mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-29 09:26:17 -05:00
60 lines
2.1 KiB
Go
60 lines
2.1 KiB
Go
|
/*
|
||
|
Copyright (c) Edgeless Systems GmbH
|
||
|
|
||
|
SPDX-License-Identifier: AGPL-3.0-only
|
||
|
*/
|
||
|
package sigstore
|
||
|
|
||
|
import (
|
||
|
"testing"
|
||
|
|
||
|
"github.com/stretchr/testify/assert"
|
||
|
)
|
||
|
|
||
|
func TestSignSignature(t *testing.T) {
|
||
|
assert := assert.New(t)
|
||
|
// Generated with: cosign generate-key-pair
|
||
|
privateKey := []byte("-----BEGIN ENCRYPTED COSIGN PRIVATE KEY-----\neyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6\nOCwicCI6MX0sInNhbHQiOiJlRHVYMWRQMGtIWVRnK0xkbjcxM0tjbFVJaU92eFVX\nVXgvNi9BbitFVk5BPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94\nIiwibm9uY2UiOiJwaWhLL2txNmFXa2hqSVVHR3RVUzhTVkdHTDNIWWp4TCJ9LCJj\naXBoZXJ0ZXh0Ijoidm81SHVWRVFWcUZ2WFlQTTVPaTVaWHM5a255bndZU2dvcyth\nVklIeHcrOGFPamNZNEtvVjVmL3lHRHR0K3BHV2toanJPR1FLOWdBbmtsazFpQ0c5\na2czUXpPQTZsU2JRaHgvZlowRVRZQ0hLeElncEdPRVRyTDlDenZDemhPZXVSOXJ6\nTDcvRjBBVy9vUDVqZXR3dmJMNmQxOEhjck9kWE8yVmYxY2w0YzNLZjVRcnFSZzlN\ndlRxQWFsNXJCNHNpY1JaMVhpUUJjb0YwNHc9PSJ9\n-----END ENCRYPTED COSIGN PRIVATE KEY-----")
|
||
|
password := []byte("")
|
||
|
content := []byte(`["2021-01-01-01-01.json"]\n`)
|
||
|
publicKey := []byte("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu78QgxOOcao6U91CSzEXxrKhvFTt\nJHNy+eX6EMePtDm8CnDF9HSwnTlD0itGJ/XHPQA5YX10fJAqI1y+ehlFMw==\n-----END PUBLIC KEY-----")
|
||
|
|
||
|
testCases := map[string]struct {
|
||
|
content []byte
|
||
|
password []byte
|
||
|
privateKey []byte
|
||
|
wantErr bool
|
||
|
}{
|
||
|
"sign content with matching password and private key": {
|
||
|
content: content,
|
||
|
password: password,
|
||
|
privateKey: privateKey,
|
||
|
},
|
||
|
"fail with wrong password": {
|
||
|
content: content,
|
||
|
password: []byte("wrong"),
|
||
|
privateKey: privateKey,
|
||
|
wantErr: true,
|
||
|
},
|
||
|
"fail with wrong private key": {
|
||
|
content: content,
|
||
|
password: password,
|
||
|
privateKey: []byte("wrong"),
|
||
|
wantErr: true,
|
||
|
},
|
||
|
}
|
||
|
for name, tc := range testCases {
|
||
|
t.Run(name, func(t *testing.T) {
|
||
|
signature, err := SignContent(tc.password, tc.privateKey, tc.content)
|
||
|
if tc.wantErr {
|
||
|
assert.Error(err)
|
||
|
} else {
|
||
|
assert.NoError(err)
|
||
|
verifier := CosignVerifier{}
|
||
|
assert.NoError(verifier.VerifySignature(tc.content, signature, publicKey))
|
||
|
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
}
|