Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
e40d1e56d8
constellation/internal/sigstore/sign_test.go

63 lines
2.1 KiB
Go
Raw Normal View History

config: sign Azure versions on upload & verify on fetch (#1836) * add SignContent() + integrate into configAPI * use static client for upload versions tool; fix staticupload calleeReference bug * use version to get proper cosign pub key. * mock fetcher in CLI tests * only provide config.New constructor with fetcher Co-authored-by: Otto Bittner <cobittner@posteo.net> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-01 07:55:46 -04:00
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package sigstore
import (
"testing"
"github.com/stretchr/testify/assert"
api: add functions to transparently handle signatures upon API interaction (#2142)
2023-08-01 10:48:13 -04:00
"github.com/stretchr/testify/require"
config: sign Azure versions on upload & verify on fetch (#1836) * add SignContent() + integrate into configAPI * use static client for upload versions tool; fix staticupload calleeReference bug * use version to get proper cosign pub key. * mock fetcher in CLI tests * only provide config.New constructor with fetcher Co-authored-by: Otto Bittner <cobittner@posteo.net> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-01 07:55:46 -04:00
)
func TestSignSignature(t *testing.T) {
assert := assert.New(t)
// Generated with: cosign generate-key-pair
privateKey := []byte("-----BEGIN ENCRYPTED COSIGN PRIVATE KEY-----\neyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6\nOCwicCI6MX0sInNhbHQiOiJlRHVYMWRQMGtIWVRnK0xkbjcxM0tjbFVJaU92eFVX\nVXgvNi9BbitFVk5BPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94\nIiwibm9uY2UiOiJwaWhLL2txNmFXa2hqSVVHR3RVUzhTVkdHTDNIWWp4TCJ9LCJj\naXBoZXJ0ZXh0Ijoidm81SHVWRVFWcUZ2WFlQTTVPaTVaWHM5a255bndZU2dvcyth\nVklIeHcrOGFPamNZNEtvVjVmL3lHRHR0K3BHV2toanJPR1FLOWdBbmtsazFpQ0c5\na2czUXpPQTZsU2JRaHgvZlowRVRZQ0hLeElncEdPRVRyTDlDenZDemhPZXVSOXJ6\nTDcvRjBBVy9vUDVqZXR3dmJMNmQxOEhjck9kWE8yVmYxY2w0YzNLZjVRcnFSZzlN\ndlRxQWFsNXJCNHNpY1JaMVhpUUJjb0YwNHc9PSJ9\n-----END ENCRYPTED COSIGN PRIVATE KEY-----")
password := []byte("")
content := []byte(`["2021-01-01-01-01.json"]\n`)
publicKey := []byte("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu78QgxOOcao6U91CSzEXxrKhvFTt\nJHNy+eX6EMePtDm8CnDF9HSwnTlD0itGJ/XHPQA5YX10fJAqI1y+ehlFMw==\n-----END PUBLIC KEY-----")
testCases := map[string]struct {
content []byte
password []byte
privateKey []byte
wantErr bool
}{
"sign content with matching password and private key": {
content: content,
password: password,
privateKey: privateKey,
},
"fail with wrong password": {
content: content,
password: []byte("wrong"),
privateKey: privateKey,
wantErr: true,
},
"fail with wrong private key": {
content: content,
password: password,
privateKey: []byte("wrong"),
wantErr: true,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
signature, err := SignContent(tc.password, tc.privateKey, tc.content)
if tc.wantErr {
assert.Error(err)
} else {
assert.NoError(err)
api: add functions to transparently handle signatures upon API interaction (#2142)
2023-08-01 10:48:13 -04:00
verifier, err := NewCosignVerifier(publicKey)
require.NoError(t, err)
assert.NoError(verifier.VerifySignature(tc.content, signature))
config: sign Azure versions on upload & verify on fetch (#1836) * add SignContent() + integrate into configAPI * use static client for upload versions tool; fix staticupload calleeReference bug * use version to get proper cosign pub key. * mock fetcher in CLI tests * only provide config.New constructor with fetcher Co-authored-by: Otto Bittner <cobittner@posteo.net> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-01 07:55:46 -04:00
}
})
}
}
Reference in New Issue Copy Permalink