - ProdYateam = 2; - TestYateam = 3; - Stress = 4; -} - -message General { - required uint32 id = 1; - required KeyType type = 2; - required bytes body = 3; - optional int64 createdTime = 4; -} - -message BbKey { - required General gen = 1; - required BbEnvType env = 2; -} - -message TvmKey { - required General gen = 1; -} - -message Keys { - repeated BbKey bb = 1; - repeated TvmKey tvm = 2; -} +} + +enum BbEnvType { + Prod = 0; + Test = 1; + ProdYateam = 2; + TestYateam = 3; + Stress = 4; +} + +message General { + required uint32 id = 1; + required KeyType type = 2; + required bytes body = 3; + optional int64 createdTime = 4; +} + +message BbKey { + required General gen = 1; + required BbEnvType env = 2; +} + +message TvmKey { + required General gen = 1; +} + +message Keys { + repeated BbKey bb = 1; + repeated TvmKey tvm = 2; +} diff --git a/library/cpp/tvmauth/src/protos/ya.make b/library/cpp/tvmauth/src/protos/ya.make index c2d579dc40..f12ca32e20 100644 --- a/library/cpp/tvmauth/src/protos/ya.make +++ b/library/cpp/tvmauth/src/protos/ya.make @@ -1,12 +1,12 @@ -PROTO_LIBRARY() - +PROTO_LIBRARY() + OWNER(g:passport_infra) - + INCLUDE_TAGS(GO_PROTO) -SRCS( - ticket2.proto - tvm_keys.proto -) - -END() +SRCS( + ticket2.proto + tvm_keys.proto +) + +END() diff --git a/library/cpp/tvmauth/src/rw/keys.cpp b/library/cpp/tvmauth/src/rw/keys.cpp index 5395287f5c..698a2e39c3 100644 --- a/library/cpp/tvmauth/src/rw/keys.cpp +++ b/library/cpp/tvmauth/src/rw/keys.cpp @@ -1,14 +1,14 @@ -#include "keys.h" - -#include "rw.h" - +#include "keys.h" + +#include "rw.h" + #include <library/cpp/openssl/init/init.h> -#include <contrib/libs/openssl/include/openssl/evp.h> - -#include <util/generic/strbuf.h> +#include <contrib/libs/openssl/include/openssl/evp.h> + +#include <util/generic/strbuf.h> #include <util/generic/yexception.h> - + namespace { struct TInit { TInit() { @@ -18,7 +18,7 @@ namespace { } namespace NTvmAuth { - namespace NRw { + namespace NRw { namespace NPrivate { void TRwDestroyer::Destroy(TRwInternal* o) { RwFree(o); @@ -33,23 +33,23 @@ namespace NTvmAuth { } static TString SerializeRW(TRwKey* rw, int (*func)(const TRwKey*, unsigned char**)) { - unsigned char* buf = nullptr; - int size = func(rw, &buf); + unsigned char* buf = nullptr; + int size = func(rw, &buf); THolder<unsigned char, NPrivate::TArrayDestroyer> guard(buf); - return TString((char*)buf, size); - } - + return TString((char*)buf, size); + } + TKeyPair GenKeyPair(size_t size) { TRw rw(RwNew()); RwGenerateKey(rw.Get(), size); - + TRw skey(RwPrivateKeyDup(rw.Get())); TRw vkey(RwPublicKeyDup(rw.Get())); - + TKeyPair res; res.Private = SerializeRW(skey.Get(), &i2d_RWPrivateKey); res.Public = SerializeRW(vkey.Get(), &i2d_RWPublicKey); - + TRwPrivateKey prKey(res.Private, 0); TRwPublicKey pubKey(res.Public); @@ -58,21 +58,21 @@ namespace NTvmAuth { Y_ENSURE(pubKey.CheckSign(msg, prKey.SignTicket(msg)), "Failed to gen keys"); return res; - } - - TRwPrivateKey::TRwPrivateKey(TStringBuf body, TKeyId id) + } + + TRwPrivateKey::TRwPrivateKey(TStringBuf body, TKeyId id) : Id_(id) , Rw_(Deserialize(body)) , SignLen_(RwModSize(Rw_.Get())) - { + { Y_ENSURE(SignLen_ > 0, "Private key has bad len: " << SignLen_); - } - - TKeyId TRwPrivateKey::GetId() const { + } + + TKeyId TRwPrivateKey::GetId() const { return Id_; - } - - TString TRwPrivateKey::SignTicket(TStringBuf ticket) const { + } + + TString TRwPrivateKey::SignTicket(TStringBuf ticket) const { TString res(SignLen_, 0x00); int len = RwPssrSignMsg(ticket.size(), @@ -80,48 +80,48 @@ namespace NTvmAuth { (unsigned char*)res.data(), Rw_.Get(), (EVP_MD*)EVP_sha256()); - + Y_ENSURE(len > 0 && len <= SignLen_, "Signing failed. len: " << len); - + res.resize(len); return res; - } - - TRw TRwPrivateKey::Deserialize(TStringBuf key) { + } + + TRw TRwPrivateKey::Deserialize(TStringBuf key) { TRwKey* rw = nullptr; - auto data = reinterpret_cast<const unsigned char*>(key.data()); - if (!d2i_RWPrivateKey(&rw, &data, key.size())) { + auto data = reinterpret_cast<const unsigned char*>(key.data()); + if (!d2i_RWPrivateKey(&rw, &data, key.size())) { ythrow yexception() << "Private key is malformed"; - } + } return TRw(rw); - } - - TRwPublicKey::TRwPublicKey(TStringBuf body) + } + + TRwPublicKey::TRwPublicKey(TStringBuf body) : Rw_(Deserialize(body)) - { - } - - bool TRwPublicKey::CheckSign(TStringBuf ticket, TStringBuf sign) const { + { + } + + bool TRwPublicKey::CheckSign(TStringBuf ticket, TStringBuf sign) const { int result = RwPssrVerifyMsg(ticket.size(), (const unsigned char*)ticket.data(), (unsigned char*)sign.data(), sign.size(), Rw_.Get(), (EVP_MD*)EVP_sha256()); - + Y_ENSURE(result >= 0, "Failed to check sign: " << result); - return result; - } - - TRw TRwPublicKey::Deserialize(TStringBuf key) { + return result; + } + + TRw TRwPublicKey::Deserialize(TStringBuf key) { TRwKey* rw = nullptr; - auto data = reinterpret_cast<const unsigned char*>(key.data()); + auto data = reinterpret_cast<const unsigned char*>(key.data()); auto status = d2i_RWPublicKey(&rw, &data, key.size()); TRw res(rw); Y_ENSURE(status, "Public key is malformed: " << key); return res; - } + } TSecureHeap::TSecureHeap(size_t totalSize, int minChunkSize) { CRYPTO_secure_malloc_init(totalSize, minChunkSize); @@ -134,5 +134,5 @@ namespace NTvmAuth { void TSecureHeap::Init(size_t totalSize, int minChunkSize) { Singleton<TSecureHeap>(totalSize, minChunkSize); } - } -} + } +} diff --git a/library/cpp/tvmauth/src/rw/keys.h b/library/cpp/tvmauth/src/rw/keys.h index e02b7e72a1..b5877b767a 100644 --- a/library/cpp/tvmauth/src/rw/keys.h +++ b/library/cpp/tvmauth/src/rw/keys.h @@ -1,58 +1,58 @@ -#pragma once - +#pragma once + #include <util/generic/ptr.h> #include <util/generic/string.h> - -#include <unordered_map> - + +#include <unordered_map> + struct TRwInternal; - + namespace NTvmAuth { - namespace NRw { + namespace NRw { namespace NPrivate { class TRwDestroyer { public: static void Destroy(TRwInternal* o); }; } - + using TRw = THolder<TRwInternal, NPrivate::TRwDestroyer>; using TKeyId = ui32; - struct TKeyPair { + struct TKeyPair { TString Private; TString Public; - }; + }; TKeyPair GenKeyPair(size_t size); - - class TRwPrivateKey { - public: - TRwPrivateKey(TStringBuf body, TKeyId id); - - TKeyId GetId() const; - TString SignTicket(TStringBuf ticket) const; - - private: - static TRw Deserialize(TStringBuf key); - + + class TRwPrivateKey { + public: + TRwPrivateKey(TStringBuf body, TKeyId id); + + TKeyId GetId() const; + TString SignTicket(TStringBuf ticket) const; + + private: + static TRw Deserialize(TStringBuf key); + TKeyId Id_; TRw Rw_; int SignLen_; - }; - - class TRwPublicKey { - public: - TRwPublicKey(TStringBuf body); - - bool CheckSign(TStringBuf ticket, TStringBuf sign) const; - - private: - static TRw Deserialize(TStringBuf key); - + }; + + class TRwPublicKey { + public: + TRwPublicKey(TStringBuf body); + + bool CheckSign(TStringBuf ticket, TStringBuf sign) const; + + private: + static TRw Deserialize(TStringBuf key); + TRw Rw_; - }; - - using TPublicKeys = std::unordered_map<TKeyId, TRwPublicKey>; + }; + + using TPublicKeys = std::unordered_map<TKeyId, TRwPublicKey>; class TSecureHeap { public: @@ -61,5 +61,5 @@ namespace NTvmAuth { static void Init(size_t totalSize = 16 * 1024 * 1024, int minChunkSize = 16); }; - } -} + } +} diff --git a/library/cpp/tvmauth/src/rw/rw.h b/library/cpp/tvmauth/src/rw/rw.h index cbff96b85d..727937f44d 100644 --- a/library/cpp/tvmauth/src/rw/rw.h +++ b/library/cpp/tvmauth/src/rw/rw.h @@ -1,25 +1,25 @@ -#pragma once - -#include <contrib/libs/openssl/include/openssl/bn.h> -#include <contrib/libs/openssl/include/openssl/crypto.h> - -#ifdef __cplusplus -extern "C" { -#endif - +#pragma once + +#include <contrib/libs/openssl/include/openssl/bn.h> +#include <contrib/libs/openssl/include/openssl/crypto.h> + +#ifdef __cplusplus +extern "C" { +#endif + typedef struct { BIGNUM* S; } TRwSignature; - + /*Rabin–Williams*/ typedef struct TRwInternal TRwKey; - + typedef struct { TRwSignature* (*RwSign)(const unsigned char* dgst, const int dlen, TRwKey* rw); int (*RwVerify)(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); int (*RwApply)(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); } TRwMethod; - + struct TRwInternal { /* first private multiplier */ BIGNUM* P; @@ -40,47 +40,47 @@ extern "C" { /* functions for working with RW */ const TRwMethod* Meth; }; - + TRwSignature* RwSignatureNew(void); void RwSignatureFree(TRwSignature* a); - + /* RW signing functions */ /* the function can put some tmp values to rw */ int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md); int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md); - + /* RW-PSS verification functions */ int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); - + /* internal functions, use them only if you know what you're doing */ int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw); int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw); - + const TRwMethod* RwDefaultMethods(void); - + TRwKey* RwNew(void); void RwFree(TRwKey* r); int RwSize(const TRwKey* rw); int RwModSize(const TRwKey* rw); - + TRwKey* RwPublicKeyDup(TRwKey* rw); TRwKey* RwPrivateKeyDup(TRwKey* rw); - + // NOLINTNEXTLINE(readability-identifier-naming) TRwKey* d2i_RWPublicKey(TRwKey** a, const unsigned char** pp, long length); // NOLINTNEXTLINE(readability-identifier-naming) TRwKey* d2i_RWPrivateKey(TRwKey** a, const unsigned char** pp, long length); - + int RwGenerateKey(TRwKey* a, int bits); // NOLINTNEXTLINE(readability-identifier-naming) int i2d_RWPublicKey(const TRwKey* a, unsigned char** pp); // NOLINTNEXTLINE(readability-identifier-naming) int i2d_RWPrivateKey(const TRwKey* a, unsigned char** pp); - + int RwPaddingAddPssr(const TRwKey* rw, unsigned char* EM, const unsigned char* mHash, const EVP_MD* Hash, int sLen); int RwVerifyPssr(const TRwKey* rw, const unsigned char* mHash, const EVP_MD* Hash, const unsigned char* EM, int sLen); - -#ifdef __cplusplus -} -#endif + +#ifdef __cplusplus +} +#endif diff --git a/library/cpp/tvmauth/src/rw/rw_asn1.c b/library/cpp/tvmauth/src/rw/rw_asn1.c index 76682dcff4..a0f282b929 100644 --- a/library/cpp/tvmauth/src/rw/rw_asn1.c +++ b/library/cpp/tvmauth/src/rw/rw_asn1.c @@ -1,56 +1,56 @@ -#include "rw.h" - -#include <contrib/libs/openssl/include/openssl/asn1.h> -#include <contrib/libs/openssl/include/openssl/asn1t.h> -#include <contrib/libs/openssl/include/openssl/rand.h> - -#include <stdio.h> - -/* Override the default new methods */ -/* This callback is used by OpenSSL's ASN.1 parser */ +#include "rw.h" + +#include <contrib/libs/openssl/include/openssl/asn1.h> +#include <contrib/libs/openssl/include/openssl/asn1t.h> +#include <contrib/libs/openssl/include/openssl/rand.h> + +#include <stdio.h> + +/* Override the default new methods */ +/* This callback is used by OpenSSL's ASN.1 parser */ static int SignatureCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { - (void)it; - (void)exarg; - - if (operation == ASN1_OP_NEW_PRE) { + (void)it; + (void)exarg; + + if (operation == ASN1_OP_NEW_PRE) { TRwSignature* sig; sig = OPENSSL_malloc(sizeof(TRwSignature)); - if (!sig) - return 0; + if (!sig) + return 0; sig->S = NULL; - *pval = (ASN1_VALUE*)sig; - return 2; - } - return 1; -} - -/* ASN.1 structure representing RW signature value */ + *pval = (ASN1_VALUE*)sig; + return 2; + } + return 1; +} + +/* ASN.1 structure representing RW signature value */ ASN1_SEQUENCE_cb(TRwSignature, SignatureCallback) = { ASN1_SIMPLE(TRwSignature, S, BIGNUM), } ASN1_SEQUENCE_END_cb(TRwSignature, TRwSignature) - + /* i2d_ and d2i functions implementation for RW */ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwSignature, TRwSignature, TRwSignature) - - /* Override the default free and new methods */ + + /* Override the default free and new methods */ static int RwCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { - (void)it; - (void)exarg; - - if (operation == ASN1_OP_NEW_PRE) { + (void)it; + (void)exarg; + + if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE*)RwNew(); - if (*pval) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { + if (*pval) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { RwFree((TRwKey*)*pval); - *pval = NULL; - return 2; - } - return 1; -} - -/* ASN.1 representation of RW's private key */ + *pval = NULL; + return 2; + } + return 1; +} + +/* ASN.1 representation of RW's private key */ ASN1_SEQUENCE_cb(RWPrivateKey, RwCallback) = { ASN1_SIMPLE(TRwKey, N, BIGNUM), ASN1_SIMPLE(TRwKey, P, CBIGNUM), @@ -60,22 +60,22 @@ ASN1_SEQUENCE_cb(RWPrivateKey, RwCallback) = { ASN1_SIMPLE(TRwKey, Dp, CBIGNUM), ASN1_SIMPLE(TRwKey, Twomp, CBIGNUM), ASN1_SIMPLE(TRwKey, Twomq, CBIGNUM)} ASN1_SEQUENCE_END_cb(TRwKey, RWPrivateKey); - + /* i2d_ and d2i_ functions for RW's private key */ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPrivateKey, RWPrivateKey); - + /* ASN.1 representation of RW public key */ ASN1_SEQUENCE_cb(RWPublicKey, RwCallback) = { ASN1_SIMPLE(TRwKey, N, BIGNUM), } ASN1_SEQUENCE_END_cb(TRwKey, RWPublicKey); - + /* i2d_ and d2i functions for RW public key */ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPublicKey, RWPublicKey); - + TRwKey* RwPublicKeyDup(TRwKey* rw) { - return ASN1_item_dup(ASN1_ITEM_rptr(RWPublicKey), rw); -} - + return ASN1_item_dup(ASN1_ITEM_rptr(RWPublicKey), rw); +} + TRwKey* RwPrivateKeyDup(TRwKey* rw) { - return ASN1_item_dup(ASN1_ITEM_rptr(RWPrivateKey), rw); -} + return ASN1_item_dup(ASN1_ITEM_rptr(RWPrivateKey), rw); +} diff --git a/library/cpp/tvmauth/src/rw/rw_key.c b/library/cpp/tvmauth/src/rw/rw_key.c index 8375c3ca20..eec27dc7b2 100644 --- a/library/cpp/tvmauth/src/rw/rw_key.c +++ b/library/cpp/tvmauth/src/rw/rw_key.c @@ -1,135 +1,135 @@ -#include "rw.h" - -#include <contrib/libs/openssl/include/openssl/rand.h> - +#include "rw.h" + +#include <contrib/libs/openssl/include/openssl/rand.h> + int RwGenerateKey(TRwKey* rw, int bits) { - int ok = 0; - - BN_CTX* ctx = NULL; - BIGNUM *rem3 = NULL, *rem7 = NULL, *mod8 = NULL, *rem5 = NULL; - BIGNUM *nmod = NULL, *twomqexp = NULL, *twompexp = NULL, *two = NULL; - - int bitsp = (bits + 1) / 2; - int bitsq = bits - bitsp; - - /* make sure that all components are not null */ + int ok = 0; + + BN_CTX* ctx = NULL; + BIGNUM *rem3 = NULL, *rem7 = NULL, *mod8 = NULL, *rem5 = NULL; + BIGNUM *nmod = NULL, *twomqexp = NULL, *twompexp = NULL, *two = NULL; + + int bitsp = (bits + 1) / 2; + int bitsq = bits - bitsp; + + /* make sure that all components are not null */ if ((ctx = BN_CTX_secure_new()) == NULL) - goto err; - if (!rw) - goto err; + goto err; + if (!rw) + goto err; if (!rw->N && ((rw->N = BN_new()) == NULL)) - goto err; + goto err; if (!rw->P && ((rw->P = BN_new()) == NULL)) - goto err; + goto err; if (!rw->Q && ((rw->Q = BN_new()) == NULL)) - goto err; + goto err; if (!rw->Iqmp && ((rw->Iqmp = BN_new()) == NULL)) - goto err; + goto err; if (!rw->Twomq && ((rw->Twomq = BN_new()) == NULL)) - goto err; + goto err; if (!rw->Twomp && ((rw->Twomp = BN_new()) == NULL)) - goto err; + goto err; if (!rw->Dq && ((rw->Dq = BN_new()) == NULL)) - goto err; + goto err; if (!rw->Dp && ((rw->Dp = BN_new()) == NULL)) - goto err; - - BN_CTX_start(ctx); - - rem3 = BN_CTX_get(ctx); - rem7 = BN_CTX_get(ctx); - rem5 = BN_CTX_get(ctx); - mod8 = BN_CTX_get(ctx); - nmod = BN_CTX_get(ctx); - twomqexp = BN_CTX_get(ctx); - twompexp = BN_CTX_get(ctx); - two = BN_CTX_get(ctx); - - if (!BN_set_word(mod8, 8)) - goto err; - if (!BN_set_word(rem3, 3)) - goto err; - if (!BN_set_word(rem7, 7)) - goto err; - if (!BN_set_word(rem5, 5)) - goto err; - if (!BN_set_word(two, 2)) - goto err; - - /* generate p */ - /* add == 8 */ - /* rem == 3 */ - /* safe == 0 as we don't need (p-1)/2 to be also prime */ + goto err; + + BN_CTX_start(ctx); + + rem3 = BN_CTX_get(ctx); + rem7 = BN_CTX_get(ctx); + rem5 = BN_CTX_get(ctx); + mod8 = BN_CTX_get(ctx); + nmod = BN_CTX_get(ctx); + twomqexp = BN_CTX_get(ctx); + twompexp = BN_CTX_get(ctx); + two = BN_CTX_get(ctx); + + if (!BN_set_word(mod8, 8)) + goto err; + if (!BN_set_word(rem3, 3)) + goto err; + if (!BN_set_word(rem7, 7)) + goto err; + if (!BN_set_word(rem5, 5)) + goto err; + if (!BN_set_word(two, 2)) + goto err; + + /* generate p */ + /* add == 8 */ + /* rem == 3 */ + /* safe == 0 as we don't need (p-1)/2 to be also prime */ if (!BN_generate_prime_ex(rw->P, bitsp, 0, mod8, rem3, NULL)) - goto err; - - /* generate q */ - /* add == 8 */ - /* rem == 7 */ - /* safe == 0 */ + goto err; + + /* generate q */ + /* add == 8 */ + /* rem == 7 */ + /* safe == 0 */ if (!BN_generate_prime_ex(rw->Q, bitsq, 0, mod8, rem7, NULL)) - goto err; - - /* n == p*q */ + goto err; + + /* n == p*q */ if (!BN_mul(rw->N, rw->P, rw->Q, ctx)) - goto err; - - /* n == 5 mod 8 ? */ + goto err; + + /* n == 5 mod 8 ? */ if (!BN_nnmod(nmod, rw->N, mod8, ctx)) - goto err; - if (BN_ucmp(rem5, nmod) != 0) - goto err; - - /* q^(-1) mod p */ + goto err; + if (BN_ucmp(rem5, nmod) != 0) + goto err; + + /* q^(-1) mod p */ if (!BN_mod_inverse(rw->Iqmp, rw->Q, rw->P, ctx)) - goto err; - - /* twomqexp = (3q-5)/8 */ + goto err; + + /* twomqexp = (3q-5)/8 */ if (!BN_copy(twomqexp, rw->Q)) - goto err; - if (!BN_mul_word(twomqexp, 3)) - goto err; - if (!BN_sub_word(twomqexp, 5)) - goto err; - if (!BN_rshift(twomqexp, twomqexp, 3)) - goto err; + goto err; + if (!BN_mul_word(twomqexp, 3)) + goto err; + if (!BN_sub_word(twomqexp, 5)) + goto err; + if (!BN_rshift(twomqexp, twomqexp, 3)) + goto err; if (!BN_mod_exp(rw->Twomq, two, twomqexp, rw->Q, ctx)) - goto err; - - /* twompexp = (9p-11)/8 */ + goto err; + + /* twompexp = (9p-11)/8 */ if (!BN_copy(twompexp, rw->P)) - goto err; - if (!BN_mul_word(twompexp, 9)) - goto err; - if (!BN_sub_word(twompexp, 11)) - goto err; - if (!BN_rshift(twompexp, twompexp, 3)) - goto err; + goto err; + if (!BN_mul_word(twompexp, 9)) + goto err; + if (!BN_sub_word(twompexp, 11)) + goto err; + if (!BN_rshift(twompexp, twompexp, 3)) + goto err; if (!BN_mod_exp(rw->Twomp, two, twompexp, rw->P, ctx)) - goto err; - - /* dp = (p-3) / 8 */ + goto err; + + /* dp = (p-3) / 8 */ if (!BN_copy(rw->Dp, rw->P)) - goto err; + goto err; if (!BN_sub_word(rw->Dp, 3)) - goto err; + goto err; if (!BN_rshift(rw->Dp, rw->Dp, 3)) - goto err; - - /* dq = (q+1) / 8 */ + goto err; + + /* dq = (q+1) / 8 */ if (!BN_copy(rw->Dq, rw->Q)) - goto err; + goto err; if (!BN_add_word(rw->Dq, 1)) - goto err; + goto err; if (!BN_rshift(rw->Dq, rw->Dq, 3)) - goto err; - - ok = 1; - -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; -} + goto err; + + ok = 1; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; +} diff --git a/library/cpp/tvmauth/src/rw/rw_lib.c b/library/cpp/tvmauth/src/rw/rw_lib.c index 94d94caa4a..6ade046d5c 100644 --- a/library/cpp/tvmauth/src/rw/rw_lib.c +++ b/library/cpp/tvmauth/src/rw/rw_lib.c @@ -1,18 +1,18 @@ -#include "rw.h" - -#include <contrib/libs/openssl/include/openssl/asn1.h> - -#include <stdio.h> - +#include "rw.h" + +#include <contrib/libs/openssl/include/openssl/asn1.h> + +#include <stdio.h> + TRwKey* RwNew(void) { TRwKey* ret = NULL; - + ret = (TRwKey*)malloc(sizeof(TRwKey)); - if (ret == NULL) { - return (NULL); - } + if (ret == NULL) { + return (NULL); + } ret->Meth = RwDefaultMethods(); - + ret->P = NULL; ret->Q = NULL; ret->N = NULL; @@ -21,14 +21,14 @@ TRwKey* RwNew(void) { ret->Twomp = NULL; ret->Dp = NULL; ret->Dq = NULL; - - return ret; -} - + + return ret; +} + void RwFree(TRwKey* r) { - if (r == NULL) - return; - + if (r == NULL) + return; + if (r->P != NULL) BN_clear_free(r->P); if (r->Q != NULL) @@ -45,33 +45,33 @@ void RwFree(TRwKey* r) { BN_clear_free(r->Twomp); if (r->Twomq != NULL) BN_clear_free(r->Twomq); - + free(r); -} - +} + int RwSize(const TRwKey* r) { - int ret = 0, i = 0; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. - However, i2d_ASN1_INTEGER() will not look - beyond the first byte, as long as the second - parameter is NULL. */ - + int ret = 0, i = 0; + ASN1_INTEGER bs; + unsigned char buf[4]; /* 4 bytes looks really small. + However, i2d_ASN1_INTEGER() will not look + beyond the first byte, as long as the second + parameter is NULL. */ + i = BN_num_bits(r->N); - bs.length = (i + 7) / 8; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); - return ret; -} - + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0] = 0xff; + + i = i2d_ASN1_INTEGER(&bs, NULL); + + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + return ret; +} + int RwModSize(const TRwKey* rw) { if (rw == NULL || rw->N == NULL) - return 0; + return 0; return BN_num_bytes(rw->N); -} +} diff --git a/library/cpp/tvmauth/src/rw/rw_ossl.c b/library/cpp/tvmauth/src/rw/rw_ossl.c index 951752bdb3..d45dfcdc8c 100644 --- a/library/cpp/tvmauth/src/rw/rw_ossl.c +++ b/library/cpp/tvmauth/src/rw/rw_ossl.c @@ -1,38 +1,38 @@ -#include "rw.h" - -#include <contrib/libs/openssl/include/openssl/rand.h> - -//#define RW_PRINT_DEBUG -//#define AVOID_IF -//#define FAULT_TOLERANCE_CHECK - -#ifdef RW_PRINT_DEBUG +#include "rw.h" + +#include <contrib/libs/openssl/include/openssl/rand.h> + +//#define RW_PRINT_DEBUG +//#define AVOID_IF +//#define FAULT_TOLERANCE_CHECK + +#ifdef RW_PRINT_DEBUG #include <stdio.h> -#endif - +#endif + static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw); static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); - + static TRwMethod rw_default_meth = { RwDoSign, RwDoVerify, RwDoApply}; - + const TRwMethod* RwDefaultMethods(void) { - return &rw_default_meth; -} - -#ifdef RW_PRINT_DEBUG - -static void print_bn(char* name, BIGNUM* value) { - char* str_repr; - str_repr = BN_bn2dec(value); - printf("Name: %s\n", name); - printf("Value: %s\n", str_repr); - OPENSSL_free(str_repr); -} - + return &rw_default_meth; +} + +#ifdef RW_PRINT_DEBUG + +static void print_bn(char* name, BIGNUM* value) { + char* str_repr; + str_repr = BN_bn2dec(value); + printf("Name: %s\n", name); + printf("Value: %s\n", str_repr); + OPENSSL_free(str_repr); +} + #define DEBUG_PRINT_BN(s, x) \ do { \ print_bn((s), (x)); \ @@ -52,422 +52,422 @@ static void print_bn(char* name, BIGNUM* value) { do { \ printf((s), (v)); \ } while (0); -#else +#else #define DEBUG_PRINT_BN(s, x) #define DEBUG_PRINT_RW(r) #define DEBUG_PRINTF(s, v) -#endif - -/* - * The algorithms was taken from - * https://cr.yp.to/sigs/rwsota-20080131.pdf - * Section 6 -> "Avoiding Jacobi symbols" - * '^' means power - * 1. Compute U = h ^ ((q+1) / 8) mod q - * 2. If U ^ 4 - h mod q == 0, set e = 1 otherwise set e = -1 - * 3. Compute V = (eh) ^ ((p-3)/8) mod p - * 4. If (V^4 * (eh)^2 - eh) mod p = 0; set f = 1; otherwise set f = 2 - * 5. Precompute 2^((3q-5) / 8) mod q; Compute W = f^((3*q - 5) / 8) * U mod q - * 6. Precompute 2^((9p-11) / 8) mod p; Compute X = f^((9p-11) / 8) * V^3 * eh mod p - * 7. Precompute q^(p-2) mod p; Compute Y = W + q(q^(p-2) * (X - W) mod p) - * 8. Compute s = Y^2 mod pq - * 9. Fault tolerance: if efs^2 mod pq != h start over - */ +#endif + +/* + * The algorithms was taken from + * https://cr.yp.to/sigs/rwsota-20080131.pdf + * Section 6 -> "Avoiding Jacobi symbols" + * '^' means power + * 1. Compute U = h ^ ((q+1) / 8) mod q + * 2. If U ^ 4 - h mod q == 0, set e = 1 otherwise set e = -1 + * 3. Compute V = (eh) ^ ((p-3)/8) mod p + * 4. If (V^4 * (eh)^2 - eh) mod p = 0; set f = 1; otherwise set f = 2 + * 5. Precompute 2^((3q-5) / 8) mod q; Compute W = f^((3*q - 5) / 8) * U mod q + * 6. Precompute 2^((9p-11) / 8) mod p; Compute X = f^((9p-11) / 8) * V^3 * eh mod p + * 7. Precompute q^(p-2) mod p; Compute Y = W + q(q^(p-2) * (X - W) mod p) + * 8. Compute s = Y^2 mod pq + * 9. Fault tolerance: if efs^2 mod pq != h start over + */ static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { - BIGNUM *m, *U, *V, *tmp, *m_q, *m_p, *tmp2; - /* additional variables to avoid "if" statements */ - BIGNUM *tmp_mp, *tmp_U, *tmp_V; + BIGNUM *m, *U, *V, *tmp, *m_q, *m_p, *tmp2; + /* additional variables to avoid "if" statements */ + BIGNUM *tmp_mp, *tmp_U, *tmp_V; TRwSignature* ret = NULL; - BN_CTX* ctx = NULL; - int ok = 0, e = 0, f = 0; - + BN_CTX* ctx = NULL; + int ok = 0, e = 0, f = 0; + if (!rw || !rw->P || !rw->Q || !rw->N || !rw->Iqmp || !rw->Dp || !rw->Dq || !rw->Twomp || !rw->Twomq) - goto err; - + goto err; + if ((ctx = BN_CTX_secure_new()) == NULL) - goto err; - BN_CTX_start(ctx); - - m = BN_CTX_get(ctx); - U = BN_CTX_get(ctx); - V = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - m_q = BN_CTX_get(ctx); - m_p = BN_CTX_get(ctx); - tmp_mp = BN_CTX_get(ctx); - tmp_U = BN_CTX_get(ctx); - tmp_V = BN_CTX_get(ctx); - - DEBUG_PRINT_RW(rw) - - /* if (!BN_set_word(four, 4)) goto err; */ - - if (!BN_bin2bn(dgst, dlen, m)) - goto err; + goto err; + BN_CTX_start(ctx); + + m = BN_CTX_get(ctx); + U = BN_CTX_get(ctx); + V = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + tmp2 = BN_CTX_get(ctx); + m_q = BN_CTX_get(ctx); + m_p = BN_CTX_get(ctx); + tmp_mp = BN_CTX_get(ctx); + tmp_U = BN_CTX_get(ctx); + tmp_V = BN_CTX_get(ctx); + + DEBUG_PRINT_RW(rw) + + /* if (!BN_set_word(four, 4)) goto err; */ + + if (!BN_bin2bn(dgst, dlen, m)) + goto err; if (BN_ucmp(m, rw->N) >= 0) - goto err; - - /* check if m % 16 == 12 */ + goto err; + + /* check if m % 16 == 12 */ if (BN_mod_word(m, 16) != 12) - goto err; - DEBUG_PRINT_BN("m", m) - - /* TODO: optimization to avoid memory allocation? */ + goto err; + DEBUG_PRINT_BN("m", m) + + /* TODO: optimization to avoid memory allocation? */ if ((ret = RwSignatureNew()) == NULL) - goto err; - /* memory allocation */ + goto err; + /* memory allocation */ if ((ret->S = BN_new()) == NULL) - goto err; - - /* m_q = m mod q */ + goto err; + + /* m_q = m mod q */ if (!BN_nnmod(m_q, m, rw->Q, ctx)) - goto err; - /* m_p = m mod p */ + goto err; + /* m_p = m mod p */ if (!BN_nnmod(m_p, m, rw->P, ctx)) - goto err; - - DEBUG_PRINT_BN("m_p", m_p) - DEBUG_PRINT_BN("m_q", m_q) - - /* U = h ** ((q+1)/8) mod q */ + goto err; + + DEBUG_PRINT_BN("m_p", m_p) + DEBUG_PRINT_BN("m_q", m_q) + + /* U = h ** ((q+1)/8) mod q */ if (!BN_mod_exp(U, m_q, rw->Dq, rw->Q, ctx)) - goto err; - DEBUG_PRINT_BN("U", U) - - /* tmp = U^4 - h mod q */ + goto err; + DEBUG_PRINT_BN("U", U) + + /* tmp = U^4 - h mod q */ if (!BN_mod_sqr(tmp, U, rw->Q, ctx)) - goto err; + goto err; if (!BN_mod_sqr(tmp, tmp, rw->Q, ctx)) - goto err; - DEBUG_PRINT_BN("U**4 mod q", tmp) - - /* e = 1 if tmp == 0 else -1 */ - e = 2 * (BN_ucmp(tmp, m_q) == 0) - 1; - DEBUG_PRINTF("e == %i\n", e) - - /* - to avoid "if" branch - if e == -1: m_p = tmp_mp - if e == 1: m_p = m_p - */ + goto err; + DEBUG_PRINT_BN("U**4 mod q", tmp) + + /* e = 1 if tmp == 0 else -1 */ + e = 2 * (BN_ucmp(tmp, m_q) == 0) - 1; + DEBUG_PRINTF("e == %i\n", e) + + /* + to avoid "if" branch + if e == -1: m_p = tmp_mp + if e == 1: m_p = m_p + */ if (!BN_sub(tmp_mp, rw->P, m_p)) - goto err; - m_p = (BIGNUM*)((1 - ((1 + e) >> 1)) * (BN_ULONG)tmp_mp + ((1 + e) >> 1) * (BN_ULONG)m_p); - DEBUG_PRINT_BN("eh mod p", m_p) - - /* V = (eh) ** ((p-3)/8) */ + goto err; + m_p = (BIGNUM*)((1 - ((1 + e) >> 1)) * (BN_ULONG)tmp_mp + ((1 + e) >> 1) * (BN_ULONG)m_p); + DEBUG_PRINT_BN("eh mod p", m_p) + + /* V = (eh) ** ((p-3)/8) */ if (!BN_mod_exp(V, m_p, rw->Dp, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("V == ((eh) ** ((p-3)/8))", V) - - /* (eh) ** 2 */ + goto err; + DEBUG_PRINT_BN("V == ((eh) ** ((p-3)/8))", V) + + /* (eh) ** 2 */ if (!BN_mod_sqr(tmp2, m_p, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("(eh)**2", tmp2) - - /* V ** 4 */ + goto err; + DEBUG_PRINT_BN("(eh)**2", tmp2) + + /* V ** 4 */ if (!BN_mod_sqr(tmp, V, rw->P, ctx)) - goto err; + goto err; if (!BN_mod_sqr(tmp, tmp, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("V**4", tmp) - - /* V**4 * (eh)**2 */ + goto err; + DEBUG_PRINT_BN("V**4", tmp) + + /* V**4 * (eh)**2 */ if (!BN_mod_mul(tmp, tmp, tmp2, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("tmp = (V**4 * (eh)**2) mod p", tmp) - - /* tmp = tmp - eh mod p */ + goto err; + DEBUG_PRINT_BN("tmp = (V**4 * (eh)**2) mod p", tmp) + + /* tmp = tmp - eh mod p */ if (!BN_mod_sub(tmp, tmp, m_p, rw->P, ctx)) - goto err; - - /* f = 1 if zero else 2 */ - f = 2 - BN_is_zero(tmp); - /* f = 2 - (constant_time_is_zero(BN_ucmp(tmp, m_p)) & 1); */ - DEBUG_PRINTF("f == %i\n", f) - -#ifdef AVOID_IF - if (!BN_mod_mul(tmp_U, U, rw->twomq, rw->q, ctx)) - goto err; - - /* - to avoid "if" branch we use tiny additional computation - */ - U = (BIGNUM*)((2 - f) * (BN_ULONG)U + (1 - (2 - f)) * (BN_ULONG)tmp_U); -#else - - if (f == 2) { + goto err; + + /* f = 1 if zero else 2 */ + f = 2 - BN_is_zero(tmp); + /* f = 2 - (constant_time_is_zero(BN_ucmp(tmp, m_p)) & 1); */ + DEBUG_PRINTF("f == %i\n", f) + +#ifdef AVOID_IF + if (!BN_mod_mul(tmp_U, U, rw->twomq, rw->q, ctx)) + goto err; + + /* + to avoid "if" branch we use tiny additional computation + */ + U = (BIGNUM*)((2 - f) * (BN_ULONG)U + (1 - (2 - f)) * (BN_ULONG)tmp_U); +#else + + if (f == 2) { if (!BN_mod_mul(U, U, rw->Twomq, rw->Q, ctx)) - goto err; - } - -#endif - - DEBUG_PRINT_BN("W", U) - - /* V ** 3 */ + goto err; + } + +#endif + + DEBUG_PRINT_BN("W", U) + + /* V ** 3 */ if (!BN_mod_sqr(tmp, V, rw->P, ctx)) - goto err; + goto err; if (!BN_mod_mul(V, V, tmp, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("V**3", V) - - /* *(eh) */ + goto err; + DEBUG_PRINT_BN("V**3", V) + + /* *(eh) */ if (!BN_mod_mul(V, V, m_p, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("V**3 * (eh) mod p", V) - -#ifdef AVOID_IF - - /* to avoid "if" statement we use simple computation */ - if (!BN_mod_mul(tmp_V, V, rw->twomp, rw->p, ctx)) - goto err; - V = (BIGNUM*)((2 - f) * (BN_ULONG)V + (1 - (2 - f)) * (BN_ULONG)tmp_V); - -#else - - if (f == 2) { + goto err; + DEBUG_PRINT_BN("V**3 * (eh) mod p", V) + +#ifdef AVOID_IF + + /* to avoid "if" statement we use simple computation */ + if (!BN_mod_mul(tmp_V, V, rw->twomp, rw->p, ctx)) + goto err; + V = (BIGNUM*)((2 - f) * (BN_ULONG)V + (1 - (2 - f)) * (BN_ULONG)tmp_V); + +#else + + if (f == 2) { if (!BN_mod_mul(V, V, rw->Twomp, rw->P, ctx)) - goto err; - } - -#endif - - DEBUG_PRINT_BN("X", V) - - /* W = U, X = V */ + goto err; + } + +#endif + + DEBUG_PRINT_BN("X", V) + + /* W = U, X = V */ if (!BN_mod_sub(V, V, U, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("X - W mod p", V) - + goto err; + DEBUG_PRINT_BN("X - W mod p", V) + if (!BN_mod_mul(V, V, rw->Iqmp, rw->P, ctx)) - goto err; - DEBUG_PRINT_BN("q**(p-2) * (X-W) mod p", V) - + goto err; + DEBUG_PRINT_BN("q**(p-2) * (X-W) mod p", V) + if (!BN_mul(V, V, rw->Q, ctx)) - goto err; - DEBUG_PRINT_BN("q * prev mod p", V) - + goto err; + DEBUG_PRINT_BN("q * prev mod p", V) + if (!BN_mod_add(V, U, V, rw->N, ctx)) - goto err; - DEBUG_PRINT_BN("Y", V) - - /* now V = Y */ + goto err; + DEBUG_PRINT_BN("Y", V) + + /* now V = Y */ if (!BN_mod_sqr(V, V, rw->N, ctx)) - goto err; - DEBUG_PRINT_BN("s", V) - -#ifdef FAULT_TOLERANCE_CHECK - - /* now V = s - principal square root */ - /* fault tolerance check */ - if (!BN_mod_sqr(tmp, V, rw->n, ctx)) - goto err; - DEBUG_PRINT_BN("s**2", tmp) - - if (!BN_mul_word(tmp, f)) - goto err; - DEBUG_PRINT_BN("f * s**2", tmp) - - if (!BN_nnmod(tmp, tmp, rw->n, ctx)) - goto err; - DEBUG_PRINT_BN("s**2 * f mod n", tmp) - - /* to avoid "if" statement */ - if (!BN_sub(tmp2, rw->n, tmp)) - goto err; - tmp = (BIGNUM*)(((1 + e) >> 1) * (BN_ULONG)tmp + (1 - ((1 + e) >> 1)) * (BN_ULONG)tmp2); - DEBUG_PRINT_BN("ef(s**2)", tmp) - DEBUG_PRINT_BN("(tmp == original m)", tmp) - - if (BN_ucmp(tmp, m) != 0) - goto err; - -#endif - - /* making the "principal square root" to be "|principal| square root" */ + goto err; + DEBUG_PRINT_BN("s", V) + +#ifdef FAULT_TOLERANCE_CHECK + + /* now V = s - principal square root */ + /* fault tolerance check */ + if (!BN_mod_sqr(tmp, V, rw->n, ctx)) + goto err; + DEBUG_PRINT_BN("s**2", tmp) + + if (!BN_mul_word(tmp, f)) + goto err; + DEBUG_PRINT_BN("f * s**2", tmp) + + if (!BN_nnmod(tmp, tmp, rw->n, ctx)) + goto err; + DEBUG_PRINT_BN("s**2 * f mod n", tmp) + + /* to avoid "if" statement */ + if (!BN_sub(tmp2, rw->n, tmp)) + goto err; + tmp = (BIGNUM*)(((1 + e) >> 1) * (BN_ULONG)tmp + (1 - ((1 + e) >> 1)) * (BN_ULONG)tmp2); + DEBUG_PRINT_BN("ef(s**2)", tmp) + DEBUG_PRINT_BN("(tmp == original m)", tmp) + + if (BN_ucmp(tmp, m) != 0) + goto err; + +#endif + + /* making the "principal square root" to be "|principal| square root" */ if (!BN_sub(tmp, rw->N, V)) - goto err; - - /* if tmp = MIN(V, rw->n - V) */ - tmp = BN_ucmp(tmp, V) >= 0 ? V : tmp; - + goto err; + + /* if tmp = MIN(V, rw->n - V) */ + tmp = BN_ucmp(tmp, V) >= 0 ? V : tmp; + if (!BN_copy(ret->S, tmp)) - goto err; - - ok = 1; - -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (!ok) { + goto err; + + ok = 1; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (!ok) { RwSignatureFree(ret); - ret = NULL; - } - - return ret; -} - + ret = NULL; + } + + return ret; +} + static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw) { - BIGNUM *m = NULL, *x = NULL, *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL; - BN_CTX* ctx = NULL; - BN_ULONG rest1 = 0, rest2 = 0; - int retval = 0; - + BIGNUM *m = NULL, *x = NULL, *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL; + BN_CTX* ctx = NULL; + BN_ULONG rest1 = 0, rest2 = 0; + int retval = 0; + if (!rw || !rw->N || !sig || !sig->S) - goto err; - + goto err; + if ((ctx = BN_CTX_secure_new()) == NULL) - goto err; - BN_CTX_start(ctx); - - m = BN_CTX_get(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - t1d = BN_CTX_get(ctx); - t2d = BN_CTX_get(ctx); - - if (!BN_bin2bn(dgst, dgst_len, m)) - goto err; - /* dgst too big */ + goto err; + BN_CTX_start(ctx); + + m = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t1d = BN_CTX_get(ctx); + t2d = BN_CTX_get(ctx); + + if (!BN_bin2bn(dgst, dgst_len, m)) + goto err; + /* dgst too big */ if (!BN_copy(t1, rw->N)) - goto err; - if (!BN_sub_word(t1, 1)) - goto err; - if (!BN_rshift(t1, t1, 1)) - goto err; - - /* check m and rw->n relation */ + goto err; + if (!BN_sub_word(t1, 1)) + goto err; + if (!BN_rshift(t1, t1, 1)) + goto err; + + /* check m and rw->n relation */ if (BN_ucmp(m, rw->N) >= 0) - goto err; - rest1 = BN_mod_word(m, 16); - if (rest1 != 12) - goto err; - + goto err; + rest1 = BN_mod_word(m, 16); + if (rest1 != 12) + goto err; + if (BN_ucmp(t1, sig->S) < 0) - goto err; + goto err; if (BN_is_negative(sig->S)) - goto err; - + goto err; + if (!BN_mod_sqr(t1, sig->S, rw->N, ctx)) - goto err; + goto err; if (!BN_sub(t2, rw->N, t1)) - goto err; - if (!BN_lshift1(t1d, t1)) - goto err; - if (!BN_lshift1(t2d, t2)) - goto err; - + goto err; + if (!BN_lshift1(t1d, t1)) + goto err; + if (!BN_lshift1(t2d, t2)) + goto err; + rest1 = BN_mod_word(t1, 16); rest2 = BN_mod_word(t2, 16); - - /* mod 16 */ - if (rest1 == 12) { - x = t1; - } - /* mod 8 */ - else if ((rest1 & 0x07) == 6) { - x = t1d; - } - /* mod 16 */ - else if (rest2 == 12) { - x = t2; - } - /* mod 8 */ - else if ((rest2 & 0x07) == 6) { - x = t2d; - } else - goto err; - - DEBUG_PRINT_BN("m", m) - DEBUG_PRINT_BN("x", x) - - /* check signature value */ - retval = BN_ucmp(m, x) == 0; - -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return retval; -} - + + /* mod 16 */ + if (rest1 == 12) { + x = t1; + } + /* mod 8 */ + else if ((rest1 & 0x07) == 6) { + x = t1d; + } + /* mod 16 */ + else if (rest2 == 12) { + x = t2; + } + /* mod 8 */ + else if ((rest2 & 0x07) == 6) { + x = t2d; + } else + goto err; + + DEBUG_PRINT_BN("m", m) + DEBUG_PRINT_BN("x", x) + + /* check signature value */ + retval = BN_ucmp(m, x) == 0; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return retval; +} + static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { - BIGNUM *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL, *rs = NULL; - BN_ULONG rest1 = 0, rest2 = 0; - int retval = 0; - + BIGNUM *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL, *rs = NULL; + BN_ULONG rest1 = 0, rest2 = 0; + int retval = 0; + if (!rw || !rw->N || !x || !ctx || !r) - goto err; - - DEBUG_PRINT_BN("Signature = x = ", x) - DEBUG_PRINT_BN("n", rw->n) - - BN_CTX_start(ctx); - - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - t1d = BN_CTX_get(ctx); - t2d = BN_CTX_get(ctx); - + goto err; + + DEBUG_PRINT_BN("Signature = x = ", x) + DEBUG_PRINT_BN("n", rw->n) + + BN_CTX_start(ctx); + + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t1d = BN_CTX_get(ctx); + t2d = BN_CTX_get(ctx); + if (!BN_copy(t1, rw->N)) - goto err; - if (!BN_sub_word(t1, 1)) - goto err; - if (!BN_rshift(t1, t1, 1)) - goto err; - - /* check m and rw->n relation */ + goto err; + if (!BN_sub_word(t1, 1)) + goto err; + if (!BN_rshift(t1, t1, 1)) + goto err; + + /* check m and rw->n relation */ if (BN_ucmp(x, rw->N) >= 0) - goto err; - - if (BN_ucmp(t1, x) < 0) - goto err; - if (BN_is_negative(x)) - goto err; - + goto err; + + if (BN_ucmp(t1, x) < 0) + goto err; + if (BN_is_negative(x)) + goto err; + if (!BN_mod_sqr(t1, x, rw->N, ctx)) - goto err; - DEBUG_PRINT_BN("x**2 mod n", t1) - + goto err; + DEBUG_PRINT_BN("x**2 mod n", t1) + if (!BN_sub(t2, rw->N, t1)) - goto err; - DEBUG_PRINT_BN("n - x**2", t2) - - if (!BN_lshift1(t1d, t1)) - goto err; - if (!BN_lshift1(t2d, t2)) - goto err; - + goto err; + DEBUG_PRINT_BN("n - x**2", t2) + + if (!BN_lshift1(t1d, t1)) + goto err; + if (!BN_lshift1(t2d, t2)) + goto err; + rest1 = BN_mod_word(t1, 16); rest2 = BN_mod_word(t2, 16); - - /* mod 16 */ - if (rest1 == 12) { - rs = t1; - } - /* mod 8 */ - else if ((rest1 & 0x07) == 6) { - rs = t1d; - } - /* mod 16 */ - else if (rest2 == 12) { - rs = t2; - } - /* mod 8 */ - else if ((rest2 & 0x07) == 6) { - rs = t2d; - } else - goto err; - - DEBUG_PRINT_BN("Squaring and shifting result (rs)", rs) - retval = BN_copy(r, rs) != NULL; - -err: - BN_CTX_end(ctx); - return retval; -} + + /* mod 16 */ + if (rest1 == 12) { + rs = t1; + } + /* mod 8 */ + else if ((rest1 & 0x07) == 6) { + rs = t1d; + } + /* mod 16 */ + else if (rest2 == 12) { + rs = t2; + } + /* mod 8 */ + else if ((rest2 & 0x07) == 6) { + rs = t2d; + } else + goto err; + + DEBUG_PRINT_BN("Squaring and shifting result (rs)", rs) + retval = BN_copy(r, rs) != NULL; + +err: + BN_CTX_end(ctx); + return retval; +} diff --git a/library/cpp/tvmauth/src/rw/rw_pss.c b/library/cpp/tvmauth/src/rw/rw_pss.c index 3bf6e2b99a..dca639824c 100644 --- a/library/cpp/tvmauth/src/rw/rw_pss.c +++ b/library/cpp/tvmauth/src/rw/rw_pss.c @@ -1,148 +1,148 @@ -/* - * This code was taken from the OpenSSL's RSA implementation - * and added to the RW project with some changes - * - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2005. - * - */ -/* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "rw.h" - -#include <contrib/libs/openssl/include/openssl/bn.h> -#include <contrib/libs/openssl/include/openssl/evp.h> -#include <contrib/libs/openssl/include/openssl/rand.h> -#include <contrib/libs/openssl/include/openssl/sha.h> - -#include <stdio.h> -#include <string.h> - -static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - +/* + * This code was taken from the OpenSSL's RSA implementation + * and added to the RW project with some changes + * + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + * + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "rw.h" + +#include <contrib/libs/openssl/include/openssl/bn.h> +#include <contrib/libs/openssl/include/openssl/evp.h> +#include <contrib/libs/openssl/include/openssl/rand.h> +#include <contrib/libs/openssl/include/openssl/sha.h> + +#include <stdio.h> +#include <string.h> + +static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + static int PkcS1MgF1(unsigned char *mask, const int len, const unsigned char *seed, const int seedlen, const EVP_MD *dgst) { int i, outlen = 0; - unsigned char cnt[4]; + unsigned char cnt[4]; EVP_MD_CTX* c = EVP_MD_CTX_create(); - unsigned char md[EVP_MAX_MD_SIZE]; - int mdlen; - int rv = -1; - + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; + int rv = -1; + if (!c) { return rv; } - mdlen = EVP_MD_size(dgst); - + mdlen = EVP_MD_size(dgst); + if (mdlen < 0 || seedlen < 0) - goto err; - - for (i = 0; outlen < len; i++) { - cnt[0] = (unsigned char)((i >> 24) & 255); - cnt[1] = (unsigned char)((i >> 16) & 255); - cnt[2] = (unsigned char)((i >> 8)) & 255; - cnt[3] = (unsigned char)(i & 255); - + goto err; + + for (i = 0; outlen < len; i++) { + cnt[0] = (unsigned char)((i >> 24) & 255); + cnt[1] = (unsigned char)((i >> 16) & 255); + cnt[2] = (unsigned char)((i >> 8)) & 255; + cnt[3] = (unsigned char)(i & 255); + if (!EVP_DigestInit_ex(c,dgst, NULL) || !EVP_DigestUpdate(c, seed, seedlen) || !EVP_DigestUpdate(c, cnt, 4)) - goto err; - - if (outlen + mdlen <= len) { + goto err; + + if (outlen + mdlen <= len) { if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) - goto err; - outlen += mdlen; - } else { + goto err; + outlen += mdlen; + } else { if (!EVP_DigestFinal_ex(c, md, NULL)) - goto err; - memcpy(mask + outlen, md, len - outlen); - outlen = len; - } - } - rv = 0; - -err: + goto err; + memcpy(mask + outlen, md, len - outlen); + outlen = len; + } + } + rv = 0; + +err: EVP_MD_CTX_destroy(c); - return rv; -} - + return rv; +} + int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Hash, const unsigned char *EM, int sLen) { - int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; - const unsigned char *H = NULL; - unsigned char *DB = NULL; + int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; + const unsigned char *H = NULL; + unsigned char *DB = NULL; EVP_MD_CTX* ctx = NULL; - unsigned char H_[EVP_MAX_MD_SIZE]; - const EVP_MD *mgf1Hash = Hash; - + unsigned char H_[EVP_MAX_MD_SIZE]; + const EVP_MD *mgf1Hash = Hash; + ctx = EVP_MD_CTX_create(); if (!ctx) { return ret; } - hLen = EVP_MD_size(Hash); - - if (hLen < 0) - goto err; - /* - * Negative sLen has special meanings: - * -1 sLen == hLen - * -2 salt length is autorecovered from signature - * -N reserved - */ - if (sLen == -1) - sLen = hLen; - else if (sLen < -2) - goto err; - + hLen = EVP_MD_size(Hash); + + if (hLen < 0) + goto err; + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is autorecovered from signature + * -N reserved + */ + if (sLen == -1) + sLen = hLen; + else if (sLen < -2) + goto err; + { int bits = BN_num_bits(rw->N); if (bits <= 0) @@ -151,104 +151,104 @@ int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Has MSBits = (bits - 1) & 0x7; } emLen = RwModSize(rw); - - if (EM[0] & (0xFF << MSBits)) { - goto err; - } - - if (MSBits == 0) { - EM++; - emLen--; - } - - if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */ - goto err; - + + if (EM[0] & (0xFF << MSBits)) { + goto err; + } + + if (MSBits == 0) { + EM++; + emLen--; + } + + if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */ + goto err; + if (emLen < 1) goto err; - if (EM[emLen - 1] != 0xbc) - goto err; - - maskedDBLen = emLen - hLen - 1; + if (EM[emLen - 1] != 0xbc) + goto err; + + maskedDBLen = emLen - hLen - 1; if (maskedDBLen <= 0) goto err; - H = EM + maskedDBLen; + H = EM + maskedDBLen; DB = malloc(maskedDBLen); - - if (!DB) - goto err; - + + if (!DB) + goto err; + if (PkcS1MgF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) - goto err; - - for (i = 0; i < maskedDBLen; i++) - DB[i] ^= EM[i]; - - if (MSBits) - DB[0] &= 0xFF >> (8 - MSBits); - - for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; - - if (DB[i++] != 0x1) - goto err; - - if (sLen >= 0 && (maskedDBLen - i) != sLen) - goto err; - + goto err; + + for (i = 0; i < maskedDBLen; i++) + DB[i] ^= EM[i]; + + if (MSBits) + DB[0] &= 0xFF >> (8 - MSBits); + + for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; + + if (DB[i++] != 0x1) + goto err; + + if (sLen >= 0 && (maskedDBLen - i) != sLen) + goto err; + if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) - goto err; - - if (maskedDBLen - i) { + goto err; + + if (maskedDBLen - i) { if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) - goto err; - } - + goto err; + } + if (!EVP_DigestFinal_ex(ctx, H_, NULL)) - goto err; - - ret = memcmp(H, H_, hLen) ? 0 : 1; - -err: - if (DB) + goto err; + + ret = memcmp(H, H_, hLen) ? 0 : 1; + +err: + if (DB) free(DB); - + EVP_MD_CTX_destroy(ctx); - - return ret; -} - -/* - rw - public key - EM - buffer to write padding value - mHash - hash value - Hash - EVP_MD() that will be used to pad - sLen - random salt len (usually == hashLen) - */ + + return ret; +} + +/* + rw - public key + EM - buffer to write padding value + mHash - hash value + Hash - EVP_MD() that will be used to pad + sLen - random salt len (usually == hashLen) + */ int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *mHash, const EVP_MD *Hash, int sLen) { - int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; - unsigned char *H = NULL, *salt = NULL, *p = NULL; - const EVP_MD *mgf1Hash = Hash; + int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; + unsigned char *H = NULL, *salt = NULL, *p = NULL; + const EVP_MD *mgf1Hash = Hash; EVP_MD_CTX* ctx = EVP_MD_CTX_create(); if (!ctx) { return ret; } - - hLen = EVP_MD_size(Hash); - if (hLen < 0) - goto err; - /* - * Negative sLen has special meanings: - * -1 sLen == hLen - * -2 salt length is maximized - * -N reserved - */ - if (sLen == -1) - sLen = hLen; - else if (sLen < -2) - goto err; - + + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is maximized + * -N reserved + */ + if (sLen == -1) + sLen = hLen; + else if (sLen < -2) + goto err; + { int bits = BN_num_bits(rw->N); if (bits <= 0) @@ -258,71 +258,71 @@ int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *m emLen = RwModSize(rw); if (emLen <= 0) goto err; - - if (MSBits == 0) { - *EM++ = 0; - emLen--; + + if (MSBits == 0) { + *EM++ = 0; + emLen--; fprintf(stderr, "MSBits == 0\n"); - } - - if (sLen == -2) { - sLen = emLen - hLen - 2; - } - else if (emLen < (hLen + sLen + 2)) - goto err; - - if (sLen > 0) { + } + + if (sLen == -2) { + sLen = emLen - hLen - 2; + } + else if (emLen < (hLen + sLen + 2)) + goto err; + + if (sLen > 0) { salt = malloc(sLen); - if (!salt) goto err; - if (RAND_bytes(salt, sLen) <= 0) - goto err; - } - - maskedDBLen = emLen - hLen - 1; + if (!salt) goto err; + if (RAND_bytes(salt, sLen) <= 0) + goto err; + } + + maskedDBLen = emLen - hLen - 1; if (maskedDBLen < 0) goto err; - H = EM + maskedDBLen; - + H = EM + maskedDBLen; + if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) - goto err; - + goto err; + if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) - goto err; - + goto err; + if (!EVP_DigestFinal_ex(ctx, H, NULL)) - goto err; - - /* Generate dbMask in place then perform XOR on it */ + goto err; + + /* Generate dbMask in place then perform XOR on it */ if (PkcS1MgF1(EM, maskedDBLen, H, hLen, mgf1Hash)) - goto err; - - p = EM; - - /* Initial PS XORs with all zeroes which is a NOP so just update - * pointer. Note from a test above this value is guaranteed to - * be non-negative. - */ - p += emLen - sLen - hLen - 2; - *p++ ^= 0x1; - - if (sLen > 0) { - for (i = 0; i < sLen; i++) - *p++ ^= salt[i]; - } - - if (MSBits) - EM[0] &= 0xFF >> (8 - MSBits); - - /* H is already in place so just set final 0xbc */ - EM[emLen - 1] = 0xbc; - - ret = 1; - -err: + goto err; + + p = EM; + + /* Initial PS XORs with all zeroes which is a NOP so just update + * pointer. Note from a test above this value is guaranteed to + * be non-negative. + */ + p += emLen - sLen - hLen - 2; + *p++ ^= 0x1; + + if (sLen > 0) { + for (i = 0; i < sLen; i++) + *p++ ^= salt[i]; + } + + if (MSBits) + EM[0] &= 0xFF >> (8 - MSBits); + + /* H is already in place so just set final 0xbc */ + EM[emLen - 1] = 0xbc; + + ret = 1; + +err: EVP_MD_CTX_destroy(ctx); - if (salt) + if (salt) free(salt); - - return ret; -} + + return ret; +} diff --git a/library/cpp/tvmauth/src/rw/rw_pss_sign.c b/library/cpp/tvmauth/src/rw/rw_pss_sign.c index 59897f1cf5..d4fb1b4480 100644 --- a/library/cpp/tvmauth/src/rw/rw_pss_sign.c +++ b/library/cpp/tvmauth/src/rw/rw_pss_sign.c @@ -1,38 +1,38 @@ -#include "rw.h" - -#include <contrib/libs/openssl/include/openssl/evp.h> - +#include "rw.h" + +#include <contrib/libs/openssl/include/openssl/evp.h> + //#define DBG_FUZZING int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw) { - int i, j, num, k, r = -1; - BN_CTX* ctx = NULL; - BIGNUM *f = NULL, *ret = NULL; - + int i, j, num, k, r = -1; + BN_CTX* ctx = NULL; + BIGNUM *f = NULL, *ret = NULL; + if ((ctx = BN_CTX_secure_new()) == NULL) - goto err; - BN_CTX_start(ctx); - - f = BN_CTX_get(ctx); - ret = BN_CTX_get(ctx); - + goto err; + BN_CTX_start(ctx); + + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + num = BN_num_bytes(rw->N); - + if (num <= 0) goto err; - if (!f || !ret) - goto err; - - if (BN_bin2bn(from, flen, f) == NULL) - goto err; + if (!f || !ret) + goto err; + + if (BN_bin2bn(from, flen, f) == NULL) + goto err; if (BN_ucmp(f, rw->N) >= 0) - goto err; - + goto err; + if (!rw->Meth->RwApply(ret, f, ctx, rw)) - goto err; - - j = BN_num_bytes(ret); + goto err; + + j = BN_num_bytes(ret); if (num < j || j < 0) goto err; @@ -40,28 +40,28 @@ int RwApply(const int flen, const unsigned char* from, unsigned char* to, const if (i < 0 || i > num) goto err; - for (k = 0; k < (num - i); k++) - to[k] = 0; - r = num; - -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return r; -} - + for (k = 0; k < (num - i); k++) + to[k] = 0; + r = num; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return r; +} + int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md) { unsigned char* padding = NULL; - int result = 0; - - if (from == NULL || to == NULL || rw == NULL || md == NULL) - return 0; - + int result = 0; + + if (from == NULL || to == NULL || rw == NULL || md == NULL) + return 0; + int digest_size = EVP_MD_size(md); int sig_size = RwModSize(rw); - + if (digest_size <= 0 || sig_size <= 0) return 0; @@ -73,75 +73,75 @@ int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, con fprintf(stderr, "Padding regenerating required\n"); #endif } - + padding = malloc(sig_size); if (padding == NULL) return 0; - + if (!RwPaddingAddPssr(rw, padding, from, md, digest_size)) goto err; } while (padding[0] == 0x00 && tries-- > 0); result = RwNoPaddingSign(sig_size, padding, to, rw); - -err: - if (padding != NULL) + +err: + if (padding != NULL) free(padding); - - return result; -} - + + return result; +} + int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md) { - EVP_MD_CTX* mdctx = NULL; - unsigned char* digest = NULL; - unsigned int digestLen; - int result = 0; - - if (msg == NULL || to == NULL || rw == NULL || md == NULL) - goto err; - + EVP_MD_CTX* mdctx = NULL; + unsigned char* digest = NULL; + unsigned int digestLen; + int result = 0; + + if (msg == NULL || to == NULL || rw == NULL || md == NULL) + goto err; + if (rw->P == NULL || rw->Q == NULL) - goto err; - - if ((mdctx = EVP_MD_CTX_create()) == NULL) - goto err; - - if (1 != EVP_DigestInit_ex(mdctx, md, NULL)) - goto err; - - if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) - goto err; - + goto err; + + if ((mdctx = EVP_MD_CTX_create()) == NULL) + goto err; + + if (1 != EVP_DigestInit_ex(mdctx, md, NULL)) + goto err; + + if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) + goto err; + if ((digest = (unsigned char*)malloc(EVP_MD_size(md))) == NULL) - goto err; - - if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) - goto err; - + goto err; + + if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) + goto err; + result = RwPssrSignHash(digest, to, rw, md); - -err: - if (mdctx != NULL) - EVP_MD_CTX_destroy(mdctx); - if (digest != NULL) + +err: + if (mdctx != NULL) + EVP_MD_CTX_destroy(mdctx); + if (digest != NULL) free(digest); - - return result; -} - + + return result; +} + int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { - unsigned char* buffer = NULL; - int buffer_len; + unsigned char* buffer = NULL; + int buffer_len; int salt_size; - int result = 0; - - if (from == NULL || sig == NULL || rw == NULL || md == NULL) - return 0; - + int result = 0; + + if (from == NULL || sig == NULL || rw == NULL || md == NULL) + return 0; + if (rw->N == NULL || rw->Meth == NULL) - return 0; - - salt_size = EVP_MD_size(md); + return 0; + + salt_size = EVP_MD_size(md); if (salt_size <= 0) return 0; @@ -152,60 +152,60 @@ int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const buffer = (unsigned char*)malloc(buffer_len); if (buffer == NULL) return 0; - + if (RwApply(sig_len, sig, buffer, rw) <= 0) - goto err; - + goto err; + if (RwVerifyPssr(rw, from, md, buffer, salt_size) <= 0) - goto err; - - result = 1; - -err: - if (buffer != NULL) + goto err; + + result = 1; + +err: + if (buffer != NULL) free(buffer); - - return result; -} - + + return result; +} + int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { - EVP_MD_CTX* mdctx = NULL; - unsigned char* digest = NULL; - unsigned int digestLen = 0; - int result = 0; - - if (msg == NULL || msgLen == 0 || sig == NULL || rw == NULL || md == NULL) - goto err; - + EVP_MD_CTX* mdctx = NULL; + unsigned char* digest = NULL; + unsigned int digestLen = 0; + int result = 0; + + if (msg == NULL || msgLen == 0 || sig == NULL || rw == NULL || md == NULL) + goto err; + if (rw->N == NULL) - goto err; - - if ((mdctx = EVP_MD_CTX_create()) == NULL) - goto err; - - if (1 != EVP_DigestInit_ex(mdctx, md, NULL)) - goto err; - + goto err; + + if ((mdctx = EVP_MD_CTX_create()) == NULL) + goto err; + + if (1 != EVP_DigestInit_ex(mdctx, md, NULL)) + goto err; + int size_to_alloc = EVP_MD_size(md); if (size_to_alloc <= 0) - goto err; - + goto err; + if ((digest = (unsigned char*)malloc(size_to_alloc)) == NULL) goto err; - if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) - goto err; - - if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) - goto err; - + if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) + goto err; + + if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) + goto err; + result = RwPssrVerifyHash(digest, sig, sig_len, rw, md); - -err: - if (mdctx != NULL) - EVP_MD_CTX_destroy(mdctx); - if (digest != NULL) + +err: + if (mdctx != NULL) + EVP_MD_CTX_destroy(mdctx); + if (digest != NULL) free(digest); - - return result; -} + + return result; +} diff --git a/library/cpp/tvmauth/src/rw/rw_sign.c b/library/cpp/tvmauth/src/rw/rw_sign.c index e320808dd3..b01d6b4f98 100644 --- a/library/cpp/tvmauth/src/rw/rw_sign.c +++ b/library/cpp/tvmauth/src/rw/rw_sign.c @@ -1,46 +1,46 @@ -#include "rw.h" - +#include "rw.h" + TRwSignature* RwSignatureNew(void) { TRwSignature* sig = NULL; sig = malloc(sizeof(TRwSignature)); - if (!sig) - return NULL; + if (!sig) + return NULL; sig->S = NULL; - return sig; -} - + return sig; +} + void RwSignatureFree(TRwSignature* sig) { - if (sig) { + if (sig) { if (sig->S) BN_free(sig->S); free(sig); - } -} - + } +} + int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw) { int i = 0, r = 0, num = -1; TRwSignature* sig = NULL; - + if (!rw || !rw->N || !rw->Meth || !rw->Meth->RwSign || !from || !to) goto err; if ((sig = rw->Meth->RwSign(from, flen, rw)) == NULL) - goto err; + goto err; num = BN_num_bytes(rw->N); - + r = BN_bn2bin(sig->S, to); if (r < 0) goto err; - - /* put zeroes to the rest of the 'to' buffer */ - for (i = r; i < num; i++) { - to[i] = 0x00; - } - -err: - if (sig != NULL) { + + /* put zeroes to the rest of the 'to' buffer */ + for (i = r; i < num; i++) { + to[i] = 0x00; + } + +err: + if (sig != NULL) { RwSignatureFree(sig); - } - - return r; -} + } + + return r; +} diff --git a/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp b/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp index 73f1b1d769..929528c828 100644 --- a/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp +++ b/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp @@ -1,191 +1,191 @@ #include <library/cpp/tvmauth/src/rw/keys.h> #include <library/cpp/tvmauth/src/rw/rw.h> - + #include <library/cpp/string_utils/base64/base64.h> #include <library/cpp/testing/unittest/registar.h> - -#include <contrib/libs/openssl/include/openssl/bn.h> -#include <contrib/libs/openssl/include/openssl/evp.h> - + +#include <contrib/libs/openssl/include/openssl/bn.h> +#include <contrib/libs/openssl/include/openssl/evp.h> + namespace NTvmAuth { - /* - returns 0 in case of error - */ + /* + returns 0 in case of error + */ int MakeKeysRw(TRwKey** skey, TRwKey** vkey) { - int result = 0; - + int result = 0; + TRwKey* rw = RwNew(); - - do { + + do { RwGenerateKey(rw, 2048); - - if (rw == nullptr) { + + if (rw == nullptr) { printf("RwGenerateKey failed\n"); - break; /* failed */ - } - + break; /* failed */ + } + printf("RW key bits: %d\n", BN_num_bits(rw->N)); - - /* Set signing key */ + + /* Set signing key */ *skey = RwPrivateKeyDup(rw); - if (*skey == nullptr) { + if (*skey == nullptr) { printf("RwPrivateKeyDup failed\n"); - break; - } - - /* Set verifier key */ + break; + } + + /* Set verifier key */ *vkey = RwPublicKeyDup(rw); - if (*vkey == nullptr) { + if (*vkey == nullptr) { printf("RwPublicKeyDup failed\n"); - break; - } - - result = 1; - - } while (0); - - if (rw) { + break; + } + + result = 1; + + } while (0); + + if (rw) { RwFree(rw); - rw = nullptr; - } - - return result; - } - + rw = nullptr; + } + + return result; + } + static void PrintIt(const char* label, const unsigned char* buff, size_t len) { - if (!buff || !len) - return; - - if (label) - printf("%s: ", label); - - for (size_t i = 0; i < len; ++i) - printf("%02X", buff[i]); - - printf("\n"); - } - + if (!buff || !len) + return; + + if (label) + printf("%s: ", label); + + for (size_t i = 0; i < len; ++i) + printf("%02X", buff[i]); + + printf("\n"); + } + int TestSignVerify() { TRwKey *skey = nullptr, *vkey = nullptr; - const char* msg = "Test test test test test"; - unsigned int msg_len = 0; - int res = 0; - - msg_len = (unsigned int)strlen(msg); + const char* msg = "Test test test test test"; + unsigned int msg_len = 0; + int res = 0; + + msg_len = (unsigned int)strlen(msg); if (MakeKeysRw(&skey, &vkey)) { unsigned char* sign = new unsigned char[RwModSize(skey) + 10]; int sign_len; printf("RwModSize(skey) returned %d\n", RwModSize(skey)); memset(sign, 0x00, RwModSize(skey) + 10); - - printf("--- Signing call ---\n"); + + printf("--- Signing call ---\n"); if ((sign_len = RwPssrSignMsg(msg_len, (unsigned char*)msg, sign, skey, (EVP_MD*)EVP_sha256())) != 0) { -#ifdef RW_PRINT_DEBUG - BIGNUM* s = BN_new(); -#endif - printf("\n"); +#ifdef RW_PRINT_DEBUG + BIGNUM* s = BN_new(); +#endif + printf("\n"); PrintIt("Signature", sign, RwModSize(skey)); - -#ifdef RW_PRINT_DEBUG - BN_bin2bn(sign, RW_mod_size(skey), s); - - print_bn("Signature BN", s); - - BN_free(s); -#endif - - printf("--- Verification call ---\n"); + +#ifdef RW_PRINT_DEBUG + BN_bin2bn(sign, RW_mod_size(skey), s); + + print_bn("Signature BN", s); + + BN_free(s); +#endif + + printf("--- Verification call ---\n"); if (RwPssrVerifyMsg(msg_len, (unsigned char*)msg, sign, sign_len, vkey, (EVP_MD*)EVP_sha256())) { - printf("Verification: success!\n"); - res = 1; - } else { - printf("Verification: failed!\n"); + printf("Verification: success!\n"); + res = 1; + } else { + printf("Verification: failed!\n"); printf("RwPssrVerifyMsg failed!\n"); - return 1; - } - } else { + return 1; + } + } else { printf("RwPssrSignMsg failed!\n"); - return 1; - } - - if (sign != nullptr) + return 1; + } + + if (sign != nullptr) delete[] sign; - - } else { + + } else { printf("MakeKeysRw failed!\n"); - return 1; - } - - if (skey != nullptr) { + return 1; + } + + if (skey != nullptr) { RwFree(skey); - } - if (vkey != nullptr) + } + if (vkey != nullptr) RwFree(vkey); - - return res; - } -} - + + return res; + } +} + using namespace NTvmAuth; Y_UNIT_TEST_SUITE(Rw) { Y_UNIT_TEST(SignVerify) { - for (int i = 1; i < 10; ++i) { + for (int i = 1; i < 10; ++i) { UNIT_ASSERT_VALUES_EQUAL(1, TestSignVerify()); - } - } - + } + } + Y_UNIT_TEST(TKeysPriv) { - NRw::TRwPrivateKey priv(Base64Decode("MIIEmwKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1AoGBALAwCQ7fdAPG1lGclL7iWFjUofwPCFwPyDjicDT_MRRu6_Ta4GjqOGO9zuOp0o_ePgvR-7nA0fbaspM4LZNrPZwmoYBCJMtKXetg68ylu2DO-RRSN2SSh1AIZSA_8UTABk69bPzNL31j4PyZWxrgZ3zP9uZvzggveuKt5ZhCMoB7AoGBAKO9oC2AZjLdh2RaEFotTL_dY6lVcm38VA6PnigB8gB_TMuSrd4xtRw5BxvHpOCnBcUAJE0dN4_DDe5mrotKYMD2_3_lcq9PaLZadrPDCSDL89wtoVxNQNAJTqFjBFXYNu4Ze63lrsqg45TF5XmVRemyBHzXw3erd0pJaeoUDaSPAoGAJhGoHx_nVw8sDoLzeRkOJ1_6-uh_wVmVr6407_LPjrrySEq-GiYu43M3-QDp8J_J9e3S1Rpm4nQX2bEf5Gx9n4wKz7Hp0cwkOqBOWhvrAu6YLpv59wslEtkx0LYcJy6yQk5mpU8l29rPO7b50NyLnfnE2za-9DyK038FKlr5VgICgYAUd7QFsAzGW7Dsi0ILRamX-6x1Kq5Nv4qB0fPFAD5AD-mZclW7xjajhyDjePScFOC4oASJo6bx-GG9zNXRaUwYHt_v_K5V6e0Wy07WeGEkGX57hbQriagaASnULGCKuwbdwy91vLXZVBxymLyvMqi9NkCPmvhu9W7pSS09QoG0kgKBgBYGASHb7oB42sozkpfcSwsalD-B4QuB-QccTgaf5iKN3X6bXA0dRwx3udx1OlH7x8F6P3c4Gj7bVlJnBbJtZ7OE1DAIRJlpS71sHXmUt2wZ3yKKRuySUOoBDKQH_iiYAMnXrZ-Zpe-sfB-TK2NcDO-Z_tzN-cEF71xVvLMIRlAPAoGAdeikZPh1O57RxnVY72asiMRZheMBhK-9uSNPyYEZv3bUnIjg4XdMYStF2yTHNu014XvkDSQTe-drv2BDs9ExKplM4xFOtDtPQQ3mMB3GoK1qVhM_9n1QEElreurMicahkalnPo6tU4Z6PFL7PTpjRnCN67lJp0J0fxNDL13YSagCgYBA9VJrMtPjzcAx5ZCIYJjrYUPqEG_ttQN2RJIHN3MVpdpLAMIgX3tnlfyLwQFVKK45D1JgFa_1HHcxTWGtdIX4nsIjPWt-cWCCCkkw9rM5_Iqcb-YLSood6IP2OK0w0XLD1STnFRy_BRwdjPbGOYmp6YrJDZAlajDkFSdRvsz9Vg=="), - 0); - NRw::TRwPrivateKey priv2(Base64Decode("MIIEnAKCAQEA4RATOfumLD1n6ICrW5biaAl9VldinczmkNPjpUWwc3gs8PnkCrtdnPFmpBwW3gjHdSNU1OuEg5A6K1o1xiGv9sU-jd88zQBOdK6E2zwnJnkK6bNusKE2H2CLqg3aMWCmTa9JbzSy1uO7wa-xCqqNUuCko-2lyv12HhL1ICIH951SHDa4qO1U5xZhhlUAnqWi9R4tYDeMiF41WdOjwT2fg8UkbusThmxa3yjCXjD7OyjshPtukN8Tl3UyGtV_s2CLnE3f28VAi-AVW8FtgL22xbGhuyEplXRrtF1E5oV7NSqxH1FS0SYROA8ffYQGV5tfx5WDFHiXDEP6BzoVfeBDRQKBgQDzidelKZNFMWar_yj-r_cniMkZXNaNVEQbMg1A401blGjkU1r-ufGH5mkdNx4IgEoCEYBTM834Z88fYV1lOVfdT0OqtiVoC9NkLu3xhQ1r9_r6RMaAenwsV7leH8jWMOKvhkB0KNI49oznTGDqLp0AbDbtP66xdNH4dr3rw3WFywKBgQDslDdv4sdnRKN27h2drhn4Pp_Lgw2U-6MfHiyjp6BKR8Qtlld3hdb-ZjU9F0h38DqECmFIEe35_flKfd7X21CBQs9EuKR8EdaF3OAgzA-TRWeQhyHmaV7Fas1RlNqZHm8lckaZT8dX9Ygsxn0I_vUbm9pkFivwGvQnnwNQ7Te5LwKBgCVMYOzLHW911l6EbCZE6XU2HUrTKEd1bdqWCgtxPEmDl3BZcXpnyKpqSHmlH1F7s65WBfejxDM2hjin3OnXSog_x35ql_-Azu93-79QAzbQc6Z13BuWPpQxV8iw4ijqRRhzjD2pcvXlIxgebp5-H0eDt-Md2Y8rkrzyhm8EH7mwAoGAHZKG7fxY7OiUbt3Ds7XDPwfT-XBhsp90Y-PFlHT0CUj4hbLK7vC638zGp6LpDv4HUIFMKQI9vz-_KU-72vtqEChZ6JcUj4I60LucBBmB8mis8hDkPM0r2K1ZqjKbUyPN5K5I0yn46v6xBZjPoR_eo3N7TILFfgNehPPgah2m9yYCgYAecTr0pTJopizVf-Uf1f7k8RkjK5rRqoiDZkGoHGmrco0cimtf1z4w_M0jpuPBEAlAQjAKZnm_DPnj7Cuspyr7qeh1VsStAXpshd2-MKGtfv9fSJjQD0-Fivcrw_kaxhxV8MgOhRpHHtGc6YwdRdOgDYbdp_XWLpo_Dte9eG6wuQKBgDzo0e8d8pTyvCP23825rVzvrSHBZkliGkCEu0iggDnfKOreejFhQN9JeBo8sYdQFCRBptEU6k4b5O6J3NQ1Sspiez15ddqmFMD4uhJY6VsV-JFnL9YhLqVd355xZCyU4b07mReU9-LuqK2m2chjxH_HDAgUoEvO_yzR9EDYqHbNAoGAf529Ah9HIT5aG6IGTlwQdk-M7guy63U4vj4uC7z98qgvFEsV6cr4miT6RE8Aw5yAeN5pW59rZNjBNr9i-8n8kouasho2xNMTPKP8YuSNg2PNNS5T1Ou56mgsBCY5i10TIHKNIm2RVSUgzJ97BMEOZY6jQRytFfwgYkvnFzbuA9c="), - 0); - NRw::TRwPrivateKey priv3(Base64Decode("MIICVAKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KPgjE"), - 0); - + NRw::TRwPrivateKey priv(Base64Decode("MIIEmwKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1AoGBALAwCQ7fdAPG1lGclL7iWFjUofwPCFwPyDjicDT_MRRu6_Ta4GjqOGO9zuOp0o_ePgvR-7nA0fbaspM4LZNrPZwmoYBCJMtKXetg68ylu2DO-RRSN2SSh1AIZSA_8UTABk69bPzNL31j4PyZWxrgZ3zP9uZvzggveuKt5ZhCMoB7AoGBAKO9oC2AZjLdh2RaEFotTL_dY6lVcm38VA6PnigB8gB_TMuSrd4xtRw5BxvHpOCnBcUAJE0dN4_DDe5mrotKYMD2_3_lcq9PaLZadrPDCSDL89wtoVxNQNAJTqFjBFXYNu4Ze63lrsqg45TF5XmVRemyBHzXw3erd0pJaeoUDaSPAoGAJhGoHx_nVw8sDoLzeRkOJ1_6-uh_wVmVr6407_LPjrrySEq-GiYu43M3-QDp8J_J9e3S1Rpm4nQX2bEf5Gx9n4wKz7Hp0cwkOqBOWhvrAu6YLpv59wslEtkx0LYcJy6yQk5mpU8l29rPO7b50NyLnfnE2za-9DyK038FKlr5VgICgYAUd7QFsAzGW7Dsi0ILRamX-6x1Kq5Nv4qB0fPFAD5AD-mZclW7xjajhyDjePScFOC4oASJo6bx-GG9zNXRaUwYHt_v_K5V6e0Wy07WeGEkGX57hbQriagaASnULGCKuwbdwy91vLXZVBxymLyvMqi9NkCPmvhu9W7pSS09QoG0kgKBgBYGASHb7oB42sozkpfcSwsalD-B4QuB-QccTgaf5iKN3X6bXA0dRwx3udx1OlH7x8F6P3c4Gj7bVlJnBbJtZ7OE1DAIRJlpS71sHXmUt2wZ3yKKRuySUOoBDKQH_iiYAMnXrZ-Zpe-sfB-TK2NcDO-Z_tzN-cEF71xVvLMIRlAPAoGAdeikZPh1O57RxnVY72asiMRZheMBhK-9uSNPyYEZv3bUnIjg4XdMYStF2yTHNu014XvkDSQTe-drv2BDs9ExKplM4xFOtDtPQQ3mMB3GoK1qVhM_9n1QEElreurMicahkalnPo6tU4Z6PFL7PTpjRnCN67lJp0J0fxNDL13YSagCgYBA9VJrMtPjzcAx5ZCIYJjrYUPqEG_ttQN2RJIHN3MVpdpLAMIgX3tnlfyLwQFVKK45D1JgFa_1HHcxTWGtdIX4nsIjPWt-cWCCCkkw9rM5_Iqcb-YLSood6IP2OK0w0XLD1STnFRy_BRwdjPbGOYmp6YrJDZAlajDkFSdRvsz9Vg=="), + 0); + NRw::TRwPrivateKey priv2(Base64Decode("MIIEnAKCAQEA4RATOfumLD1n6ICrW5biaAl9VldinczmkNPjpUWwc3gs8PnkCrtdnPFmpBwW3gjHdSNU1OuEg5A6K1o1xiGv9sU-jd88zQBOdK6E2zwnJnkK6bNusKE2H2CLqg3aMWCmTa9JbzSy1uO7wa-xCqqNUuCko-2lyv12HhL1ICIH951SHDa4qO1U5xZhhlUAnqWi9R4tYDeMiF41WdOjwT2fg8UkbusThmxa3yjCXjD7OyjshPtukN8Tl3UyGtV_s2CLnE3f28VAi-AVW8FtgL22xbGhuyEplXRrtF1E5oV7NSqxH1FS0SYROA8ffYQGV5tfx5WDFHiXDEP6BzoVfeBDRQKBgQDzidelKZNFMWar_yj-r_cniMkZXNaNVEQbMg1A401blGjkU1r-ufGH5mkdNx4IgEoCEYBTM834Z88fYV1lOVfdT0OqtiVoC9NkLu3xhQ1r9_r6RMaAenwsV7leH8jWMOKvhkB0KNI49oznTGDqLp0AbDbtP66xdNH4dr3rw3WFywKBgQDslDdv4sdnRKN27h2drhn4Pp_Lgw2U-6MfHiyjp6BKR8Qtlld3hdb-ZjU9F0h38DqECmFIEe35_flKfd7X21CBQs9EuKR8EdaF3OAgzA-TRWeQhyHmaV7Fas1RlNqZHm8lckaZT8dX9Ygsxn0I_vUbm9pkFivwGvQnnwNQ7Te5LwKBgCVMYOzLHW911l6EbCZE6XU2HUrTKEd1bdqWCgtxPEmDl3BZcXpnyKpqSHmlH1F7s65WBfejxDM2hjin3OnXSog_x35ql_-Azu93-79QAzbQc6Z13BuWPpQxV8iw4ijqRRhzjD2pcvXlIxgebp5-H0eDt-Md2Y8rkrzyhm8EH7mwAoGAHZKG7fxY7OiUbt3Ds7XDPwfT-XBhsp90Y-PFlHT0CUj4hbLK7vC638zGp6LpDv4HUIFMKQI9vz-_KU-72vtqEChZ6JcUj4I60LucBBmB8mis8hDkPM0r2K1ZqjKbUyPN5K5I0yn46v6xBZjPoR_eo3N7TILFfgNehPPgah2m9yYCgYAecTr0pTJopizVf-Uf1f7k8RkjK5rRqoiDZkGoHGmrco0cimtf1z4w_M0jpuPBEAlAQjAKZnm_DPnj7Cuspyr7qeh1VsStAXpshd2-MKGtfv9fSJjQD0-Fivcrw_kaxhxV8MgOhRpHHtGc6YwdRdOgDYbdp_XWLpo_Dte9eG6wuQKBgDzo0e8d8pTyvCP23825rVzvrSHBZkliGkCEu0iggDnfKOreejFhQN9JeBo8sYdQFCRBptEU6k4b5O6J3NQ1Sspiez15ddqmFMD4uhJY6VsV-JFnL9YhLqVd355xZCyU4b07mReU9-LuqK2m2chjxH_HDAgUoEvO_yzR9EDYqHbNAoGAf529Ah9HIT5aG6IGTlwQdk-M7guy63U4vj4uC7z98qgvFEsV6cr4miT6RE8Aw5yAeN5pW59rZNjBNr9i-8n8kouasho2xNMTPKP8YuSNg2PNNS5T1Ou56mgsBCY5i10TIHKNIm2RVSUgzJ97BMEOZY6jQRytFfwgYkvnFzbuA9c="), + 0); + NRw::TRwPrivateKey priv3(Base64Decode("MIICVAKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KPgjE"), + 0); + UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey("asdzxcv", 0), yexception); - UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey(Base64Decode("AKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KP"), - 0), + UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey(Base64Decode("AKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KP"), + 0), yexception); - - UNIT_ASSERT(!priv.SignTicket("").empty()); - } - + + UNIT_ASSERT(!priv.SignTicket("").empty()); + } + Y_UNIT_TEST(TKeysPub) { - NRw::TRwPublicKey pub(Base64Decode("MIIBBAKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1")); - NRw::TRwPublicKey pub2(Base64Decode("MIIBBQKCAQEA4RATOfumLD1n6ICrW5biaAl9VldinczmkNPjpUWwc3gs8PnkCrtdnPFmpBwW3gjHdSNU1OuEg5A6K1o1xiGv9sU-jd88zQBOdK6E2zwnJnkK6bNusKE2H2CLqg3aMWCmTa9JbzSy1uO7wa-xCqqNUuCko-2lyv12HhL1ICIH951SHDa4qO1U5xZhhlUAnqWi9R4tYDeMiF41WdOjwT2fg8UkbusThmxa3yjCXjD7OyjshPtukN8Tl3UyGtV_s2CLnE3f28VAi-AVW8FtgL22xbGhuyEplXRrtF1E5oV7NSqxH1FS0SYROA8ffYQGV5tfx5WDFHiXDEP6BzoVfeBDRQ==")); - NRw::TRwPublicKey pub3(Base64Decode("MIGDAoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK4ZDDYRiM18fL8d58clfFAoCo-_EEMowqQeBXnxa0zqsLyNGL2x1f-KDY0=")); - + NRw::TRwPublicKey pub(Base64Decode("MIIBBAKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1")); + NRw::TRwPublicKey pub2(Base64Decode("MIIBBQKCAQEA4RATOfumLD1n6ICrW5biaAl9VldinczmkNPjpUWwc3gs8PnkCrtdnPFmpBwW3gjHdSNU1OuEg5A6K1o1xiGv9sU-jd88zQBOdK6E2zwnJnkK6bNusKE2H2CLqg3aMWCmTa9JbzSy1uO7wa-xCqqNUuCko-2lyv12HhL1ICIH951SHDa4qO1U5xZhhlUAnqWi9R4tYDeMiF41WdOjwT2fg8UkbusThmxa3yjCXjD7OyjshPtukN8Tl3UyGtV_s2CLnE3f28VAi-AVW8FtgL22xbGhuyEplXRrtF1E5oV7NSqxH1FS0SYROA8ffYQGV5tfx5WDFHiXDEP6BzoVfeBDRQ==")); + NRw::TRwPublicKey pub3(Base64Decode("MIGDAoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK4ZDDYRiM18fL8d58clfFAoCo-_EEMowqQeBXnxa0zqsLyNGL2x1f-KDY0=")); + UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey("asdzxcv"), yexception); UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey(Base64Decode("AoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK40")), yexception); - - UNIT_ASSERT(!pub.CheckSign("~~~", "~~~")); - } - + + UNIT_ASSERT(!pub.CheckSign("~~~", "~~~")); + } + Y_UNIT_TEST(TKeys) { - NRw::TRwPrivateKey priv(Base64Decode("MIIEmwKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1AoGBALAwCQ7fdAPG1lGclL7iWFjUofwPCFwPyDjicDT_MRRu6_Ta4GjqOGO9zuOp0o_ePgvR-7nA0fbaspM4LZNrPZwmoYBCJMtKXetg68ylu2DO-RRSN2SSh1AIZSA_8UTABk69bPzNL31j4PyZWxrgZ3zP9uZvzggveuKt5ZhCMoB7AoGBAKO9oC2AZjLdh2RaEFotTL_dY6lVcm38VA6PnigB8gB_TMuSrd4xtRw5BxvHpOCnBcUAJE0dN4_DDe5mrotKYMD2_3_lcq9PaLZadrPDCSDL89wtoVxNQNAJTqFjBFXYNu4Ze63lrsqg45TF5XmVRemyBHzXw3erd0pJaeoUDaSPAoGAJhGoHx_nVw8sDoLzeRkOJ1_6-uh_wVmVr6407_LPjrrySEq-GiYu43M3-QDp8J_J9e3S1Rpm4nQX2bEf5Gx9n4wKz7Hp0cwkOqBOWhvrAu6YLpv59wslEtkx0LYcJy6yQk5mpU8l29rPO7b50NyLnfnE2za-9DyK038FKlr5VgICgYAUd7QFsAzGW7Dsi0ILRamX-6x1Kq5Nv4qB0fPFAD5AD-mZclW7xjajhyDjePScFOC4oASJo6bx-GG9zNXRaUwYHt_v_K5V6e0Wy07WeGEkGX57hbQriagaASnULGCKuwbdwy91vLXZVBxymLyvMqi9NkCPmvhu9W7pSS09QoG0kgKBgBYGASHb7oB42sozkpfcSwsalD-B4QuB-QccTgaf5iKN3X6bXA0dRwx3udx1OlH7x8F6P3c4Gj7bVlJnBbJtZ7OE1DAIRJlpS71sHXmUt2wZ3yKKRuySUOoBDKQH_iiYAMnXrZ-Zpe-sfB-TK2NcDO-Z_tzN-cEF71xVvLMIRlAPAoGAdeikZPh1O57RxnVY72asiMRZheMBhK-9uSNPyYEZv3bUnIjg4XdMYStF2yTHNu014XvkDSQTe-drv2BDs9ExKplM4xFOtDtPQQ3mMB3GoK1qVhM_9n1QEElreurMicahkalnPo6tU4Z6PFL7PTpjRnCN67lJp0J0fxNDL13YSagCgYBA9VJrMtPjzcAx5ZCIYJjrYUPqEG_ttQN2RJIHN3MVpdpLAMIgX3tnlfyLwQFVKK45D1JgFa_1HHcxTWGtdIX4nsIjPWt-cWCCCkkw9rM5_Iqcb-YLSood6IP2OK0w0XLD1STnFRy_BRwdjPbGOYmp6YrJDZAlajDkFSdRvsz9Vg=="), - 0); - NRw::TRwPublicKey pub(Base64Decode("MIIBBAKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1")); - - const TString data = "my magic data"; - - UNIT_ASSERT(pub.CheckSign(data, priv.SignTicket(data))); - UNIT_ASSERT(!pub.CheckSign("~~~~" + data, priv.SignTicket(data))); - UNIT_ASSERT(!pub.CheckSign(data, "~~~~" + priv.SignTicket(data))); - - UNIT_ASSERT(pub.CheckSign(data, - Base64Decode("EC5hZunmK3hOJZeov_XlNIXcwj5EsgX94lMd-tQJTNUO4NR6bCO7qQkKjEeFJmI2QFYXGY-iSf9WeMJ_brECAMyYAix-L8sZqcMPXD945QgkPsNQKyC0DX9FkgfSh6ZKkA-UvFSHrkn3QbeE9omk3-yXpqR-M8DlVqmp3mwdYlYRq0NdfTaD3AMXVA4aZTbW3OmhJoLJ8AxJ3w1oG5q_lk8dpW9vvqfIzsfPABme6sY5XyPmsjYaRDf9z4ZJgR-wTkG06_N_YzIklS5T2s_4FUKLz5gLMhsnVlNUpgZyRN9sXTAn9-zMJnCwAC8WRgykWnljPGDDJCjk-Xwsg7AOLQ=="))); - UNIT_ASSERT(pub.CheckSign(data, - Base64Decode("JbHSn1QEQeOEvzyt-LpawbQv4vPEEE05bWhjB2-MkoV-tyq9FykSqGqhP3ZFc1_FPrqguwEYrHibI2l5w3q8wnI1fcyRUoNuJxmBSzf2f_Uzn9ZoUSc7D9pTGSvK_hhZoL4YMc_VfbdEdnDuvHZNlZyaDPH9EbmUqyXjnXTEwRoK0fAU1rhlHvSZvnp0ctVBWSkaQsaU8dJTKDBtIQVP1D5Py2pKB2NBF_Ytz2thWt7iLjbTyjtis6DC-JKwjFBqv6nQf42sKalHQqWFuIvBCIfNUswEw4_sGfwWVSBBmFplf7FmD7sN8znUahYUPGCe1uFNly6WwpPJsm8VtiU80g=="))); - UNIT_ASSERT(pub.CheckSign(data, - Base64Decode("FeMZtDP-yuoNqK2HYw3JxTV9v7p8IoQEuRMtuHddafh4bq1ZOeEqg7g7Su6M3iq_kN9DZ_fVhuhuVcbZmNYPIvJ8oL5DE80KI3d1Qbs9mS8_X4Oq2TJpZgNfFG-z_LPRZSNRP9Q8sQhlAoSZHOSZkBFcYj1EuqEp6nSSSbX8Ji4Se-TfhIh3YFQkr-Ivk_3NmSXhDXUaW7CHo2rVm58QJ2cgSEuxzBH-Q8E8tGDCEmk4p3_iot9XY8RRN-_j0yi15etmXCUIKFbpDogtHdT8CyAEVHMYvsLqkLux9pzy3RdvNQmoPjol3wIm-H0wMtF_pMw4G2QLNev6he6xWeckxw=="))); - } - + NRw::TRwPrivateKey priv(Base64Decode("MIIEmwKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1AoGBALAwCQ7fdAPG1lGclL7iWFjUofwPCFwPyDjicDT_MRRu6_Ta4GjqOGO9zuOp0o_ePgvR-7nA0fbaspM4LZNrPZwmoYBCJMtKXetg68ylu2DO-RRSN2SSh1AIZSA_8UTABk69bPzNL31j4PyZWxrgZ3zP9uZvzggveuKt5ZhCMoB7AoGBAKO9oC2AZjLdh2RaEFotTL_dY6lVcm38VA6PnigB8gB_TMuSrd4xtRw5BxvHpOCnBcUAJE0dN4_DDe5mrotKYMD2_3_lcq9PaLZadrPDCSDL89wtoVxNQNAJTqFjBFXYNu4Ze63lrsqg45TF5XmVRemyBHzXw3erd0pJaeoUDaSPAoGAJhGoHx_nVw8sDoLzeRkOJ1_6-uh_wVmVr6407_LPjrrySEq-GiYu43M3-QDp8J_J9e3S1Rpm4nQX2bEf5Gx9n4wKz7Hp0cwkOqBOWhvrAu6YLpv59wslEtkx0LYcJy6yQk5mpU8l29rPO7b50NyLnfnE2za-9DyK038FKlr5VgICgYAUd7QFsAzGW7Dsi0ILRamX-6x1Kq5Nv4qB0fPFAD5AD-mZclW7xjajhyDjePScFOC4oASJo6bx-GG9zNXRaUwYHt_v_K5V6e0Wy07WeGEkGX57hbQriagaASnULGCKuwbdwy91vLXZVBxymLyvMqi9NkCPmvhu9W7pSS09QoG0kgKBgBYGASHb7oB42sozkpfcSwsalD-B4QuB-QccTgaf5iKN3X6bXA0dRwx3udx1OlH7x8F6P3c4Gj7bVlJnBbJtZ7OE1DAIRJlpS71sHXmUt2wZ3yKKRuySUOoBDKQH_iiYAMnXrZ-Zpe-sfB-TK2NcDO-Z_tzN-cEF71xVvLMIRlAPAoGAdeikZPh1O57RxnVY72asiMRZheMBhK-9uSNPyYEZv3bUnIjg4XdMYStF2yTHNu014XvkDSQTe-drv2BDs9ExKplM4xFOtDtPQQ3mMB3GoK1qVhM_9n1QEElreurMicahkalnPo6tU4Z6PFL7PTpjRnCN67lJp0J0fxNDL13YSagCgYBA9VJrMtPjzcAx5ZCIYJjrYUPqEG_ttQN2RJIHN3MVpdpLAMIgX3tnlfyLwQFVKK45D1JgFa_1HHcxTWGtdIX4nsIjPWt-cWCCCkkw9rM5_Iqcb-YLSood6IP2OK0w0XLD1STnFRy_BRwdjPbGOYmp6YrJDZAlajDkFSdRvsz9Vg=="), + 0); + NRw::TRwPublicKey pub(Base64Decode("MIIBBAKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1")); + + const TString data = "my magic data"; + + UNIT_ASSERT(pub.CheckSign(data, priv.SignTicket(data))); + UNIT_ASSERT(!pub.CheckSign("~~~~" + data, priv.SignTicket(data))); + UNIT_ASSERT(!pub.CheckSign(data, "~~~~" + priv.SignTicket(data))); + + UNIT_ASSERT(pub.CheckSign(data, + Base64Decode("EC5hZunmK3hOJZeov_XlNIXcwj5EsgX94lMd-tQJTNUO4NR6bCO7qQkKjEeFJmI2QFYXGY-iSf9WeMJ_brECAMyYAix-L8sZqcMPXD945QgkPsNQKyC0DX9FkgfSh6ZKkA-UvFSHrkn3QbeE9omk3-yXpqR-M8DlVqmp3mwdYlYRq0NdfTaD3AMXVA4aZTbW3OmhJoLJ8AxJ3w1oG5q_lk8dpW9vvqfIzsfPABme6sY5XyPmsjYaRDf9z4ZJgR-wTkG06_N_YzIklS5T2s_4FUKLz5gLMhsnVlNUpgZyRN9sXTAn9-zMJnCwAC8WRgykWnljPGDDJCjk-Xwsg7AOLQ=="))); + UNIT_ASSERT(pub.CheckSign(data, + Base64Decode("JbHSn1QEQeOEvzyt-LpawbQv4vPEEE05bWhjB2-MkoV-tyq9FykSqGqhP3ZFc1_FPrqguwEYrHibI2l5w3q8wnI1fcyRUoNuJxmBSzf2f_Uzn9ZoUSc7D9pTGSvK_hhZoL4YMc_VfbdEdnDuvHZNlZyaDPH9EbmUqyXjnXTEwRoK0fAU1rhlHvSZvnp0ctVBWSkaQsaU8dJTKDBtIQVP1D5Py2pKB2NBF_Ytz2thWt7iLjbTyjtis6DC-JKwjFBqv6nQf42sKalHQqWFuIvBCIfNUswEw4_sGfwWVSBBmFplf7FmD7sN8znUahYUPGCe1uFNly6WwpPJsm8VtiU80g=="))); + UNIT_ASSERT(pub.CheckSign(data, + Base64Decode("FeMZtDP-yuoNqK2HYw3JxTV9v7p8IoQEuRMtuHddafh4bq1ZOeEqg7g7Su6M3iq_kN9DZ_fVhuhuVcbZmNYPIvJ8oL5DE80KI3d1Qbs9mS8_X4Oq2TJpZgNfFG-z_LPRZSNRP9Q8sQhlAoSZHOSZkBFcYj1EuqEp6nSSSbX8Ji4Se-TfhIh3YFQkr-Ivk_3NmSXhDXUaW7CHo2rVm58QJ2cgSEuxzBH-Q8E8tGDCEmk4p3_iot9XY8RRN-_j0yi15etmXCUIKFbpDogtHdT8CyAEVHMYvsLqkLux9pzy3RdvNQmoPjol3wIm-H0wMtF_pMw4G2QLNev6he6xWeckxw=="))); + } + Y_UNIT_TEST(Keygen) { for (size_t idx = 0; idx < 100; ++idx) { NRw::TKeyPair pair = NRw::GenKeyPair(1024); NRw::TRwPrivateKey priv(pair.Private, 0); NRw::TRwPublicKey pub(pair.Public); - + const TString data = "my magic data"; TStringStream s; s << "data='" << data << "'."; @@ -196,5 +196,5 @@ Y_UNIT_TEST_SUITE(Rw) { s << "sign='" << Base64Encode(sign) << "'."; UNIT_ASSERT_C(pub.CheckSign(data, sign), s.Str()); } - } -} + } +} diff --git a/library/cpp/tvmauth/src/rw/ut/ya.make b/library/cpp/tvmauth/src/rw/ut/ya.make index 81dda79641..10321314d6 100644 --- a/library/cpp/tvmauth/src/rw/ut/ya.make +++ b/library/cpp/tvmauth/src/rw/ut/ya.make @@ -1,17 +1,17 @@ UNITTEST_FOR(library/cpp/tvmauth/src/rw) - + OWNER( g:passport_infra e-sidorov ezaitov ) - -SRCS( - rw_ut.cpp -) - -PEERDIR( + +SRCS( + rw_ut.cpp +) + +PEERDIR( library/cpp/string_utils/base64 -) - -END() +) + +END() diff --git a/library/cpp/tvmauth/src/rw/ya.make b/library/cpp/tvmauth/src/rw/ya.make index e2ef68d416..886c210d67 100644 --- a/library/cpp/tvmauth/src/rw/ya.make +++ b/library/cpp/tvmauth/src/rw/ya.make @@ -1,28 +1,28 @@ -LIBRARY(ticket_parser) - -OWNER( +LIBRARY(ticket_parser) + +OWNER( g:passport_infra - e-sidorov + e-sidorov ezaitov -) - -PEERDIR( - contrib/libs/openssl +) + +PEERDIR( + contrib/libs/openssl library/cpp/openssl/init -) - -SRCS( - keys.cpp - rw_asn1.c - rw_key.c - rw_lib.c - rw_ossl.c - rw_pss.c - rw_pss_sign.c - rw_sign.c -) - -END() +) + +SRCS( + keys.cpp + rw_asn1.c + rw_key.c + rw_lib.c + rw_ossl.c + rw_pss.c + rw_pss_sign.c + rw_sign.c +) + +END() RECURSE_FOR_TESTS( ut diff --git a/library/cpp/tvmauth/src/service_impl.cpp b/library/cpp/tvmauth/src/service_impl.cpp index 528a244647..570dda9cac 100644 --- a/library/cpp/tvmauth/src/service_impl.cpp +++ b/library/cpp/tvmauth/src/service_impl.cpp @@ -1,51 +1,51 @@ -#include "service_impl.h" - -#include "parser.h" -#include "utils.h" - +#include "service_impl.h" + +#include "parser.h" +#include "utils.h" + #include <library/cpp/tvmauth/exception.h> #include <library/cpp/tvmauth/ticket_status.h> - -#include <util/generic/strbuf.h> -#include <util/string/cast.h> -#include <util/string/split.h> - + +#include <util/generic/strbuf.h> +#include <util/string/cast.h> +#include <util/string/split.h> + namespace NTvmAuth { static const char* EX_MSG = "Method cannot be used in non-valid ticket"; TCheckedServiceTicket::TImpl::operator bool() const { return (Status_ == ETicketStatus::Ok); - } - + } + TTvmId TCheckedServiceTicket::TImpl::GetSrc() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); return ProtobufTicket_.service().srcclientid(); - } - + } + const TScopes& TCheckedServiceTicket::TImpl::GetScopes() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); if (CachedScopes_.empty()) { for (const auto& el : ProtobufTicket_.service().scopes()) { CachedScopes_.push_back(el); - } - } + } + } return CachedScopes_; - } - + } + bool TCheckedServiceTicket::TImpl::HasScope(TStringBuf scopeName) const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); return std::binary_search(ProtobufTicket_.service().scopes().begin(), ProtobufTicket_.service().scopes().end(), scopeName); - } - + } + ETicketStatus TCheckedServiceTicket::TImpl::GetStatus() const { return Status_; - } - + } + time_t TCheckedServiceTicket::TImpl::GetExpirationTime() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); return ProtobufTicket_.expirationtime(); - } - + } + TString TCheckedServiceTicket::TImpl::DebugInfo() const { if (CachedDebugInfo_) { return CachedDebugInfo_; @@ -54,17 +54,17 @@ namespace NTvmAuth { if (Status_ == ETicketStatus::Malformed) { CachedDebugInfo_ = "status=malformed;"; return CachedDebugInfo_; - } + } - TString targetString = "ticket_type="; + TString targetString = "ticket_type="; targetString.reserve(256); if (Status_ == ETicketStatus::InvalidTicketType) { - targetString.append("not-serv;"); + targetString.append("not-serv;"); CachedDebugInfo_ = targetString; - return targetString; - } + return targetString; + } - targetString.append("serv"); + targetString.append("serv"); if (ProtobufTicket_.has_expirationtime()) targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime())); if (ProtobufTicket_.service().has_srcclientid()) { @@ -74,17 +74,17 @@ namespace NTvmAuth { targetString.append(";dst=").append(IntToString<10>(ProtobufTicket_.service().dstclientid())); } for (const auto& scope : ProtobufTicket_.service().scopes()) { - targetString.append(";scope=").append(scope); - } + targetString.append(";scope=").append(scope); + } if (ProtobufTicket_.service().has_issueruid()) { targetString.append(";issuer_uid=").append(IntToString<10>(ProtobufTicket_.service().GetissuerUid())); } - targetString.append(";"); + targetString.append(";"); CachedDebugInfo_ = targetString; - return targetString; - } - + return targetString; + } + TMaybe<TUid> TCheckedServiceTicket::TImpl::GetIssuerUid() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); return ProtobufTicket_.service().has_issueruid() @@ -99,9 +99,9 @@ namespace NTvmAuth { TCheckedServiceTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket) : Status_(status) , ProtobufTicket_(std::move(protobufTicket)) - { - } - + { + } + TServiceTicketImplPtr TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus status, TTvmId src, TMaybe<TUid> issuerUid) { @@ -117,42 +117,42 @@ namespace NTvmAuth { TServiceContext::TImpl::TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse) : Secret_(ParseSecret(secretBase64)) , SelfTvmId_(selfTvmId) - { - ResetKeys(tvmKeysResponse); - } - + { + ResetKeys(tvmKeysResponse); + } + TServiceContext::TImpl::TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse) : SelfTvmId_(selfTvmId) - { - ResetKeys(tvmKeysResponse); - } - + { + ResetKeys(tvmKeysResponse); + } + TServiceContext::TImpl::TImpl(TStringBuf secretBase64) : Secret_(ParseSecret(secretBase64)) { } - void TServiceContext::TImpl::ResetKeys(TStringBuf tvmKeysResponse) { - tvm_keys::Keys protoKeys; - if (!protoKeys.ParseFromString(TParserTvmKeys::ParseStrV1(tvmKeysResponse))) { + void TServiceContext::TImpl::ResetKeys(TStringBuf tvmKeysResponse) { + tvm_keys::Keys protoKeys; + if (!protoKeys.ParseFromString(TParserTvmKeys::ParseStrV1(tvmKeysResponse))) { ythrow TMalformedTvmKeysException() << "Malformed TVM keys"; - } - - NRw::TPublicKeys keys; - for (int idx = 0; idx < protoKeys.tvm_size(); ++idx) { - const tvm_keys::TvmKey& k = protoKeys.tvm(idx); - keys.emplace(k.gen().id(), - k.gen().body()); - } - - if (keys.empty()) { + } + + NRw::TPublicKeys keys; + for (int idx = 0; idx < protoKeys.tvm_size(); ++idx) { + const tvm_keys::TvmKey& k = protoKeys.tvm(idx); + keys.emplace(k.gen().id(), + k.gen().body()); + } + + if (keys.empty()) { ythrow TEmptyTvmKeysException() << "Empty TVM keys"; - } - + } + Keys_ = std::move(keys); - } - - TServiceTicketImplPtr TServiceContext::TImpl::Check(TStringBuf ticketBody) const { + } + + TServiceTicketImplPtr TServiceContext::TImpl::Check(TStringBuf ticketBody) const { if (Keys_.empty()) { ythrow TEmptyTvmKeysException() << "Empty TVM keys"; } @@ -160,44 +160,44 @@ namespace NTvmAuth { TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::ServiceFlag()); if (res.Status != ETicketStatus::Ok) { return MakeHolder<TCheckedServiceTicket::TImpl>(res.Status, std::move(res.Ticket)); - } - + } + const ETicketStatus status = CheckProtobufServiceTicket(res.Ticket); return MakeHolder<TCheckedServiceTicket::TImpl>(status, std::move(res.Ticket)); - } - - TString TServiceContext::TImpl::SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes) const { + } + + TString TServiceContext::TImpl::SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes) const { if (Secret_.Value().empty()) { ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty"; - } + } return NUtils::SignCgiParamsForTvm(Secret_, ts, dst, scopes); - } - + } + ETicketStatus TServiceContext::TImpl::CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const { - if (!ticket.has_service()) { + if (!ticket.has_service()) { return ETicketStatus::Malformed; - } + } if (ticket.service().dstclientid() != SelfTvmId_) { return ETicketStatus::InvalidDst; - } + } return ETicketStatus::Ok; - } - - TString TServiceContext::TImpl::ParseSecret(TStringBuf secretBase64) { - while (secretBase64 && secretBase64.back() == '\n') { - secretBase64.Chop(1); - } - + } + + TString TServiceContext::TImpl::ParseSecret(TStringBuf secretBase64) { + while (secretBase64 && secretBase64.back() == '\n') { + secretBase64.Chop(1); + } + if (secretBase64.empty()) { ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty"; } - const TString secret = NUtils::Base64url2bin(secretBase64); - if (secret.empty()) { + const TString secret = NUtils::Base64url2bin(secretBase64); + if (secret.empty()) { ythrow TMalformedTvmSecretException() << "Malformed TVM secret: invalid base64url"; - } - - return secret; - } - + } + + return secret; + } + } diff --git a/library/cpp/tvmauth/src/service_impl.h b/library/cpp/tvmauth/src/service_impl.h index 18dd4ec335..a97691cede 100644 --- a/library/cpp/tvmauth/src/service_impl.h +++ b/library/cpp/tvmauth/src/service_impl.h @@ -1,77 +1,77 @@ -#pragma once - +#pragma once + #include <library/cpp/tvmauth/src/protos/ticket2.pb.h> #include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h> #include <library/cpp/tvmauth/src/rw/keys.h> - + #include <library/cpp/tvmauth/type.h> #include <library/cpp/tvmauth/deprecated/service_context.h> - + #include <library/cpp/charset/ci_string.h> #include <library/cpp/string_utils/secret_string/secret_string.h> - + #include <util/generic/maybe.h> -#include <string> - +#include <string> + namespace NTvmAuth { using TServiceTicketImplPtr = THolder<TCheckedServiceTicket::TImpl>; class TCheckedServiceTicket::TImpl { - public: + public: explicit operator bool() const; - + TTvmId GetSrc() const; - const TScopes& GetScopes() const; - bool HasScope(TStringBuf scopeName) const; + const TScopes& GetScopes() const; + bool HasScope(TStringBuf scopeName) const; ETicketStatus GetStatus() const; - time_t GetExpirationTime() const; - - TString DebugInfo() const; + time_t GetExpirationTime() const; + + TString DebugInfo() const; TMaybe<TUid> GetIssuerUid() const; - + void SetStatus(ETicketStatus status); - /*! - * Constructor for creation invalid ticket storing error status in TServiceContext - * @param status - * @param protobufTicket - */ + /*! + * Constructor for creation invalid ticket storing error status in TServiceContext + * @param status + * @param protobufTicket + */ TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket); - + static TServiceTicketImplPtr CreateTicketForTests(ETicketStatus status, TTvmId src, TMaybe<TUid> issuerUid); - private: + private: ETicketStatus Status_; ticket2::Ticket ProtobufTicket_; mutable TScopes CachedScopes_; mutable TString CachedDebugInfo_; - }; - - class TServiceContext::TImpl { - public: + }; + + class TServiceContext::TImpl { + public: TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse); TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse); TImpl(TStringBuf secretBase64); - - void ResetKeys(TStringBuf tvmKeysResponse); - - TServiceTicketImplPtr Check(TStringBuf ticketBody) const; - TString SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes = TStringBuf()) const; - - const NRw::TPublicKeys& GetKeys() const { // for tests + + void ResetKeys(TStringBuf tvmKeysResponse); + + TServiceTicketImplPtr Check(TStringBuf ticketBody) const; + TString SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes = TStringBuf()) const; + + const NRw::TPublicKeys& GetKeys() const { // for tests return Keys_; - } - - private: + } + + private: ETicketStatus CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const; - static TString ParseSecret(TStringBuf secretBase64); - + static TString ParseSecret(TStringBuf secretBase64); + NRw::TPublicKeys Keys_; const NSecretString::TSecretString Secret_; const TTvmId SelfTvmId_ = 0; - + ::google::protobuf::LogSilencer LogSilencer_; - }; + }; } diff --git a/library/cpp/tvmauth/src/status.cpp b/library/cpp/tvmauth/src/status.cpp index 1b08fc098f..1fc112d618 100644 --- a/library/cpp/tvmauth/src/status.cpp +++ b/library/cpp/tvmauth/src/status.cpp @@ -1,32 +1,32 @@ #include <library/cpp/tvmauth/ticket_status.h> - + #include <util/generic/yexception.h> namespace NTvmAuth { TStringBuf StatusToString(ETicketStatus st) { - switch (st) { + switch (st) { case ETicketStatus::Ok: - return "OK"; + return "OK"; case ETicketStatus::Expired: - return "Expired ticket"; + return "Expired ticket"; case ETicketStatus::InvalidBlackboxEnv: - return "Invalid BlackBox environment"; + return "Invalid BlackBox environment"; case ETicketStatus::InvalidDst: - return "Invalid ticket destination"; + return "Invalid ticket destination"; case ETicketStatus::InvalidTicketType: - return "Invalid ticket type"; + return "Invalid ticket type"; case ETicketStatus::Malformed: - return "Malformed ticket"; + return "Malformed ticket"; case ETicketStatus::MissingKey: return "Context does not have required key to check ticket: public keys are too old"; case ETicketStatus::SignBroken: - return "Invalid ticket signature"; + return "Invalid ticket signature"; case ETicketStatus::UnsupportedVersion: - return "Unsupported ticket version"; + return "Unsupported ticket version"; case ETicketStatus::NoRoles: return "Subject (src or defaultUid) does not have any roles in IDM"; - } - + } + ythrow yexception() << "Unexpected status: " << static_cast<int>(st); - } + } } diff --git a/library/cpp/tvmauth/src/user_impl.cpp b/library/cpp/tvmauth/src/user_impl.cpp index 33002968d2..f954c3b89e 100644 --- a/library/cpp/tvmauth/src/user_impl.cpp +++ b/library/cpp/tvmauth/src/user_impl.cpp @@ -1,16 +1,16 @@ -#include "user_impl.h" - -#include "parser.h" - +#include "user_impl.h" + +#include "parser.h" + #include <library/cpp/tvmauth/exception.h> #include <library/cpp/tvmauth/ticket_status.h> - -#include <util/generic/strbuf.h> -#include <util/string/cast.h> -#include <util/string/split.h> - -#include <algorithm> - + +#include <util/generic/strbuf.h> +#include <util/string/cast.h> +#include <util/string/split.h> + +#include <algorithm> + namespace NTvmAuth { static const char* EX_MSG = "Method cannot be used in non-valid ticket"; @@ -33,47 +33,47 @@ namespace NTvmAuth { TCheckedUserTicket::TImpl::operator bool() const { return (Status_ == ETicketStatus::Ok); - } - + } + TUid TCheckedUserTicket::TImpl::GetDefaultUid() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); return ProtobufTicket_.user().defaultuid(); - } + } time_t TCheckedUserTicket::TImpl::GetExpirationTime() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); return ProtobufTicket_.expirationtime(); - } - + } + const TScopes& TCheckedUserTicket::TImpl::GetScopes() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); if (CachedScopes_.empty()) { for (const auto& el : ProtobufTicket_.user().scopes()) { CachedScopes_.push_back(el); - } - } + } + } return CachedScopes_; - } - + } + bool TCheckedUserTicket::TImpl::HasScope(TStringBuf scopeName) const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); return std::binary_search(ProtobufTicket_.user().scopes().begin(), ProtobufTicket_.user().scopes().end(), scopeName); - } - + } + ETicketStatus TCheckedUserTicket::TImpl::GetStatus() const { return Status_; - } - + } + const TUids& TCheckedUserTicket::TImpl::GetUids() const { Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG); if (CachedUids_.empty()) { for (const auto& user : ProtobufTicket_.user().users()) { CachedUids_.push_back(user.uid()); - } - } + } + } return CachedUids_; - } - + } + TString TCheckedUserTicket::TImpl::DebugInfo() const { if (CachedDebugInfo_) { return CachedDebugInfo_; @@ -82,38 +82,38 @@ namespace NTvmAuth { if (Status_ == ETicketStatus::Malformed) { CachedDebugInfo_ = "status=malformed;"; return CachedDebugInfo_; - } + } - TString targetString = "ticket_type="; + TString targetString = "ticket_type="; targetString.reserve(256); if (Status_ == ETicketStatus::InvalidTicketType) { - targetString.append("not-user;"); + targetString.append("not-user;"); CachedDebugInfo_ = targetString; - return targetString; - } + return targetString; + } - targetString.append("user"); + targetString.append("user"); if (ProtobufTicket_.expirationtime() > 0) targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime())); for (const auto& scope : ProtobufTicket_.user().scopes()) { - targetString.append(";scope=").append(scope); - } + targetString.append(";scope=").append(scope); + } if (ProtobufTicket_.user().defaultuid() > 0) targetString.append(";default_uid=").append(IntToString<10>(ProtobufTicket_.user().defaultuid())); for (const auto& user : ProtobufTicket_.user().users()) { - targetString.append(";uid=").append(IntToString<10>(user.uid())); - } + targetString.append(";uid=").append(IntToString<10>(user.uid())); + } targetString.append(";env="); EBlackboxEnv environment = static_cast<EBlackboxEnv>(ProtobufTicket_.user().env()); targetString.append(GetBlackboxEnvAsString(environment)); - targetString.append(";"); + targetString.append(";"); CachedDebugInfo_ = targetString; - return targetString; - } - + return targetString; + } + EBlackboxEnv TCheckedUserTicket::TImpl::GetEnv() const { return (EBlackboxEnv)ProtobufTicket_.user().env(); } @@ -125,9 +125,9 @@ namespace NTvmAuth { TCheckedUserTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket) : Status_(status) , ProtobufTicket_(std::move(protobufTicket)) - { - } - + { + } + TUserTicketImplPtr TCheckedUserTicket::TImpl::CreateTicketForTests(ETicketStatus status, TUid defaultUid, TScopes scopes, @@ -167,75 +167,75 @@ namespace NTvmAuth { return MakeHolder<TImpl>(status, std::move(proto)); } - TUserContext::TImpl::TImpl(EBlackboxEnv env, TStringBuf tvmKeysResponse) + TUserContext::TImpl::TImpl(EBlackboxEnv env, TStringBuf tvmKeysResponse) : Env_(env) - { - ResetKeys(tvmKeysResponse); - } - - void TUserContext::TImpl::ResetKeys(TStringBuf tvmKeysResponse) { - tvm_keys::Keys protoKeys; - if (!protoKeys.ParseFromString(TParserTvmKeys::ParseStrV1(tvmKeysResponse))) { + { + ResetKeys(tvmKeysResponse); + } + + void TUserContext::TImpl::ResetKeys(TStringBuf tvmKeysResponse) { + tvm_keys::Keys protoKeys; + if (!protoKeys.ParseFromString(TParserTvmKeys::ParseStrV1(tvmKeysResponse))) { ythrow TMalformedTvmKeysException() << "Malformed TVM keys"; - } - - NRw::TPublicKeys keys; - for (int idx = 0; idx < protoKeys.bb_size(); ++idx) { - const tvm_keys::BbKey& k = protoKeys.bb(idx); + } + + NRw::TPublicKeys keys; + for (int idx = 0; idx < protoKeys.bb_size(); ++idx) { + const tvm_keys::BbKey& k = protoKeys.bb(idx); if (IsAllowed(k.env())) { - keys.emplace(k.gen().id(), - k.gen().body()); - } - } - - if (keys.empty()) { + keys.emplace(k.gen().id(), + k.gen().body()); + } + } + + if (keys.empty()) { ythrow TEmptyTvmKeysException() << "Empty TVM keys"; - } - + } + Keys_ = std::move(keys); - } - - TUserTicketImplPtr TUserContext::TImpl::Check(TStringBuf ticketBody) const { + } + + TUserTicketImplPtr TUserContext::TImpl::Check(TStringBuf ticketBody) const { TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::UserFlag()); ETicketStatus status = CheckProtobufUserTicket(res.Ticket); - + if (res.Status != ETicketStatus::Ok && !(res.Status == ETicketStatus::MissingKey && status == ETicketStatus::InvalidBlackboxEnv)) { - status = res.Status; - } + status = res.Status; + } return MakeHolder<TCheckedUserTicket::TImpl>(status, std::move(res.Ticket)); - } - + } + ETicketStatus TUserContext::TImpl::CheckProtobufUserTicket(const ticket2::Ticket& ticket) const { - if (!ticket.has_user()) { + if (!ticket.has_user()) { return ETicketStatus::Malformed; - } + } if (!IsAllowed(ticket.user().env())) { return ETicketStatus::InvalidBlackboxEnv; - } + } return ETicketStatus::Ok; - } - - const NRw::TPublicKeys& TUserContext::TImpl::GetKeys() const { + } + + const NRw::TPublicKeys& TUserContext::TImpl::GetKeys() const { return Keys_; - } - + } + bool TUserContext::TImpl::IsAllowed(tvm_keys::BbEnvType env) const { if (env == tvm_keys::Prod && (Env_ == EBlackboxEnv::Prod || Env_ == EBlackboxEnv::Stress)) { - return true; - } + return true; + } if (env == tvm_keys::ProdYateam && Env_ == EBlackboxEnv::ProdYateam) { - return true; - } + return true; + } if (env == tvm_keys::Test && Env_ == EBlackboxEnv::Test) { - return true; - } + return true; + } if (env == tvm_keys::TestYateam && Env_ == EBlackboxEnv::TestYateam) { - return true; - } + return true; + } if (env == tvm_keys::Stress && Env_ == EBlackboxEnv::Stress) { - return true; - } - - return false; - } + return true; + } + + return false; + } } diff --git a/library/cpp/tvmauth/src/user_impl.h b/library/cpp/tvmauth/src/user_impl.h index e3f1099b90..6ed7c213dc 100644 --- a/library/cpp/tvmauth/src/user_impl.h +++ b/library/cpp/tvmauth/src/user_impl.h @@ -1,72 +1,72 @@ -#pragma once - +#pragma once + #include <library/cpp/tvmauth/src/protos/ticket2.pb.h> #include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h> #include <library/cpp/tvmauth/src/rw/keys.h> - + #include <library/cpp/tvmauth/deprecated/user_context.h> - + #include <library/cpp/charset/ci_string.h> - -#include <unordered_map> - + +#include <unordered_map> + namespace NTvmAuth { using TUserTicketImplPtr = THolder<TCheckedUserTicket::TImpl>; class TCheckedUserTicket::TImpl { - public: + public: explicit operator bool() const; - - TUid GetDefaultUid() const; - time_t GetExpirationTime() const; - const TScopes& GetScopes() const; - bool HasScope(TStringBuf scopeName) const; + + TUid GetDefaultUid() const; + time_t GetExpirationTime() const; + const TScopes& GetScopes() const; + bool HasScope(TStringBuf scopeName) const; ETicketStatus GetStatus() const; - const TUids& GetUids() const; - - TString DebugInfo() const; - + const TUids& GetUids() const; + + TString DebugInfo() const; + EBlackboxEnv GetEnv() const; void SetStatus(ETicketStatus status); - /*! - * Constructor for creation invalid ticket storing error status in TServiceContext - * @param status - * @param protobufTicket - */ + /*! + * Constructor for creation invalid ticket storing error status in TServiceContext + * @param status + * @param protobufTicket + */ TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket); - + static TUserTicketImplPtr CreateTicketForTests(ETicketStatus status, TUid defaultUid, TScopes scopes, TUids uids, EBlackboxEnv env = EBlackboxEnv::Test); - private: - static const int MaxUserCount = 15; - + private: + static const int MaxUserCount = 15; + ETicketStatus Status_; ticket2::Ticket ProtobufTicket_; mutable TScopes CachedScopes_; mutable TUids CachedUids_; mutable TString CachedDebugInfo_; - }; - - class TUserContext::TImpl { - public: - TImpl(EBlackboxEnv env, TStringBuf tvmKeysResponse); - void ResetKeys(TStringBuf tvmKeysResponse); - - TUserTicketImplPtr Check(TStringBuf ticketBody) const; - const NRw::TPublicKeys& GetKeys() const; - + }; + + class TUserContext::TImpl { + public: + TImpl(EBlackboxEnv env, TStringBuf tvmKeysResponse); + void ResetKeys(TStringBuf tvmKeysResponse); + + TUserTicketImplPtr Check(TStringBuf ticketBody) const; + const NRw::TPublicKeys& GetKeys() const; + bool IsAllowed(tvm_keys::BbEnvType env) const; - - private: + + private: ETicketStatus CheckProtobufUserTicket(const ticket2::Ticket& ticket) const; - + NRw::TPublicKeys Keys_; EBlackboxEnv Env_; ::google::protobuf::LogSilencer LogSilencer_; - }; + }; } diff --git a/library/cpp/tvmauth/src/ut/parser_ut.cpp b/library/cpp/tvmauth/src/ut/parser_ut.cpp index 530f45331a..aa7a49c78d 100644 --- a/library/cpp/tvmauth/src/ut/parser_ut.cpp +++ b/library/cpp/tvmauth/src/ut/parser_ut.cpp @@ -1,71 +1,71 @@ #include <library/cpp/tvmauth/src/parser.h> #include <library/cpp/tvmauth/src/utils.h> - + #include <library/cpp/tvmauth/exception.h> #include <library/cpp/tvmauth/ticket_status.h> - + #include <library/cpp/testing/unittest/registar.h> Y_UNIT_TEST_SUITE(ParserTestSuite) { using namespace NTvmAuth; - + Y_UNIT_TEST(Keys) { - UNIT_ASSERT_EXCEPTION(TParserTvmKeys::ParseStrV1("2:asds"), TMalformedTvmKeysException); - UNIT_ASSERT_EXCEPTION(TParserTvmKeys::ParseStrV1("3:asds"), TMalformedTvmKeysException); - UNIT_ASSERT_EXCEPTION(TParserTvmKeys::ParseStrV1("1:+a/sds"), TMalformedTvmKeysException); - + UNIT_ASSERT_EXCEPTION(TParserTvmKeys::ParseStrV1("2:asds"), TMalformedTvmKeysException); + UNIT_ASSERT_EXCEPTION(TParserTvmKeys::ParseStrV1("3:asds"), TMalformedTvmKeysException); + UNIT_ASSERT_EXCEPTION(TParserTvmKeys::ParseStrV1("1:+a/sds"), TMalformedTvmKeysException); + UNIT_ASSERT_VALUES_EQUAL("sdsd", NUtils::Bin2base64url(TParserTvmKeys::ParseStrV1("1:sdsd"))); - } - + } + Y_UNIT_TEST(TicketsStrV3) { UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Ok, - NUtils::Base64url2bin("CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg"), - NUtils::Base64url2bin("ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"), - "3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:"}), - TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - TParserTickets::ServiceFlag())); + NUtils::Base64url2bin("CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg"), + NUtils::Base64url2bin("ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"), + "3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:"}), + TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + TParserTickets::ServiceFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::UnsupportedVersion, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("2:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - TParserTickets::ServiceFlag())); + {}, + {}, + {}}), + TParserTickets::ParseStrV3("2:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + TParserTickets::ServiceFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::InvalidTicketType, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - TParserTickets::UserFlag())); + {}, + {}, + {}}), + TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + TParserTickets::UserFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("3:serv::ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - TParserTickets::ServiceFlag())); + {}, + {}, + {}}), + TParserTickets::ParseStrV3("3:serv::ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + TParserTickets::ServiceFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:", - TParserTickets::ServiceFlag())); + {}, + {}, + {}}), + TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:", + TParserTickets::ServiceFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA:asd", - TParserTickets::ServiceFlag())); + {}, + {}, + {}}), + TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA:asd", + TParserTickets::ServiceFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("3:serv:CgY+-*/IDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - TParserTickets::ServiceFlag())); + {}, + {}, + {}}), + TParserTickets::ParseStrV3("3:serv:CgY+-*/IDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + TParserTickets::ServiceFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, - {}, - {}, - {}}), - TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERme/*-+H_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - TParserTickets::ServiceFlag())); + {}, + {}, + {}}), + TParserTickets::ParseStrV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERme/*-+H_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + TParserTickets::ServiceFlag())); UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Malformed, {}, {}, @@ -78,66 +78,66 @@ Y_UNIT_TEST_SUITE(ParserTestSuite) { {}}), TParserTickets::ParseStrV3("'", TParserTickets::ServiceFlag())); - - // Invalid proto + + // Invalid proto UNIT_ASSERT_EQUAL(TParserTickets::TStrRes({ETicketStatus::Ok, - NUtils::Base64url2bin("YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg"), - NUtils::Base64url2bin("ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"), - "3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:"}), - TParserTickets::ParseStrV3("3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - TParserTickets::ServiceFlag())); - } - + NUtils::Base64url2bin("YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg"), + NUtils::Base64url2bin("ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"), + "3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:"}), + TParserTickets::ParseStrV3("3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + TParserTickets::ServiceFlag())); + } + Y_UNIT_TEST(TicketsV3) { - NRw::TPublicKeys pub; - + NRw::TPublicKeys pub; + UNIT_ASSERT_EQUAL(ETicketStatus::Malformed, - TParserTickets::ParseV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERme/*-+H_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - pub, - TParserTickets::ServiceFlag()) - .Status); - - // Invalid proto + TParserTickets::ParseV3("3:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERme/*-+H_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + pub, + TParserTickets::ServiceFlag()) + .Status); + + // Invalid proto UNIT_ASSERT_EQUAL(ETicketStatus::Malformed, - TParserTickets::ParseV3("3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", - pub, - TParserTickets::ServiceFlag()) - .Status); - - // Expire time == 100500 + TParserTickets::ParseV3("3:serv:YIDRCUkQYBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA", + pub, + TParserTickets::ServiceFlag()) + .Status); + + // Expire time == 100500 UNIT_ASSERT_EQUAL(ETicketStatus::Expired, - TParserTickets::ParseV3("3:serv:CBAQlJEGIhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:HEzPbsjULegBvgX3nqwFX0GfVhESmN1kEWyeT7U03KAR-sQnNYgm6IuN-b9-lQYQKAJSW6p8ffyucC1yDrWSWRxXVzHJUxAVW4hnbiFDtXrurnEdpMK3izKbmTY25PJ4vH3_TkRXk-_oSAE8RvIFKXlh-aw1tezbXBUpJKvyJ0w", - pub, - TParserTickets::ServiceFlag()) - .Status); - + TParserTickets::ParseV3("3:serv:CBAQlJEGIhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:HEzPbsjULegBvgX3nqwFX0GfVhESmN1kEWyeT7U03KAR-sQnNYgm6IuN-b9-lQYQKAJSW6p8ffyucC1yDrWSWRxXVzHJUxAVW4hnbiFDtXrurnEdpMK3izKbmTY25PJ4vH3_TkRXk-_oSAE8RvIFKXlh-aw1tezbXBUpJKvyJ0w", + pub, + TParserTickets::ServiceFlag()) + .Status); + UNIT_ASSERT_EQUAL(ETicketStatus::MissingKey, - TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", - pub, - TParserTickets::ServiceFlag()) - .Status); - - pub.emplace(16, NRw::TRwPublicKey(NUtils::Base64url2bin("MIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbN"))); + TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", + pub, + TParserTickets::ServiceFlag()) + .Status); + + pub.emplace(16, NRw::TRwPublicKey(NUtils::Base64url2bin("MIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbN"))); UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, - TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMa:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", - pub, - TParserTickets::ServiceFlag()) - .Status); + TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMa:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", + pub, + TParserTickets::ServiceFlag()) + .Status); UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, - TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qa", - pub, - TParserTickets::ServiceFlag()) - .Status); + TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qa", + pub, + TParserTickets::ServiceFlag()) + .Status); UNIT_ASSERT_EQUAL(ETicketStatus::SignBroken, TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:EbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", - pub, - TParserTickets::ServiceFlag()) - .Status); - + pub, + TParserTickets::ServiceFlag()) + .Status); + UNIT_ASSERT_EQUAL(ETicketStatus::Ok, - TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", - pub, - TParserTickets::ServiceFlag()) - .Status); - } -} + TParserTickets::ParseV3("3:serv:CBAQ__________9_IhcIDBAcGgdiYjpzZXNzGghiYjpzZXNzMg:OKjKEbygehEZWH0XEeLzvf0q0aS0VvSk_CKSXGdpqxPbE4RzU70jeM-X9rXVpbYjt76VgBLlBpumJdyiclulfGPDPiL8nwJuu8AnWIR_o-QqyXbsloo2_syE6w2aYw2Yw_5_qjnipYdxGUWegHAGCj3yeMde6O2BmNZ0OCfg6qU", + pub, + TParserTickets::ServiceFlag()) + .Status); + } +} diff --git a/library/cpp/tvmauth/src/ut/public_ut.cpp b/library/cpp/tvmauth/src/ut/public_ut.cpp index 74a483d57b..9b96bb7065 100644 --- a/library/cpp/tvmauth/src/ut/public_ut.cpp +++ b/library/cpp/tvmauth/src/ut/public_ut.cpp @@ -1,11 +1,11 @@ // DO_NOT_STYLE #include <library/cpp/tvmauth/src/service_impl.h> #include <library/cpp/tvmauth/src/user_impl.h> - + #include <library/cpp/tvmauth/exception.h> #include <library/cpp/tvmauth/ticket_status.h> #include <library/cpp/tvmauth/unittest.h> - + #include <library/cpp/testing/unittest/registar.h> using namespace NTvmAuth; @@ -30,24 +30,24 @@ Y_UNIT_TEST_SUITE(CommonPublicInterfaceTestSuite){ StatusToString(ETicketStatus::MissingKey)); UNIT_ASSERT_VALUES_EQUAL("Unsupported ticket version", StatusToString(ETicketStatus::UnsupportedVersion)); - } + } } - + Y_UNIT_TEST_SUITE(PublicInterfaceServiceTestSuite) { - static const TString EMPTY_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAE"; - static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; - static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; - static const TString MALFORMED_TVM_SECRET = "adcvxcv./-+"; + static const TString EMPTY_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAE"; + static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; + static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; + static const TString MALFORMED_TVM_SECRET = "adcvxcv./-+"; static const TTvmId NOT_OUR_ID = 27; static const TTvmId OUR_ID = 28; - static const TString SECRET = "GRMJrKnj4fOVnvOqe-WyD1"; - static const TString SERVICE_TICKET_PROTOBUF = "CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My"; + static const TString SECRET = "GRMJrKnj4fOVnvOqe-WyD1"; + static const TString SERVICE_TICKET_PROTOBUF = "CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My"; static const TTvmId SRC_ID = 229; - static const TString UNSUPPORTED_VERSION_SERVICE_TICKET = "2:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; - static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; - static const TString VALID_SERVICE_TICKET_2 = "3:serv:CBAQ__________9_IskICOUBEBwaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTk:JYmABAVLM6y7_T4n1pRcwBfwDfzMV4JJ3cpbEG617zdGgKRZwL7MalsYn5bq1F2ibujMrsF9nzZf8l4s_e-Ivjkz_xu4KMzSp-pUh9V7XIF_smj0WHYpv6gOvWNuK8uIvlZTTKwtQX0qZOL9m-MEeZiHoQPKZGCfJ_qxMUp-J8I"; - static const TString VALID_SERVICE_TICKET_3 = "3:serv:CBAQ__________9_IgUI5QEQHA:Sd6tmA1CNy2Nf7XevC3x7zr2DrGNRmcl-TxUsDtDW2xI3YXyCxBltWeg0-KtDlqyYuPOP5Jd_-XXNA12KlOPnNzrz3jm-5z8uQl6CjCcrVHUHJ75pGC8r9UOlS8cOgeXQB5dYP-fOWyo5CNadlozx1S2meCIxncbQRV1kCBi4KU"; - + static const TString UNSUPPORTED_VERSION_SERVICE_TICKET = "2:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; + static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; + static const TString VALID_SERVICE_TICKET_2 = "3:serv:CBAQ__________9_IskICOUBEBwaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTk:JYmABAVLM6y7_T4n1pRcwBfwDfzMV4JJ3cpbEG617zdGgKRZwL7MalsYn5bq1F2ibujMrsF9nzZf8l4s_e-Ivjkz_xu4KMzSp-pUh9V7XIF_smj0WHYpv6gOvWNuK8uIvlZTTKwtQX0qZOL9m-MEeZiHoQPKZGCfJ_qxMUp-J8I"; + static const TString VALID_SERVICE_TICKET_3 = "3:serv:CBAQ__________9_IgUI5QEQHA:Sd6tmA1CNy2Nf7XevC3x7zr2DrGNRmcl-TxUsDtDW2xI3YXyCxBltWeg0-KtDlqyYuPOP5Jd_-XXNA12KlOPnNzrz3jm-5z8uQl6CjCcrVHUHJ75pGC8r9UOlS8cOgeXQB5dYP-fOWyo5CNadlozx1S2meCIxncbQRV1kCBi4KU"; + Y_UNIT_TEST(BlackboxTvmIdTest) { UNIT_ASSERT_VALUES_EQUAL("222", NBlackboxTvmId::Prod); UNIT_ASSERT_VALUES_EQUAL("224", NBlackboxTvmId::Test); @@ -56,45 +56,45 @@ Y_UNIT_TEST_SUITE(PublicInterfaceServiceTestSuite) { UNIT_ASSERT_VALUES_EQUAL("226", NBlackboxTvmId::Stress); UNIT_ASSERT_VALUES_EQUAL("239", NBlackboxTvmId::Mimino); } - + Y_UNIT_TEST(Case1Test) { TServiceContext context1(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - TServiceContext context2 = std::move(context1); - TServiceContext context3(std::move(context2)); - + TServiceContext context2 = std::move(context1); + TServiceContext context3(std::move(context2)); + TCheckedServiceTicket checkedTicket1 = context3.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket1.GetStatus()); TCheckedServiceTicket checkedTicket2 = std::move(checkedTicket1); TCheckedServiceTicket checkedTicket3(std::move(checkedTicket2)); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket3.GetStatus()); - } - + } + Y_UNIT_TEST(ContextExceptionsTest) { UNIT_ASSERT_EXCEPTION(TServiceContext(SECRET, OUR_ID, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); UNIT_ASSERT_EXCEPTION(TServiceContext(SECRET, OUR_ID, EMPTY_TVM_KEYS), TEmptyTvmKeysException); UNIT_ASSERT_EXCEPTION(TServiceContext(MALFORMED_TVM_SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS), TMalformedTvmSecretException); } - + Y_UNIT_TEST(ContextSignTest) { TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_VALUES_EQUAL( - "NsPTYak4Cfk-4vgau5lab3W4GPiTtb2etuj3y4MDPrk", + "NsPTYak4Cfk-4vgau5lab3W4GPiTtb2etuj3y4MDPrk", context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "")); } - + Y_UNIT_TEST(ContextSignExceptionTest) { TServiceContext context = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_EXCEPTION( - context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", ""), - TMalformedTvmSecretException - ); + UNIT_ASSERT_EXCEPTION( + context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", ""), + TMalformedTvmSecretException + ); context = TServiceContext::SigningFactory(SECRET); UNIT_ASSERT_NO_EXCEPTION( context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "") ); } - + Y_UNIT_TEST(ContextCheckExceptionTest) { TServiceContext context = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_NO_EXCEPTION( @@ -113,60 +113,60 @@ Y_UNIT_TEST_SUITE(PublicInterfaceServiceTestSuite) { TServiceContext context1(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); TServiceContext context2 = TServiceContext::CheckingFactory(OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); } - + Y_UNIT_TEST(Ticket1Test) { TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); - UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket.GetSrc()); + UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket.GetSrc()); UNIT_ASSERT_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess2;", checkedTicket.DebugInfo()); } - + Y_UNIT_TEST(Ticket2Test) { TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_2); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_2); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;", checkedTicket.DebugInfo()); } Y_UNIT_TEST(Ticket3Test) { TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_3); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_3); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;", checkedTicket.DebugInfo()); } - + Y_UNIT_TEST(TicketCheckingTest) { TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto ticket = context.Check(VALID_SERVICE_TICKET_1); + auto ticket = context.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, ticket.GetStatus()); - UNIT_ASSERT_EQUAL(SRC_ID, ticket.GetSrc()); + UNIT_ASSERT_EQUAL(SRC_ID, ticket.GetSrc()); } - + Y_UNIT_TEST(TicketErrorsTest) { TServiceContext context(SECRET, NOT_OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket1 = context.Check(VALID_SERVICE_TICKET_1); + auto checkedTicket1 = context.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::InvalidDst, checkedTicket1.GetStatus()); - - auto checkedTicket2 = context.Check(UNSUPPORTED_VERSION_SERVICE_TICKET); + + auto checkedTicket2 = context.Check(UNSUPPORTED_VERSION_SERVICE_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket2.GetStatus()); - - auto checkedTicket3 = context.Check(EXPIRED_SERVICE_TICKET); + + auto checkedTicket3 = context.Check(EXPIRED_SERVICE_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket3.GetStatus()); } - + Y_UNIT_TEST(TicketExceptionsTest) { TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(EXPIRED_SERVICE_TICKET); + auto checkedTicket = context.Check(EXPIRED_SERVICE_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket.GetStatus()); - - UNIT_ASSERT(!bool(checkedTicket)); - UNIT_ASSERT_EXCEPTION(checkedTicket.GetSrc(), TNotAllowedException); - UNIT_ASSERT_NO_EXCEPTION(bool(checkedTicket)); - UNIT_ASSERT_NO_EXCEPTION(checkedTicket.DebugInfo()); - UNIT_ASSERT_NO_EXCEPTION(checkedTicket.GetStatus()); + + UNIT_ASSERT(!bool(checkedTicket)); + UNIT_ASSERT_EXCEPTION(checkedTicket.GetSrc(), TNotAllowedException); + UNIT_ASSERT_NO_EXCEPTION(bool(checkedTicket)); + UNIT_ASSERT_NO_EXCEPTION(checkedTicket.DebugInfo()); + UNIT_ASSERT_NO_EXCEPTION(checkedTicket.GetStatus()); } - + Y_UNIT_TEST(RemoveSignatureTest) { UNIT_ASSERT_VALUES_EQUAL("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds", NUtils::RemoveTicketSignature("1:serv:ASDkljbjhsdbfLJHABFJHBslfbsfjs:asdxcvbxcvniueliuweklsvds")); @@ -185,106 +185,106 @@ Y_UNIT_TEST_SUITE(PublicInterfaceServiceTestSuite) { UNIT_ASSERT_VALUES_EQUAL("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf", NUtils::RemoveTicketSignature("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf")); } - + Y_UNIT_TEST(ResetKeysTest) { TServiceContext context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); TCheckedServiceTicket checkedTicket = context.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); } } - + Y_UNIT_TEST_SUITE(PublicInterfaceUserTestSuite) { - static const TString EMPTY_TVM_KEYS = "1:EpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQY"; - static const TString EXPIRED_USER_TICKET = "3:user:CA0QABokCgMIyAMKAgh7EMgDGghiYjpzZXNzMRoIYmI6c2VzczIgEigB:D0CmYVwWg91LDYejjeQ2UP8AeiA_mr1q1CUD_lfJ9zQSEYEOYGDTafg4Um2rwOOvQnsD1JHM4zHyMUJ6Jtp9GAm5pmhbXBBZqaCcJpyxLTEC8a81MhJFCCJRvu_G1FiAgRgB25gI3HIbkvHFUEqAIC_nANy7NFQnbKk2S-EQPGY"; - static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; - static const TString UNSUPPORTED_VERSION_USER_TICKET = "2:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; - static const TString USER_TICKET_PROTOBUF = "CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE"; - static const TString VALID_USER_TICKET_1 = "3:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; - static const TString VALID_USER_TICKET_2 = "3:user:CA0Q__________9_GhAKAwjIAwoCCHsQyAMgEigB:KRibGYTJUA2ns0Fn7VYqeMZ1-GdscB1o9pRzELyr7QJrJsfsE8Y_HoVvB8Npr-oalv6AXOpagSc8HpZjAQz8zKMAVE_tI0tL-9DEsHirpawEbpy7OWV7-k18o1m-RaDaKeTlIB45KHbBul1-9aeKkortBfbbXtz_Qy9r_mfFPiQ"; - static const TString VALID_USER_TICKET_3 = "3:user:CA0Q__________9_Go8bCgIIAAoCCAEKAggCCgIIAwoCCAQKAggFCgIIBgoCCAcKAggICgIICQoCCAoKAggLCgIIDAoCCA0KAggOCgIIDwoCCBAKAggRCgIIEgoCCBMKAggUCgIIFQoCCBYKAggXCgIIGAoCCBkKAggaCgIIGwoCCBwKAggdCgIIHgoCCB8KAgggCgIIIQoCCCIKAggjCgIIJAoCCCUKAggmCgIIJwoCCCgKAggpCgIIKgoCCCsKAggsCgIILQoCCC4KAggvCgIIMAoCCDEKAggyCgIIMwoCCDQKAgg1CgIINgoCCDcKAgg4CgIIOQoCCDoKAgg7CgIIPAoCCD0KAgg-CgIIPwoCCEAKAghBCgIIQgoCCEMKAghECgIIRQoCCEYKAghHCgIISAoCCEkKAghKCgIISwoCCEwKAghNCgIITgoCCE8KAghQCgIIUQoCCFIKAghTCgIIVAoCCFUKAghWCgIIVwoCCFgKAghZCgIIWgoCCFsKAghcCgIIXQoCCF4KAghfCgIIYAoCCGEKAghiCgIIYwoCCGQKAghlCgIIZgoCCGcKAghoCgIIaQoCCGoKAghrCgIIbAoCCG0KAghuCgIIbwoCCHAKAghxCgIIcgoCCHMKAgh0CgIIdQoCCHYKAgh3CgIIeAoCCHkKAgh6CgIIewoCCHwKAgh9CgIIfgoCCH8KAwiAAQoDCIEBCgMIggEKAwiDAQoDCIQBCgMIhQEKAwiGAQoDCIcBCgMIiAEKAwiJAQoDCIoBCgMIiwEKAwiMAQoDCI0BCgMIjgEKAwiPAQoDCJABCgMIkQEKAwiSAQoDCJMBCgMIlAEKAwiVAQoDCJYBCgMIlwEKAwiYAQoDCJkBCgMImgEKAwibAQoDCJwBCgMInQEKAwieAQoDCJ8BCgMIoAEKAwihAQoDCKIBCgMIowEKAwikAQoDCKUBCgMIpgEKAwinAQoDCKgBCgMIqQEKAwiqAQoDCKsBCgMIrAEKAwitAQoDCK4BCgMIrwEKAwiwAQoDCLEBCgMIsgEKAwizAQoDCLQBCgMItQEKAwi2AQoDCLcBCgMIuAEKAwi5AQoDCLoBCgMIuwEKAwi8AQoDCL0BCgMIvgEKAwi_AQoDCMABCgMIwQEKAwjCAQoDCMMBCgMIxAEKAwjFAQoDCMYBCgMIxwEKAwjIAQoDCMkBCgMIygEKAwjLAQoDCMwBCgMIzQEKAwjOAQoDCM8BCgMI0AEKAwjRAQoDCNIBCgMI0wEKAwjUAQoDCNUBCgMI1gEKAwjXAQoDCNgBCgMI2QEKAwjaAQoDCNsBCgMI3AEKAwjdAQoDCN4BCgMI3wEKAwjgAQoDCOEBCgMI4gEKAwjjAQoDCOQBCgMI5QEKAwjmAQoDCOcBCgMI6AEKAwjpAQoDCOoBCgMI6wEKAwjsAQoDCO0BCgMI7gEKAwjvAQoDCPABCgMI8QEKAwjyAQoDCPMBCgMI9AEKAwj1AQoDCPYBCgMI9wEKAwj4AQoDCPkBCgMI-gEKAwj7AQoDCPwBCgMI_QEKAwj-AQoDCP8BCgMIgAIKAwiBAgoDCIICCgMIgwIKAwiEAgoDCIUCCgMIhgIKAwiHAgoDCIgCCgMIiQIKAwiKAgoDCIsCCgMIjAIKAwiNAgoDCI4CCgMIjwIKAwiQAgoDCJECCgMIkgIKAwiTAgoDCJQCCgMIlQIKAwiWAgoDCJcCCgMImAIKAwiZAgoDCJoCCgMImwIKAwicAgoDCJ0CCgMIngIKAwifAgoDCKACCgMIoQIKAwiiAgoDCKMCCgMIpAIKAwilAgoDCKYCCgMIpwIKAwioAgoDCKkCCgMIqgIKAwirAgoDCKwCCgMIrQIKAwiuAgoDCK8CCgMIsAIKAwixAgoDCLICCgMIswIKAwi0AgoDCLUCCgMItgIKAwi3AgoDCLgCCgMIuQIKAwi6AgoDCLsCCgMIvAIKAwi9AgoDCL4CCgMIvwIKAwjAAgoDCMECCgMIwgIKAwjDAgoDCMQCCgMIxQIKAwjGAgoDCMcCCgMIyAIKAwjJAgoDCMoCCgMIywIKAwjMAgoDCM0CCgMIzgIKAwjPAgoDCNACCgMI0QIKAwjSAgoDCNMCCgMI1AIKAwjVAgoDCNYCCgMI1wIKAwjYAgoDCNkCCgMI2gIKAwjbAgoDCNwCCgMI3QIKAwjeAgoDCN8CCgMI4AIKAwjhAgoDCOICCgMI4wIKAwjkAgoDCOUCCgMI5gIKAwjnAgoDCOgCCgMI6QIKAwjqAgoDCOsCCgMI7AIKAwjtAgoDCO4CCgMI7wIKAwjwAgoDCPECCgMI8gIKAwjzAgoDCPQCCgMI9QIKAwj2AgoDCPcCCgMI-AIKAwj5AgoDCPoCCgMI-wIKAwj8AgoDCP0CCgMI_gIKAwj_AgoDCIADCgMIgQMKAwiCAwoDCIMDCgMIhAMKAwiFAwoDCIYDCgMIhwMKAwiIAwoDCIkDCgMIigMKAwiLAwoDCIwDCgMIjQMKAwiOAwoDCI8DCgMIkAMKAwiRAwoDCJIDCgMIkwMKAwiUAwoDCJUDCgMIlgMKAwiXAwoDCJgDCgMImQMKAwiaAwoDCJsDCgMInAMKAwidAwoDCJ4DCgMInwMKAwigAwoDCKEDCgMIogMKAwijAwoDCKQDCgMIpQMKAwimAwoDCKcDCgMIqAMKAwipAwoDCKoDCgMIqwMKAwisAwoDCK0DCgMIrgMKAwivAwoDCLADCgMIsQMKAwiyAwoDCLMDCgMItAMKAwi1AwoDCLYDCgMItwMKAwi4AwoDCLkDCgMIugMKAwi7AwoDCLwDCgMIvQMKAwi-AwoDCL8DCgMIwAMKAwjBAwoDCMIDCgMIwwMKAwjEAwoDCMUDCgMIxgMKAwjHAwoDCMgDCgMIyQMKAwjKAwoDCMsDCgMIzAMKAwjNAwoDCM4DCgMIzwMKAwjQAwoDCNEDCgMI0gMKAwjTAwoDCNQDCgMI1QMKAwjWAwoDCNcDCgMI2AMKAwjZAwoDCNoDCgMI2wMKAwjcAwoDCN0DCgMI3gMKAwjfAwoDCOADCgMI4QMKAwjiAwoDCOMDCgMI5AMKAwjlAwoDCOYDCgMI5wMKAwjoAwoDCOkDCgMI6gMKAwjrAwoDCOwDCgMI7QMKAwjuAwoDCO8DCgMI8AMKAwjxAwoDCPIDCgMI8wMQyAMaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTkgEigB:CX8PIOrxJnQqFXl7wAsiHJ_1VGjoI-asNlCXb8SE8jtI2vdh9x6CqbAurSgIlAAEgotVP-nuUR38x_a9YJuXzmG5AvJ458apWQtODHIDIX6ZaIwMxjS02R7S5LNqXa0gAuU_R6bCWpZdWe2uLMkdpu5KHbDgW08g-uaP_nceDOk"; - + static const TString EMPTY_TVM_KEYS = "1:EpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQY"; + static const TString EXPIRED_USER_TICKET = "3:user:CA0QABokCgMIyAMKAgh7EMgDGghiYjpzZXNzMRoIYmI6c2VzczIgEigB:D0CmYVwWg91LDYejjeQ2UP8AeiA_mr1q1CUD_lfJ9zQSEYEOYGDTafg4Um2rwOOvQnsD1JHM4zHyMUJ6Jtp9GAm5pmhbXBBZqaCcJpyxLTEC8a81MhJFCCJRvu_G1FiAgRgB25gI3HIbkvHFUEqAIC_nANy7NFQnbKk2S-EQPGY"; + static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; + static const TString UNSUPPORTED_VERSION_USER_TICKET = "2:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; + static const TString USER_TICKET_PROTOBUF = "CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE"; + static const TString VALID_USER_TICKET_1 = "3:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; + static const TString VALID_USER_TICKET_2 = "3:user:CA0Q__________9_GhAKAwjIAwoCCHsQyAMgEigB:KRibGYTJUA2ns0Fn7VYqeMZ1-GdscB1o9pRzELyr7QJrJsfsE8Y_HoVvB8Npr-oalv6AXOpagSc8HpZjAQz8zKMAVE_tI0tL-9DEsHirpawEbpy7OWV7-k18o1m-RaDaKeTlIB45KHbBul1-9aeKkortBfbbXtz_Qy9r_mfFPiQ"; + static const TString VALID_USER_TICKET_3 = "3:user:CA0Q__________9_Go8bCgIIAAoCCAEKAggCCgIIAwoCCAQKAggFCgIIBgoCCAcKAggICgIICQoCCAoKAggLCgIIDAoCCA0KAggOCgIIDwoCCBAKAggRCgIIEgoCCBMKAggUCgIIFQoCCBYKAggXCgIIGAoCCBkKAggaCgIIGwoCCBwKAggdCgIIHgoCCB8KAgggCgIIIQoCCCIKAggjCgIIJAoCCCUKAggmCgIIJwoCCCgKAggpCgIIKgoCCCsKAggsCgIILQoCCC4KAggvCgIIMAoCCDEKAggyCgIIMwoCCDQKAgg1CgIINgoCCDcKAgg4CgIIOQoCCDoKAgg7CgIIPAoCCD0KAgg-CgIIPwoCCEAKAghBCgIIQgoCCEMKAghECgIIRQoCCEYKAghHCgIISAoCCEkKAghKCgIISwoCCEwKAghNCgIITgoCCE8KAghQCgIIUQoCCFIKAghTCgIIVAoCCFUKAghWCgIIVwoCCFgKAghZCgIIWgoCCFsKAghcCgIIXQoCCF4KAghfCgIIYAoCCGEKAghiCgIIYwoCCGQKAghlCgIIZgoCCGcKAghoCgIIaQoCCGoKAghrCgIIbAoCCG0KAghuCgIIbwoCCHAKAghxCgIIcgoCCHMKAgh0CgIIdQoCCHYKAgh3CgIIeAoCCHkKAgh6CgIIewoCCHwKAgh9CgIIfgoCCH8KAwiAAQoDCIEBCgMIggEKAwiDAQoDCIQBCgMIhQEKAwiGAQoDCIcBCgMIiAEKAwiJAQoDCIoBCgMIiwEKAwiMAQoDCI0BCgMIjgEKAwiPAQoDCJABCgMIkQEKAwiSAQoDCJMBCgMIlAEKAwiVAQoDCJYBCgMIlwEKAwiYAQoDCJkBCgMImgEKAwibAQoDCJwBCgMInQEKAwieAQoDCJ8BCgMIoAEKAwihAQoDCKIBCgMIowEKAwikAQoDCKUBCgMIpgEKAwinAQoDCKgBCgMIqQEKAwiqAQoDCKsBCgMIrAEKAwitAQoDCK4BCgMIrwEKAwiwAQoDCLEBCgMIsgEKAwizAQoDCLQBCgMItQEKAwi2AQoDCLcBCgMIuAEKAwi5AQoDCLoBCgMIuwEKAwi8AQoDCL0BCgMIvgEKAwi_AQoDCMABCgMIwQEKAwjCAQoDCMMBCgMIxAEKAwjFAQoDCMYBCgMIxwEKAwjIAQoDCMkBCgMIygEKAwjLAQoDCMwBCgMIzQEKAwjOAQoDCM8BCgMI0AEKAwjRAQoDCNIBCgMI0wEKAwjUAQoDCNUBCgMI1gEKAwjXAQoDCNgBCgMI2QEKAwjaAQoDCNsBCgMI3AEKAwjdAQoDCN4BCgMI3wEKAwjgAQoDCOEBCgMI4gEKAwjjAQoDCOQBCgMI5QEKAwjmAQoDCOcBCgMI6AEKAwjpAQoDCOoBCgMI6wEKAwjsAQoDCO0BCgMI7gEKAwjvAQoDCPABCgMI8QEKAwjyAQoDCPMBCgMI9AEKAwj1AQoDCPYBCgMI9wEKAwj4AQoDCPkBCgMI-gEKAwj7AQoDCPwBCgMI_QEKAwj-AQoDCP8BCgMIgAIKAwiBAgoDCIICCgMIgwIKAwiEAgoDCIUCCgMIhgIKAwiHAgoDCIgCCgMIiQIKAwiKAgoDCIsCCgMIjAIKAwiNAgoDCI4CCgMIjwIKAwiQAgoDCJECCgMIkgIKAwiTAgoDCJQCCgMIlQIKAwiWAgoDCJcCCgMImAIKAwiZAgoDCJoCCgMImwIKAwicAgoDCJ0CCgMIngIKAwifAgoDCKACCgMIoQIKAwiiAgoDCKMCCgMIpAIKAwilAgoDCKYCCgMIpwIKAwioAgoDCKkCCgMIqgIKAwirAgoDCKwCCgMIrQIKAwiuAgoDCK8CCgMIsAIKAwixAgoDCLICCgMIswIKAwi0AgoDCLUCCgMItgIKAwi3AgoDCLgCCgMIuQIKAwi6AgoDCLsCCgMIvAIKAwi9AgoDCL4CCgMIvwIKAwjAAgoDCMECCgMIwgIKAwjDAgoDCMQCCgMIxQIKAwjGAgoDCMcCCgMIyAIKAwjJAgoDCMoCCgMIywIKAwjMAgoDCM0CCgMIzgIKAwjPAgoDCNACCgMI0QIKAwjSAgoDCNMCCgMI1AIKAwjVAgoDCNYCCgMI1wIKAwjYAgoDCNkCCgMI2gIKAwjbAgoDCNwCCgMI3QIKAwjeAgoDCN8CCgMI4AIKAwjhAgoDCOICCgMI4wIKAwjkAgoDCOUCCgMI5gIKAwjnAgoDCOgCCgMI6QIKAwjqAgoDCOsCCgMI7AIKAwjtAgoDCO4CCgMI7wIKAwjwAgoDCPECCgMI8gIKAwjzAgoDCPQCCgMI9QIKAwj2AgoDCPcCCgMI-AIKAwj5AgoDCPoCCgMI-wIKAwj8AgoDCP0CCgMI_gIKAwj_AgoDCIADCgMIgQMKAwiCAwoDCIMDCgMIhAMKAwiFAwoDCIYDCgMIhwMKAwiIAwoDCIkDCgMIigMKAwiLAwoDCIwDCgMIjQMKAwiOAwoDCI8DCgMIkAMKAwiRAwoDCJIDCgMIkwMKAwiUAwoDCJUDCgMIlgMKAwiXAwoDCJgDCgMImQMKAwiaAwoDCJsDCgMInAMKAwidAwoDCJ4DCgMInwMKAwigAwoDCKEDCgMIogMKAwijAwoDCKQDCgMIpQMKAwimAwoDCKcDCgMIqAMKAwipAwoDCKoDCgMIqwMKAwisAwoDCK0DCgMIrgMKAwivAwoDCLADCgMIsQMKAwiyAwoDCLMDCgMItAMKAwi1AwoDCLYDCgMItwMKAwi4AwoDCLkDCgMIugMKAwi7AwoDCLwDCgMIvQMKAwi-AwoDCL8DCgMIwAMKAwjBAwoDCMIDCgMIwwMKAwjEAwoDCMUDCgMIxgMKAwjHAwoDCMgDCgMIyQMKAwjKAwoDCMsDCgMIzAMKAwjNAwoDCM4DCgMIzwMKAwjQAwoDCNEDCgMI0gMKAwjTAwoDCNQDCgMI1QMKAwjWAwoDCNcDCgMI2AMKAwjZAwoDCNoDCgMI2wMKAwjcAwoDCN0DCgMI3gMKAwjfAwoDCOADCgMI4QMKAwjiAwoDCOMDCgMI5AMKAwjlAwoDCOYDCgMI5wMKAwjoAwoDCOkDCgMI6gMKAwjrAwoDCOwDCgMI7QMKAwjuAwoDCO8DCgMI8AMKAwjxAwoDCPIDCgMI8wMQyAMaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTkgEigB:CX8PIOrxJnQqFXl7wAsiHJ_1VGjoI-asNlCXb8SE8jtI2vdh9x6CqbAurSgIlAAEgotVP-nuUR38x_a9YJuXzmG5AvJ458apWQtODHIDIX6ZaIwMxjS02R7S5LNqXa0gAuU_R6bCWpZdWe2uLMkdpu5KHbDgW08g-uaP_nceDOk"; + Y_UNIT_TEST(Case1Test) { TUserContext context1(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - + TCheckedUserTicket checkedTicket1 = context1.Check("2:serv:CgYIDRCUkQYQDBgcIgdiYjpzZXNzIghiYjpzZXNzMg:ERmeH_yzC7K_QsoHTyw7llCsyExEz3CoEopPIuivA0ZAtTaFq_Pa0l9Fhhx_NX9WpOp2CPyY5cFc4PXhcO83jCB7-EGvHNxGN-j2NQalERzPiKqkDCO0Q5etLzSzrfTlvMz7sXDvELNBHyA0PkAQnbz4supY0l-0Q6JBYSEF3zOVMjjE-HeQIFL3ats3_PakaUMWRvgQQ88pVdYZqAtbDw9PlTla7ommygVZQjcfNFXV1pJKRgOCLs-YyCjOJHLKL04zYj0X6KsOCTUeqhj7ml96wLZ-g1X9tyOR2WAr2Ctq7wIEHwqhxOLgOSKqm05xH6Vi3E_hekf50oe2jPfKEA"); UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1.GetStatus()); - UNIT_ASSERT(!checkedTicket1); - - TUserContext context2 = std::move(context1); - TUserContext context3(std::move(context2)); + UNIT_ASSERT(!checkedTicket1); + + TUserContext context2 = std::move(context1); + TUserContext context3(std::move(context2)); TCheckedUserTicket checkedTicket2 = context3.Check(VALID_USER_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket2.GetStatus()); TCheckedUserTicket checkedTicket3 = std::move(checkedTicket2); TCheckedUserTicket checkedTicket4(std::move(checkedTicket3)); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket4.GetStatus()); } - + Y_UNIT_TEST(ContextTest) { TUserContext context(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); } - + Y_UNIT_TEST(ContextExceptionsTest) { - UNIT_ASSERT_EXCEPTION(TUserContext(EBlackboxEnv::Prod, EMPTY_TVM_KEYS), TEmptyTvmKeysException); - UNIT_ASSERT_EXCEPTION(TUserContext(EBlackboxEnv::Prod, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); + UNIT_ASSERT_EXCEPTION(TUserContext(EBlackboxEnv::Prod, EMPTY_TVM_KEYS), TEmptyTvmKeysException); + UNIT_ASSERT_EXCEPTION(TUserContext(EBlackboxEnv::Prod, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); } - + Y_UNIT_TEST(Ticket1Test) { TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_1); + auto checkedTicket = context.Check(VALID_USER_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); - UNIT_ASSERT_EQUAL(TUids({456, 123}), checkedTicket.GetUids()); - UNIT_ASSERT_EQUAL(456, checkedTicket.GetDefaultUid()); - UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket.GetScopes()); - UNIT_ASSERT(checkedTicket.HasScope("bb:sess1")); - UNIT_ASSERT(checkedTicket.HasScope("bb:sess2")); - UNIT_ASSERT(!checkedTicket.HasScope("bb:sess3")); + UNIT_ASSERT_EQUAL(TUids({456, 123}), checkedTicket.GetUids()); + UNIT_ASSERT_EQUAL(456, checkedTicket.GetDefaultUid()); + UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket.GetScopes()); + UNIT_ASSERT(checkedTicket.HasScope("bb:sess1")); + UNIT_ASSERT(checkedTicket.HasScope("bb:sess2")); + UNIT_ASSERT(!checkedTicket.HasScope("bb:sess3")); UNIT_ASSERT_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess2;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket.DebugInfo()); } Y_UNIT_TEST(Ticket2Test) { TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_2); + auto checkedTicket = context.Check(VALID_USER_TICKET_2); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket.DebugInfo()); } - + Y_UNIT_TEST(Ticket3Test) { TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_3); + auto checkedTicket = context.Check(VALID_USER_TICKET_3); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;default_uid=456;uid=0;uid=1;uid=2;uid=3;uid=4;uid=5;uid=6;uid=7;uid=8;uid=9;uid=10;uid=11;uid=12;uid=13;uid=14;uid=15;uid=16;uid=17;uid=18;uid=19;uid=20;uid=21;uid=22;uid=23;uid=24;uid=25;uid=26;uid=27;uid=28;uid=29;uid=30;uid=31;uid=32;uid=33;uid=34;uid=35;uid=36;uid=37;uid=38;uid=39;uid=40;uid=41;uid=42;uid=43;uid=44;uid=45;uid=46;uid=47;uid=48;uid=49;uid=50;uid=51;uid=52;uid=53;uid=54;uid=55;uid=56;uid=57;uid=58;uid=59;uid=60;uid=61;uid=62;uid=63;uid=64;uid=65;uid=66;uid=67;uid=68;uid=69;uid=70;uid=71;uid=72;uid=73;uid=74;uid=75;uid=76;uid=77;uid=78;uid=79;uid=80;uid=81;uid=82;uid=83;uid=84;uid=85;uid=86;uid=87;uid=88;uid=89;uid=90;uid=91;uid=92;uid=93;uid=94;uid=95;uid=96;uid=97;uid=98;uid=99;uid=100;uid=101;uid=102;uid=103;uid=104;uid=105;uid=106;uid=107;uid=108;uid=109;uid=110;uid=111;uid=112;uid=113;uid=114;uid=115;uid=116;uid=117;uid=118;uid=119;uid=120;uid=121;uid=122;uid=123;uid=124;uid=125;uid=126;uid=127;uid=128;uid=129;uid=130;uid=131;uid=132;uid=133;uid=134;uid=135;uid=136;uid=137;uid=138;uid=139;uid=140;uid=141;uid=142;uid=143;uid=144;uid=145;uid=146;uid=147;uid=148;uid=149;uid=150;uid=151;uid=152;uid=153;uid=154;uid=155;uid=156;uid=157;uid=158;uid=159;uid=160;uid=161;uid=162;uid=163;uid=164;uid=165;uid=166;uid=167;uid=168;uid=169;uid=170;uid=171;uid=172;uid=173;uid=174;uid=175;uid=176;uid=177;uid=178;uid=179;uid=180;uid=181;uid=182;uid=183;uid=184;uid=185;uid=186;uid=187;uid=188;uid=189;uid=190;uid=191;uid=192;uid=193;uid=194;uid=195;uid=196;uid=197;uid=198;uid=199;uid=200;uid=201;uid=202;uid=203;uid=204;uid=205;uid=206;uid=207;uid=208;uid=209;uid=210;uid=211;uid=212;uid=213;uid=214;uid=215;uid=216;uid=217;uid=218;uid=219;uid=220;uid=221;uid=222;uid=223;uid=224;uid=225;uid=226;uid=227;uid=228;uid=229;uid=230;uid=231;uid=232;uid=233;uid=234;uid=235;uid=236;uid=237;uid=238;uid=239;uid=240;uid=241;uid=242;uid=243;uid=244;uid=245;uid=246;uid=247;uid=248;uid=249;uid=250;uid=251;uid=252;uid=253;uid=254;uid=255;uid=256;uid=257;uid=258;uid=259;uid=260;uid=261;uid=262;uid=263;uid=264;uid=265;uid=266;uid=267;uid=268;uid=269;uid=270;uid=271;uid=272;uid=273;uid=274;uid=275;uid=276;uid=277;uid=278;uid=279;uid=280;uid=281;uid=282;uid=283;uid=284;uid=285;uid=286;uid=287;uid=288;uid=289;uid=290;uid=291;uid=292;uid=293;uid=294;uid=295;uid=296;uid=297;uid=298;uid=299;uid=300;uid=301;uid=302;uid=303;uid=304;uid=305;uid=306;uid=307;uid=308;uid=309;uid=310;uid=311;uid=312;uid=313;uid=314;uid=315;uid=316;uid=317;uid=318;uid=319;uid=320;uid=321;uid=322;uid=323;uid=324;uid=325;uid=326;uid=327;uid=328;uid=329;uid=330;uid=331;uid=332;uid=333;uid=334;uid=335;uid=336;uid=337;uid=338;uid=339;uid=340;uid=341;uid=342;uid=343;uid=344;uid=345;uid=346;uid=347;uid=348;uid=349;uid=350;uid=351;uid=352;uid=353;uid=354;uid=355;uid=356;uid=357;uid=358;uid=359;uid=360;uid=361;uid=362;uid=363;uid=364;uid=365;uid=366;uid=367;uid=368;uid=369;uid=370;uid=371;uid=372;uid=373;uid=374;uid=375;uid=376;uid=377;uid=378;uid=379;uid=380;uid=381;uid=382;uid=383;uid=384;uid=385;uid=386;uid=387;uid=388;uid=389;uid=390;uid=391;uid=392;uid=393;uid=394;uid=395;uid=396;uid=397;uid=398;uid=399;uid=400;uid=401;uid=402;uid=403;uid=404;uid=405;uid=406;uid=407;uid=408;uid=409;uid=410;uid=411;uid=412;uid=413;uid=414;uid=415;uid=416;uid=417;uid=418;uid=419;uid=420;uid=421;uid=422;uid=423;uid=424;uid=425;uid=426;uid=427;uid=428;uid=429;uid=430;uid=431;uid=432;uid=433;uid=434;uid=435;uid=436;uid=437;uid=438;uid=439;uid=440;uid=441;uid=442;uid=443;uid=444;uid=445;uid=446;uid=447;uid=448;uid=449;uid=450;uid=451;uid=452;uid=453;uid=454;uid=455;uid=456;uid=457;uid=458;uid=459;uid=460;uid=461;uid=462;uid=463;uid=464;uid=465;uid=466;uid=467;uid=468;uid=469;uid=470;uid=471;uid=472;uid=473;uid=474;uid=475;uid=476;uid=477;uid=478;uid=479;uid=480;uid=481;uid=482;uid=483;uid=484;uid=485;uid=486;uid=487;uid=488;uid=489;uid=490;uid=491;uid=492;uid=493;uid=494;uid=495;uid=496;uid=497;uid=498;uid=499;env=Test;", checkedTicket.DebugInfo()); } - + Y_UNIT_TEST(TicketErrorsTest) { TUserContext contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket1 = contextTest.Check(UNSUPPORTED_VERSION_USER_TICKET); + auto checkedTicket1 = contextTest.Check(UNSUPPORTED_VERSION_USER_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1.GetStatus()); - - auto checkedTicket2 = contextTest.Check(EXPIRED_USER_TICKET); + + auto checkedTicket2 = contextTest.Check(EXPIRED_USER_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket2.GetStatus()); - + TUserContext contextProd(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket3 = contextProd.Check(VALID_USER_TICKET_1); + auto checkedTicket3 = contextProd.Check(VALID_USER_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::InvalidBlackboxEnv, checkedTicket3.GetStatus()); } - + Y_UNIT_TEST(TicketExceptionsTest) { TUserContext contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = contextTest.Check(EXPIRED_USER_TICKET); + auto checkedTicket = contextTest.Check(EXPIRED_USER_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket.GetStatus()); - - UNIT_ASSERT_EXCEPTION(checkedTicket.GetDefaultUid(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket.GetUids(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket.GetScopes(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket.HasScope(""), TNotAllowedException); - UNIT_ASSERT_NO_EXCEPTION(bool(checkedTicket)); - UNIT_ASSERT_NO_EXCEPTION(checkedTicket.DebugInfo()); - UNIT_ASSERT_NO_EXCEPTION(checkedTicket.GetStatus()); + + UNIT_ASSERT_EXCEPTION(checkedTicket.GetDefaultUid(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket.GetUids(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket.GetScopes(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket.HasScope(""), TNotAllowedException); + UNIT_ASSERT_NO_EXCEPTION(bool(checkedTicket)); + UNIT_ASSERT_NO_EXCEPTION(checkedTicket.DebugInfo()); + UNIT_ASSERT_NO_EXCEPTION(checkedTicket.GetStatus()); } - + Y_UNIT_TEST(ResetKeysTest) { TUserContext context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_1); + auto checkedTicket = context.Check(VALID_USER_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); } } diff --git a/library/cpp/tvmauth/src/ut/service_ut.cpp b/library/cpp/tvmauth/src/ut/service_ut.cpp index 5b6b5143bd..72d5054010 100644 --- a/library/cpp/tvmauth/src/ut/service_ut.cpp +++ b/library/cpp/tvmauth/src/ut/service_ut.cpp @@ -1,83 +1,83 @@ #include <library/cpp/tvmauth/src/service_impl.h> #include <library/cpp/tvmauth/src/utils.h> - + #include <library/cpp/tvmauth/exception.h> #include <library/cpp/tvmauth/unittest.h> - + #include <library/cpp/testing/unittest/registar.h> -#include <util/string/cast.h> - +#include <util/string/cast.h> + using namespace NTvmAuth; - + Y_UNIT_TEST_SUITE(ServiceTestSuite) { Y_UNIT_TEST_DECLARE(TicketProtoTest); } - + class TTestServiceTicketImpl: public TCheckedServiceTicket::TImpl { using TCheckedServiceTicket::TImpl::TImpl; Y_UNIT_TEST_FRIEND(ServiceTestSuite, TicketProtoTest); -}; - +}; + Y_UNIT_TEST_SUITE_IMPLEMENTATION(ServiceTestSuite) { - static const TString EMPTY_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAE"; - static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; - static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; - static const TString MALFORMED_TVM_SECRET = "adcvxcv./-+"; + static const TString EMPTY_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAE"; + static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; + static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; + static const TString MALFORMED_TVM_SECRET = "adcvxcv./-+"; static const TTvmId NOT_OUR_ID = 27; static const TTvmId OUR_ID = 28; - static const TString SECRET = "GRMJrKnj4fOVnvOqe-WyD1"; - static const TString SERVICE_TICKET_PROTOBUF = "CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My"; + static const TString SECRET = "GRMJrKnj4fOVnvOqe-WyD1"; + static const TString SERVICE_TICKET_PROTOBUF = "CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My"; static const TTvmId SRC_ID = 229; - static const TString UNSUPPORTED_VERSION_SERVICE_TICKET = "2:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; - static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; - static const TString VALID_SERVICE_TICKET_2 = "3:serv:CBAQ__________9_IskICOUBEBwaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTk:JYmABAVLM6y7_T4n1pRcwBfwDfzMV4JJ3cpbEG617zdGgKRZwL7MalsYn5bq1F2ibujMrsF9nzZf8l4s_e-Ivjkz_xu4KMzSp-pUh9V7XIF_smj0WHYpv6gOvWNuK8uIvlZTTKwtQX0qZOL9m-MEeZiHoQPKZGCfJ_qxMUp-J8I"; - static const TString VALID_SERVICE_TICKET_3 = "3:serv:CBAQ__________9_IgUI5QEQHA:Sd6tmA1CNy2Nf7XevC3x7zr2DrGNRmcl-TxUsDtDW2xI3YXyCxBltWeg0-KtDlqyYuPOP5Jd_-XXNA12KlOPnNzrz3jm-5z8uQl6CjCcrVHUHJ75pGC8r9UOlS8cOgeXQB5dYP-fOWyo5CNadlozx1S2meCIxncbQRV1kCBi4KU"; + static const TString UNSUPPORTED_VERSION_SERVICE_TICKET = "2:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; + static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; + static const TString VALID_SERVICE_TICKET_2 = "3:serv:CBAQ__________9_IskICOUBEBwaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTk:JYmABAVLM6y7_T4n1pRcwBfwDfzMV4JJ3cpbEG617zdGgKRZwL7MalsYn5bq1F2ibujMrsF9nzZf8l4s_e-Ivjkz_xu4KMzSp-pUh9V7XIF_smj0WHYpv6gOvWNuK8uIvlZTTKwtQX0qZOL9m-MEeZiHoQPKZGCfJ_qxMUp-J8I"; + static const TString VALID_SERVICE_TICKET_3 = "3:serv:CBAQ__________9_IgUI5QEQHA:Sd6tmA1CNy2Nf7XevC3x7zr2DrGNRmcl-TxUsDtDW2xI3YXyCxBltWeg0-KtDlqyYuPOP5Jd_-XXNA12KlOPnNzrz3jm-5z8uQl6CjCcrVHUHJ75pGC8r9UOlS8cOgeXQB5dYP-fOWyo5CNadlozx1S2meCIxncbQRV1kCBi4KU"; static const TString VALID_SERVICE_TICKET_ISSUER = "3:serv:CBAQ__________9_IgsI5QEQHCDr1MT4Ag:Gu66XJT_nKnIRJjFy1561wFhIqkJItcSTGftLo7Yvi7i5wIdV-QuKT_-IMPpgjxnnGbt1Dy3Ys2TEoeJAb0TdaCYG1uy3vpoLONmTx9AenN5dx1HHf46cypLK5D3OdiTjxvqI9uGmSIKrSdRxU8gprpu5QiBDPZqVCWhM60FVSY"; - + Y_UNIT_TEST(ContextExceptionsTest) { UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(SECRET, OUR_ID, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(SECRET, OUR_ID, EMPTY_TVM_KEYS), TEmptyTvmKeysException); UNIT_ASSERT_EXCEPTION(TServiceContext::TImpl(MALFORMED_TVM_SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS), TMalformedTvmSecretException); } - + Y_UNIT_TEST(ContextSignTest) { TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); UNIT_ASSERT_VALUES_EQUAL( - "NsPTYak4Cfk-4vgau5lab3W4GPiTtb2etuj3y4MDPrk", + "NsPTYak4Cfk-4vgau5lab3W4GPiTtb2etuj3y4MDPrk", context.SignCgiParamsForTvm(IntToString<10>(std::numeric_limits<time_t>::max()), "13,28", "")); } - + Y_UNIT_TEST(Ticket1Test) { TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); - UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket->GetExpirationTime()); - UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket->GetSrc()); - UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket->GetScopes()); - UNIT_ASSERT(checkedTicket->HasScope("bb:sess1")); - UNIT_ASSERT(checkedTicket->HasScope("bb:sess2")); - UNIT_ASSERT(!checkedTicket->HasScope("bb:sess3")); + UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket->GetExpirationTime()); + UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket->GetSrc()); + UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket->GetScopes()); + UNIT_ASSERT(checkedTicket->HasScope("bb:sess1")); + UNIT_ASSERT(checkedTicket->HasScope("bb:sess2")); + UNIT_ASSERT(!checkedTicket->HasScope("bb:sess3")); UNIT_ASSERT_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess2;", checkedTicket->DebugInfo()); UNIT_ASSERT(!checkedTicket->GetIssuerUid()); } - + Y_UNIT_TEST(Ticket2Test) { TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_2); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_2); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;", checkedTicket->DebugInfo()); UNIT_ASSERT(!checkedTicket->GetIssuerUid()); } - + Y_UNIT_TEST(Ticket3Test) { TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_3); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_3); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=serv;expiration_time=9223372036854775807;src=229;dst=28;", checkedTicket->DebugInfo()); UNIT_ASSERT(!checkedTicket->GetIssuerUid()); } - + Y_UNIT_TEST(TicketIssuerTest) { TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); auto checkedTicket = context.Check(VALID_SERVICE_TICKET_ISSUER); @@ -90,42 +90,42 @@ Y_UNIT_TEST_SUITE_IMPLEMENTATION(ServiceTestSuite) { Y_UNIT_TEST(TicketErrorsTest) { TServiceContext::TImpl context(SECRET, NOT_OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket1 = context.Check(VALID_SERVICE_TICKET_1); + auto checkedTicket1 = context.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::InvalidDst, checkedTicket1->GetStatus()); - - auto checkedTicket2 = context.Check(UNSUPPORTED_VERSION_SERVICE_TICKET); + + auto checkedTicket2 = context.Check(UNSUPPORTED_VERSION_SERVICE_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket2->GetStatus()); - - auto checkedTicket3 = context.Check(EXPIRED_SERVICE_TICKET); + + auto checkedTicket3 = context.Check(EXPIRED_SERVICE_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket3->GetStatus()); } - + Y_UNIT_TEST(TicketExceptionTest) { TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); - - auto checkedTicket = context.Check(EXPIRED_SERVICE_TICKET); + + auto checkedTicket = context.Check(EXPIRED_SERVICE_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket->GetStatus()); - - UNIT_ASSERT_EXCEPTION(checkedTicket->GetScopes(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket->GetSrc(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket->HasScope(""), TNotAllowedException); - UNIT_ASSERT_NO_EXCEPTION(bool(*checkedTicket)); - UNIT_ASSERT_NO_EXCEPTION(checkedTicket->DebugInfo()); + + UNIT_ASSERT_EXCEPTION(checkedTicket->GetScopes(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket->GetSrc(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket->HasScope(""), TNotAllowedException); + UNIT_ASSERT_NO_EXCEPTION(bool(*checkedTicket)); + UNIT_ASSERT_NO_EXCEPTION(checkedTicket->DebugInfo()); } - + Y_UNIT_TEST(TicketProtoTest) { - ticket2::Ticket protobufTicket; + ticket2::Ticket protobufTicket; UNIT_ASSERT(protobufTicket.ParseFromString(NUtils::Base64url2bin(SERVICE_TICKET_PROTOBUF))); TTestServiceTicketImpl checkedTicket(ETicketStatus::Ok, std::move(protobufTicket)); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket.GetStatus()); - UNIT_ASSERT_VALUES_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket.GetExpirationTime()); - UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket.GetSrc()); + UNIT_ASSERT_VALUES_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket.GetExpirationTime()); + UNIT_ASSERT_EQUAL(SRC_ID, checkedTicket.GetSrc()); } - + Y_UNIT_TEST(ResetKeysTest) { TServiceContext::TImpl context(SECRET, OUR_ID, NUnittest::TVMKNIFE_PUBLIC_KEYS); context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); + auto checkedTicket = context.Check(VALID_SERVICE_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); } diff --git a/library/cpp/tvmauth/src/ut/user_ut.cpp b/library/cpp/tvmauth/src/ut/user_ut.cpp index c040e94974..6b43a29b6a 100644 --- a/library/cpp/tvmauth/src/ut/user_ut.cpp +++ b/library/cpp/tvmauth/src/ut/user_ut.cpp @@ -1,154 +1,154 @@ #include <library/cpp/tvmauth/src/user_impl.h> #include <library/cpp/tvmauth/src/utils.h> - + #include <library/cpp/tvmauth/exception.h> #include <library/cpp/tvmauth/unittest.h> - + #include <library/cpp/testing/unittest/registar.h> using namespace NTvmAuth; - + Y_UNIT_TEST_SUITE(UserTestSuite) { Y_UNIT_TEST_DECLARE(TicketProtoTest); } - + class TTestUserTicketImpl: TCheckedUserTicket::TImpl { using TCheckedUserTicket::TImpl::TImpl; Y_UNIT_TEST_FRIEND(UserTestSuite, TicketProtoTest); -}; - +}; + Y_UNIT_TEST_SUITE_IMPLEMENTATION(UserTestSuite) { - static const TString EMPTY_TVM_KEYS = "1:EpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQY"; - static const TString EXPIRED_USER_TICKET = "3:user:CA0QABokCgMIyAMKAgh7EMgDGghiYjpzZXNzMRoIYmI6c2VzczIgEigB:D0CmYVwWg91LDYejjeQ2UP8AeiA_mr1q1CUD_lfJ9zQSEYEOYGDTafg4Um2rwOOvQnsD1JHM4zHyMUJ6Jtp9GAm5pmhbXBBZqaCcJpyxLTEC8a81MhJFCCJRvu_G1FiAgRgB25gI3HIbkvHFUEqAIC_nANy7NFQnbKk2S-EQPGY"; - static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; - static const TString UNSUPPORTED_VERSION_USER_TICKET = "2:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; - static const TString USER_TICKET_PROTOBUF = "CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE"; - static const TString VALID_USER_TICKET_1 = "3:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; - static const TString VALID_USER_TICKET_2 = "3:user:CA0Q__________9_GhAKAwjIAwoCCHsQyAMgEigB:KRibGYTJUA2ns0Fn7VYqeMZ1-GdscB1o9pRzELyr7QJrJsfsE8Y_HoVvB8Npr-oalv6AXOpagSc8HpZjAQz8zKMAVE_tI0tL-9DEsHirpawEbpy7OWV7-k18o1m-RaDaKeTlIB45KHbBul1-9aeKkortBfbbXtz_Qy9r_mfFPiQ"; - static const TString VALID_USER_TICKET_3 = "3:user:CA0Q__________9_Go8bCgIIAAoCCAEKAggCCgIIAwoCCAQKAggFCgIIBgoCCAcKAggICgIICQoCCAoKAggLCgIIDAoCCA0KAggOCgIIDwoCCBAKAggRCgIIEgoCCBMKAggUCgIIFQoCCBYKAggXCgIIGAoCCBkKAggaCgIIGwoCCBwKAggdCgIIHgoCCB8KAgggCgIIIQoCCCIKAggjCgIIJAoCCCUKAggmCgIIJwoCCCgKAggpCgIIKgoCCCsKAggsCgIILQoCCC4KAggvCgIIMAoCCDEKAggyCgIIMwoCCDQKAgg1CgIINgoCCDcKAgg4CgIIOQoCCDoKAgg7CgIIPAoCCD0KAgg-CgIIPwoCCEAKAghBCgIIQgoCCEMKAghECgIIRQoCCEYKAghHCgIISAoCCEkKAghKCgIISwoCCEwKAghNCgIITgoCCE8KAghQCgIIUQoCCFIKAghTCgIIVAoCCFUKAghWCgIIVwoCCFgKAghZCgIIWgoCCFsKAghcCgIIXQoCCF4KAghfCgIIYAoCCGEKAghiCgIIYwoCCGQKAghlCgIIZgoCCGcKAghoCgIIaQoCCGoKAghrCgIIbAoCCG0KAghuCgIIbwoCCHAKAghxCgIIcgoCCHMKAgh0CgIIdQoCCHYKAgh3CgIIeAoCCHkKAgh6CgIIewoCCHwKAgh9CgIIfgoCCH8KAwiAAQoDCIEBCgMIggEKAwiDAQoDCIQBCgMIhQEKAwiGAQoDCIcBCgMIiAEKAwiJAQoDCIoBCgMIiwEKAwiMAQoDCI0BCgMIjgEKAwiPAQoDCJABCgMIkQEKAwiSAQoDCJMBCgMIlAEKAwiVAQoDCJYBCgMIlwEKAwiYAQoDCJkBCgMImgEKAwibAQoDCJwBCgMInQEKAwieAQoDCJ8BCgMIoAEKAwihAQoDCKIBCgMIowEKAwikAQoDCKUBCgMIpgEKAwinAQoDCKgBCgMIqQEKAwiqAQoDCKsBCgMIrAEKAwitAQoDCK4BCgMIrwEKAwiwAQoDCLEBCgMIsgEKAwizAQoDCLQBCgMItQEKAwi2AQoDCLcBCgMIuAEKAwi5AQoDCLoBCgMIuwEKAwi8AQoDCL0BCgMIvgEKAwi_AQoDCMABCgMIwQEKAwjCAQoDCMMBCgMIxAEKAwjFAQoDCMYBCgMIxwEKAwjIAQoDCMkBCgMIygEKAwjLAQoDCMwBCgMIzQEKAwjOAQoDCM8BCgMI0AEKAwjRAQoDCNIBCgMI0wEKAwjUAQoDCNUBCgMI1gEKAwjXAQoDCNgBCgMI2QEKAwjaAQoDCNsBCgMI3AEKAwjdAQoDCN4BCgMI3wEKAwjgAQoDCOEBCgMI4gEKAwjjAQoDCOQBCgMI5QEKAwjmAQoDCOcBCgMI6AEKAwjpAQoDCOoBCgMI6wEKAwjsAQoDCO0BCgMI7gEKAwjvAQoDCPABCgMI8QEKAwjyAQoDCPMBCgMI9AEKAwj1AQoDCPYBCgMI9wEKAwj4AQoDCPkBCgMI-gEKAwj7AQoDCPwBCgMI_QEKAwj-AQoDCP8BCgMIgAIKAwiBAgoDCIICCgMIgwIKAwiEAgoDCIUCCgMIhgIKAwiHAgoDCIgCCgMIiQIKAwiKAgoDCIsCCgMIjAIKAwiNAgoDCI4CCgMIjwIKAwiQAgoDCJECCgMIkgIKAwiTAgoDCJQCCgMIlQIKAwiWAgoDCJcCCgMImAIKAwiZAgoDCJoCCgMImwIKAwicAgoDCJ0CCgMIngIKAwifAgoDCKACCgMIoQIKAwiiAgoDCKMCCgMIpAIKAwilAgoDCKYCCgMIpwIKAwioAgoDCKkCCgMIqgIKAwirAgoDCKwCCgMIrQIKAwiuAgoDCK8CCgMIsAIKAwixAgoDCLICCgMIswIKAwi0AgoDCLUCCgMItgIKAwi3AgoDCLgCCgMIuQIKAwi6AgoDCLsCCgMIvAIKAwi9AgoDCL4CCgMIvwIKAwjAAgoDCMECCgMIwgIKAwjDAgoDCMQCCgMIxQIKAwjGAgoDCMcCCgMIyAIKAwjJAgoDCMoCCgMIywIKAwjMAgoDCM0CCgMIzgIKAwjPAgoDCNACCgMI0QIKAwjSAgoDCNMCCgMI1AIKAwjVAgoDCNYCCgMI1wIKAwjYAgoDCNkCCgMI2gIKAwjbAgoDCNwCCgMI3QIKAwjeAgoDCN8CCgMI4AIKAwjhAgoDCOICCgMI4wIKAwjkAgoDCOUCCgMI5gIKAwjnAgoDCOgCCgMI6QIKAwjqAgoDCOsCCgMI7AIKAwjtAgoDCO4CCgMI7wIKAwjwAgoDCPECCgMI8gIKAwjzAgoDCPQCCgMI9QIKAwj2AgoDCPcCCgMI-AIKAwj5AgoDCPoCCgMI-wIKAwj8AgoDCP0CCgMI_gIKAwj_AgoDCIADCgMIgQMKAwiCAwoDCIMDCgMIhAMKAwiFAwoDCIYDCgMIhwMKAwiIAwoDCIkDCgMIigMKAwiLAwoDCIwDCgMIjQMKAwiOAwoDCI8DCgMIkAMKAwiRAwoDCJIDCgMIkwMKAwiUAwoDCJUDCgMIlgMKAwiXAwoDCJgDCgMImQMKAwiaAwoDCJsDCgMInAMKAwidAwoDCJ4DCgMInwMKAwigAwoDCKEDCgMIogMKAwijAwoDCKQDCgMIpQMKAwimAwoDCKcDCgMIqAMKAwipAwoDCKoDCgMIqwMKAwisAwoDCK0DCgMIrgMKAwivAwoDCLADCgMIsQMKAwiyAwoDCLMDCgMItAMKAwi1AwoDCLYDCgMItwMKAwi4AwoDCLkDCgMIugMKAwi7AwoDCLwDCgMIvQMKAwi-AwoDCL8DCgMIwAMKAwjBAwoDCMIDCgMIwwMKAwjEAwoDCMUDCgMIxgMKAwjHAwoDCMgDCgMIyQMKAwjKAwoDCMsDCgMIzAMKAwjNAwoDCM4DCgMIzwMKAwjQAwoDCNEDCgMI0gMKAwjTAwoDCNQDCgMI1QMKAwjWAwoDCNcDCgMI2AMKAwjZAwoDCNoDCgMI2wMKAwjcAwoDCN0DCgMI3gMKAwjfAwoDCOADCgMI4QMKAwjiAwoDCOMDCgMI5AMKAwjlAwoDCOYDCgMI5wMKAwjoAwoDCOkDCgMI6gMKAwjrAwoDCOwDCgMI7QMKAwjuAwoDCO8DCgMI8AMKAwjxAwoDCPIDCgMI8wMQyAMaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTkgEigB:CX8PIOrxJnQqFXl7wAsiHJ_1VGjoI-asNlCXb8SE8jtI2vdh9x6CqbAurSgIlAAEgotVP-nuUR38x_a9YJuXzmG5AvJ458apWQtODHIDIX6ZaIwMxjS02R7S5LNqXa0gAuU_R6bCWpZdWe2uLMkdpu5KHbDgW08g-uaP_nceDOk"; - + static const TString EMPTY_TVM_KEYS = "1:EpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQY"; + static const TString EXPIRED_USER_TICKET = "3:user:CA0QABokCgMIyAMKAgh7EMgDGghiYjpzZXNzMRoIYmI6c2VzczIgEigB:D0CmYVwWg91LDYejjeQ2UP8AeiA_mr1q1CUD_lfJ9zQSEYEOYGDTafg4Um2rwOOvQnsD1JHM4zHyMUJ6Jtp9GAm5pmhbXBBZqaCcJpyxLTEC8a81MhJFCCJRvu_G1FiAgRgB25gI3HIbkvHFUEqAIC_nANy7NFQnbKk2S-EQPGY"; + static const TString MALFORMED_TVM_KEYS = "1:CpgCCpMCCAEQABqIAjCCAQQCggEAcLEXeH67FQESFUn4_7wnX7wN0PUrBoUsm3QQ4W5vC-qz6sXaEjSwnTV8w1o-z6X9KPLlhzMQvuS38NCNfK4uvJ4Zvfp3YsXJ25-rYtbnrYJHNvHohD-kPCCw_yZpMp21JdWigzQGuV7CtrxUhF-NNrsnUaJrE5-OpEWNt4X6nCItKIYeVcSK6XJUbEWbrNCRbvkSc4ak2ymFeMuHYJVjxh4eQbk7_ZPzodP0WvF6eUYrYeb42imVEOR8ofVLQWE5DVnb1z_TqZm4i1XkS7jMwZuBxBRw8DGdYei0lT_sAf7KST2jC0590NySB3vsBgWEVs1OdUUWA6r-Dvx9dsOQtSCVkQYQAAqZAgqUAggCEAAaiQIwggEFAoIBAQDhEBM5-6YsPWfogKtbluJoCX1WV2KdzOaQ0-OlRbBzeCzw-eQKu12c8WakHBbeCMd1I1TU64SDkDorWjXGIa_2xT6N3zzNAE50roTbPCcmeQrps26woTYfYIuqDdoxYKZNr0lvNLLW47vBr7EKqo1S4KSj7aXK_XYeEvUgIgf3nVIcNrio7VTnFmGGVQCepaL1Hi1gN4yIXjVZ06PBPZ-DxSRu6xOGbFrfKMJeMPs7KOyE-26Q3xOXdTIa1X-zYIucTd_bxUCL4BVbwW2AvbbFsaG7ISmVdGu0XUTmhXs1KrEfUVLRJhE4Dx99hAZXm1_HlYMUeJcMQ_oHOhV94ENFIJaRBhACCpYBCpEBCAMQABqGATCBgwKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NIJeRBhABCpYBCpEBCAQQABqGATCBgwKBgGB4d6eLGUBv-Q6EPLehC4S-yuE2HB-_rJ7WkeYwyp-xIPolPrd-PQme2utHB4ZgpXHIu_OFksDe_0bPgZniNRSVRbl7W49DgS5Ya3kMfrYB4DnF5Fta5tn1oV6EwxYD4JONpFTenOJALPGTPawxXEfon_peiHOSBuQMu3_Vn-l1IJiRBhADCpcBCpIBCAUQABqHATCBhAKBgQCTJMKIfmfeZpaI7Q9rnsc29gdWawK7TnpVKRHws1iY7EUlYROeVcMdAwEqVM6f8BVCKLGgzQ7Gar_uuxfUGKwqEQzoppDraw4F75J464-7D5f6_oJQuGIBHZxqbMONtLjBCXRUhQW5szBLmTQ_R3qaJb5vf-h0APZfkYhq1cTttSCZkQYQBAqWAQqRAQgLEAAahgEwgYMCgYBvvGVH_M2H8qxxv94yaDYUTWbRnJ1uiIYc59KIQlfFimMPhSS7x2tqUa2-hI55JiII0Xym6GNkwLhyc1xtWChpVuIdSnbvttbrt4weDMLHqTwNOF6qAsVKGKT1Yh8yf-qb-DSmicgvFc74mBQm_6gAY1iQsf33YX8578ClhKBWHSCVkQYQAAqXAQqSAQgMEAAahwEwgYQCgYEAkuzFcd5TJu7lYWYe2hQLFfUWIIj91BvQQLa_Thln4YtGCO8gG1KJqJm-YlmJOWQG0B7H_5RVhxUxV9KpmFnsDVkzUFKOsCBaYGXc12xPVioawUlAwp5qp3QQtZyx_se97YIoLzuLr46UkLcLnkIrp-Jo46QzYi_QHq45WTm8MQ0glpEGEAIKlwEKkgEIDRAAGocBMIGEAoGBAIUzbxOknXf_rNt17_ir8JlWvrtnCWsQd1MAnl5mgArvavDtKeBYHzi5_Ak7DHlLzuA6YE8W175FxLFKpN2hkz-l-M7ltUSd8N1BvJRhK4t6WffWfC_1wPyoAbeSN2Yb1jygtZJQ8wGoXHcJQUXiMit3eFNyylwsJFj1gzAR4JCdIJeRBhABCpYBCpEBCA4QABqGATCBgwKBgFMcbEpl9ukVR6AO_R6sMyiU11I8b8MBSUCEC15iKsrVO8v_m47_TRRjWPYtQ9eZ7o1ocNJHaGUU7qqInFqtFaVnIceP6NmCsXhjs3MLrWPS8IRAy4Zf4FKmGOx3N9O2vemjUygZ9vUiSkULdVrecinRaT8JQ5RG4bUMY04XGIwFIJiRBhADCpYBCpEBCA8QABqGATCBgwKBgGpCkW-NR3li8GlRvqpq2YZGSIgm_PTyDI2Zwfw69grsBmPpVFW48Vw7xoMN35zcrojEpialB_uQzlpLYOvsMl634CRIuj-n1QE3-gaZTTTE8mg-AR4mcxnTKThPnRQpbuOlYAnriwiasWiQEMbGjq_HmWioYYxFo9USlklQn4-9IJmRBhAEEpUBCpIBCAYQABqHATCBhAKBgQCoZkFGm9oLTqjeXZAq6j5S6i7K20V0lNdBBLqfmFBIRuTkYxhs4vUYnWjZrKRAd5bp6_py0csmFmpl_5Yh0b-2pdo_E5PNP7LGRzKyKSiFddyykKKzVOazH8YYldDAfE8Z5HoS9e48an5JsPg0jr-TPu34DnJq3yv2a6dqiKL9zSCakQYSlQEKkgEIEBAAGocBMIGEAoGBALhrihbf3EpjDQS2sCQHazoFgN0nBbE9eesnnFTfzQELXb2gnJU9enmV_aDqaHKjgtLIPpCgn40lHrn5k6mvH5OdedyI6cCzE-N-GFp3nAq0NDJyMe0fhtIRD__CbT0ulcvkeow65ubXWfw6dBC2gR_34rdMe_L_TGRLMWjDULbNIJ"; + static const TString UNSUPPORTED_VERSION_USER_TICKET = "2:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; + static const TString USER_TICKET_PROTOBUF = "CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE"; + static const TString VALID_USER_TICKET_1 = "3:user:CA0Q__________9_GiQKAwjIAwoCCHsQyAMaCGJiOnNlc3MxGghiYjpzZXNzMiASKAE:KJFv5EcXn9krYk19LCvlFrhMW-R4q8mKfXJXCd-RBVBgUQzCOR1Dx2FiOyU-BxUoIsaU0PiwTjbVY5I2onJDilge70Cl5zEPI9pfab2qwklACq_ZBUvD1tzrfNUr88otBGAziHASJWgyVDkhyQ3p7YbN38qpb0vGQrYNxlk4e2I"; + static const TString VALID_USER_TICKET_2 = "3:user:CA0Q__________9_GhAKAwjIAwoCCHsQyAMgEigB:KRibGYTJUA2ns0Fn7VYqeMZ1-GdscB1o9pRzELyr7QJrJsfsE8Y_HoVvB8Npr-oalv6AXOpagSc8HpZjAQz8zKMAVE_tI0tL-9DEsHirpawEbpy7OWV7-k18o1m-RaDaKeTlIB45KHbBul1-9aeKkortBfbbXtz_Qy9r_mfFPiQ"; + static const TString VALID_USER_TICKET_3 = "3:user:CA0Q__________9_Go8bCgIIAAoCCAEKAggCCgIIAwoCCAQKAggFCgIIBgoCCAcKAggICgIICQoCCAoKAggLCgIIDAoCCA0KAggOCgIIDwoCCBAKAggRCgIIEgoCCBMKAggUCgIIFQoCCBYKAggXCgIIGAoCCBkKAggaCgIIGwoCCBwKAggdCgIIHgoCCB8KAgggCgIIIQoCCCIKAggjCgIIJAoCCCUKAggmCgIIJwoCCCgKAggpCgIIKgoCCCsKAggsCgIILQoCCC4KAggvCgIIMAoCCDEKAggyCgIIMwoCCDQKAgg1CgIINgoCCDcKAgg4CgIIOQoCCDoKAgg7CgIIPAoCCD0KAgg-CgIIPwoCCEAKAghBCgIIQgoCCEMKAghECgIIRQoCCEYKAghHCgIISAoCCEkKAghKCgIISwoCCEwKAghNCgIITgoCCE8KAghQCgIIUQoCCFIKAghTCgIIVAoCCFUKAghWCgIIVwoCCFgKAghZCgIIWgoCCFsKAghcCgIIXQoCCF4KAghfCgIIYAoCCGEKAghiCgIIYwoCCGQKAghlCgIIZgoCCGcKAghoCgIIaQoCCGoKAghrCgIIbAoCCG0KAghuCgIIbwoCCHAKAghxCgIIcgoCCHMKAgh0CgIIdQoCCHYKAgh3CgIIeAoCCHkKAgh6CgIIewoCCHwKAgh9CgIIfgoCCH8KAwiAAQoDCIEBCgMIggEKAwiDAQoDCIQBCgMIhQEKAwiGAQoDCIcBCgMIiAEKAwiJAQoDCIoBCgMIiwEKAwiMAQoDCI0BCgMIjgEKAwiPAQoDCJABCgMIkQEKAwiSAQoDCJMBCgMIlAEKAwiVAQoDCJYBCgMIlwEKAwiYAQoDCJkBCgMImgEKAwibAQoDCJwBCgMInQEKAwieAQoDCJ8BCgMIoAEKAwihAQoDCKIBCgMIowEKAwikAQoDCKUBCgMIpgEKAwinAQoDCKgBCgMIqQEKAwiqAQoDCKsBCgMIrAEKAwitAQoDCK4BCgMIrwEKAwiwAQoDCLEBCgMIsgEKAwizAQoDCLQBCgMItQEKAwi2AQoDCLcBCgMIuAEKAwi5AQoDCLoBCgMIuwEKAwi8AQoDCL0BCgMIvgEKAwi_AQoDCMABCgMIwQEKAwjCAQoDCMMBCgMIxAEKAwjFAQoDCMYBCgMIxwEKAwjIAQoDCMkBCgMIygEKAwjLAQoDCMwBCgMIzQEKAwjOAQoDCM8BCgMI0AEKAwjRAQoDCNIBCgMI0wEKAwjUAQoDCNUBCgMI1gEKAwjXAQoDCNgBCgMI2QEKAwjaAQoDCNsBCgMI3AEKAwjdAQoDCN4BCgMI3wEKAwjgAQoDCOEBCgMI4gEKAwjjAQoDCOQBCgMI5QEKAwjmAQoDCOcBCgMI6AEKAwjpAQoDCOoBCgMI6wEKAwjsAQoDCO0BCgMI7gEKAwjvAQoDCPABCgMI8QEKAwjyAQoDCPMBCgMI9AEKAwj1AQoDCPYBCgMI9wEKAwj4AQoDCPkBCgMI-gEKAwj7AQoDCPwBCgMI_QEKAwj-AQoDCP8BCgMIgAIKAwiBAgoDCIICCgMIgwIKAwiEAgoDCIUCCgMIhgIKAwiHAgoDCIgCCgMIiQIKAwiKAgoDCIsCCgMIjAIKAwiNAgoDCI4CCgMIjwIKAwiQAgoDCJECCgMIkgIKAwiTAgoDCJQCCgMIlQIKAwiWAgoDCJcCCgMImAIKAwiZAgoDCJoCCgMImwIKAwicAgoDCJ0CCgMIngIKAwifAgoDCKACCgMIoQIKAwiiAgoDCKMCCgMIpAIKAwilAgoDCKYCCgMIpwIKAwioAgoDCKkCCgMIqgIKAwirAgoDCKwCCgMIrQIKAwiuAgoDCK8CCgMIsAIKAwixAgoDCLICCgMIswIKAwi0AgoDCLUCCgMItgIKAwi3AgoDCLgCCgMIuQIKAwi6AgoDCLsCCgMIvAIKAwi9AgoDCL4CCgMIvwIKAwjAAgoDCMECCgMIwgIKAwjDAgoDCMQCCgMIxQIKAwjGAgoDCMcCCgMIyAIKAwjJAgoDCMoCCgMIywIKAwjMAgoDCM0CCgMIzgIKAwjPAgoDCNACCgMI0QIKAwjSAgoDCNMCCgMI1AIKAwjVAgoDCNYCCgMI1wIKAwjYAgoDCNkCCgMI2gIKAwjbAgoDCNwCCgMI3QIKAwjeAgoDCN8CCgMI4AIKAwjhAgoDCOICCgMI4wIKAwjkAgoDCOUCCgMI5gIKAwjnAgoDCOgCCgMI6QIKAwjqAgoDCOsCCgMI7AIKAwjtAgoDCO4CCgMI7wIKAwjwAgoDCPECCgMI8gIKAwjzAgoDCPQCCgMI9QIKAwj2AgoDCPcCCgMI-AIKAwj5AgoDCPoCCgMI-wIKAwj8AgoDCP0CCgMI_gIKAwj_AgoDCIADCgMIgQMKAwiCAwoDCIMDCgMIhAMKAwiFAwoDCIYDCgMIhwMKAwiIAwoDCIkDCgMIigMKAwiLAwoDCIwDCgMIjQMKAwiOAwoDCI8DCgMIkAMKAwiRAwoDCJIDCgMIkwMKAwiUAwoDCJUDCgMIlgMKAwiXAwoDCJgDCgMImQMKAwiaAwoDCJsDCgMInAMKAwidAwoDCJ4DCgMInwMKAwigAwoDCKEDCgMIogMKAwijAwoDCKQDCgMIpQMKAwimAwoDCKcDCgMIqAMKAwipAwoDCKoDCgMIqwMKAwisAwoDCK0DCgMIrgMKAwivAwoDCLADCgMIsQMKAwiyAwoDCLMDCgMItAMKAwi1AwoDCLYDCgMItwMKAwi4AwoDCLkDCgMIugMKAwi7AwoDCLwDCgMIvQMKAwi-AwoDCL8DCgMIwAMKAwjBAwoDCMIDCgMIwwMKAwjEAwoDCMUDCgMIxgMKAwjHAwoDCMgDCgMIyQMKAwjKAwoDCMsDCgMIzAMKAwjNAwoDCM4DCgMIzwMKAwjQAwoDCNEDCgMI0gMKAwjTAwoDCNQDCgMI1QMKAwjWAwoDCNcDCgMI2AMKAwjZAwoDCNoDCgMI2wMKAwjcAwoDCN0DCgMI3gMKAwjfAwoDCOADCgMI4QMKAwjiAwoDCOMDCgMI5AMKAwjlAwoDCOYDCgMI5wMKAwjoAwoDCOkDCgMI6gMKAwjrAwoDCOwDCgMI7QMKAwjuAwoDCO8DCgMI8AMKAwjxAwoDCPIDCgMI8wMQyAMaCGJiOnNlc3MxGgliYjpzZXNzMTAaCmJiOnNlc3MxMDAaCWJiOnNlc3MxMRoJYmI6c2VzczEyGgliYjpzZXNzMTMaCWJiOnNlc3MxNBoJYmI6c2VzczE1GgliYjpzZXNzMTYaCWJiOnNlc3MxNxoJYmI6c2VzczE4GgliYjpzZXNzMTkaCGJiOnNlc3MyGgliYjpzZXNzMjAaCWJiOnNlc3MyMRoJYmI6c2VzczIyGgliYjpzZXNzMjMaCWJiOnNlc3MyNBoJYmI6c2VzczI1GgliYjpzZXNzMjYaCWJiOnNlc3MyNxoJYmI6c2VzczI4GgliYjpzZXNzMjkaCGJiOnNlc3MzGgliYjpzZXNzMzAaCWJiOnNlc3MzMRoJYmI6c2VzczMyGgliYjpzZXNzMzMaCWJiOnNlc3MzNBoJYmI6c2VzczM1GgliYjpzZXNzMzYaCWJiOnNlc3MzNxoJYmI6c2VzczM4GgliYjpzZXNzMzkaCGJiOnNlc3M0GgliYjpzZXNzNDAaCWJiOnNlc3M0MRoJYmI6c2VzczQyGgliYjpzZXNzNDMaCWJiOnNlc3M0NBoJYmI6c2VzczQ1GgliYjpzZXNzNDYaCWJiOnNlc3M0NxoJYmI6c2VzczQ4GgliYjpzZXNzNDkaCGJiOnNlc3M1GgliYjpzZXNzNTAaCWJiOnNlc3M1MRoJYmI6c2VzczUyGgliYjpzZXNzNTMaCWJiOnNlc3M1NBoJYmI6c2VzczU1GgliYjpzZXNzNTYaCWJiOnNlc3M1NxoJYmI6c2VzczU4GgliYjpzZXNzNTkaCGJiOnNlc3M2GgliYjpzZXNzNjAaCWJiOnNlc3M2MRoJYmI6c2VzczYyGgliYjpzZXNzNjMaCWJiOnNlc3M2NBoJYmI6c2VzczY1GgliYjpzZXNzNjYaCWJiOnNlc3M2NxoJYmI6c2VzczY4GgliYjpzZXNzNjkaCGJiOnNlc3M3GgliYjpzZXNzNzAaCWJiOnNlc3M3MRoJYmI6c2VzczcyGgliYjpzZXNzNzMaCWJiOnNlc3M3NBoJYmI6c2Vzczc1GgliYjpzZXNzNzYaCWJiOnNlc3M3NxoJYmI6c2Vzczc4GgliYjpzZXNzNzkaCGJiOnNlc3M4GgliYjpzZXNzODAaCWJiOnNlc3M4MRoJYmI6c2VzczgyGgliYjpzZXNzODMaCWJiOnNlc3M4NBoJYmI6c2Vzczg1GgliYjpzZXNzODYaCWJiOnNlc3M4NxoJYmI6c2Vzczg4GgliYjpzZXNzODkaCGJiOnNlc3M5GgliYjpzZXNzOTAaCWJiOnNlc3M5MRoJYmI6c2VzczkyGgliYjpzZXNzOTMaCWJiOnNlc3M5NBoJYmI6c2Vzczk1GgliYjpzZXNzOTYaCWJiOnNlc3M5NxoJYmI6c2Vzczk4GgliYjpzZXNzOTkgEigB:CX8PIOrxJnQqFXl7wAsiHJ_1VGjoI-asNlCXb8SE8jtI2vdh9x6CqbAurSgIlAAEgotVP-nuUR38x_a9YJuXzmG5AvJ458apWQtODHIDIX6ZaIwMxjS02R7S5LNqXa0gAuU_R6bCWpZdWe2uLMkdpu5KHbDgW08g-uaP_nceDOk"; + Y_UNIT_TEST(ContextText) { TUserContext::TImpl context(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_EQUAL(2, context.GetKeys().size()); + UNIT_ASSERT_EQUAL(2, context.GetKeys().size()); UNIT_ASSERT_NO_EXCEPTION(context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS)); - UNIT_ASSERT_EQUAL(2, context.GetKeys().size()); + UNIT_ASSERT_EQUAL(2, context.GetKeys().size()); } - + Y_UNIT_TEST(ContextEnvTest) { TUserContext::TImpl p(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_EQUAL(2, p.GetKeys().size()); + UNIT_ASSERT_EQUAL(2, p.GetKeys().size()); UNIT_ASSERT(p.IsAllowed(tvm_keys::Prod)); UNIT_ASSERT(!p.IsAllowed(tvm_keys::ProdYateam)); UNIT_ASSERT(!p.IsAllowed(tvm_keys::Test)); UNIT_ASSERT(!p.IsAllowed(tvm_keys::TestYateam)); UNIT_ASSERT(!p.IsAllowed(tvm_keys::Stress)); - + TUserContext::TImpl pt(EBlackboxEnv::ProdYateam, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_EQUAL(2, pt.GetKeys().size()); + UNIT_ASSERT_EQUAL(2, pt.GetKeys().size()); UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Prod)); UNIT_ASSERT(pt.IsAllowed(tvm_keys::ProdYateam)); UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Test)); UNIT_ASSERT(!pt.IsAllowed(tvm_keys::TestYateam)); UNIT_ASSERT(!pt.IsAllowed(tvm_keys::Stress)); - + TUserContext::TImpl t(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_EQUAL(2, t.GetKeys().size()); + UNIT_ASSERT_EQUAL(2, t.GetKeys().size()); UNIT_ASSERT(!t.IsAllowed(tvm_keys::Prod)); UNIT_ASSERT(!t.IsAllowed(tvm_keys::ProdYateam)); UNIT_ASSERT(t.IsAllowed(tvm_keys::Test)); UNIT_ASSERT(!t.IsAllowed(tvm_keys::TestYateam)); UNIT_ASSERT(!t.IsAllowed(tvm_keys::Stress)); - + TUserContext::TImpl tt(EBlackboxEnv::TestYateam, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_EQUAL(2, tt.GetKeys().size()); + UNIT_ASSERT_EQUAL(2, tt.GetKeys().size()); UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Prod)); UNIT_ASSERT(!tt.IsAllowed(tvm_keys::ProdYateam)); UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Test)); UNIT_ASSERT(tt.IsAllowed(tvm_keys::TestYateam)); UNIT_ASSERT(!tt.IsAllowed(tvm_keys::Stress)); - + TUserContext::TImpl s(EBlackboxEnv::Stress, NUnittest::TVMKNIFE_PUBLIC_KEYS); - UNIT_ASSERT_EQUAL(4, s.GetKeys().size()); + UNIT_ASSERT_EQUAL(4, s.GetKeys().size()); UNIT_ASSERT(s.IsAllowed(tvm_keys::Prod)); UNIT_ASSERT(!s.IsAllowed(tvm_keys::ProdYateam)); UNIT_ASSERT(!s.IsAllowed(tvm_keys::Test)); UNIT_ASSERT(!s.IsAllowed(tvm_keys::TestYateam)); UNIT_ASSERT(s.IsAllowed(tvm_keys::Stress)); } - + Y_UNIT_TEST(ContextExceptionsText) { - UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, EMPTY_TVM_KEYS), TEmptyTvmKeysException); - UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); - UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, "adcvxcv./-+"), TMalformedTvmKeysException); + UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, EMPTY_TVM_KEYS), TEmptyTvmKeysException); + UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, MALFORMED_TVM_KEYS), TMalformedTvmKeysException); + UNIT_ASSERT_EXCEPTION(TUserContext::TImpl(EBlackboxEnv::Prod, "adcvxcv./-+"), TMalformedTvmKeysException); } - + Y_UNIT_TEST(Ticket1Test) { TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_1); + auto checkedTicket = context.Check(VALID_USER_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); - UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket->GetExpirationTime()); - UNIT_ASSERT_EQUAL(TUids({456, 123}), checkedTicket->GetUids()); - UNIT_ASSERT_EQUAL(456, checkedTicket->GetDefaultUid()); - UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket->GetScopes()); - UNIT_ASSERT(checkedTicket->HasScope("bb:sess1")); - UNIT_ASSERT(checkedTicket->HasScope("bb:sess2")); - UNIT_ASSERT(!checkedTicket->HasScope("bb:sess3")); + UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), checkedTicket->GetExpirationTime()); + UNIT_ASSERT_EQUAL(TUids({456, 123}), checkedTicket->GetUids()); + UNIT_ASSERT_EQUAL(456, checkedTicket->GetDefaultUid()); + UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), checkedTicket->GetScopes()); + UNIT_ASSERT(checkedTicket->HasScope("bb:sess1")); + UNIT_ASSERT(checkedTicket->HasScope("bb:sess2")); + UNIT_ASSERT(!checkedTicket->HasScope("bb:sess3")); UNIT_ASSERT_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess2;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket->DebugInfo()); } - + Y_UNIT_TEST(Ticket2Test) { TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_2); + auto checkedTicket = context.Check(VALID_USER_TICKET_2); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;default_uid=456;uid=456;uid=123;env=Test;", checkedTicket->DebugInfo()); } - + Y_UNIT_TEST(Ticket3Test) { TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_3); + auto checkedTicket = context.Check(VALID_USER_TICKET_3); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); UNIT_ASSERT_VALUES_EQUAL("ticket_type=user;expiration_time=9223372036854775807;scope=bb:sess1;scope=bb:sess10;scope=bb:sess100;scope=bb:sess11;scope=bb:sess12;scope=bb:sess13;scope=bb:sess14;scope=bb:sess15;scope=bb:sess16;scope=bb:sess17;scope=bb:sess18;scope=bb:sess19;scope=bb:sess2;scope=bb:sess20;scope=bb:sess21;scope=bb:sess22;scope=bb:sess23;scope=bb:sess24;scope=bb:sess25;scope=bb:sess26;scope=bb:sess27;scope=bb:sess28;scope=bb:sess29;scope=bb:sess3;scope=bb:sess30;scope=bb:sess31;scope=bb:sess32;scope=bb:sess33;scope=bb:sess34;scope=bb:sess35;scope=bb:sess36;scope=bb:sess37;scope=bb:sess38;scope=bb:sess39;scope=bb:sess4;scope=bb:sess40;scope=bb:sess41;scope=bb:sess42;scope=bb:sess43;scope=bb:sess44;scope=bb:sess45;scope=bb:sess46;scope=bb:sess47;scope=bb:sess48;scope=bb:sess49;scope=bb:sess5;scope=bb:sess50;scope=bb:sess51;scope=bb:sess52;scope=bb:sess53;scope=bb:sess54;scope=bb:sess55;scope=bb:sess56;scope=bb:sess57;scope=bb:sess58;scope=bb:sess59;scope=bb:sess6;scope=bb:sess60;scope=bb:sess61;scope=bb:sess62;scope=bb:sess63;scope=bb:sess64;scope=bb:sess65;scope=bb:sess66;scope=bb:sess67;scope=bb:sess68;scope=bb:sess69;scope=bb:sess7;scope=bb:sess70;scope=bb:sess71;scope=bb:sess72;scope=bb:sess73;scope=bb:sess74;scope=bb:sess75;scope=bb:sess76;scope=bb:sess77;scope=bb:sess78;scope=bb:sess79;scope=bb:sess8;scope=bb:sess80;scope=bb:sess81;scope=bb:sess82;scope=bb:sess83;scope=bb:sess84;scope=bb:sess85;scope=bb:sess86;scope=bb:sess87;scope=bb:sess88;scope=bb:sess89;scope=bb:sess9;scope=bb:sess90;scope=bb:sess91;scope=bb:sess92;scope=bb:sess93;scope=bb:sess94;scope=bb:sess95;scope=bb:sess96;scope=bb:sess97;scope=bb:sess98;scope=bb:sess99;default_uid=456;uid=0;uid=1;uid=2;uid=3;uid=4;uid=5;uid=6;uid=7;uid=8;uid=9;uid=10;uid=11;uid=12;uid=13;uid=14;uid=15;uid=16;uid=17;uid=18;uid=19;uid=20;uid=21;uid=22;uid=23;uid=24;uid=25;uid=26;uid=27;uid=28;uid=29;uid=30;uid=31;uid=32;uid=33;uid=34;uid=35;uid=36;uid=37;uid=38;uid=39;uid=40;uid=41;uid=42;uid=43;uid=44;uid=45;uid=46;uid=47;uid=48;uid=49;uid=50;uid=51;uid=52;uid=53;uid=54;uid=55;uid=56;uid=57;uid=58;uid=59;uid=60;uid=61;uid=62;uid=63;uid=64;uid=65;uid=66;uid=67;uid=68;uid=69;uid=70;uid=71;uid=72;uid=73;uid=74;uid=75;uid=76;uid=77;uid=78;uid=79;uid=80;uid=81;uid=82;uid=83;uid=84;uid=85;uid=86;uid=87;uid=88;uid=89;uid=90;uid=91;uid=92;uid=93;uid=94;uid=95;uid=96;uid=97;uid=98;uid=99;uid=100;uid=101;uid=102;uid=103;uid=104;uid=105;uid=106;uid=107;uid=108;uid=109;uid=110;uid=111;uid=112;uid=113;uid=114;uid=115;uid=116;uid=117;uid=118;uid=119;uid=120;uid=121;uid=122;uid=123;uid=124;uid=125;uid=126;uid=127;uid=128;uid=129;uid=130;uid=131;uid=132;uid=133;uid=134;uid=135;uid=136;uid=137;uid=138;uid=139;uid=140;uid=141;uid=142;uid=143;uid=144;uid=145;uid=146;uid=147;uid=148;uid=149;uid=150;uid=151;uid=152;uid=153;uid=154;uid=155;uid=156;uid=157;uid=158;uid=159;uid=160;uid=161;uid=162;uid=163;uid=164;uid=165;uid=166;uid=167;uid=168;uid=169;uid=170;uid=171;uid=172;uid=173;uid=174;uid=175;uid=176;uid=177;uid=178;uid=179;uid=180;uid=181;uid=182;uid=183;uid=184;uid=185;uid=186;uid=187;uid=188;uid=189;uid=190;uid=191;uid=192;uid=193;uid=194;uid=195;uid=196;uid=197;uid=198;uid=199;uid=200;uid=201;uid=202;uid=203;uid=204;uid=205;uid=206;uid=207;uid=208;uid=209;uid=210;uid=211;uid=212;uid=213;uid=214;uid=215;uid=216;uid=217;uid=218;uid=219;uid=220;uid=221;uid=222;uid=223;uid=224;uid=225;uid=226;uid=227;uid=228;uid=229;uid=230;uid=231;uid=232;uid=233;uid=234;uid=235;uid=236;uid=237;uid=238;uid=239;uid=240;uid=241;uid=242;uid=243;uid=244;uid=245;uid=246;uid=247;uid=248;uid=249;uid=250;uid=251;uid=252;uid=253;uid=254;uid=255;uid=256;uid=257;uid=258;uid=259;uid=260;uid=261;uid=262;uid=263;uid=264;uid=265;uid=266;uid=267;uid=268;uid=269;uid=270;uid=271;uid=272;uid=273;uid=274;uid=275;uid=276;uid=277;uid=278;uid=279;uid=280;uid=281;uid=282;uid=283;uid=284;uid=285;uid=286;uid=287;uid=288;uid=289;uid=290;uid=291;uid=292;uid=293;uid=294;uid=295;uid=296;uid=297;uid=298;uid=299;uid=300;uid=301;uid=302;uid=303;uid=304;uid=305;uid=306;uid=307;uid=308;uid=309;uid=310;uid=311;uid=312;uid=313;uid=314;uid=315;uid=316;uid=317;uid=318;uid=319;uid=320;uid=321;uid=322;uid=323;uid=324;uid=325;uid=326;uid=327;uid=328;uid=329;uid=330;uid=331;uid=332;uid=333;uid=334;uid=335;uid=336;uid=337;uid=338;uid=339;uid=340;uid=341;uid=342;uid=343;uid=344;uid=345;uid=346;uid=347;uid=348;uid=349;uid=350;uid=351;uid=352;uid=353;uid=354;uid=355;uid=356;uid=357;uid=358;uid=359;uid=360;uid=361;uid=362;uid=363;uid=364;uid=365;uid=366;uid=367;uid=368;uid=369;uid=370;uid=371;uid=372;uid=373;uid=374;uid=375;uid=376;uid=377;uid=378;uid=379;uid=380;uid=381;uid=382;uid=383;uid=384;uid=385;uid=386;uid=387;uid=388;uid=389;uid=390;uid=391;uid=392;uid=393;uid=394;uid=395;uid=396;uid=397;uid=398;uid=399;uid=400;uid=401;uid=402;uid=403;uid=404;uid=405;uid=406;uid=407;uid=408;uid=409;uid=410;uid=411;uid=412;uid=413;uid=414;uid=415;uid=416;uid=417;uid=418;uid=419;uid=420;uid=421;uid=422;uid=423;uid=424;uid=425;uid=426;uid=427;uid=428;uid=429;uid=430;uid=431;uid=432;uid=433;uid=434;uid=435;uid=436;uid=437;uid=438;uid=439;uid=440;uid=441;uid=442;uid=443;uid=444;uid=445;uid=446;uid=447;uid=448;uid=449;uid=450;uid=451;uid=452;uid=453;uid=454;uid=455;uid=456;uid=457;uid=458;uid=459;uid=460;uid=461;uid=462;uid=463;uid=464;uid=465;uid=466;uid=467;uid=468;uid=469;uid=470;uid=471;uid=472;uid=473;uid=474;uid=475;uid=476;uid=477;uid=478;uid=479;uid=480;uid=481;uid=482;uid=483;uid=484;uid=485;uid=486;uid=487;uid=488;uid=489;uid=490;uid=491;uid=492;uid=493;uid=494;uid=495;uid=496;uid=497;uid=498;uid=499;env=Test;", checkedTicket->DebugInfo()); } - + Y_UNIT_TEST(TicketExceptionsTest) { TUserContext::TImpl contextTest(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket1 = contextTest.Check(UNSUPPORTED_VERSION_USER_TICKET); + auto checkedTicket1 = contextTest.Check(UNSUPPORTED_VERSION_USER_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::UnsupportedVersion, checkedTicket1->GetStatus()); - - auto checkedTicket2 = contextTest.Check(EXPIRED_USER_TICKET); + + auto checkedTicket2 = contextTest.Check(EXPIRED_USER_TICKET); UNIT_ASSERT_EQUAL(ETicketStatus::Expired, checkedTicket2->GetStatus()); - + TUserContext::TImpl contextProd(EBlackboxEnv::Prod, NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket3 = contextProd.Check(VALID_USER_TICKET_1); + auto checkedTicket3 = contextProd.Check(VALID_USER_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::InvalidBlackboxEnv, checkedTicket3->GetStatus()); - - UNIT_ASSERT_EXCEPTION(checkedTicket3->GetDefaultUid(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket3->GetUids(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket3->GetScopes(), TNotAllowedException); - UNIT_ASSERT_EXCEPTION(checkedTicket3->HasScope(""), TNotAllowedException); - UNIT_ASSERT_NO_EXCEPTION(bool(*checkedTicket3)); - UNIT_ASSERT_NO_EXCEPTION(checkedTicket3->DebugInfo()); - UNIT_ASSERT_NO_EXCEPTION(checkedTicket3->GetStatus()); + + UNIT_ASSERT_EXCEPTION(checkedTicket3->GetDefaultUid(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket3->GetUids(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket3->GetScopes(), TNotAllowedException); + UNIT_ASSERT_EXCEPTION(checkedTicket3->HasScope(""), TNotAllowedException); + UNIT_ASSERT_NO_EXCEPTION(bool(*checkedTicket3)); + UNIT_ASSERT_NO_EXCEPTION(checkedTicket3->DebugInfo()); + UNIT_ASSERT_NO_EXCEPTION(checkedTicket3->GetStatus()); } - + Y_UNIT_TEST(TicketProtoTest) { - ticket2::Ticket protobufTicket; + ticket2::Ticket protobufTicket; UNIT_ASSERT(protobufTicket.ParseFromString(NUtils::Base64url2bin(USER_TICKET_PROTOBUF))); TTestUserTicketImpl userTicket(ETicketStatus::Ok, std::move(protobufTicket)); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, userTicket.GetStatus()); - UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), userTicket.GetExpirationTime()); - UNIT_ASSERT_EQUAL(TUids({456, 123}), userTicket.GetUids()); - UNIT_ASSERT_EQUAL(456, userTicket.GetDefaultUid()); - UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), userTicket.GetScopes()); - UNIT_ASSERT(userTicket.HasScope("bb:sess1")); - UNIT_ASSERT(userTicket.HasScope("bb:sess2")); - UNIT_ASSERT(!userTicket.HasScope("bb:sess3")); + UNIT_ASSERT_EQUAL(std::numeric_limits<time_t>::max(), userTicket.GetExpirationTime()); + UNIT_ASSERT_EQUAL(TUids({456, 123}), userTicket.GetUids()); + UNIT_ASSERT_EQUAL(456, userTicket.GetDefaultUid()); + UNIT_ASSERT_EQUAL(TScopes({"bb:sess1", "bb:sess2"}), userTicket.GetScopes()); + UNIT_ASSERT(userTicket.HasScope("bb:sess1")); + UNIT_ASSERT(userTicket.HasScope("bb:sess2")); + UNIT_ASSERT(!userTicket.HasScope("bb:sess3")); } - + Y_UNIT_TEST(ResetKeysTest) { TUserContext::TImpl context(EBlackboxEnv::Test, NUnittest::TVMKNIFE_PUBLIC_KEYS); context.ResetKeys(NUnittest::TVMKNIFE_PUBLIC_KEYS); - auto checkedTicket = context.Check(VALID_USER_TICKET_1); + auto checkedTicket = context.Check(VALID_USER_TICKET_1); UNIT_ASSERT_EQUAL(ETicketStatus::Ok, checkedTicket->GetStatus()); } diff --git a/library/cpp/tvmauth/src/ut/utils_ut.cpp b/library/cpp/tvmauth/src/ut/utils_ut.cpp index c9cb81c36f..38b1d384d2 100644 --- a/library/cpp/tvmauth/src/ut/utils_ut.cpp +++ b/library/cpp/tvmauth/src/ut/utils_ut.cpp @@ -8,24 +8,24 @@ Y_UNIT_TEST_SUITE(UtilsTestSuite) { static const TString VALID_SERVICE_TICKET_1 = "3:serv:CBAQ__________9_IhkI5QEQHBoIYmI6c2VzczEaCGJiOnNlc3My:WUPx1cTf05fjD1exB35T5j2DCHWH1YaLJon_a4rN-D7JfXHK1Ai4wM4uSfboHD9xmGQH7extqtlEk1tCTCGm5qbRVloJwWzCZBXo3zKX6i1oBYP_89WcjCNPVe1e8jwGdLsnu6PpxL5cn0xCksiStILH5UmDR6xfkJdnmMG94o8"; static const TString EXPIRED_SERVICE_TICKET = "3:serv:CBAQACIZCOUBEBwaCGJiOnNlc3MxGghiYjpzZXNzMg:IwfMNJYEqStY_SixwqJnyHOMCPR7-3HHk4uylB2oVRkthtezq-OOA7QizDvx7VABLs_iTlXuD1r5IjufNei_EiV145eaa3HIg4xCdJXCojMexf2UYJz8mF2b0YzFAy6_KWagU7xo13CyKAqzJuQf5MJcSUf0ecY9hVh36cJ51aw"; using namespace NTvmAuth; - + Y_UNIT_TEST(base64Test) { UNIT_ASSERT_VALUES_EQUAL("-hHx", NUtils::Bin2base64url("\xfa\x11\xf1")); UNIT_ASSERT_VALUES_EQUAL("-hHx_g", NUtils::Bin2base64url("\xfa\x11\xf1\xfe")); UNIT_ASSERT_VALUES_EQUAL("-hHx_v8", NUtils::Bin2base64url("\xfa\x11\xf1\xfe\xff")); - + UNIT_ASSERT_VALUES_EQUAL("", NUtils::Base64url2bin("hHx++")); UNIT_ASSERT_VALUES_EQUAL("", NUtils::Base64url2bin("&*^")); UNIT_ASSERT_VALUES_EQUAL("", NUtils::Base64url2bin("")); UNIT_ASSERT_VALUES_EQUAL("", NUtils::Bin2base64url("")); - + UNIT_ASSERT_VALUES_EQUAL("\xfa\x11\xf1", NUtils::Base64url2bin("-hHx")); UNIT_ASSERT_VALUES_EQUAL("\xfa\x11\xf1\xfe", NUtils::Base64url2bin("-hHx_g")); UNIT_ASSERT_VALUES_EQUAL("\xfa\x11\xf1\xfe", NUtils::Base64url2bin("-hHx_g=")); UNIT_ASSERT_VALUES_EQUAL("\xfa\x11\xf1\xfe", NUtils::Base64url2bin("-hHx_g==")); UNIT_ASSERT_VALUES_EQUAL("\xfa\x11\xf1\xfe\xff", NUtils::Base64url2bin("-hHx_v8")); UNIT_ASSERT_VALUES_EQUAL("\xfa\x11\xf1\xfe\xff", NUtils::Base64url2bin("-hHx_v8=")); - + UNIT_ASSERT_VALUES_EQUAL("SGVsbG8sIGV2ZXJ5Ym9keSE", NUtils::Bin2base64url(("Hello, everybody!"))); UNIT_ASSERT_VALUES_EQUAL("Hello, everybody!", @@ -34,33 +34,33 @@ Y_UNIT_TEST_SUITE(UtilsTestSuite) { NUtils::Bin2base64url(("The Magic Words are Squeamish Ossifrage"))); UNIT_ASSERT_VALUES_EQUAL("The Magic Words are Squeamish Ossifrage", NUtils::Base64url2bin(("VGhlIE1hZ2ljIFdvcmRzIGFyZSBTcXVlYW1pc2ggT3NzaWZyYWdl"))); - } - + } + Y_UNIT_TEST(sign) { UNIT_ASSERT_VALUES_EQUAL("wkGfeuopf709ozPAeGcDMqtZXPzsWvuNJ1BL586dSug", NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOVnvOqe-WyD1"), "1490000000", "13,19", "bb:sess,bb:sess2")); - + UNIT_ASSERT_VALUES_EQUAL("HANDYrA4ApQMQ5cfSWZk_InHWJffoXAa57P_X_B5s4M", NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), "1490000000", "13,19", "bb:sess,bb:sess2")); - + UNIT_ASSERT_VALUES_EQUAL("T-M-3_qtjRM1dR_3hS1CRlHBTZRKK04doHXBJw-5VRk", NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), "1490000001", "13,19", "bb:sess,bb:sess2")); - + UNIT_ASSERT_VALUES_EQUAL("gwB6M_9Jij50ZADmlDMnoyLc6AhQmtq6MClgGzO1PBE", NUtils::SignCgiParamsForTvm(NUtils::Base64url2bin("GRMJrKnj4fOasvOqe-WyD1"), "1490000001", "13,19", "")); - } + } Y_UNIT_TEST(GetExpirationTime) { UNIT_ASSERT(!NTvmAuth::NInternal::TCanningKnife::GetExpirationTime("3:aadasdasdasdas")); @@ -92,4 +92,4 @@ Y_UNIT_TEST_SUITE(UtilsTestSuite) { UNIT_ASSERT_VALUES_EQUAL("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf", NUtils::RemoveTicketSignature("asdxcbvfgdsgfasdfxczvdsgfxcdvbcbvf")); } -} +} diff --git a/library/cpp/tvmauth/src/ut/ya.make b/library/cpp/tvmauth/src/ut/ya.make index 9f510a8363..73ca917030 100644 --- a/library/cpp/tvmauth/src/ut/ya.make +++ b/library/cpp/tvmauth/src/ut/ya.make @@ -1,14 +1,14 @@ UNITTEST_FOR(library/cpp/tvmauth) - + OWNER(g:passport_infra) - -SRCS( - parser_ut.cpp - public_ut.cpp - service_ut.cpp - user_ut.cpp - utils_ut.cpp + +SRCS( + parser_ut.cpp + public_ut.cpp + service_ut.cpp + user_ut.cpp + utils_ut.cpp version_ut.cpp -) - -END() +) + +END() diff --git a/library/cpp/tvmauth/src/utils.cpp b/library/cpp/tvmauth/src/utils.cpp index d49efa28b5..d9fa2acf8e 100644 --- a/library/cpp/tvmauth/src/utils.cpp +++ b/library/cpp/tvmauth/src/utils.cpp @@ -1,42 +1,42 @@ -#include "utils.h" - +#include "utils.h" + #include "parser.h" -#include <contrib/libs/openssl/include/openssl/evp.h> -#include <contrib/libs/openssl/include/openssl/hmac.h> -#include <contrib/libs/openssl/include/openssl/md5.h> -#include <contrib/libs/openssl/include/openssl/sha.h> - +#include <contrib/libs/openssl/include/openssl/evp.h> +#include <contrib/libs/openssl/include/openssl/hmac.h> +#include <contrib/libs/openssl/include/openssl/md5.h> +#include <contrib/libs/openssl/include/openssl/sha.h> + #include <util/generic/maybe.h> -#include <util/generic/strbuf.h> - +#include <util/generic/strbuf.h> + #include <array> -namespace { +namespace { constexpr const unsigned char b64_encode[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; constexpr std::array<unsigned char, 256> B64Init() { std::array<unsigned char, 256> buf{}; for (auto& i : buf) - i = 0xff; - - for (int i = 0; i < 64; ++i) + i = 0xff; + + for (int i = 0; i < 64; ++i) buf[b64_encode[i]] = i; - + return buf; - } + } constexpr std::array<unsigned char, 256> b64_decode = B64Init(); } - + namespace NTvmAuth::NUtils { TString Bin2base64url(TStringBuf buf) { if (!buf) { return TString(); } - + TString res; res.resize(((buf.size() + 2) / 3) << 2, 0); - + const unsigned char* pB = (const unsigned char*)buf.data(); const unsigned char* pE = (const unsigned char*)buf.data() + buf.size(); unsigned char* p = (unsigned char*)res.data(); @@ -49,11 +49,11 @@ namespace NTvmAuth::NUtils { *p++ = b64_encode[((b & 0xF) << 2) | ((c & 0xC0) >> 6)]; *p++ = b64_encode[c & 0x3F]; } - + if (pB < pE) { const unsigned char a = *pB; *p++ = b64_encode[(a >> 2) & 0x3F]; - + if (pB == (pE - 1)) { *p++ = b64_encode[((a & 0x3) << 4)]; } else { @@ -62,23 +62,23 @@ namespace NTvmAuth::NUtils { ((int)(b & 0xF0) >> 4)]; *p++ = b64_encode[((b & 0xF) << 2)]; } - } - + } + res.resize(p - (unsigned char*)res.data()); return res; - } - + } + TString Base64url2bin(TStringBuf buf) { const unsigned char* bufin = (const unsigned char*)buf.data(); if (!buf || b64_decode[*bufin] > 63) { return TString(); - } + } const unsigned char* bufend = (const unsigned char*)buf.data() + buf.size(); while (++bufin < bufend && b64_decode[*bufin] < 64) ; int nprbytes = (bufin - (const unsigned char*)buf.data()); int nbytesdecoded = ((nprbytes + 3) / 4) * 3; - + if (nprbytes < static_cast<int>(buf.size())) { int left = buf.size() - nprbytes; while (left--) { @@ -86,13 +86,13 @@ namespace NTvmAuth::NUtils { return TString(); } } - + TString res; res.resize(nbytesdecoded); - + unsigned char* bufout = (unsigned char*)res.data(); bufin = (const unsigned char*)buf.data(); - + while (nprbytes > 4) { unsigned char a = b64_decode[*bufin]; unsigned char b = b64_decode[bufin[1]]; @@ -104,7 +104,7 @@ namespace NTvmAuth::NUtils { bufin += 4; nprbytes -= 4; } - + if (nprbytes == 1) { return {}; // Impossible } @@ -125,8 +125,8 @@ namespace NTvmAuth::NUtils { } return res; - } - + } + TString SignCgiParamsForTvm(TStringBuf secret, TStringBuf ts, TStringBuf dstTvmId, TStringBuf scopes) { TString data; data.reserve(ts.size() + dstTvmId.size() + scopes.size() + 3); @@ -134,22 +134,22 @@ namespace NTvmAuth::NUtils { data.append(ts).push_back(DELIM); data.append(dstTvmId).push_back(DELIM); data.append(scopes).push_back(DELIM); - + TString value(EVP_MAX_MD_SIZE, 0); unsigned macLen = 0; - + if (!::HMAC(EVP_sha256(), secret.data(), secret.size(), (unsigned char*)data.data(), data.size(), (unsigned char*)value.data(), &macLen)) { return {}; } - + if (macLen != EVP_MAX_MD_SIZE) { value.resize(macLen); } return Bin2base64url(value); - } -} + } +} namespace NTvmAuth::NInternal { TMaybe<TInstant> TCanningKnife::GetExpirationTime(TStringBuf ticket) { diff --git a/library/cpp/tvmauth/src/utils.h b/library/cpp/tvmauth/src/utils.h index e5847ac89f..341fe5e4ea 100644 --- a/library/cpp/tvmauth/src/utils.h +++ b/library/cpp/tvmauth/src/utils.h @@ -1,16 +1,16 @@ -#pragma once - +#pragma once + #include <library/cpp/tvmauth/checked_service_ticket.h> #include <library/cpp/tvmauth/checked_user_ticket.h> #include <library/cpp/tvmauth/ticket_status.h> - + #include <util/datetime/base.h> -#include <util/generic/fwd.h> - +#include <util/generic/fwd.h> + namespace NTvmAuth::NUtils { TString Bin2base64url(TStringBuf buf); TString Base64url2bin(TStringBuf buf); - + TString SignCgiParamsForTvm(TStringBuf secret, TStringBuf ts, TStringBuf dstTvmId, TStringBuf scopes); } diff --git a/library/cpp/tvmauth/src/version.cpp b/library/cpp/tvmauth/src/version.cpp index 6b389213d0..d0c49bb8b3 100644 --- a/library/cpp/tvmauth/src/version.cpp +++ b/library/cpp/tvmauth/src/version.cpp @@ -1,7 +1,7 @@ #include <library/cpp/resource/resource.h> #include <util/string/strip.h> - + namespace { class TBuiltinVersion { public: @@ -20,7 +20,7 @@ namespace { } namespace NTvmAuth { - TStringBuf LibVersion() { + TStringBuf LibVersion() { return Singleton<TBuiltinVersion>()->Get(); - } + } } diff --git a/library/cpp/tvmauth/ticket_status.h b/library/cpp/tvmauth/ticket_status.h index 532d4de56e..606e40886d 100644 --- a/library/cpp/tvmauth/ticket_status.h +++ b/library/cpp/tvmauth/ticket_status.h @@ -1,23 +1,23 @@ -#pragma once - -#include <util/generic/strbuf.h> - +#pragma once + +#include <util/generic/strbuf.h> + namespace NTvmAuth { /*! * Status mean result of ticket check */ enum class ETicketStatus { - Ok, - Expired, - InvalidBlackboxEnv, - InvalidDst, - InvalidTicketType, - Malformed, - MissingKey, - SignBroken, - UnsupportedVersion, + Ok, + Expired, + InvalidBlackboxEnv, + InvalidDst, + InvalidTicketType, + Malformed, + MissingKey, + SignBroken, + UnsupportedVersion, NoRoles, - }; - + }; + TStringBuf StatusToString(ETicketStatus st); -} +} diff --git a/library/cpp/tvmauth/type.h b/library/cpp/tvmauth/type.h index 7f4ce2b700..63a465bd34 100644 --- a/library/cpp/tvmauth/type.h +++ b/library/cpp/tvmauth/type.h @@ -1,11 +1,11 @@ -#pragma once - +#pragma once + #include <library/cpp/containers/stack_vector/stack_vec.h> - + namespace NTvmAuth { - using TScopes = TSmallVec<TStringBuf>; + using TScopes = TSmallVec<TStringBuf>; using TTvmId = ui32; using TUid = ui64; - using TUids = TSmallVec<TUid>; + using TUids = TSmallVec<TUid>; using TAlias = TString; -} +} diff --git a/library/cpp/tvmauth/version.h b/library/cpp/tvmauth/version.h index 48ec279829..ac7afda44b 100644 --- a/library/cpp/tvmauth/version.h +++ b/library/cpp/tvmauth/version.h @@ -1,7 +1,7 @@ -#pragma once - -#include <util/generic/strbuf.h> - +#pragma once + +#include <util/generic/strbuf.h> + namespace NTvmAuth { - TStringBuf LibVersion(); -} + TStringBuf LibVersion(); +} diff --git a/library/cpp/tvmauth/ya.make b/library/cpp/tvmauth/ya.make index 655336c902..f975ee0df3 100644 --- a/library/cpp/tvmauth/ya.make +++ b/library/cpp/tvmauth/ya.make @@ -1,28 +1,28 @@ LIBRARY() - + OWNER(g:passport_infra) - -PEERDIR( + +PEERDIR( library/cpp/string_utils/secret_string library/cpp/tvmauth/src/protos library/cpp/tvmauth/src/rw -) - -SRCS( +) + +SRCS( deprecated/service_context.cpp deprecated/user_context.cpp - src/parser.cpp - src/service_impl.cpp + src/parser.cpp + src/service_impl.cpp src/service_ticket.cpp - src/status.cpp + src/status.cpp src/unittest.cpp - src/user_impl.cpp + src/user_impl.cpp src/user_ticket.cpp - src/utils.cpp - src/version.cpp + src/utils.cpp + src/version.cpp utils.cpp -) - +) + GENERATE_ENUM_SERIALIZATION(checked_user_ticket.h) GENERATE_ENUM_SERIALIZATION(ticket_status.h) @@ -30,7 +30,7 @@ RESOURCE( src/version /builtin/version ) -END() +END() RECURSE( client |