m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial project snapshot

Browse Source
This commit is contained in:
Mikhail
2026-04-28 22:29:50 +03:00
commit 8ba0561f4f
365 changed files with 91832 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/platform/authority/authority_test.go
+85
View File
@@ -0,0 +1,85 @@
package authority
import (
"crypto/ed25519"
"encoding/base64"
"encoding/json"
"strings"
"testing"
"time"
"github.com/example/remote-access-platform/backend/internal/platform/config"
)
func TestVerifierAcceptsSignedActivation(t *testing.T) {
publicKey, privateKey, err := ed25519.GenerateKey(nil)
if err != nil {
t.Fatalf("generate key: %v", err)
}
verifier, err := NewVerifier(config.InstallationConfig{
AuthorityMode: ModeStrict,
ProductRootPublicKeyBase64: base64.StdEncoding.EncodeToString(publicKey),
})
if err != nil {
t.Fatalf("NewVerifier: %v", err)
}
verifier.now = func() time.Time { return time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC) }
payload := json.RawMessage(`{
"platform_role":"platform_admin",
"owner_email":"Owner@Example.test",
"install_id":"install-1",
"schema_version":"rap.installation.activation.v1",
"issued_at":"2026-04-28T11:00:00Z",
"expires_at":"2026-04-29T11:00:00Z"
}`)
canonical, err := CanonicalJSON(payload)
if err != nil {
t.Fatalf("CanonicalJSON: %v", err)
}
signature := base64.StdEncoding.EncodeToString(ed25519.Sign(privateKey, canonical))
activation, err := verifier.VerifyActivation(payload, signature)
if err != nil {
t.Fatalf("VerifyActivation: %v", err)
}
if activation.OwnerEmail != "owner@example.test" || activation.PlatformRole != PlatformRoleAdmin {
t.Fatalf("unexpected activation: %+v", activation)
}
if verifier.RootFingerprint() == "" {
t.Fatal("expected root fingerprint")
}
}
func TestVerifierRejectsTamperedActivation(t *testing.T) {
publicKey, privateKey, err := ed25519.GenerateKey(nil)
if err != nil {
t.Fatalf("generate key: %v", err)
}
verifier, err := NewVerifier(config.InstallationConfig{
AuthorityMode: ModeStrict,
ProductRootPublicKeyBase64: base64.StdEncoding.EncodeToString(publicKey),
})
if err != nil {
t.Fatalf("NewVerifier: %v", err)
}
verifier.now = func() time.Time { return time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC) }
payload := json.RawMessage(`{
"schema_version":"rap.installation.activation.v1",
"install_id":"install-1",
"owner_email":"owner@example.test",
"platform_role":"platform_admin",
"issued_at":"2026-04-28T11:00:00Z"
}`)
canonical, err := CanonicalJSON(payload)
if err != nil {
t.Fatalf("CanonicalJSON: %v", err)
}
signature := base64.StdEncoding.EncodeToString(ed25519.Sign(privateKey, canonical))
tampered := json.RawMessage(strings.Replace(string(payload), "platform_admin", "platform_recovery_admin", 1))
if _, err := verifier.VerifyActivation(tampered, signature); err == nil {
t.Fatal("expected tampered activation to fail")
}
}