...

Source file src/github.com/sigstore/rekor/pkg/pki/minisign/minisign_e2e_test.go

Documentation: github.com/sigstore/rekor/pkg/pki/minisign 

     1  //
     2  // Copyright 2022 The Sigstore Authors.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  
    16  //go:build e2e
    17  
    18  package minisign
    19  
    20  import (
    21  	"path/filepath"
    22  	"reflect"
    23  	"strings"
    24  	"testing"
    25  
    26  	"github.com/sigstore/rekor/pkg/util"
    27  )
    28  
    29  func TestMinisign(t *testing.T) {
    30  	// Create a keypair
    31  	keyPath := filepath.Join(t.TempDir(), "minisign.key")
    32  	pubPath := filepath.Join(t.TempDir(), "minisign.pub")
    33  
    34  	// Set an empty password, we have to hit enter twice to confirm
    35  	util.Run(t, "\n\n", "minisign", "-G", "-s", keyPath, "-p", pubPath)
    36  
    37  	// Create a random artifact and sign it.
    38  	artifactPath := filepath.Join(t.TempDir(), "artifact")
    39  	sigPath := filepath.Join(t.TempDir(), "signature.asc")
    40  	util.CreateArtifact(t, artifactPath)
    41  
    42  	// Send in one empty password over stdin
    43  	out := util.Run(t, "\n", "minisign", "-S", "-s", keyPath, "-m", artifactPath, "-x", sigPath)
    44  	t.Log(out)
    45  
    46  	// Now upload to the log!
    47  	out = util.RunCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath,
    48  		"--public-key", pubPath, "--pki-format", "minisign")
    49  	util.OutputContains(t, out, "Created entry at")
    50  
    51  	uuidA := util.GetUUIDFromUploadOutput(t, out)
    52  
    53  	out = util.RunCli(t, "verify", "--artifact", artifactPath, "--signature", sigPath,
    54  		"--public-key", pubPath, "--pki-format", "minisign")
    55  	util.OutputContains(t, out, "Inclusion Proof")
    56  
    57  	out = util.RunCli(t, "search", "--public-key", pubPath, "--pki-format", "minisign")
    58  	util.OutputContains(t, out, uuidA)
    59  
    60  	// crease a second artifact and sign it
    61  	artifactPath_B := filepath.Join(t.TempDir(), "artifact2")
    62  	util.CreateArtifact(t, artifactPath_B)
    63  	out = util.Run(t, "\n", "minisign", "-S", "-s", keyPath, "-m", artifactPath_B, "-x", sigPath)
    64  	// Now upload to the log!
    65  	out = util.RunCli(t, "upload", "--artifact", artifactPath_B, "--signature", sigPath,
    66  		"--public-key", pubPath, "--pki-format", "minisign")
    67  	util.OutputContains(t, out, "Created entry at")
    68  	uuidB := util.GetUUIDFromUploadOutput(t, out)
    69  
    70  	tests := []struct {
    71  		name               string
    72  		expectedUuidACount int
    73  		expectedUuidBCount int
    74  		artifact           string
    75  		operator           string
    76  	}{
    77  		{
    78  			name:               "artifact A AND signature should return artifact A",
    79  			expectedUuidACount: 1,
    80  			expectedUuidBCount: 0,
    81  			artifact:           artifactPath,
    82  			operator:           "and",
    83  		},
    84  		{
    85  			name:               "artifact A OR signature should return artifact A and B",
    86  			expectedUuidACount: 1,
    87  			expectedUuidBCount: 1,
    88  			artifact:           artifactPath,
    89  			operator:           "or",
    90  		},
    91  		{
    92  			name:               "artifact B AND signature should return artifact B",
    93  			expectedUuidACount: 0,
    94  			expectedUuidBCount: 1,
    95  			artifact:           artifactPath_B,
    96  			operator:           "and",
    97  		},
    98  		{
    99  			name:               "artifact B OR signature should return artifact A and B",
   100  			expectedUuidACount: 1,
   101  			expectedUuidBCount: 1,
   102  			artifact:           artifactPath_B,
   103  			operator:           "or",
   104  		},
   105  	}
   106  	for _, test := range tests {
   107  		t.Run(test.name, func(t *testing.T) {
   108  			out = util.RunCli(t, "search", "--public-key", pubPath, "--pki-format", "minisign",
   109  				"--operator", test.operator, "--artifact", test.artifact)
   110  
   111  			expected := map[string]int{uuidA: test.expectedUuidACount, uuidB: test.expectedUuidBCount}
   112  			actual := map[string]int{
   113  				uuidA: strings.Count(out, uuidA),
   114  				uuidB: strings.Count(out, uuidB),
   115  			}
   116  			if !reflect.DeepEqual(expected, actual) {
   117  				t.Errorf("expected to find %v, found %v", expected, actual)
   118  			}
   119  		})
   120  	}
   121  }
   122  

View as plain text