a90d853a6e
主要变更: - Operation.OpType: Type → string - NewFullOperation 参数: opType Type → opType string - IsValidOpType 参数: opType Type → opType string - operationMeta.OpType: *Type → *string - queryclient.ListRequest.OpType: model.Type → string 优点: - 更灵活,支持动态扩展操作类型 - 不再受限于预定义的枚举常量 - 简化类型转换逻辑 兼容性: - Type 常量定义保持不变 (OpTypeCreate, OpTypeUpdate 等) - 使用时需要 string() 转换: string(model.OpTypeCreate) - 所有单元测试已更新并通过 (100%) 测试结果: ✅ api/adapter - PASS ✅ api/highclient - PASS ✅ api/logger - PASS ✅ api/model - PASS ✅ api/persistence - PASS ✅ api/queryclient - PASS ✅ internal/* - PASS
127 lines
3.9 KiB
Go
127 lines
3.9 KiB
Go
package model_test
|
||
|
||
import (
|
||
"testing"
|
||
"time"
|
||
|
||
"github.com/stretchr/testify/assert"
|
||
"github.com/stretchr/testify/require"
|
||
|
||
"go.yandata.net/iod/iod/go-trustlog/api/model"
|
||
)
|
||
|
||
// TestSignVerifyConsistency 测试加签和验签的一致性
|
||
// 验证加签时使用的数据和验签时使用的数据是否一致.
|
||
func TestSignVerifyConsistency(t *testing.T) {
|
||
t.Parallel()
|
||
|
||
// 生成SM2密钥对
|
||
keyPair, err := model.GenerateSM2KeyPair()
|
||
require.NoError(t, err)
|
||
|
||
// 序列化为DER格式
|
||
privateKeyDER, err := model.MarshalSM2PrivateDER(keyPair.Private)
|
||
require.NoError(t, err)
|
||
|
||
publicKeyDER, err := model.MarshalSM2PublicDER(keyPair.Public)
|
||
require.NoError(t, err)
|
||
|
||
// 创建签名配置
|
||
signConfig := model.NewSM2EnvelopeConfig(privateKeyDER, publicKeyDER)
|
||
verifyConfig := model.NewSM2VerifyConfig(publicKeyDER)
|
||
|
||
// 创建测试Operation
|
||
op := &model.Operation{
|
||
OpID: "op-test-001",
|
||
Timestamp: time.Now(),
|
||
OpSource: model.OpSourceIRP,
|
||
OpType: string(model.OpTypeOCCreateHandle),
|
||
DoPrefix: "test",
|
||
DoRepository: "repo",
|
||
Doid: "test/repo/123",
|
||
ProducerID: "producer-1",
|
||
OpActor: "actor-1",
|
||
}
|
||
|
||
err = op.CheckAndInit()
|
||
require.NoError(t, err)
|
||
|
||
// 1. 加签:序列化为Envelope
|
||
envelopeData, err := model.MarshalOperation(op, signConfig)
|
||
require.NoError(t, err)
|
||
require.NotNil(t, envelopeData)
|
||
|
||
// 2. 验签:验证Envelope
|
||
verifiedEnv, err := model.VerifyEnvelopeWithConfig(envelopeData, verifyConfig)
|
||
require.NoError(t, err)
|
||
require.NotNil(t, verifiedEnv)
|
||
|
||
// 3. 验证:加签时使用的body和验签时使用的body应该一致
|
||
// 手动反序列化envelope以获取body
|
||
originalEnv, err := model.UnmarshalEnvelope(envelopeData)
|
||
require.NoError(t, err)
|
||
|
||
// 验证body一致
|
||
assert.Equal(t, originalEnv.Body, verifiedEnv.Body, "加签和验签时使用的body应该完全一致")
|
||
assert.Equal(t, originalEnv.ProducerID, verifiedEnv.ProducerID)
|
||
assert.Equal(t, originalEnv.Signature, verifiedEnv.Signature)
|
||
|
||
// 4. 验证:如果修改body,验签应该失败
|
||
// 创建完全不同的body内容
|
||
modifiedBody := []byte("completely different body content")
|
||
require.NotEqual(t, originalEnv.Body, modifiedBody, "修改后的body应该不同")
|
||
|
||
modifiedEnv := &model.Envelope{
|
||
ProducerID: originalEnv.ProducerID,
|
||
Signature: originalEnv.Signature, // 使用旧的签名
|
||
Body: modifiedBody, // 使用修改后的body
|
||
}
|
||
modifiedData, err := model.MarshalEnvelope(modifiedEnv)
|
||
require.NoError(t, err)
|
||
|
||
// 验签应该失败,因为body被修改了但签名还是旧的
|
||
_, err = model.VerifyEnvelopeWithConfig(modifiedData, verifyConfig)
|
||
require.Error(t, err, "修改body后验签应该失败")
|
||
assert.Contains(t, err.Error(), "signature verification failed")
|
||
}
|
||
|
||
// TestSignVerifyDirectData 直接测试对相同数据的签名和验证.
|
||
func TestSignVerifyDirectData(t *testing.T) {
|
||
t.Parallel()
|
||
|
||
// 生成SM2密钥对
|
||
keyPair, err := model.GenerateSM2KeyPair()
|
||
require.NoError(t, err)
|
||
|
||
// 序列化为DER格式
|
||
privateKeyDER, err := model.MarshalSM2PrivateDER(keyPair.Private)
|
||
require.NoError(t, err)
|
||
|
||
publicKeyDER, err := model.MarshalSM2PublicDER(keyPair.Public)
|
||
require.NoError(t, err)
|
||
|
||
// 创建签名器
|
||
signer := model.NewSM2Signer(privateKeyDER, publicKeyDER)
|
||
|
||
// 测试数据
|
||
testData := []byte("test data for signing")
|
||
|
||
// 1. 签名
|
||
signature, err := signer.Sign(testData)
|
||
require.NoError(t, err)
|
||
require.NotNil(t, signature)
|
||
|
||
// 2. 验证(使用相同的数据)
|
||
valid, err := signer.Verify(testData, signature)
|
||
require.NoError(t, err)
|
||
assert.True(t, valid, "使用相同数据验证应该成功")
|
||
|
||
// 3. 验证(使用不同的数据)
|
||
modifiedData := []byte("modified test data")
|
||
valid, err = signer.Verify(modifiedData, signature)
|
||
// VerifySignature在验证失败时会返回错误,这是预期的
|
||
require.Error(t, err, "使用不同数据验证应该失败并返回错误")
|
||
assert.Contains(t, err.Error(), "signature verification failed")
|
||
assert.False(t, valid)
|
||
}
|