func init() {
logger.Init(ioutil.Discard, ioutil.Discard, ioutil.Discard, ioutil.Discard)
privateKeyFilePath := flag.String("rsa-private", "./dist/key.private", "RSA private key file path")
secureKeyFilePath := flag.String("secure-key", "./dist/secureKey", "password to encrypt the secure storage")
usersDataPath := flag.String("data-file", "./dist/data.txt", "Login information file")
flag.Parse()
servicePath = cr.ServicePathPrefix + cr.Version + amPrefix
resourcePath = listener + servicePath + usersPath
usersList := en.New()
signKey, verifyKey := app.SetupAToken(*privateKeyFilePath)
loginKey := ss.GetSecureKey(*secureKeyFilePath)
en.LoadInfo(*usersDataPath, loginKey, usersList)
stRestful = libsecurityRestful.NewLibsecurityRestful()
stRestful.SetData(usersList, loginKey, verifyKey, signKey, nil)
rootCookieStr, _ := app.GenerateToken(defs.RootUserName, am.SuperUserPermission, false, clientIP, signKey)
cr.TestSetCookie(rootCookieStr)
for _, name := range usersName {
stRestful.UsersList.AddUser(name)
}
go runServer()
time.Sleep(100 * time.Millisecond)
}
func Test_StoreLoad(t *testing.T) {
filePath := "./try.txt"
secret := []byte("ABCDEFGH12345678")
el := en.New()
for i := 0; i < 3; i++ {
el.AddUser(fmt.Sprintf("User %d", i+1))
resourceName := fmt.Sprintf("Disk %d", i+1)
el.AddResource(resourceName)
a := NewACL()
el.AddPropertyToEntity(resourceName, defs.AclPropertyName, a)
}
if generateAcl(el) == false {
t.Error("Test fail, can't generate ACL")
t.FailNow()
}
el.StoreInfo(filePath, secret, false)
entityManager1 := en.New()
err := en.LoadInfo(filePath, secret, entityManager1)
if err != nil {
fmt.Println(err)
}
as := defs.Serializers[defs.AclPropertyName]
for n := range el.Resources {
tmpE, _ := el.GetPropertyAttachedToEntity(n, defs.AclPropertyName)
a := tmpE.(*Acl)
tmpE1, _ := entityManager1.GetPropertyAttachedToEntity(n, defs.AclPropertyName)
a1 := tmpE1.(*Acl)
if a.IsEqual(*a1) == false || as.IsEqualProperties(a, a1) == false {
t.Errorf("Test fail, Stored ACL property != loaded one")
fmt.Println("The stored ACL for resource:", n, a)
fmt.Println("The loaded ACL for resource:", n, a1)
}
eq := reflect.DeepEqual(a.GetAllPermissions(), a1.GetAllPermissions())
logger.Trace.Println("Data:", as.PrintProperties(a))
if eq == false {
t.Errorf("Test fail, Stored ACL permissions %v != loaded one %v", a.GetAllPermissions(), a1.GetAllPermissions())
}
}
}
// Generate a new secure storage minimal file that includes the root user with
// basic Account Management: the root user privilege and password
func createBasicFile(stFilePath string, name string, pass string, key []byte) {
saltStr, _ := salt.GetRandomSalt(saltLen)
_, err := salt.GenerateSaltedPassword([]byte(pass), password.MinPasswordLength, password.MaxPasswordLength, saltStr, -1)
if err != nil {
log.Fatalf("Error: can't generate salted password for '%v' user, error: %v", name, err)
}
ul := en.New()
ul.AddUser(name)
amUser, _ := am.NewUserAm(am.SuperUserPermission, []byte(pass), saltStr, true)
ul.AddPropertyToEntity(name, defs.AmPropertyName, amUser)
ul.StoreInfo(stFilePath, key, false)
}
func init() {
jwtUniqID = generateJwt(jwtLen)
usersList = en.New()
usersList.AddGroup(defs.SuperUserGroupName)
usersList.AddGroup(defs.AdminGroupName)
usersList.AddGroup(defs.UsersGroupName)
usersList.AddUserToGroup(defs.AdminGroupName, defs.SuperUserGroupName)
usersList.AddUserToGroup(defs.UsersGroupName, defs.SuperUserGroupName)
usersList.AddUserToGroup(defs.UsersGroupName, defs.AdminGroupName)
usersList.AddUserToGroup(defs.SuperUserGroupName, defs.RootUserName)
}
// Verify that get property from undefined user returns an error
// Verify that get property from user before setting the OTP property, returns an error
// Verify that get property from user after setting the property returns the same property as was setted to the user
// Verify that get property from user after removing the OTP property returns an error
// Verify that get property from user after readding the OTP property returns OK
// Verify that get property from user that was removed after OTP property was set, returns an error
// Verify that Add a property to user, remove the user, generate a new user with the same name and try to get the property returns an error
func testAddCheckRemoveUserProperty(t *testing.T, propertyName string, moduleData interface{}) {
name := "name1"
usersList := en.New()
_, err := usersList.GetPropertyAttachedToEntity(name, propertyName)
if err == nil {
t.Errorf("Test fail, Recived module '%v' of undefined user '%v'", propertyName, name)
}
usersList.AddResource(name)
_, err = usersList.GetPropertyAttachedToEntity(name, propertyName)
if err == nil {
t.Errorf("Test fail, Recived module '%v' of not registered yet module for user '%v'", propertyName, name)
}
usersList.AddPropertyToEntity(name, propertyName, moduleData)
tmp, err := usersList.GetPropertyAttachedToEntity(name, propertyName)
if err != nil {
t.Errorf("Test fail, Error while feteching module '%v' from user '%v', error: %v", propertyName, name, err)
}
if moduleData != tmp {
t.Errorf("Test fail, Added '%v' property '%v' is not equal to the fetched one '%v'", propertyName, moduleData, tmp)
}
usersList.RemovePropertyFromEntity(name, propertyName)
_, err = usersList.GetPropertyAttachedToEntity(name, propertyName)
if err == nil {
t.Errorf("Test fail, Removed module '%v' from user '%v' was successfully fetched", propertyName, name)
}
usersList.AddPropertyToEntity(name, propertyName, moduleData)
_, err = usersList.GetPropertyAttachedToEntity(name, propertyName)
if err != nil {
t.Errorf("Test fail, Error while feteching module '%v' from user '%v', error: %v", propertyName, name, err)
}
usersList.RemoveResource(name)
_, err = usersList.GetPropertyAttachedToEntity(name, propertyName)
if err == nil {
t.Errorf("Test fail, Module '%v' of removed user '%v' was successfully fetched", propertyName, name)
}
err = usersList.AddPropertyToEntity(name, propertyName, moduleData)
if err == nil {
t.Errorf("Test fail, Atteched module '%v' to removed user '%v'", propertyName, name)
}
usersList.AddResource(name)
_, err = usersList.GetPropertyAttachedToEntity(name, propertyName)
if err == nil {
t.Errorf("Test fail, Module '%v' was fetched before atttached to the user '%v'", propertyName, name)
}
}
func init() {
logger.Init(ioutil.Discard, ioutil.Discard, ioutil.Discard, ioutil.Discard)
usersList := en.New()
stRestful = libsecurityRestful.NewLibsecurityRestful()
stRestful.SetData(usersList, nil, nil, nil, nil)
stRestful.SetToFilterFlag(false)
servicePath = cr.ServicePathPrefix + cr.Version + aclPrefix
resourcePath = listener + servicePath
go runServer()
time.Sleep(100 * time.Millisecond)
}
func initEntityManager() *en.EntityManager {
entityManager := en.New()
for _, name := range usersName {
entityManager.AddUser(name)
}
entityManager.AddGroup(groupName)
for _, name := range groupUsersName {
entityManager.AddUser(name)
entityManager.AddUserToGroup(groupName, name)
}
entityManager.AddResource(resourceName)
a := acl.NewACL()
entityManager.AddPropertyToEntity(resourceName, defs.AclPropertyName, a)
return entityManager
}
func init() {
logger.Init(ioutil.Discard, ioutil.Discard, ioutil.Discard, ioutil.Discard)
servicePath = cr.ServicePathPrefix + cr.Version + sPrefix
resourcePath = listener + servicePath + storagePath
itemPath = listener + servicePath + storageItemPath
baseHeaderInfo[secretIDParam] = secretCode
usersList := en.New()
stRestful = libsecurityRestful.NewLibsecurityRestful()
secureStorage, _ := ss.NewStorage([]byte(secretCode), true)
stRestful.SetData(usersList, nil, nil, nil, secureStorage)
stRestful.SetToFilterFlag(false)
go runServer()
time.Sleep(100 * time.Millisecond)
}
func init() {
logger.Init(ioutil.Discard, ioutil.Discard, ioutil.Discard, ioutil.Discard)
servicePath = cr.ServicePathPrefix + cr.Version + ocraPrefix
resourcePath = listener + servicePath + usersPath
usersList := en.New()
stRestful = libsecurityRestful.NewLibsecurityRestful()
stRestful.SetData(usersList, nil, nil, nil, nil)
stRestful.SetToFilterFlag(false)
for _, name := range usersName {
stRestful.UsersList.AddUser(name)
}
go runServer()
time.Sleep(100 * time.Millisecond)
}
func initEntityManager() *en.EntityManager {
el := en.New()
el.AddResource(resourceName)
return el
}
func init() {
entityManager = en.New()
}
func registerComponents(configFile string, secureKeyFilePath string, privateKeyFilePath string, usersDataPath string) {
conf, err := readConfigFile(configFile)
if err != nil {
fmt.Fprintf(os.Stderr, "Fatal error while reading configuration file '%v', error: %v\n", configFile, err)
os.Exit(1)
}
wsContainer := restful.NewContainer()
usersList := en.New()
// amUsers := am.NewAmUsersList()
signKey, verifyKey = app.SetupAToken(privateKeyFilePath)
loginKey = ss.GetSecureKey(secureKeyFilePath)
st := libsecurityRestful.NewLibsecurityRestful()
st.SetData(usersList, loginKey, verifyKey, signKey, nil)
l := accountsRestful.NewAmRestful()
l.SetData(st)
if conf[amToken] == fullToken {
l.RegisterFull(wsContainer)
} else { // login is mandatory
l.RegisterBasic(wsContainer)
}
um := enRestful.NewEnRestful()
um.SetData(st)
if conf[umToken] != noneToken {
um.RegisterBasic(wsContainer)
}
a := aclRestful.NewAclRestful()
a.SetData(st)
if conf[aclToken] == basicToken || conf[appAclToken] == basicToken {
a.RegisterBasic(wsContainer)
}
p := otpRestful.NewOtpRestful()
p.SetData(st)
if conf[otpToken] == basicToken {
p.RegisterBasic(wsContainer)
}
o := ocraRestful.NewOcraRestful()
o.SetData(st)
if conf[ocraToken] == basicToken {
o.RegisterBasic(wsContainer)
}
pwd := passwordRestful.NewPwdRestful()
pwd.SetData(st)
if conf[passwordToken] == basicToken {
pwd.RegisterBasic(wsContainer)
}
ss := storageRestful.NewSsRestful()
ss.SetData(st)
if conf[secureStorageToken] == basicToken {
ss.RegisterBasic(wsContainer)
}
st.RegisterBasic(wsContainer)
err = en.LoadInfo(usersDataPath, loginKey, usersList)
if err != nil {
fmt.Println("Load info error:", err)
}
runRestAPI(wsContainer)
}