File: signature_test.go

package info (click to toggle)
golang-github-containers-image 5.28.0-4
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 5,104 kB
  • sloc: sh: 194; makefile: 73
file content (96 lines) | stat: -rw-r--r-- 3,072 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
//go:build debian_no_fulcio
// +build debian_no_fulcio
package signature

import (
	"bytes"
	"fmt"
	"os"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestBlobSimpleSigning(t *testing.T) {
	simpleSigData, err := os.ReadFile("testdata/simple.signature")
	require.NoError(t, err)
	simpleSig := SimpleSigningFromBlob(simpleSigData)

	simpleBlob, err := Blob(simpleSig)
	require.NoError(t, err)
	assert.Equal(t, simpleSigData, simpleBlob)

	fromBlob, err := FromBlob(simpleBlob)
	require.NoError(t, err)
	fromBlobSimple, ok := fromBlob.(SimpleSigning)
	require.True(t, ok)
	assert.Equal(t, simpleSigData, fromBlobSimple.UntrustedSignature())

	// Using the newer format is accepted as well.
	fromBlob, err = FromBlob(append([]byte("\x00simple-signing\n"), simpleSigData...))
	require.NoError(t, err)
	fromBlobSimple, ok = fromBlob.(SimpleSigning)
	require.True(t, ok)
	assert.Equal(t, simpleSigData, fromBlobSimple.UntrustedSignature())

}

func TestBlobSigstore(t *testing.T) {
	sigstoreSig := SigstoreFromComponents("mime-type", []byte("payload"),
		map[string]string{"a": "b", "c": "d"})

	sigstoreBlob, err := Blob(sigstoreSig)
	require.NoError(t, err)
	assert.True(t, bytes.HasPrefix(sigstoreBlob, []byte("\x00sigstore-json\n{")))

	fromBlob, err := FromBlob(sigstoreBlob)
	require.NoError(t, err)
	fromBlobSigstore, ok := fromBlob.(Sigstore)
	require.True(t, ok)
	assert.Equal(t, sigstoreSig.UntrustedMIMEType(), fromBlobSigstore.UntrustedMIMEType())
	assert.Equal(t, sigstoreSig.UntrustedPayload(), fromBlobSigstore.UntrustedPayload())
	assert.Equal(t, sigstoreSig.UntrustedAnnotations(), fromBlobSigstore.UntrustedAnnotations())
}

func TestFromBlobInvalid(t *testing.T) {
	// Round-tripping valid data has been tested in TestBlobSimpleSigning and TestBlobSigstore above.
	for _, c := range []string{
		"",                          // Empty
		"\xFFsimple-signing\nhello", // Invalid first byte
		"\x00simple-signing",        // No newline
		"\x00format\xFFname\ndata",  // Non-ASCII format value
		"\x00unknown-format\ndata",  // Unknown format
	} {
		_, err := FromBlob([]byte(c))
		assert.Error(t, err, fmt.Sprintf("%#v", c))
	}
}

// mockFormatSignature returns a specified format
type mockFormatSignature struct {
	fmt FormatID
}

func (ms mockFormatSignature) FormatID() FormatID {
	return ms.fmt
}

func (ms mockFormatSignature) blobChunk() ([]byte, error) {
	panic("Unexpected call to a mock function")
}

func TestUnsuportedFormatError(t *testing.T) {
	// Warning: The exact text returned by the function is not an API commitment.
	for _, c := range []struct {
		input    Signature
		expected string
	}{
		{SimpleSigningFromBlob(nil), "unsupported signature format simple-signing"},
		{SigstoreFromComponents("mime-type", nil, nil), "unsupported signature format sigstore-json"},
		{mockFormatSignature{FormatID("invalid")}, `unsupported, and unrecognized, signature format "invalid"`},
	} {
		res := UnsupportedFormatError(c.input)
		assert.Equal(t, c.expected, res.Error(), string(c.input.FormatID()))
	}
}