2022-09-05 03:06:08 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
2022-08-01 03:37:05 -04:00
|
|
|
package sigstore
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2023-08-01 10:48:13 -04:00
|
|
|
"github.com/stretchr/testify/require"
|
2022-08-01 03:37:05 -04:00
|
|
|
)
|
|
|
|
|
2023-08-01 10:48:13 -04:00
|
|
|
func TestNewCosignVerifier(t *testing.T) {
|
|
|
|
testCases := map[string]struct {
|
|
|
|
publicKey []byte
|
|
|
|
wantErr bool
|
|
|
|
}{
|
|
|
|
"success": {
|
|
|
|
publicKey: []byte(`-----BEGIN PUBLIC KEY-----
|
|
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElWUhon39eAqzEC+/GP03oY4/MQg+
|
|
|
|
gCDlEzkuOCybCHf+q766bve799L7Y5y5oRsHY1MrUCUwYF/tL7Sg7EYMsA==
|
|
|
|
-----END PUBLIC KEY-----`),
|
|
|
|
},
|
|
|
|
"broken public key": {
|
|
|
|
publicKey: []byte(`-----BEGIN PUBLIC KEY-----
|
|
|
|
MFkwEwYHKoZIthisIsNotAValidPublicAtAllUhon39eAqzEC+/GP03oY4/MQg+
|
|
|
|
gCDlEzkuOCybCHf+q766bve799L7Y5y5oRsHY1MrUCUwYF/tL7Sg7EYMsA==
|
|
|
|
-----END PUBLIC KEY-----`),
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
|
|
|
verifier, err := NewCosignVerifier(tc.publicKey)
|
|
|
|
if tc.wantErr {
|
|
|
|
assert.Error(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
assert.NoError(err)
|
|
|
|
assert.NotEqual(verifier, CosignVerifier{})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-01 03:37:05 -04:00
|
|
|
func TestVerifySignature(t *testing.T) {
|
|
|
|
testCases := map[string]struct {
|
|
|
|
content []byte
|
|
|
|
signature []byte
|
|
|
|
publicKey []byte
|
|
|
|
wantErr bool
|
|
|
|
}{
|
2023-08-01 10:48:13 -04:00
|
|
|
"success": {
|
2022-08-01 03:37:05 -04:00
|
|
|
content: []byte("This is some content to be signed!\n"),
|
|
|
|
signature: []byte("MEUCIQDzMN3yaiO9sxLGAaSA9YD8rLwzvOaZKWa/bzkcjImUFAIgXLLGzClYUd1dGbuEiY3O/g/eiwQYlyxqLQalxjFmz+8="),
|
|
|
|
publicKey: []byte(`-----BEGIN PUBLIC KEY-----
|
|
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElWUhon39eAqzEC+/GP03oY4/MQg+
|
|
|
|
gCDlEzkuOCybCHf+q766bve799L7Y5y5oRsHY1MrUCUwYF/tL7Sg7EYMsA==
|
|
|
|
-----END PUBLIC KEY-----`),
|
|
|
|
},
|
|
|
|
"mismatching content": {
|
|
|
|
content: []byte("This is some completely different content!\n"),
|
|
|
|
signature: []byte("MEUCIQDzMN3yaiO9sxLGAaSA9YD8rLwzvOaZKWa/bzkcjImUFAIgXLLGzClYUd1dGbuEiY3O/g/eiwQYlyxqLQalxjFmz+8="),
|
|
|
|
publicKey: []byte(`-----BEGIN PUBLIC KEY-----
|
|
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElWUhon39eAqzEC+/GP03oY4/MQg+
|
|
|
|
gCDlEzkuOCybCHf+q766bve799L7Y5y5oRsHY1MrUCUwYF/tL7Sg7EYMsA==
|
|
|
|
-----END PUBLIC KEY-----`),
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
2023-08-01 10:48:13 -04:00
|
|
|
cosign, err := NewCosignVerifier(tc.publicKey)
|
|
|
|
require.NoError(t, err)
|
|
|
|
err = cosign.VerifySignature(tc.content, tc.signature)
|
2022-08-01 03:37:05 -04:00
|
|
|
if tc.wantErr {
|
|
|
|
assert.Error(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
assert.NoError(err)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|