Refactor RDP proxy handling and update related tests
This commit is contained in:
@@ -0,0 +1,80 @@
|
||||
package webingress
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/ed25519"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestEd25519EnvelopeSignerSignsCanonicalEnvelope(t *testing.T) {
|
||||
publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatalf("generate key: %v", err)
|
||||
}
|
||||
signer, err := NewEd25519EnvelopeSigner(base64.StdEncoding.EncodeToString(privateKey), "")
|
||||
if err != nil {
|
||||
t.Fatalf("new signer: %v", err)
|
||||
}
|
||||
signer.Now = fixedEnvelopeNow
|
||||
|
||||
signature, err := signer.Sign(context.Background(), []byte(`{"schema_version":"test"}`))
|
||||
if err != nil {
|
||||
t.Fatalf("sign: %v", err)
|
||||
}
|
||||
decoded, err := base64.StdEncoding.DecodeString(signature.Signature)
|
||||
if err != nil {
|
||||
t.Fatalf("decode signature: %v", err)
|
||||
}
|
||||
if !ed25519.Verify(publicKey, []byte(`{"schema_version":"test"}`), decoded) {
|
||||
t.Fatal("signature did not verify")
|
||||
}
|
||||
if signature.KeyID != ed25519EnvelopeKeyID(publicKey) ||
|
||||
signature.Alg != "ed25519" ||
|
||||
signature.SignedAt != "2026-05-17T00:00:01Z" {
|
||||
t.Fatalf("signature metadata = %+v", signature)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEd25519EnvelopeSignerUsesExplicitKeyID(t *testing.T) {
|
||||
_, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatalf("generate key: %v", err)
|
||||
}
|
||||
signer, err := NewEd25519EnvelopeSigner(base64.RawStdEncoding.EncodeToString(privateKey), "node-explicit")
|
||||
if err != nil {
|
||||
t.Fatalf("new signer: %v", err)
|
||||
}
|
||||
signature, err := signer.Sign(context.Background(), []byte(`{}`))
|
||||
if err != nil {
|
||||
t.Fatalf("sign: %v", err)
|
||||
}
|
||||
if signature.KeyID != "node-explicit" {
|
||||
t.Fatalf("key id = %q", signature.KeyID)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEd25519EnvelopeSignerRejectsInvalidKeyAndPayload(t *testing.T) {
|
||||
_, err := NewEd25519EnvelopeSigner("not-base64", "")
|
||||
if !errors.Is(err, ErrFabricEnvelopeSigningKeyInvalid) {
|
||||
t.Fatalf("invalid key error = %v", err)
|
||||
}
|
||||
|
||||
signer := Ed25519EnvelopeSigner{}
|
||||
_, err = signer.Sign(context.Background(), []byte(`{}`))
|
||||
if !errors.Is(err, ErrFabricEnvelopeSigningKeyInvalid) {
|
||||
t.Fatalf("missing key error = %v", err)
|
||||
}
|
||||
|
||||
_, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatalf("generate key: %v", err)
|
||||
}
|
||||
signer = Ed25519EnvelopeSigner{PrivateKey: privateKey}
|
||||
_, err = signer.Sign(context.Background(), nil)
|
||||
if !errors.Is(err, ErrFabricEnvelopeSigningKeyInvalid) {
|
||||
t.Fatalf("empty canonical error = %v", err)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user