third_party/rust/origin-trial-token/tests.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

use super::*;

fn mock_verify(_signature: &[u8; 64], _data: &[u8]) -> bool {
    true
}

/// We'd like to just assert_eq!(original_payload, our_payload), but our JSON
/// serialization format is different (we don't have spaces after commas or
/// colons), so we need to do this instead.
fn assert_payloads_equivalent(our_payload: &[u8], original_payload: &[u8]) {
    // Per the above we expect our payload to always be smaller than the
    // original.
    assert!(our_payload.len() <= original_payload.len());

    let our_value: serde_json::Value = serde_json::from_slice(our_payload).unwrap();
    let original_value: serde_json::Value = serde_json::from_slice(original_payload).unwrap();
    if our_value == original_value {
        return;
    }

    assert_eq!(
        std::str::from_utf8(our_payload).unwrap(),
        std::str::from_utf8(original_payload).unwrap(),
        "Mismatched payloads"
    );
}

fn test_roundtrip(payload: &[u8], token: &Token, base64: &[u8]) {
    let binary = base64::decode(base64).unwrap();
    let raw_token = RawToken::from_buffer(&binary).unwrap();
    let from_binary_token = Token::from_raw_token(&raw_token, mock_verify).unwrap();
    assert_eq!(&from_binary_token, token);

    // LMAO, payload in the documentation and the examples have members out of
    // order so this doesn't hold.
    // assert_eq!(std::str::from_utf8(raw_token.payload()).unwrap(), std::str::from_utf8(payload).unwrap());

    let our_payload = from_binary_token.to_payload();
    assert_payloads_equivalent(&our_payload, payload);
    assert_payloads_equivalent(&our_payload, raw_token.payload());

    let signed = from_binary_token
        .to_signed_token_with_payload(|_data| raw_token.signature.clone(), raw_token.payload());
    assert_eq!(binary, signed);

    let new_base64 = base64::encode(signed);
    assert_eq!(new_base64, std::str::from_utf8(base64).unwrap());
}

#[test]
fn basic() {
    // The one from the example.
    let payload =
        r#"{"origin": "https://example.com:443", "feature": "Frobulate", "expiry": 1609459199}"#;
    let token = Token::from_payload(LATEST_VERSION, payload.as_bytes()).unwrap();
    assert_eq!(token.origin, "https://example.com:443");
    assert_eq!(token.feature, "Frobulate");
    assert_eq!(token.expiry, 1609459199);
    assert_eq!(token.is_subdomain, false);
    assert_eq!(token.is_third_party, false);
    assert!(token.usage.is_none());

    test_roundtrip(payload.as_bytes(), &token, b"A9YTk5WLM0uhXPj2OE/dEj8mEdWbcWOvCyWMNdRFiCZpBRuynxJMx1i/SO5pRT7UhoCSDTieoh9qOCMHsc2y5w4AAABTeyJvcmlnaW4iOiAiaHR0cHM6Ly9leGFtcGxlLmNvbTo0NDMiLCAiZmVhdHVyZSI6ICJGcm9idWxhdGUiLCAiZXhwaXJ5IjogMTYwOTQ1OTE5OX0=");
}

#[test]
fn subdomain() {
    // The one from the example.
    let payload = r#"{"origin": "https://example.com:443", "isSubdomain": true, "feature": "Frobulate", "expiry": 1609459199}"#;
    let token = Token::from_payload(LATEST_VERSION, payload.as_bytes()).unwrap();
    assert_eq!(token.origin, "https://example.com:443");
    assert_eq!(token.feature, "Frobulate");
    assert_eq!(token.expiry, 1609459199);
    assert_eq!(token.is_subdomain, true);
    assert_eq!(token.is_third_party, false);
    assert!(token.usage.is_none());

    test_roundtrip(payload.as_bytes(), &token, b"AzHieSb3NXHXhJ1zvxNcmUeR351wzlXwJK7pYM8MCFfNenvonZi30kS0GOKWUleIyats/2aTB1HoiCmLWIvG5AgAAABoeyJvcmlnaW4iOiAiaHR0cHM6Ly9leGFtcGxlLmNvbTo0NDMiLCAiaXNTdWJkb21haW4iOiB0cnVlLCAiZmVhdHVyZSI6ICJGcm9idWxhdGUiLCAiZXhwaXJ5IjogMTYwOTQ1OTE5OX0=");
}

#[test]
fn third_party() {
    let payload = r#"{"origin": "https://thirdparty.com:443", "feature": "Frobulate", "expiry": 1609459199, "isThirdParty": true}"#;
    let token = Token::from_payload(LATEST_VERSION, payload.as_bytes()).unwrap();
    assert_eq!(token.origin, "https://thirdparty.com:443");
    assert_eq!(token.feature, "Frobulate");
    assert_eq!(token.expiry, 1609459199);
    assert_eq!(token.is_subdomain, false);
    assert_eq!(token.is_third_party, true);
    assert!(token.usage.is_none());

    test_roundtrip(payload.as_bytes(), &token, b"Ax8UsCU9EUBRj8PZG147cOO7VqR86BF13TSu6w2wRqixzJ+fEUULvOQimXwWl1ETYCfAZMlvvAqoFYB8HxrsZA4AAABseyJvcmlnaW4iOiAiaHR0cHM6Ly90aGlyZHBhcnR5LmNvbTo0NDMiLCAiaXNUaGlyZFBhcnR5IjogdHJ1ZSwgImZlYXR1cmUiOiAiRnJvYnVsYXRlIiwgImV4cGlyeSI6IDE2MDk0NTkxOTl9");
}

#[test]
fn third_party_usage_restriction() {
    let payload = r#"{"origin": "https://thirdparty.com:443", "feature": "Frobulate", "expiry": 1609459199, "isThirdParty": true, "usage": "subset"}"#;
    let token = Token::from_payload(LATEST_VERSION, payload.as_bytes()).unwrap();
    assert_eq!(token.origin, "https://thirdparty.com:443");
    assert_eq!(token.feature, "Frobulate");
    assert_eq!(token.expiry, 1609459199);
    assert_eq!(token.is_subdomain, false);
    assert_eq!(token.is_third_party, true);
    assert_eq!(token.usage, Usage::Subset);

    test_roundtrip(payload.as_bytes(), &token, b"AzEs7XzQG5ktWF/puroSU5RzxPEdEUUhqwXtL2hItZoJU0bghKwbsTKVghkR95GHSfINTBnxwRBnFVfYGJLm8AUAAAB/eyJvcmlnaW4iOiAiaHR0cHM6Ly90aGlyZHBhcnR5LmNvbTo0NDMiLCAiaXNUaGlyZFBhcnR5IjogdHJ1ZSwgInVzYWdlIjogInN1YnNldCIsICJmZWF0dXJlIjogIkZyb2J1bGF0ZSIsICJleHBpcnkiOiAxNjA5NDU5MTk5fQ==");
}