public void Can_grant_and_revoke_roles_between_users()
{
var capture = new PlaintextKeyCapture("rosebud", "rosebud");
var service = new TempKeyFileService();
var rootPubKey = CryptoTestHarness.GenerateKeyFile(_output, capture, service);
capture.Reset();
var userPubKey = CryptoTestHarness.GenerateKeyFile(_output, capture, new TempKeyFileService());
capture.Reset();
var grant = new GrantRole("admin", rootPubKey, userPubKey);
grant.Sign(service, capture);
Assert.True(grant.Authority.SequenceEqual(rootPubKey));
Assert.True(grant.Subject.SequenceEqual(userPubKey));
Assert.True(grant.Verify(), "grant was not verified");
capture.Reset();
var revoke = new RevokeRole(Constants.DefaultOwnerRole, rootPubKey, userPubKey);
revoke.Sign(service, capture);
Assert.True(revoke.Authority.SequenceEqual(rootPubKey));
Assert.True(revoke.Subject.SequenceEqual(userPubKey));
Assert.True(revoke.Verify(), "revoke was not verified");
}
public async Task Cannot_revoke_only_owner_grant()
{
var capture = new PlaintextKeyCapture("rosebud", "rosebud");
var service = new TempKeyFileService();
var publicKey = CryptoTestHarness.GenerateKeyFile(_output, capture, service);
capture.Reset();
var revoke = new RevokeRole(Constants.DefaultOwnerRole, publicKey, publicKey);
revoke.Sign(service, capture);
Assert.True(revoke.Verify(), "revocation did not verify");
using var fixture = new LogStoreFixture();
var @default = LogEntryFactory.CreateNamespaceEntry(Constants.DefaultNamespace, default);
await fixture.Store.AddEntryAsync(@default);
var ontology = new MemoryOntologyLog(new OntologyEvents(), publicKey);
Assert.Single(ontology.Roles[Constants.DefaultNamespace]);
await fixture.Store.AddEntryAsync(LogEntryFactory.CreateEntry(revoke));
await Assert.ThrowsAsync <CannotRemoveSingleOwnerException>(() => ontology.MaterializeAsync(fixture.Store));
}