func TestTokenServerInvalid(t *testing.T) { keyPair, err := libkb.GenerateNaclSigningKeyPair() if err != nil { t.Fatal(err) } name := libkb.NewNormalizedUsername("dana") uid := libkb.UsernameToUID(name.String()) expireIn := 10 server := "test" clientName := "test_client" clientVersion := "20192" token := NewToken(uid, name, keyPair.GetKID(), server, expireIn, clientName, clientVersion) sig, _, err := keyPair.SignToString(token.Bytes()) if err != nil { t.Fatal(err) } _, err = VerifyToken(sig, "nope", testMaxTokenExpireIn) _, invalid := err.(InvalidTokenServerError) if !invalid { t.Fatal(fmt.Errorf("expected invalid token server error")) } token, err = VerifyToken(sig, server, testMaxTokenExpireIn) if err != nil { t.Fatal(err) } if err = checkToken(token, uid, name, keyPair.GetKID(), server, expireIn, clientName, clientVersion); err != nil { t.Fatal(err) } }
func TestTokenVerifyToken(t *testing.T) { keyPair, err := libkb.GenerateNaclSigningKeyPair() if err != nil { t.Fatal(err) } name := libkb.NewNormalizedUsername("alice") uid := libkb.UsernameToUID(name.String()) expireIn := 10 server := "test" clientName := "test_client" clientVersion := "41651" token := NewToken(uid, name, keyPair.GetKID(), server, expireIn, clientName, clientVersion) sig, _, err := keyPair.SignToString(token.Bytes()) if err != nil { t.Fatal(err) } _, err = VerifyToken("nope", server, testMaxTokenExpireIn) if err == nil { t.Fatal(fmt.Errorf("expected verification failure")) } token, err = VerifyToken(sig, server, testMaxTokenExpireIn) if err != nil { t.Fatal(err) } if err = checkToken(token, uid, name, keyPair.GetKID(), server, expireIn, clientName, clientVersion); err != nil { t.Fatal(err) } }
func TestMaxExpires(t *testing.T) { keyPair, err := libkb.GenerateNaclSigningKeyPair() if err != nil { t.Fatal(err) } name := libkb.NewNormalizedUsername("charlie") uid := libkb.UsernameToUID(name.String()) expireIn := testMaxTokenExpireIn + 1 server := "test" clientName := "test_client" clientVersion := "93021" challenge, err := GenerateChallenge() if err != nil { t.Fatal(err) } token := NewToken(uid, name, keyPair.GetKID(), server, challenge, time.Now().Unix(), expireIn, clientName, clientVersion) sig, _, err := keyPair.SignToString(token.Bytes()) if err != nil { t.Fatal(err) } _, err = VerifyToken(sig, server, challenge, testMaxTokenExpireIn) _, maxExpires := err.(MaxTokenExpiresError) if !maxExpires { t.Fatal(fmt.Errorf("expected max token expires error")) } }
// HandleHello implements HandleHello in kex2.Provisionee. func (e *Kex2Provisionee) HandleHello(harg keybase1.HelloArg) (res keybase1.HelloRes, err error) { e.G().Log.Debug("+ HandleHello()") defer func() { e.G().Log.Debug("- HandleHello() -> %s", libkb.ErrToOk(err)) }() // save parts of the hello arg for later: e.uid = harg.Uid e.sessionToken = harg.Token e.csrfToken = harg.Csrf e.pps = harg.Pps jw, err := jsonw.Unmarshal([]byte(harg.SigBody)) if err != nil { return res, err } // need the username later: e.username, err = jw.AtPath("body.key.username").GetString() if err != nil { return res, err } e.eddsa, err = libkb.GenerateNaclSigningKeyPair() if err != nil { return res, err } if err = e.addDeviceSibkey(jw); err != nil { return res, err } if err = e.reverseSig(jw); err != nil { return res, err } out, err := jw.Marshal() if err != nil { return res, err } return keybase1.HelloRes(out), err }
func TestTokenExpired(t *testing.T) { keyPair, err := libkb.GenerateNaclSigningKeyPair() if err != nil { t.Fatal(err) } name := libkb.NewNormalizedUsername("bob") uid := libkb.UsernameToUID(name.String()) expireIn := 0 server := "test" clientName := "test_client" clientVersion := "21021" token := NewToken(uid, name, keyPair.GetKID(), server, expireIn, clientName, clientVersion) sig, _, err := keyPair.SignToString(token.Bytes()) if err != nil { t.Fatal(err) } _, err = VerifyToken(sig, server, testMaxTokenExpireIn) _, expired := err.(TokenExpiredError) if !expired { t.Fatal(fmt.Errorf("expected token expired error")) } }
func (e *DeviceKeygen) setup(ctx *Context) { if e.runErr != nil { return } signArg := e.newNaclArg(ctx, func() (libkb.NaclKeyPair, error) { kp, err := libkb.GenerateNaclSigningKeyPair() if err != nil { return nil, err } return kp, nil }, libkb.NaclEdDSAExpireIn) e.naclSignGen = libkb.NewNaclKeyGen(signArg) encArg := e.newNaclArg(ctx, func() (libkb.NaclKeyPair, error) { kp, err := libkb.GenerateNaclDHKeyPair() if err != nil { return nil, err } return kp, nil }, libkb.NaclDHExpireIn) e.naclEncGen = libkb.NewNaclKeyGen(encArg) }