|
|
|
@ -5,14 +5,12 @@ import (
|
|
|
|
|
"crypto"
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"errors"
|
|
|
|
|
"math"
|
|
|
|
|
"strings"
|
|
|
|
|
"testing"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/smallstep/assert"
|
|
|
|
|
"github.com/smallstep/cli/jose"
|
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
@ -331,6 +329,9 @@ func TestJWK_AuthorizeRenewal(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestJWK_AuthorizeSign_SSH(t *testing.T) {
|
|
|
|
|
tm, fn := mockNow()
|
|
|
|
|
defer fn()
|
|
|
|
|
|
|
|
|
|
p1, err := generateJWK()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
jwk, err := decryptJSONWebKey(p1.EncryptedKey)
|
|
|
|
@ -353,41 +354,59 @@ func TestJWK_AuthorizeSign_SSH(t *testing.T) {
|
|
|
|
|
signer, err := generateJSONWebKey()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
|
|
|
|
|
userDuration := p1.claimer.DefaultUserSSHCertDuration()
|
|
|
|
|
hostDuration := p1.claimer.DefaultHostSSHCertDuration()
|
|
|
|
|
expectedUserOptions := &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"},
|
|
|
|
|
ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(userDuration)),
|
|
|
|
|
}
|
|
|
|
|
expectedHostOptions := &SSHOptions{
|
|
|
|
|
CertType: "host", Principals: []string{"smallstep.com"},
|
|
|
|
|
ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(hostDuration)),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type args struct {
|
|
|
|
|
token string
|
|
|
|
|
}
|
|
|
|
|
type expected struct {
|
|
|
|
|
certType uint32
|
|
|
|
|
principals []string
|
|
|
|
|
sshOpts SSHOptions
|
|
|
|
|
}
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
prov *JWK
|
|
|
|
|
args args
|
|
|
|
|
expected expected
|
|
|
|
|
err error
|
|
|
|
|
expected *SSHOptions
|
|
|
|
|
wantErr bool
|
|
|
|
|
wantSignErr bool
|
|
|
|
|
}{
|
|
|
|
|
{"ok-user", p1, args{t1}, expected{ssh.UserCert, []string{"name"}}, nil},
|
|
|
|
|
{"ok-host", p1, args{t2}, expected{ssh.HostCert, []string{"smallstep.com"}}, nil},
|
|
|
|
|
{"fail-signature", p1, args{failSig}, expected{}, errors.New("error parsing claims: square/go-jose: error in cryptographic primitive")},
|
|
|
|
|
{"user", p1, args{t1, SSHOptions{}}, expectedUserOptions, false, false},
|
|
|
|
|
{"user-type", p1, args{t1, SSHOptions{CertType: "user"}}, expectedUserOptions, false, false},
|
|
|
|
|
{"user-principals", p1, args{t1, SSHOptions{Principals: []string{"name"}}}, expectedUserOptions, false, false},
|
|
|
|
|
{"user-options", p1, args{t1, SSHOptions{CertType: "user", Principals: []string{"name"}}}, expectedUserOptions, false, false},
|
|
|
|
|
{"host", p1, args{t2, SSHOptions{}}, expectedHostOptions, false, false},
|
|
|
|
|
{"host-type", p1, args{t2, SSHOptions{CertType: "host"}}, expectedHostOptions, false, false},
|
|
|
|
|
{"host-principals", p1, args{t2, SSHOptions{Principals: []string{"smallstep.com"}}}, expectedHostOptions, false, false},
|
|
|
|
|
{"host-options", p1, args{t2, SSHOptions{CertType: "host", Principals: []string{"smallstep.com"}}}, expectedHostOptions, false, false},
|
|
|
|
|
{"fail-signature", p1, args{failSig, SSHOptions{}}, nil, true, false},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
ctx := NewContextWithMethod(context.Background(), SignSSHMethod)
|
|
|
|
|
if got, err := tt.prov.AuthorizeSign(ctx, tt.args.token); err != nil {
|
|
|
|
|
if assert.NotNil(t, tt.err) {
|
|
|
|
|
assert.HasPrefix(t, err.Error(), tt.err.Error())
|
|
|
|
|
got, err := tt.prov.AuthorizeSign(ctx, tt.args.token)
|
|
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
|
t.Errorf("OIDC.Authorize() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
assert.Nil(t, got)
|
|
|
|
|
} else if assert.NotNil(t, got) {
|
|
|
|
|
cert, err := signSSHCertificate(key.Public().Key, SSHOptions{}, got, signer.Key.(crypto.Signer))
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
assert.NotNil(t, cert.Signature)
|
|
|
|
|
assert.Equals(t, tt.expected.certType, cert.CertType)
|
|
|
|
|
assert.Equals(t, tt.expected.principals, cert.ValidPrincipals)
|
|
|
|
|
if cert.CertType == ssh.UserCert {
|
|
|
|
|
assert.Len(t, 5, cert.Extensions)
|
|
|
|
|
cert, err := signSSHCertificate(key.Public().Key, tt.args.sshOpts, got, signer.Key.(crypto.Signer))
|
|
|
|
|
if (err != nil) != tt.wantSignErr {
|
|
|
|
|
t.Errorf("SignSSH error = %v, wantSignErr %v", err, tt.wantSignErr)
|
|
|
|
|
} else {
|
|
|
|
|
if tt.wantSignErr {
|
|
|
|
|
assert.Nil(t, cert)
|
|
|
|
|
} else {
|
|
|
|
|
assert.Nil(t, cert.Extensions)
|
|
|
|
|
assert.NoError(t, validateSSHCertificate(cert, tt.expected))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
@ -395,17 +414,15 @@ func TestJWK_AuthorizeSign_SSH(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestJWK_AuthorizeSign_SSHOptions(t *testing.T) {
|
|
|
|
|
tm, fn := mockNow()
|
|
|
|
|
defer fn()
|
|
|
|
|
|
|
|
|
|
p1, err := generateJWK()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
jwk, err := decryptJSONWebKey(p1.EncryptedKey)
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
|
|
|
|
|
userDuration := p1.claimer.DefaultUserSSHCertDuration()
|
|
|
|
|
hostDuration := p1.claimer.DefaultHostSSHCertDuration()
|
|
|
|
|
|
|
|
|
|
now := time.Now()
|
|
|
|
|
sub, iss, aud := "subject@smallstep.com", p1.Name, testAudiences.Sign[0]
|
|
|
|
|
iat := now
|
|
|
|
|
sub, iss, aud, iat := "subject@smallstep.com", p1.Name, testAudiences.Sign[0], time.Now()
|
|
|
|
|
|
|
|
|
|
key, err := generateJSONWebKey()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
@ -413,6 +430,16 @@ func TestJWK_AuthorizeSign_SSHOptions(t *testing.T) {
|
|
|
|
|
signer, err := generateJSONWebKey()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
|
|
|
|
|
userDuration := p1.claimer.DefaultUserSSHCertDuration()
|
|
|
|
|
hostDuration := p1.claimer.DefaultHostSSHCertDuration()
|
|
|
|
|
expectedUserOptions := &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"},
|
|
|
|
|
ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(userDuration)),
|
|
|
|
|
}
|
|
|
|
|
expectedHostOptions := &SSHOptions{
|
|
|
|
|
CertType: "host", Principals: []string{"smallstep.com"},
|
|
|
|
|
ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(hostDuration)),
|
|
|
|
|
}
|
|
|
|
|
type args struct {
|
|
|
|
|
sub, iss, aud string
|
|
|
|
|
iat time.Time
|
|
|
|
@ -420,55 +447,57 @@ func TestJWK_AuthorizeSign_SSHOptions(t *testing.T) {
|
|
|
|
|
userSSHOpts *SSHOptions
|
|
|
|
|
jwk *jose.JSONWebKey
|
|
|
|
|
}
|
|
|
|
|
type expected struct {
|
|
|
|
|
certType uint32
|
|
|
|
|
principals []string
|
|
|
|
|
validAfter time.Time
|
|
|
|
|
validBefore time.Time
|
|
|
|
|
}
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
prov *JWK
|
|
|
|
|
args args
|
|
|
|
|
expected expected
|
|
|
|
|
expected *SSHOptions
|
|
|
|
|
wantErr bool
|
|
|
|
|
wantSignErr bool
|
|
|
|
|
}{
|
|
|
|
|
{"ok-user", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, expected{ssh.UserCert, []string{"name"}, now, now.Add(userDuration)}, false, false},
|
|
|
|
|
{"ok-host", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "host", Principals: []string{"smallstep.com"}}, &SSHOptions{}, jwk}, expected{ssh.HostCert, []string{"smallstep.com"}, now, now.Add(hostDuration)}, false, false},
|
|
|
|
|
{"ok-user-opts", p1, args{sub, iss, aud, iat, &SSHOptions{}, &SSHOptions{CertType: "user", Principals: []string{"name"}}, jwk}, expected{ssh.UserCert, []string{"name"}, now, now.Add(userDuration)}, false, false},
|
|
|
|
|
{"ok-host-opts", p1, args{sub, iss, aud, iat, &SSHOptions{}, &SSHOptions{CertType: "host", Principals: []string{"smallstep.com"}}, jwk}, expected{ssh.HostCert, []string{"smallstep.com"}, now, now.Add(hostDuration)}, false, false},
|
|
|
|
|
{"ok-user-mixed", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user"}, &SSHOptions{Principals: []string{"name"}}, jwk}, expected{ssh.UserCert, []string{"name"}, now, now.Add(userDuration)}, false, false},
|
|
|
|
|
{"ok-host-mixed", p1, args{sub, iss, aud, iat, &SSHOptions{Principals: []string{"smallstep.com"}}, &SSHOptions{CertType: "host"}, jwk}, expected{ssh.HostCert, []string{"smallstep.com"}, now, now.Add(hostDuration)}, false, false},
|
|
|
|
|
{"ok-user", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, expectedUserOptions, false, false},
|
|
|
|
|
{"ok-host", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "host", Principals: []string{"smallstep.com"}}, &SSHOptions{}, jwk}, expectedHostOptions, false, false},
|
|
|
|
|
{"ok-user-opts", p1, args{sub, iss, aud, iat, &SSHOptions{}, &SSHOptions{CertType: "user", Principals: []string{"name"}}, jwk}, expectedUserOptions, false, false},
|
|
|
|
|
{"ok-host-opts", p1, args{sub, iss, aud, iat, &SSHOptions{}, &SSHOptions{CertType: "host", Principals: []string{"smallstep.com"}}, jwk}, expectedHostOptions, false, false},
|
|
|
|
|
{"ok-user-mixed", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user"}, &SSHOptions{Principals: []string{"name"}}, jwk}, expectedUserOptions, false, false},
|
|
|
|
|
{"ok-host-mixed", p1, args{sub, iss, aud, iat, &SSHOptions{Principals: []string{"smallstep.com"}}, &SSHOptions{CertType: "host"}, jwk}, expectedHostOptions, false, false},
|
|
|
|
|
{"ok-user-validAfter", p1, args{sub, iss, aud, iat, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"},
|
|
|
|
|
}, &SSHOptions{
|
|
|
|
|
ValidAfter: NewTimeDuration(now.Add(-time.Hour)),
|
|
|
|
|
}, jwk}, expected{ssh.UserCert, []string{"name"}, now.Add(-time.Hour), now.Add(userDuration - time.Hour)}, false, false},
|
|
|
|
|
ValidAfter: NewTimeDuration(tm.Add(-time.Hour)),
|
|
|
|
|
}, jwk}, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(tm.Add(-time.Hour)), ValidBefore: NewTimeDuration(tm.Add(userDuration - time.Hour)),
|
|
|
|
|
}, false, false},
|
|
|
|
|
{"ok-user-validBefore", p1, args{sub, iss, aud, iat, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"},
|
|
|
|
|
}, &SSHOptions{
|
|
|
|
|
ValidBefore: NewTimeDuration(now.Add(time.Hour)),
|
|
|
|
|
}, jwk}, expected{ssh.UserCert, []string{"name"}, now, now.Add(time.Hour)}, false, false},
|
|
|
|
|
ValidBefore: NewTimeDuration(tm.Add(time.Hour)),
|
|
|
|
|
}, jwk}, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(time.Hour)),
|
|
|
|
|
}, false, false},
|
|
|
|
|
{"ok-user-validAfter-validBefore", p1, args{sub, iss, aud, iat, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"},
|
|
|
|
|
}, &SSHOptions{
|
|
|
|
|
ValidAfter: NewTimeDuration(now.Add(10 * time.Minute)), ValidBefore: NewTimeDuration(now.Add(time.Hour)),
|
|
|
|
|
}, jwk}, expected{ssh.UserCert, []string{"name"}, now.Add(10 * time.Minute), now.Add(time.Hour)}, false, false},
|
|
|
|
|
ValidAfter: NewTimeDuration(tm.Add(10 * time.Minute)), ValidBefore: NewTimeDuration(tm.Add(time.Hour)),
|
|
|
|
|
}, jwk}, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(tm.Add(10 * time.Minute)), ValidBefore: NewTimeDuration(tm.Add(time.Hour)),
|
|
|
|
|
}, false, false},
|
|
|
|
|
{"ok-user-match", p1, args{sub, iss, aud, iat, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(now), ValidBefore: NewTimeDuration(now.Add(1 * time.Hour)),
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(1 * time.Hour)),
|
|
|
|
|
}, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(now), ValidBefore: NewTimeDuration(now.Add(1 * time.Hour)),
|
|
|
|
|
}, jwk}, expected{ssh.UserCert, []string{"name"}, now, now.Add(1 * time.Hour)}, false, false},
|
|
|
|
|
{"fail-certType", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{CertType: "host"}, jwk}, expected{}, false, true},
|
|
|
|
|
{"fail-principals", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{Principals: []string{"root"}}, jwk}, expected{}, false, true},
|
|
|
|
|
{"fail-validAfter", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(now)}, &SSHOptions{ValidAfter: NewTimeDuration(now.Add(time.Hour))}, jwk}, expected{}, false, true},
|
|
|
|
|
{"fail-validBefore", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}, ValidBefore: NewTimeDuration(now.Add(time.Hour))}, &SSHOptions{ValidBefore: NewTimeDuration(now.Add(10 * time.Hour))}, jwk}, expected{}, false, true},
|
|
|
|
|
{"fail-subject", p1, args{"", iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, expected{}, true, false},
|
|
|
|
|
{"fail-issuer", p1, args{sub, "invalid", aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, expected{}, true, false},
|
|
|
|
|
{"fail-audience", p1, args{sub, iss, "invalid", iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, expected{}, true, false},
|
|
|
|
|
{"fail-expired", p1, args{sub, iss, aud, iat.Add(-6 * time.Minute), &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, expected{}, true, false},
|
|
|
|
|
{"fail-notBefore", p1, args{sub, iss, aud, iat.Add(5 * time.Minute), &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, expected{}, true, false},
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(1 * time.Hour)),
|
|
|
|
|
}, jwk}, &SSHOptions{
|
|
|
|
|
CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(time.Hour)),
|
|
|
|
|
}, false, false},
|
|
|
|
|
{"fail-certType", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{CertType: "host"}, jwk}, nil, false, true},
|
|
|
|
|
{"fail-principals", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{Principals: []string{"root"}}, jwk}, nil, false, true},
|
|
|
|
|
{"fail-validAfter", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}, ValidAfter: NewTimeDuration(tm)}, &SSHOptions{ValidAfter: NewTimeDuration(tm.Add(time.Hour))}, jwk}, nil, false, true},
|
|
|
|
|
{"fail-validBefore", p1, args{sub, iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}, ValidBefore: NewTimeDuration(tm.Add(time.Hour))}, &SSHOptions{ValidBefore: NewTimeDuration(tm.Add(10 * time.Hour))}, jwk}, nil, false, true},
|
|
|
|
|
{"fail-subject", p1, args{"", iss, aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, nil, true, false},
|
|
|
|
|
{"fail-issuer", p1, args{sub, "invalid", aud, iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, nil, true, false},
|
|
|
|
|
{"fail-audience", p1, args{sub, iss, "invalid", iat, &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, nil, true, false},
|
|
|
|
|
{"fail-expired", p1, args{sub, iss, aud, iat.Add(-6 * time.Minute), &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, nil, true, false},
|
|
|
|
|
{"fail-notBefore", p1, args{sub, iss, aud, iat.Add(5 * time.Minute), &SSHOptions{CertType: "user", Principals: []string{"name"}}, &SSHOptions{}, jwk}, nil, true, false},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
@ -482,26 +511,17 @@ func TestJWK_AuthorizeSign_SSHOptions(t *testing.T) {
|
|
|
|
|
if tt.args.userSSHOpts != nil {
|
|
|
|
|
opts = *tt.args.userSSHOpts
|
|
|
|
|
}
|
|
|
|
|
if cert, err := signSSHCertificate(key.Public().Key, opts, got, signer.Key.(crypto.Signer)); (err != nil) != tt.wantSignErr {
|
|
|
|
|
cert, err := signSSHCertificate(key.Public().Key, opts, got, signer.Key.(crypto.Signer))
|
|
|
|
|
if (err != nil) != tt.wantSignErr {
|
|
|
|
|
t.Errorf("SignSSH error = %v, wantSignErr %v", err, tt.wantSignErr)
|
|
|
|
|
} else if !tt.wantSignErr && assert.NotNil(t, cert) {
|
|
|
|
|
assert.NotNil(t, cert.Signature)
|
|
|
|
|
assert.NotNil(t, cert.SignatureKey)
|
|
|
|
|
assert.Equals(t, tt.expected.certType, cert.CertType)
|
|
|
|
|
assert.Equals(t, tt.expected.principals, cert.ValidPrincipals)
|
|
|
|
|
assert.True(t, equalsUint64Delta(uint64(tt.expected.validAfter.Unix()), cert.ValidAfter, 60))
|
|
|
|
|
assert.True(t, equalsUint64Delta(uint64(tt.expected.validBefore.Unix()), cert.ValidBefore, 60))
|
|
|
|
|
if cert.CertType == ssh.UserCert {
|
|
|
|
|
assert.Len(t, 5, cert.Extensions)
|
|
|
|
|
} else {
|
|
|
|
|
assert.Nil(t, cert.Extensions)
|
|
|
|
|
if tt.wantSignErr {
|
|
|
|
|
assert.Nil(t, cert)
|
|
|
|
|
} else {
|
|
|
|
|
assert.NoError(t, validateSSHCertificate(cert, tt.expected))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func equalsUint64Delta(a, b uint64, delta uint64) bool {
|
|
|
|
|
return math.Abs(float64(a)-float64(b)) <= float64(delta)
|
|
|
|
|
}
|
|
|
|
|