81 lines
2.3 KiB
Go
81 lines
2.3 KiB
Go
package webingress
|
|
|
|
import (
|
|
"context"
|
|
"crypto/ed25519"
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"errors"
|
|
"testing"
|
|
)
|
|
|
|
func TestEd25519EnvelopeSignerSignsCanonicalEnvelope(t *testing.T) {
|
|
publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
|
if err != nil {
|
|
t.Fatalf("generate key: %v", err)
|
|
}
|
|
signer, err := NewEd25519EnvelopeSigner(base64.StdEncoding.EncodeToString(privateKey), "")
|
|
if err != nil {
|
|
t.Fatalf("new signer: %v", err)
|
|
}
|
|
signer.Now = fixedEnvelopeNow
|
|
|
|
signature, err := signer.Sign(context.Background(), []byte(`{"schema_version":"test"}`))
|
|
if err != nil {
|
|
t.Fatalf("sign: %v", err)
|
|
}
|
|
decoded, err := base64.StdEncoding.DecodeString(signature.Signature)
|
|
if err != nil {
|
|
t.Fatalf("decode signature: %v", err)
|
|
}
|
|
if !ed25519.Verify(publicKey, []byte(`{"schema_version":"test"}`), decoded) {
|
|
t.Fatal("signature did not verify")
|
|
}
|
|
if signature.KeyID != ed25519EnvelopeKeyID(publicKey) ||
|
|
signature.Alg != "ed25519" ||
|
|
signature.SignedAt != "2026-05-17T00:00:01Z" {
|
|
t.Fatalf("signature metadata = %+v", signature)
|
|
}
|
|
}
|
|
|
|
func TestEd25519EnvelopeSignerUsesExplicitKeyID(t *testing.T) {
|
|
_, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
|
if err != nil {
|
|
t.Fatalf("generate key: %v", err)
|
|
}
|
|
signer, err := NewEd25519EnvelopeSigner(base64.RawStdEncoding.EncodeToString(privateKey), "node-explicit")
|
|
if err != nil {
|
|
t.Fatalf("new signer: %v", err)
|
|
}
|
|
signature, err := signer.Sign(context.Background(), []byte(`{}`))
|
|
if err != nil {
|
|
t.Fatalf("sign: %v", err)
|
|
}
|
|
if signature.KeyID != "node-explicit" {
|
|
t.Fatalf("key id = %q", signature.KeyID)
|
|
}
|
|
}
|
|
|
|
func TestEd25519EnvelopeSignerRejectsInvalidKeyAndPayload(t *testing.T) {
|
|
_, err := NewEd25519EnvelopeSigner("not-base64", "")
|
|
if !errors.Is(err, ErrFabricEnvelopeSigningKeyInvalid) {
|
|
t.Fatalf("invalid key error = %v", err)
|
|
}
|
|
|
|
signer := Ed25519EnvelopeSigner{}
|
|
_, err = signer.Sign(context.Background(), []byte(`{}`))
|
|
if !errors.Is(err, ErrFabricEnvelopeSigningKeyInvalid) {
|
|
t.Fatalf("missing key error = %v", err)
|
|
}
|
|
|
|
_, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
|
if err != nil {
|
|
t.Fatalf("generate key: %v", err)
|
|
}
|
|
signer = Ed25519EnvelopeSigner{PrivateKey: privateKey}
|
|
_, err = signer.Sign(context.Background(), nil)
|
|
if !errors.Is(err, ErrFabricEnvelopeSigningKeyInvalid) {
|
|
t.Fatalf("empty canonical error = %v", err)
|
|
}
|
|
}
|