45 lines
1.3 KiB
Go
45 lines
1.3 KiB
Go
package clusterauth
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestSignAndVerifyRawPayload(t *testing.T) {
|
|
keys, err := GenerateKeyPair()
|
|
if err != nil {
|
|
t.Fatalf("GenerateKeyPair: %v", err)
|
|
}
|
|
payload := json.RawMessage(`{"cluster_id":"cluster-1","schema_version":"test.v1","value":1}`)
|
|
|
|
signature, err := SignRaw(keys.PrivateKeyB64, payload, time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC))
|
|
if err != nil {
|
|
t.Fatalf("SignRaw: %v", err)
|
|
}
|
|
if signature.KeyFingerprint != keys.Fingerprint {
|
|
t.Fatalf("fingerprint = %q, want %q", signature.KeyFingerprint, keys.Fingerprint)
|
|
}
|
|
if err := VerifyRaw(keys.PublicKeyB64, payload, signature); err != nil {
|
|
t.Fatalf("VerifyRaw: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestVerifyRawRejectsTamperedPayload(t *testing.T) {
|
|
keys, err := GenerateKeyPair()
|
|
if err != nil {
|
|
t.Fatalf("GenerateKeyPair: %v", err)
|
|
}
|
|
payload := json.RawMessage(`{"cluster_id":"cluster-1","schema_version":"test.v1","value":1}`)
|
|
signature, err := SignRaw(keys.PrivateKeyB64, payload, time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC))
|
|
if err != nil {
|
|
t.Fatalf("SignRaw: %v", err)
|
|
}
|
|
|
|
tampered := json.RawMessage(`{"cluster_id":"cluster-1","schema_version":"test.v1","value":2}`)
|
|
if err := VerifyRaw(keys.PublicKeyB64, tampered, signature); !errors.Is(err, ErrInvalidSignature) {
|
|
t.Fatalf("err = %v, want ErrInvalidSignature", err)
|
|
}
|
|
}
|