test: add more valid cases

Signed-off-by: Binbin Li <libinbin@microsoft.com>
notaryproject · Aug 19, 2022 · 899ab2b · 899ab2b
1 parent 6e2d913
commit 899ab2b
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 22 deletions.
diff --git a/signature/algorithm_test.go b/signature/algorithm_test.go
@@ -2,9 +2,14 @@ package signature
 
 import (
 	"crypto"
+	"crypto/ecdsa"
 	"crypto/ed25519"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/rsa"
 	"crypto/x509"
 	"reflect"
+	"strconv"
 	"testing"
 
 	"github.com/notaryproject/notation-core-go/testhelper"
@@ -64,36 +69,20 @@ func TestHash(t *testing.T) {
 }
 
 func TestExtractKeySpec(t *testing.T) {
-	tests := []struct {
+	type testCase struct {
 		name      string
 		cert      *x509.Certificate
 		expect    KeySpec
 		expectErr bool
-	}{
-		{
-			name: "RSA 3072",
-			cert: testhelper.GetRSALeafCertificate().Cert,
-			expect: KeySpec{
-				Type: KeyTypeRSA,
-				Size: 3072,
-			},
-			expectErr: false,
-		},
+	}
+	// invalid cases
+	tests := []testCase{
 		{
 			name:      "RSA wrong size",
 			cert:      testhelper.GetUnsupportedRSACert().Cert,
 			expect:    KeySpec{},
 			expectErr: true,
 		},
-		{
-			name: "ECDSA 384",
-			cert: testhelper.GetECLeafCertificate().Cert,
-			expect: KeySpec{
-				Type: KeyTypeEC,
-				Size: 384,
-			},
-			expectErr: false,
-		},
 		{
 			name:      "ECDSA wrong size",
 			cert:      testhelper.GetUnsupportedECCert().Cert,
@@ -110,6 +99,49 @@ func TestExtractKeySpec(t *testing.T) {
 		},
 	}
 
+	// append valid RSA cases
+	for _, k := range []int{2048, 3072, 4096} {
+		rsaRoot := testhelper.GetRSARootCertificate()
+		priv, _ := rsa.GenerateKey(rand.Reader, k)
+
+		certTuple := testhelper.GetRSACertTupleWithPK(
+			priv,
+			"Test RSA_"+strconv.Itoa(priv.Size()),
+			&rsaRoot,
+		)
+		tests = append(tests, testCase{
+			name: "RSA " + strconv.Itoa(k),
+			cert: certTuple.Cert,
+			expect: KeySpec{
+				Type: KeyTypeRSA,
+				Size: k,
+			},
+			expectErr: false,
+		})
+	}
+
+	// append valid EDCSA cases
+	for _, curve := range []elliptic.Curve{elliptic.P256(), elliptic.P384(), elliptic.P521()} {
+		ecdsaRoot := testhelper.GetECRootCertificate()
+		priv, _ := ecdsa.GenerateKey(curve, rand.Reader)
+		bitSize := priv.Params().BitSize
+
+		certTuple := testhelper.GetECDSACertTupleWithPK(
+			priv,
+			"Test EC_"+strconv.Itoa(bitSize),
+			&ecdsaRoot,
+		)
+		tests = append(tests, testCase{
+			name: "EC " + strconv.Itoa(bitSize),
+			cert: certTuple.Cert,
+			expect: KeySpec{
+				Type: KeyTypeEC,
+				Size: bitSize,
+			},
+			expectErr: false,
+		})
+	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			keySpec, err := ExtractKeySpec(tt.cert)

diff --git a/signature/envelope_test.go b/signature/envelope_test.go
@@ -5,21 +5,26 @@ import (
 	"testing"
 )
 
+// mock an envelope that implements signature.Envelope.
 type testEnvelope struct {
 }
 
+// Sign implements Sign of signature.Envelope.
 func (e testEnvelope) Sign(req *SignRequest) ([]byte, error) {
 	return nil, nil
 }
 
+// Verify implements Verify of signature.Envelope.
 func (e testEnvelope) Verify() (*Payload, *SignerInfo, error) {
 	return nil, nil, nil
 }
 
+// Payload implements Payload of signature.Envelope.
 func (e testEnvelope) Payload() (*Payload, error) {
 	return nil, nil
 }
 
+// SignerInfo implements SignerInfo of signature.Envelope.
 func (e testEnvelope) SignerInfo() (*SignerInfo, error) {
 	return nil, nil
 }

diff --git a/signature/internal/base/envelope_test.go b/signature/internal/base/envelope_test.go
@@ -83,7 +83,7 @@ func init() {
 	time08_03, _ = time.Parse(timeLayout, "2020-08-03")
 }
 
-// Mock an internal envelope
+// Mock an internal envelope that implements signature.Envelope.
 type mockEnvelope struct {
 	payload            *signature.Payload
 	verifiedPayload    *signature.Payload
@@ -92,6 +92,7 @@ type mockEnvelope struct {
 	failVerify         bool
 }
 
+// Sign implements Sign of signature.Envelope.
 func (e mockEnvelope) Sign(req *signature.SignRequest) ([]byte, error) {
 	switch req.SigningAgent {
 	case invalidSigningAgent:
@@ -102,44 +103,50 @@ func (e mockEnvelope) Sign(req *signature.SignRequest) ([]byte, error) {
 	return nil, nil
 }
 
+// Verify implements Verify of signature.Envelope.
 func (e mockEnvelope) Verify() (*signature.Payload, *signature.SignerInfo, error) {
 	if e.failVerify {
 		return nil, nil, errors.New(errMsg)
 	}
 	return e.verifiedPayload, e.verifiedSignerInfo, nil
 }
 
+// Payload implements Payload of signature.Envelope.
 func (e mockEnvelope) Payload() (*signature.Payload, error) {
 	if e.payload == nil {
 		return nil, errors.New(errMsg)
 	}
 	return e.payload, nil
 }
 
+// SignerInfo implements SignerInfo of signature.Envelope.
 func (e mockEnvelope) SignerInfo() (*signature.SignerInfo, error) {
 	if e.signerInfo == nil {
 		return nil, errors.New(errMsg)
 	}
 	return e.signerInfo, nil
 }
 
-// Mock a signer within the internal envelope
+// Mock a signer implements signature.Signer.
 type mockSigner struct {
 	certs   []*x509.Certificate
 	keySpec signature.KeySpec
 }
 
+// CertificateChain implements CertificateChain of signature.Signer.
 func (s *mockSigner) CertificateChain() ([]*x509.Certificate, error) {
 	if len(s.certs) == 0 {
 		return nil, errors.New(errMsg)
 	}
 	return s.certs, nil
 }
 
+// Sign implements Sign of signature.Signer.
 func (s *mockSigner) Sign(digest []byte) ([]byte, error) {
 	return nil, nil
 }
 
+// KeySpec implements KeySpec of signature.Signer.
 func (s *mockSigner) KeySpec() (signature.KeySpec, error) {
 	var emptyKeySpec signature.KeySpec
 	if s.keySpec == emptyKeySpec {