func TestDatalogSubprin(t *testing.T) {
	g, _, tmpdir, err := makeDatalogGuard()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)

	for _, s := range datalogSubprinProg {
		if err := g.AddRule(s); err != nil {
			t.Fatal("Couldn't add rule '", s, "':", err)
		}
	}

	pprin := auth.Prin{
		Type:    "key",
		KeyHash: auth.Bytes([]byte{0x70}),
		Ext: []auth.PrinExt{
			auth.PrinExt{
				Name: "Hash",
				Arg:  []auth.Term{auth.Bytes([]byte{0x71})},
			},
		},
	}
	if !g.IsAuthorized(pprin, "Execute", nil) {
		t.Fatal("Subprin authorization check failed")
	}
}

func makeACLGuard() (*ACLGuard, *Keys, string, error) {
	tmpDir, err := ioutil.TempDir("", "acl_guard_test")
	if err != nil {
		return nil, nil, "",
			fmt.Errorf("Couldn't get a temp directory for the ACL guard test")
	}
	keys, err := NewTemporaryKeys(Signing)
	if err != nil {
		return nil, nil, "", err
	}

	config := ACLGuardDetails{
		SignedAclsPath: proto.String(path.Join(tmpDir, "acls")),
	}
	tg := NewACLGuard(keys.VerifyingKey, config)

	// Add a bogus rule.
	p := auth.Prin{
		Type: "key",
		Key:  auth.Bytes([]byte(`Fake key`)),
	}
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		return nil, nil, "", err
	}

	return tg.(*ACLGuard), keys, tmpDir, err
}

func TestACLGuardDoubleAuthorize(t *testing.T) {
	s, err := GenerateSigner()
	if err != nil {
		t.Fatal("Couldn't generate a signer")
	}

	tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
	defer os.RemoveAll(tmpdir)

	p := auth.Prin{
		Type: "key",
		Key:  auth.Bytes([]byte(`Fake key`)),
	}
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	// So nice, we authorize it twice.
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	if !tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule that was added to the ACL was not present")
	}

	if err := tg.Retract(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't retract an existing double-added rule:", err)
	}

	if tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule was still authorized after it was retracted")
	}
}

func TestRevokeCertificate(t *testing.T) {
	k, err := tao.NewTemporaryKeys(tao.Signing)
	if k == nil || err != nil {
		t.Fatal("Can't generate signing key")
	}
	serialNumber := big.NewInt(5)
	says := auth.Says{
		Speaker: k.SigningKey.ToPrincipal(),
		Message: auth.Pred{
			Name: "revoke",
			Arg:  []auth.Term{auth.Bytes(serialNumber.Bytes())}}}

	att, err := tao.GenerateAttestation(k.SigningKey, nil, says)
	if err != nil {
		t.Fatal("Error generating attestation.")
	}
	serAtt, err := proto.Marshal(att)
	if err != nil {
		t.Fatal("Error serializing attestation.")
	}
	revokedCerts := []pkix.RevokedCertificate{}
	revokedCerts, err = RevokeCertificate(serAtt, revokedCerts, &tao.Domain{Keys: k})
	if err != nil {
		t.Fatal(err)
	}
	if num := revokedCerts[0].SerialNumber.Int64(); num != 5 {
		t.Fatal(fmt.Sprintf("Serial number %v doesnt match expected value 5", num))
	}
}

func MakeTPMPrin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error) {
	aik, err := x509.MarshalPKIXPublicKey(verifier)
	if err != nil {
		return auth.Prin{}, err
	}

	name := auth.Prin{
		Type: "tpm",
		Key:  auth.Bytes(aik),
	}

	asp := auth.PrinExt{
		Name: "PCRs",
		Arg:  make([]auth.Term, 2),
	}
	var pcrNumStrs []string
	for _, v := range pcrNums {
		pcrNumStrs = append(pcrNumStrs, strconv.Itoa(v))
	}
	asp.Arg[0] = auth.Str(strings.Join(pcrNumStrs, ","))

	var pcrValStrs []string
	for _, p := range pcrVals {
		pcrValStrs = append(pcrValStrs, hex.EncodeToString(p))
	}
	asp.Arg[1] = auth.Str(strings.Join(pcrValStrs, ","))

	// The PCRs are the first extension of the name.
	name.Ext = []auth.PrinExt{asp}

	return name, nil
}

func TestVerifyDirectiveWithBadProtectedObjectId_invalidProtoBuf(t *testing.T) {
	badBytes := []byte("bad bytes")
	params := Params{
		SerializedObjectId: auth.Bytes(badBytes),
	}
	expectError(&params, t)
}

// FormatProcessSubprin produces a string that represents a subprincipal with
// the given ID and hash.
func FormatProcessSubprin(id uint, hash []byte) auth.SubPrin {
	var args []auth.Term
	if id != 0 {
		args = append(args, auth.Int(id))
	}
	args = append(args, auth.Bytes(hash))
	return auth.SubPrin{auth.PrinExt{Name: "Program", Arg: args}}
}

// FormatDockerSubprin produces a string that represents a subprincipal with the
// given ID and hash.
func FormatDockerSubprin(id uint, hash []byte) auth.SubPrin {
	var args []auth.Term
	if id != 0 {
		args = append(args, auth.Int(id))
	}
	args = append(args, auth.Bytes(hash))
	return auth.SubPrin{auth.PrinExt{Name: "Container", Arg: args}}
}

// FormatCoreOSLinuxhostSubprin produces a string that represents a subprincipal with the
// given ID and hash.
func FormatCoreOSLinuxhostSubprin(id uint, hash []byte) auth.SubPrin {
	var args []auth.Term
	if id != 0 {
		args = append(args, auth.Int(id))
	}
	args = append(args, auth.Bytes(hash))
	return auth.SubPrin{auth.PrinExt{Name: "CoreOS", Arg: args}}
}

// Subprincipal returns subprincipal DatalogGuard, for temporary guards, or
// DatalogGuard(<key>) for persistent guards.
func (g *DatalogGuard) Subprincipal() auth.SubPrin {
	e := auth.PrinExt{Name: "DatalogGuard"}
	if g.Key == nil {
		ser, err := proto.Marshal(&g.db)
		if err == nil {
			hash := sha256.Sum256(ser)
			e.Arg = append(e.Arg, auth.Bytes(hash[:]))
		}
	} else {
		e.Arg = append(e.Arg, g.Key.ToPrincipal())
	}
	return auth.SubPrin{e}
}

// Subprincipal returns a unique subprincipal for this policy.
func (a *ACLGuard) Subprincipal() auth.SubPrin {
	e := auth.PrinExt{Name: "ACLGuard"}
	if a.Key == nil {
		ser, err := proto.Marshal(&ACLSet{Entries: a.ACL})
		if err == nil {
			hash := sha256.Sum256(ser)
			e.Arg = append(e.Arg, auth.Bytes(hash[:]))
		}
	} else {
		e.Arg = append(e.Arg, a.Key.ToPrincipal())
	}
	return auth.SubPrin{e}
}

// Subprincipal returns subprincipal DatalogGuard, for temporary guards, or
// DatalogGuard(<key>) for persistent guards.
func (g *DatalogGuard) Subprincipal() auth.SubPrin {
	if g.Key == nil {
		rules, err := proto.Marshal(&g.db)
		if err != nil {
			return nil
		}
		hash := sha256.Sum256(rules)
		e := auth.PrinExt{Name: "DatalogGuard", Arg: []auth.Term{auth.Bytes(hash[:])}}
		return auth.SubPrin{e}
	}
	e := auth.PrinExt{Name: "DatalogGuard", Arg: []auth.Term{g.Key.ToPrincipal()}}
	return auth.SubPrin{e}
}

// Subprincipal returns a unique subprincipal for this policy.
func (a *ACLGuard) Subprincipal() auth.SubPrin {
	if a.Key == nil {
		acls := &ACLSet{Entries: a.ACL}
		ser, err := proto.Marshal(acls)
		if err != nil {
			return nil
		}
		hash := sha256.Sum256(ser)
		e := auth.PrinExt{Name: "ACLGuard", Arg: []auth.Term{auth.Bytes(hash[:])}}
		return auth.SubPrin{e}
	}
	e := auth.PrinExt{Name: "ACLGuard", Arg: []auth.Term{a.Key.ToPrincipal()}}
	return auth.SubPrin{e}
}

func TestDatalogSimpleTranslation(t *testing.T) {
	g, keys, tmpdir, err := makeDatalogGuard()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)

	for _, s := range datalogProg {
		if err := g.AddRule(s); err != nil {
			t.Fatal("Couldn't add rule '", s, "':", err)
		}
	}

	kprin := auth.Prin{
		Type:    "key",
		KeyHash: auth.Bytes([]byte{0x70}),
	}
	if !g.IsAuthorized(kprin, "Execute", nil) {
		t.Fatal("Simple authorization check failed")
	}

	if err := g.Save(keys.SigningKey); err != nil {
		t.Fatal("Couldn't save the guard:", err)
	}

	ok, err := g.Query("MemberProgram(key([70]))")
	if err != nil {
		t.Fatal("Couldn't query the guard:", err)
	}
	if !ok {
		t.Fatal("A simple sanity-check query failed")
	}

	ok, err = g.Query("Authorized(key([70]), \"Execute\")")
	if err != nil {
		t.Fatal("Couldn't query the guard:", err)
	}
	if !ok {
		t.Fatal("A simple authorized query didn't succeed")
	}
}

func TestACLGuardAuthorize(t *testing.T) {
	s, err := GenerateSigner()
	if err != nil {
		t.Fatal("Couldn't generate a signer")
	}

	tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
	defer os.RemoveAll(tmpdir)

	p := auth.Prin{
		Type: "key",
		Key:  auth.Bytes([]byte(`Fake key`)),
	}
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	if !tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule that was added to the ACL was not present")
	}

	if tg.IsAuthorized(p, "Write", []string{"file"}) {
		t.Fatal("A rule was authorized even though it has the wrong file name")
	}

	if tg.IsAuthorized(p, "Read", []string{"filename"}) {
		t.Fatal("A rule was authorized even though it has the wrong op")
	}

	if tg.IsAuthorized(auth.Prin{}, "Write", []string{"filename"}) {
		t.Fatal("A rule was authorized even though it has the wrong principal")
	}

	if err := tg.Retract(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't retract an existing rule:", err)
	}

	if tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule was still authorized after it was retracted")
	}
}

func TestTPMTaoAttest(t *testing.T) {
	aikblob, err := ioutil.ReadFile("./aikblob")
	if err != nil {
		t.Skip("Skipping tests, since there's no ./aikblob file")
	}

	tpmtao, err := NewTPMTao("/dev/tpm0", aikblob, []int{17, 18})
	if err != nil {
		t.Skip("Couldn't create a new TPM Tao:", err)
	}
	tt, ok := tpmtao.(*TPMTao)
	if !ok {
		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
	}
	defer cleanUpTPMTao(tt)

	// Set up a fake key delegation.
	taoname, err := tpmtao.GetTaoName()
	if err != nil {
		t.Fatal("Couldn't get the name of the tao:", err)
	}
	stmt := auth.Speaksfor{
		Delegate:  auth.Prin{Type: "key", Key: auth.Bytes([]byte(`FakeKeyBytes`))},
		Delegator: taoname,
	}

	// Let the TPMTao set up the issuer and time and expiration.
	a, err := tpmtao.Attest(nil, nil, nil, stmt)
	if err != nil {
		t.Fatal("Couldn't attest to a key delegation:", err)
	}

	says, err := a.Validate()
	if err != nil {
		t.Fatal("The attestation didn't pass validation:", err)
	}

	t.Logf("Got valid statement %s\n", says)
}

// EstablishCert contacts a CA to get a certificate signed by the policy key. It
// replaces the current delegation and cert on k with the new delegation and
// cert from the response.
func EstablishCert(network, addr string, k *tao.Keys, v *tao.Verifier) error {
	na, err := tao.RequestAttestation(network, addr, k, v)
	if err != nil {
		return err
	}

	k.Delegation = na
	pa, err := auth.UnmarshalForm(na.SerializedStatement)
	if err != nil {
		return err
	}

	// Parse the received statement.
	var saysStatement *auth.Says
	if ptr, ok := pa.(*auth.Says); ok {
		saysStatement = ptr
	} else if val, ok := pa.(auth.Says); ok {
		saysStatement = &val
	}
	sf, ok := saysStatement.Message.(auth.Speaksfor)
	if ok != true {
		return errors.New("says doesn't have speaksfor message")
	}

	kprin, ok := sf.Delegate.(auth.Term)
	if ok != true {
		return errors.New("speaksfor message doesn't have Delegate")
	}
	newCert := auth.Bytes(kprin.(auth.Bytes))
	cert, err := x509.ParseCertificate(newCert)
	if err != nil {
		return err
	}
	k.Cert["default"] = cert

	return nil
}

func TestACLGuardSaveACLs(t *testing.T) {
	s, err := GenerateSigner()
	if err != nil {
		t.Fatal("Couldn't generate a signer")
	}

	tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
	defer os.RemoveAll(tmpdir)

	p := auth.Prin{
		Type: "key",
		Key:  auth.Bytes([]byte(`Fake key`)),
	}
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	if err := tg.Save(s); err != nil {
		t.Fatal("Couldn't save the file")
	}

	config := ACLGuardDetails{SignedAclsPath: proto.String(path.Join(tmpdir, "acls"))}
	v := s.GetVerifier()
	aclg, err := LoadACLGuard(v, config)
	if err != nil {
		t.Fatal("Couldn't load the ACLs:", err)
	}

	if aclg.RuleCount() != tg.RuleCount() {
		t.Fatal("Wrong number of rules in loaded ACLGuard")
	}

	if aclg.String() != tg.String() {
		t.Fatal("Wrong string representation of loaded ACLGuard")
	}
}

func generatePolicyKeyAndSignedDirective(params Params) (*tao.Keys, *DirectiveMessage, error) {
	var programName auth.Term
	if params.Delegate != nil {
		programName = params.Delegate
	} else {
		programName = Delegate
	}
	var serializedObjectId auth.Term
	if params.SerializedObjectId != nil {
		serializedObjectId = params.SerializedObjectId
	} else {
		bytes, err := proto.Marshal(&ProtectedObjectId)
		if err != nil {
			return nil, nil, err
		}
		serializedObjectId = auth.Bytes(bytes)
	}
	terms := []auth.Term{programName, serializedObjectId}
	if params.CanReadTerms != nil {
		terms = params.CanReadTerms
	}
	var canRead auth.Form
	if params.CanRead != nil {
		canRead = params.CanRead
	} else {
		canRead = auth.Pred{
			Name: ReadPredicate,
			Arg:  terms,
		}
	}
	policyKey, err := tao.NewTemporaryKeys(tao.Signing)
	if err != nil {
		return nil, nil, err
	}
	info := x509Info
	name := policyKey.SigningKey.ToPrincipal().String()
	info.CommonName = &name
	subject := tao.NewX509Name(&info)
	policyKey.Cert, err = policyKey.SigningKey.CreateSelfSignedX509(subject)
	if err != nil {
		return nil, nil, err
	}
	var says auth.Form
	if params.Says != nil {
		says = params.Says
	} else {
		says = auth.Says{
			Speaker:    policyKey.SigningKey.ToPrincipal(),
			Time:       nil,
			Expiration: nil,
			Message:    canRead,
		}
	}
	serializedSays := auth.Marshal(says)
	var directiveType *DirectiveMessageDirectiveType
	if params.DirectiveType != nil {
		directiveType = params.DirectiveType
	} else {
		directiveType = DirectiveMessage_SECRET_DISCLOSURE.Enum()
	}
	var signature []byte
	if params.Signature != nil {
		signature = params.Signature
	} else {
		signature, err = policyKey.SigningKey.Sign(serializedSays, SigningContext)
		if err != nil {
			return nil, nil, err
		}
	}
	var signer []byte
	if params.Signer != nil {
		signer = params.Signer
	} else {
		signer = auth.Marshal(policyKey.SigningKey.ToPrincipal())
	}
	directive := &DirectiveMessage{
		Type:                directiveType,
		SerializedStatement: serializedSays,
		Signature:           signature,
		Signer:              signer,
	}
	return policyKey, directive, nil
}

// Test that a client can correctly verify that the server is allowed to
// execute according to the policy. The policy is set up and the policy
// key is used to attest to the identity of the server. The attestation
// includes an endorsement of the service itself. The client verifies the
// endorsement and adds the predicate to the policy before checking it.
func TestCachingDatalogValidatePeerAttestation(t *testing.T) {
	network := "tcp"
	addr := "localhost:0"
	ttl := int64(1)
	tmpDir := "/tmp/domain_test"

	// Set up the TaoCA.
	ch := make(chan bool)
	cal, err := net.Listen(network, addr)
	if err != nil {
		t.Fatal(err)
	}
	defer cal.Close()
	addr = cal.Addr().String()

	// Set up the policy domain and a public, cached version.
	policy, pub, err := makeTestDomains(tmpDir, network, addr, ttl)
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpDir)
	defer os.RemoveAll(tmpDir + ".pub")

	// Set up policy. A key being authorized to execute is of course nonsense;
	// this is only meant to test that ValidatePeerAttestation() properly adds
	// the endoresement to the policy.
	rule := "(forall K: TrustedKey(K) implies Authorized(K, \"Execute\"))"
	if err := policy.Guard.AddRule(rule); err != nil {
		t.Errorf("could not add rule : %s", err)
		return
	}

	// Generate a set of keys for the Tao-delegated server.
	k, err := NewTemporaryTaoDelegatedKeys(Signing|Crypting|Deriving, nil)
	if err != nil {
		t.Error("failed to generate keys:", err)
		return
	}
	k.dir = tmpDir

	// Generate an attesation of the statements: "k.VerifyingKey speaks for
	// key(K)" and "TrustedKey(key(K))" signed by the policy key and set to
	// k.Delegation.
	prin := auth.Prin{
		Type: "key",
		Key:  auth.Bytes("This is a terrible key."),
	}

	pred := auth.Pred{
		Name: "TrustedKey",
		Arg:  []auth.Term{prin},
	}

	sf := auth.Speaksfor{
		Delegate:  k.SigningKey.ToPrincipal(),
		Delegator: prin,
	}

	stmt := auth.Says{
		Speaker:    policy.Keys.SigningKey.ToPrincipal(),
		Time:       nil,
		Expiration: nil,
		Message:    sf,
	}

	if k.Delegation, err = GenerateAttestation(policy.Keys.SigningKey, nil, stmt); err != nil {
		t.Error("failed to attest to speaksfor:", err)
		return
	}

	e := auth.Says{
		Speaker: policy.Keys.SigningKey.ToPrincipal(),
		Message: pred,
	}

	ea, err := GenerateAttestation(policy.Keys.SigningKey, nil, e)
	if err != nil {
		t.Error("failed to attest to endorsement:", err)
		return
	}

	eab, err := proto.Marshal(ea)
	if err != nil {
		t.Error("failed to marshal attested endorsement:", err)
		return
	}
	k.Delegation.SerializedEndorsements = [][]byte{eab}

	// Generate an x509 certificate for the Tao-delegated server.
	k.Cert, err = k.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Identity of some Tao service"}})
	if err != nil {
		t.Error("failed to generate x509 certificate:", err)
		return
	}
//.........这里部分代码省略.........