// Copyright 2022 The Sigstore Authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package signer import ( "crypto" "crypto/ecdsa" "crypto/ed25519" "crypto/elliptic" "crypto/rand" "crypto/rsa" "encoding/pem" "os" "path/filepath" "testing" "go.step.sm/crypto/pemutil" ) func TestNewFileSigner(t *testing.T) { td := t.TempDir() password := "password1!" _, ed25519Key, _ := ed25519.GenerateKey(rand.Reader) pemED25519, _ := pemutil.Serialize(ed25519Key, pemutil.WithPassword([]byte(password))) ed25519KeyFile := filepath.Join(td, "ed25519-key.pem") if err := os.WriteFile(ed25519KeyFile, pem.EncodeToMemory(pemED25519), 0644); err != nil { t.Fatal(err) } ecdsaKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) pemECDSA, _ := pemutil.Serialize(ecdsaKey, pemutil.WithPassword([]byte(password))) ecdsaKeyFile := filepath.Join(td, "ecdsa-key.pem") if err := os.WriteFile(ecdsaKeyFile, pem.EncodeToMemory(pemECDSA), 0644); err != nil { t.Fatal(err) } rsaKey, _ := rsa.GenerateKey(rand.Reader, 4096) pemRSA, _ := pemutil.Serialize(rsaKey, pemutil.WithPassword([]byte(password))) rsaKeyFile := filepath.Join(td, "rsa-key.pem") if err := os.WriteFile(rsaKeyFile, pem.EncodeToMemory(pemRSA), 0644); err != nil { t.Fatal(err) } tests := []struct { name string keyPath string keyPass string wantErr bool }{ { name: "valid ECDSA", keyPath: ecdsaKeyFile, keyPass: password, wantErr: false, }, { name: "valid RSA", keyPath: rsaKeyFile, keyPass: password, wantErr: false, }, { name: "valid ed25519", keyPath: ed25519KeyFile, keyPass: password, wantErr: false, }, { name: "invalid password", keyPath: ecdsaKeyFile, keyPass: "123", wantErr: true, }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { tc := tc _, err := NewFileSigner(tc.keyPath, tc.keyPass, crypto.SHA256) if tc.wantErr != (err != nil) { t.Errorf("NewFileSigner() expected %t, got err %s", tc.wantErr, err) } }) } }