refector & test: update to support new signature.Signer interface (no…

…taryproject#52) * add jws test Signed-off-by: Junjie Gao <junjiegao@microsoft.com> * update PR Signed-off-by: Junjie Gao <junjiegao@microsoft.com> Signed-off-by: Junjie Gao <junjiegao@microsoft.com> Co-authored-by: Junjie Gao <junjiegao@microsoft.com>
JeyJeyGao · Sep 13, 2022 · 7071319 · 7071319
1 parent 5bcf007
commit 7071319
Show file tree

Hide file tree

Showing 16 changed files with 1,005 additions and 226 deletions.
diff --git a/signature/algorithm.go b/signature/algorithm.go
@@ -31,6 +31,18 @@ const (
 	KeyTypeEC                     // KeyType EC
 )
 
+// String is the stringer function for KeyType
+func (keyType KeyType) String() string {
+	switch keyType {
+	case KeyTypeRSA:
+		return "RSA"
+	case KeyTypeEC:
+		return "ECDSA"
+	default:
+		return fmt.Sprintf("unknown key type: %d", keyType)
+	}
+}
+
 // KeySpec defines a key type and size.
 type KeySpec struct {
 	Type KeyType

diff --git a/signature/algorithm_test.go b/signature/algorithm_test.go
@@ -229,3 +229,28 @@ func TestSignatureAlgorithm(t *testing.T) {
 		})
 	}
 }
+
+func TestKeyTypeStringer(t *testing.T) {
+	testCase := []struct {
+		keyType KeyType
+		str     string
+	}{
+		{
+			keyType: KeyTypeEC,
+			str:     "ECDSA",
+		},
+		{
+			keyType: KeyTypeRSA,
+			str:     "RSA",
+		},
+		{
+			keyType: 10,
+			str:     "unknown key type: 10",
+		},
+	}
+	for _, tt := range testCase {
+		if tt.keyType.String() != tt.str {
+			t.Fatalf("keyType: %s stringer test failed", tt.keyType)
+		}
+	}
+}
diff --git a/signature/cose/envelope_test.go b/signature/cose/envelope_test.go
@@ -2,14 +2,14 @@ package cose
 
 import (
 	"crypto"
-	"crypto/elliptic"
 	"crypto/x509"
 	"errors"
 	"fmt"
 	"testing"
 	"time"
 
 	"github.com/notaryproject/notation-core-go/signature"
+	"github.com/notaryproject/notation-core-go/signature/signaturetest"
 	"github.com/notaryproject/notation-core-go/testhelper"
 	"github.com/veraison/go-cose"
 )
@@ -20,7 +20,6 @@ const (
 
 var (
 	signingSchemeString = []string{"notary.x509", "notary.x509.signingAuthority"}
-	keyType             = []signature.KeyType{signature.KeyTypeRSA, signature.KeyTypeEC}
 )
 
 func TestParseEnvelopeError(t *testing.T) {
@@ -39,14 +38,8 @@ func TestParseEnvelopeError(t *testing.T) {
 func TestSign(t *testing.T) {
 	env := envelope{}
 	for _, signingScheme := range signingSchemeString {
-		for _, keyType := range keyType {
-			var size []int
-			if keyType == signature.KeyTypeRSA {
-				size = []int{2048, 3072, 4096}
-			} else {
-				size = []int{256, 384, 521}
-			}
-			for _, size := range size {
+		for _, keyType := range signaturetest.KeyTypes {
+			for _, size := range signaturetest.GetKeySizes(keyType) {
 				t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize when all arguments are present", signingScheme, keyType, size), func(t *testing.T) {
 					signRequest, err := newSignRequest(signingScheme, keyType, size)
 					if err != nil {
@@ -59,7 +52,7 @@ func TestSign(t *testing.T) {
 				})
 
 				t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize when minimal arguments are present", signingScheme, keyType, size), func(t *testing.T) {
-					signer, err := getTestSigner(keyType, size)
+					signer, err := signaturetest.GetTestLocalSigner(keyType, size)
 					if err != nil {
 						t.Fatalf("Sign() failed. Error = %s", err)
 					}
@@ -654,14 +647,8 @@ func TestSignerInfoErrors(t *testing.T) {
 func TestSignAndVerify(t *testing.T) {
 	env := envelope{}
 	for _, signingScheme := range signingSchemeString {
-		for _, keyType := range keyType {
-			var size []int
-			if keyType == signature.KeyTypeRSA {
-				size = []int{2048, 3072, 4096}
-			} else {
-				size = []int{256, 384, 521}
-			}
-			for _, size := range size {
+		for _, keyType := range signaturetest.KeyTypes {
+			for _, size := range signaturetest.GetKeySizes(keyType) {
 				t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize", signingScheme, keyType, size), func(t *testing.T) {
 					// Sign
 					signRequest, err := newSignRequest(signingScheme, keyType, size)
@@ -686,14 +673,8 @@ func TestSignAndVerify(t *testing.T) {
 
 func TestSignAndParseVerify(t *testing.T) {
 	for _, signingScheme := range signingSchemeString {
-		for _, keyType := range keyType {
-			var size []int
-			if keyType == signature.KeyTypeRSA {
-				size = []int{2048, 3072, 4096}
-			} else {
-				size = []int{256, 384, 521}
-			}
-			for _, size := range size {
+		for _, keyType := range signaturetest.KeyTypes {
+			for _, size := range signaturetest.GetKeySizes(keyType) {
 				t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize", signingScheme, keyType, size), func(t *testing.T) {
 					//Verify after UnmarshalCBOR
 					env, err := getVerifyCOSE(signingScheme, keyType, size)
@@ -712,7 +693,7 @@ func TestSignAndParseVerify(t *testing.T) {
 }
 
 func newSignRequest(signingScheme string, keyType signature.KeyType, size int) (*signature.SignRequest, error) {
-	signer, err := getTestSigner(keyType, size)
+	signer, err := signaturetest.GetTestLocalSigner(keyType, size)
 	if err != nil {
 		return nil, err
 	}
@@ -733,47 +714,6 @@ func newSignRequest(signingScheme string, keyType signature.KeyType, size int) (
 	}, nil
 }
 
-func getTestSigner(keyType signature.KeyType, size int) (signature.Signer, error) {
-	switch keyType {
-	case signature.KeyTypeEC:
-		switch size {
-		case 256:
-			leafCertTuple := testhelper.GetECCertTuple(elliptic.P256())
-			certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert}
-			return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey)
-		case 384:
-			leafCertTuple := testhelper.GetECCertTuple(elliptic.P384())
-			certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert}
-			return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey)
-		case 521:
-			leafCertTuple := testhelper.GetECCertTuple(elliptic.P521())
-			certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert}
-			return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey)
-		default:
-			return nil, fmt.Errorf("key size not supported")
-		}
-	case signature.KeyTypeRSA:
-		switch size {
-		case 2048:
-			leafCertTuple := testhelper.GetRSACertTuple(2048)
-			certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert}
-			return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey)
-		case 3072:
-			leafCertTuple := testhelper.GetRSACertTuple(3072)
-			certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert}
-			return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey)
-		case 4096:
-			leafCertTuple := testhelper.GetRSACertTuple(4096)
-			certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert}
-			return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey)
-		default:
-			return nil, fmt.Errorf("key size not supported")
-		}
-	default:
-		return nil, fmt.Errorf("keyType not supported")
-	}
-}
-
 func getSignRequest() (*signature.SignRequest, error) {
 	return newSignRequest("notary.x509", signature.KeyTypeRSA, 3072)
 }

diff --git a/signature/errors.go b/signature/errors.go
@@ -122,5 +122,15 @@ type EnvelopeKeyRepeatedError struct {
 
 // Error returns the formatted error message.
 func (e *EnvelopeKeyRepeatedError) Error() string {
-	return fmt.Sprintf("repeated key: %q exists in the envelope.", e.Key)
+	return fmt.Sprintf(`repeated key: "%s" exists in the both protected header and extended signed attributes.`, e.Key)
+}
+
+// RemoteSigningError is used when remote signer causes the error.
+type RemoteSigningError struct {
+	Msg string
+}
+
+// Error returns formated remote signing error
+func (e *RemoteSigningError) Error() string {
+	return fmt.Sprintf("remote signing error. Error: %s", e.Msg)
 }
diff --git a/signature/errors_test.go b/signature/errors_test.go
@@ -194,9 +194,18 @@ func TestUnsupportedSignatureFormatError(t *testing.T) {
 
 func TestEnvelopeKeyRepeatedError(t *testing.T) {
 	err := &EnvelopeKeyRepeatedError{Key: errMsg}
-	expectMsg := fmt.Sprintf("repeated key: %q exists in the envelope.", errMsg)
+	expectMsg := fmt.Sprintf(`repeated key: "%s" exists in the both protected header and extended signed attributes.`, errMsg)
 
 	if err.Error() != expectMsg {
 		t.Errorf("Expected %v but got %v", expectMsg, err.Error())
 	}
-}
+}
+
+func TestRemoteSigningError(t *testing.T) {
+	err := &RemoteSigningError{Msg: errMsg}
+	expectMsg := fmt.Sprintf("remote signing error. Error: %s", errMsg)
+
+	if err.Error() != expectMsg {
+		t.Errorf("Expected %v but got %v", expectMsg, err.Error())
+	}
+}
diff --git a/signature/internal/base/envelope.go b/signature/internal/base/envelope.go
@@ -171,7 +171,7 @@ func validateSignerInfo(info *signature.SignerInfo) error {
 	)
 }
 
-// validateSigningTime checks that sigining time is within the valid range of
+// validateSigningTime checks that signing time is within the valid range of
 // time duration.
 func validateSigningTime(signingTime, expireTime time.Time) error {
 	if signingTime.IsZero() {