func TestRequestAttributes_AttributesMismatch(t *testing.T) {
cert, err := loadECert(identity)
if err != nil {
t.Fatalf("Error loading ECert: %v", err)
}
ecert := cert.Raw
sock, acaP, err := GetACAClient()
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
defer sock.Close()
var attributes = make([]*pb.TCertAttribute, 0)
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "account"})
req := &pb.ACAAttrReq{
Ts: ×tamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
Id: &pb.Identity{Id: identity},
ECert: &pb.Cert{Cert: ecert},
Attributes: attributes,
Signature: nil}
var rawReq []byte
rawReq, err = proto.Marshal(req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
var r, s *big.Int
r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}
resp, err := acaP.RequestAttributes(context.Background(), req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
if resp.Status == pb.ACAAttrResp_FAILURE {
t.Fatalf("Error executing test: %v", err)
}
if resp.Status != pb.ACAAttrResp_NO_ATTRIBUTES_FOUND {
t.Fatal("Test failed 'account' attribute shouldn't be found.")
}
}
func TestRequestAttributes_DuplicatedAttributes(t *testing.T) {
cert, err := loadECert(identity)
if err != nil {
t.Fatalf("Error loading ECert: %v", err)
}
ecert := cert.Raw
sock, acaP, err := GetACAClient()
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
defer sock.Close()
var attributes = make([]*pb.TCertAttribute, 0)
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})
req := &pb.ACAAttrReq{
Ts: ×tamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
Id: &pb.Identity{Id: identity},
ECert: &pb.Cert{Cert: ecert},
Attributes: attributes,
Signature: nil}
var rawReq []byte
rawReq, err = proto.Marshal(req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
var r, s *big.Int
r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}
resp, err := acaP.RequestAttributes(context.Background(), req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
if resp.Status < pb.ACAAttrResp_FAILURE_MINVAL || resp.Status > pb.ACAAttrResp_FAILURE_MAXVAL {
t.Fatalf("Requesting attributes with multiple values should fail")
}
}
func (tcap *TCAP) requestAttributes(id string, ecert []byte, attrs []*pb.TCertAttribute) ([]*pb.ACAAttribute, error) {
//TODO we are creation a new client connection per each ecer request. We should be implement a connections pool.
sock, acaP, err := GetACAClient()
if err != nil {
return nil, err
}
defer sock.Close()
var attrNames []*pb.TCertAttribute
for _, att := range attrs {
attrName := pb.TCertAttribute{AttributeName: att.AttributeName}
attrNames = append(attrNames, &attrName)
}
req := &pb.ACAAttrReq{
Ts: &google_protobuf.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
Id: &pb.Identity{Id: id},
ECert: &pb.Cert{Cert: ecert},
Attributes: attrNames,
Signature: nil}
var rawReq []byte
rawReq, err = proto.Marshal(req)
if err != nil {
return nil, err
}
var r, s *big.Int
r, s, err = primitives.ECDSASignDirect(tcap.tca.priv, rawReq)
if err != nil {
return nil, err
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}
resp, err := acaP.RequestAttributes(context.Background(), req)
if err != nil {
return nil, err
}
if resp.Status >= pb.ACAAttrResp_FAILURE_MINVAL && resp.Status <= pb.ACAAttrResp_FAILURE_MAXVAL {
return nil, errors.New(fmt.Sprint("Error fetching attributes = ", resp.Status))
}
return tcap.selectValidAttributes(resp.Cert.Cert)
}
func (ecap *ECAP) fetchAttributes(cert *pb.Cert) error {
//TODO we are creating a new client connection per each ecert request. We should implement a connections pool.
sock, acaP, err := GetACAClient()
if err != nil {
return err
}
defer sock.Close()
req := &pb.ACAFetchAttrReq{
Ts: &google_protobuf.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
ECert: cert,
Signature: nil}
var rawReq []byte
rawReq, err = proto.Marshal(req)
if err != nil {
return err
}
var r, s *big.Int
r, s, err = primitives.ECDSASignDirect(ecap.eca.priv, rawReq)
if err != nil {
return err
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}
resp, err := acaP.FetchAttributes(context.Background(), req)
if err != nil {
return err
}
if resp.Status != pb.ACAFetchAttrResp_FAILURE {
return nil
}
return errors.New("Error fetching attributes.")
}
func fetchAttributes() (*pb.ACAFetchAttrResp, error) {
cert, err := loadECert(identity)
if err != nil {
return nil, err
}
sock, acaP, err := GetACAClient()
if err != nil {
return nil, err
}
defer sock.Close()
req := &pb.ACAFetchAttrReq{
Ts: ×tamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
ECert: &pb.Cert{Cert: cert.Raw},
Signature: nil}
var rawReq []byte
rawReq, err = proto.Marshal(req)
if err != nil {
return nil, err
}
var r, s *big.Int
r, s, err = primitives.ECDSASignDirect(eca.priv, rawReq)
if err != nil {
return nil, err
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}
resp, err := acaP.FetchAttributes(context.Background(), req)
return resp, err
}
func TestRequestAttributes_PartialAttributes(t *testing.T) {
cert, err := loadECert(identity)
if err != nil {
t.Fatalf("Error loading ECert: %v", err)
}
ecert := cert.Raw
sock, acaP, err := GetACAClient()
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
defer sock.Close()
var attributes []*pb.TCertAttribute
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "credit_card"})
req := &pb.ACAAttrReq{
Ts: ×tamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
Id: &pb.Identity{Id: identity},
ECert: &pb.Cert{Cert: ecert},
Attributes: attributes,
Signature: nil}
var rawReq []byte
rawReq, err = proto.Marshal(req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
var r, s *big.Int
r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}
resp, err := acaP.RequestAttributes(context.Background(), req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
if resp.Status == pb.ACAAttrResp_FAILURE {
t.Fatalf("Error executing test: %v", err)
}
aCert, err := primitives.DERToX509Certificate(resp.Cert.Cert)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
valueMap := make(map[string]string)
for _, eachExtension := range aCert.Extensions {
if IsAttributeOID(eachExtension.Id) {
var attribute pb.ACAAttribute
proto.Unmarshal(eachExtension.Value, &attribute)
valueMap[attribute.AttributeName] = string(attribute.AttributeValue)
}
}
if valueMap["company"] != "ACompany" {
t.Fatalf("The attribute should have coincided.")
}
if valueMap["credit_card"] != "" {
t.Fatalf("The Attribute should be blank.")
}
if resp.Status == pb.ACAAttrResp_NO_ATTRIBUTES_FOUND {
t.Fatalf("At least one attribute must be conincided")
}
if resp.Status != pb.ACAAttrResp_PARTIAL_SUCCESSFUL {
t.Fatalf("All attributes in the query should have coincided.")
}
}
func TestRequestAttributes(t *testing.T) {
cert, err := loadECert(identity)
if err != nil {
t.Fatalf("Error loading ECert: %v", err)
}
ecert := cert.Raw
sock, acaP, err := GetACAClient()
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
defer sock.Close()
var attributes = make([]*pb.TCertAttribute, 0)
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "position"})
attributes = append(attributes, &pb.TCertAttribute{AttributeName: "identity-number"})
req := &pb.ACAAttrReq{
Ts: ×tamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
Id: &pb.Identity{Id: identity},
ECert: &pb.Cert{Cert: ecert},
Attributes: attributes,
Signature: nil}
var rawReq []byte
rawReq, err = proto.Marshal(req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
var r, s *big.Int
r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}
resp, err := acaP.RequestAttributes(context.Background(), req)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
if resp.Status == pb.ACAAttrResp_FAILURE {
t.Fatalf("Error executing test: %v", err)
}
aCert, err := primitives.DERToX509Certificate(resp.Cert.Cert)
if err != nil {
t.Fatalf("Error executing test: %v", err)
}
valueMap := make(map[string]string)
for _, eachExtension := range aCert.Extensions {
if IsAttributeOID(eachExtension.Id) {
var attribute pb.ACAAttribute
proto.Unmarshal(eachExtension.Value, &attribute)
valueMap[attribute.AttributeName] = string(attribute.AttributeValue)
}
}
if valueMap["company"] != "ACompany" {
t.Fatal("Test failed 'company' attribute don't found.")
}
if valueMap["position"] != "Software Engineer" {
t.Fatal("Test failed 'position' attribute don't found.")
}
}
