...

Source file src/github.com/sigstore/timestamp-authority/pkg/signer/file_test.go

Documentation: github.com/sigstore/timestamp-authority/pkg/signer 

     1  // Copyright 2022 The Sigstore Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package signer
    16  
    17  import (
    18  	"crypto"
    19  	"crypto/ecdsa"
    20  	"crypto/ed25519"
    21  	"crypto/elliptic"
    22  	"crypto/rand"
    23  	"crypto/rsa"
    24  	"encoding/pem"
    25  	"os"
    26  	"path/filepath"
    27  	"testing"
    28  
    29  	"go.step.sm/crypto/pemutil"
    30  )
    31  
    32  func TestNewFileSigner(t *testing.T) {
    33  	td := t.TempDir()
    34  
    35  	password := "password1!"
    36  
    37  	_, ed25519Key, _ := ed25519.GenerateKey(rand.Reader)
    38  	pemED25519, _ := pemutil.Serialize(ed25519Key, pemutil.WithPassword([]byte(password)))
    39  	ed25519KeyFile := filepath.Join(td, "ed25519-key.pem")
    40  	if err := os.WriteFile(ed25519KeyFile, pem.EncodeToMemory(pemED25519), 0644); err != nil {
    41  		t.Fatal(err)
    42  	}
    43  
    44  	ecdsaKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    45  	pemECDSA, _ := pemutil.Serialize(ecdsaKey, pemutil.WithPassword([]byte(password)))
    46  	ecdsaKeyFile := filepath.Join(td, "ecdsa-key.pem")
    47  	if err := os.WriteFile(ecdsaKeyFile, pem.EncodeToMemory(pemECDSA), 0644); err != nil {
    48  		t.Fatal(err)
    49  	}
    50  
    51  	rsaKey, _ := rsa.GenerateKey(rand.Reader, 4096)
    52  	pemRSA, _ := pemutil.Serialize(rsaKey, pemutil.WithPassword([]byte(password)))
    53  	rsaKeyFile := filepath.Join(td, "rsa-key.pem")
    54  	if err := os.WriteFile(rsaKeyFile, pem.EncodeToMemory(pemRSA), 0644); err != nil {
    55  		t.Fatal(err)
    56  	}
    57  
    58  	tests := []struct {
    59  		name    string
    60  		keyPath string
    61  		keyPass string
    62  		wantErr bool
    63  	}{
    64  		{
    65  			name:    "valid ECDSA",
    66  			keyPath: ecdsaKeyFile,
    67  			keyPass: password,
    68  			wantErr: false,
    69  		},
    70  		{
    71  			name:    "valid RSA",
    72  			keyPath: rsaKeyFile,
    73  			keyPass: password,
    74  			wantErr: false,
    75  		},
    76  		{
    77  			name:    "valid ed25519",
    78  			keyPath: ed25519KeyFile,
    79  			keyPass: password,
    80  			wantErr: false,
    81  		},
    82  		{
    83  			name:    "invalid password",
    84  			keyPath: ecdsaKeyFile,
    85  			keyPass: "123",
    86  			wantErr: true,
    87  		},
    88  	}
    89  	for _, tc := range tests {
    90  		t.Run(tc.name, func(t *testing.T) {
    91  			tc := tc
    92  			_, err := NewFileSigner(tc.keyPath, tc.keyPass, crypto.SHA256)
    93  			if tc.wantErr != (err != nil) {
    94  				t.Errorf("NewFileSigner() expected %t, got err %s", tc.wantErr, err)
    95  			}
    96  		})
    97  	}
    98  }
    99  

View as plain text