From ac60e8227906b6a5758396891ba6c0683f611005 Mon Sep 17 00:00:00 2001 From: Junjie Gao Date: Fri, 26 Aug 2022 09:41:26 +0800 Subject: [PATCH] update PR Signed-off-by: Junjie Gao --- signature/algorithm.go | 12 +++ signature/algorithm_test.go | 16 ++++ signature/cose/envelope_test.go | 75 ++--------------- signature/jws/envelope_test.go | 119 ++++++++++++++++----------- signature/jws/jws_test.go | 44 ++++++++-- signature/jws/jwt_test.go | 12 +-- signature/signaturetest/algorithm.go | 18 ++++ signature/signaturetest/signer.go | 52 ++++++++++++ 8 files changed, 220 insertions(+), 128 deletions(-) create mode 100644 signature/signaturetest/algorithm.go create mode 100644 signature/signaturetest/signer.go diff --git a/signature/algorithm.go b/signature/algorithm.go index 476de3d1..c6299c45 100644 --- a/signature/algorithm.go +++ b/signature/algorithm.go @@ -31,6 +31,18 @@ const ( KeyTypeEC // KeyType EC ) +// String is the stringer function for KeyType +func (keyType KeyType) String() string { + switch keyType { + case KeyTypeRSA: + return "RSA" + case KeyTypeEC: + return "ECDSA" + default: + return fmt.Sprintf("unknown key type: %d", keyType) + } +} + // KeySpec defines a key type and size. type KeySpec struct { Type KeyType diff --git a/signature/algorithm_test.go b/signature/algorithm_test.go index 40066772..c1b8b3e3 100644 --- a/signature/algorithm_test.go +++ b/signature/algorithm_test.go @@ -229,3 +229,19 @@ func TestSignatureAlgorithm(t *testing.T) { }) } } + +func TestKeyTypeStringer(t *testing.T) { + if KeyTypeEC.String() != "ECDSA" { + t.Fatal("KeyTypeEC stringer test failed") + } + + if KeyTypeRSA.String() != "RSA" { + t.Fatal("KeyTypeRSA stringer test failed") + } + + var keyType KeyType + keyType = 10 + if keyType.String() != "unknown key type: 10" { + t.Fatal("KeyType stringer unknown key type test failed") + } +} diff --git a/signature/cose/envelope_test.go b/signature/cose/envelope_test.go index 95fb4889..d03800fa 100644 --- a/signature/cose/envelope_test.go +++ b/signature/cose/envelope_test.go @@ -2,7 +2,6 @@ package cose import ( "crypto" - "crypto/elliptic" "crypto/x509" "errors" "fmt" @@ -10,6 +9,7 @@ import ( "time" "github.com/notaryproject/notation-core-go/signature" + "github.com/notaryproject/notation-core-go/signature/signaturetest" "github.com/notaryproject/notation-core-go/testhelper" "github.com/veraison/go-cose" ) @@ -20,7 +20,6 @@ const ( var ( signingSchemeString = []string{"notary.x509", "notary.x509.signingAuthority"} - keyType = []signature.KeyType{signature.KeyTypeRSA, signature.KeyTypeEC} ) func TestParseEnvelopeError(t *testing.T) { @@ -39,13 +38,8 @@ func TestParseEnvelopeError(t *testing.T) { func TestSign(t *testing.T) { env := envelope{} for _, signingScheme := range signingSchemeString { - for _, keyType := range keyType { - var size []int - if keyType == signature.KeyTypeRSA { - size = []int{2048, 3072, 4096} - } else { - size = []int{256, 384, 521} - } + for _, keyType := range signaturetest.KeyTypes { + var size = signaturetest.GetKeySizes(keyType) for _, size := range size { t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize when all arguments are present", signingScheme, keyType, size), func(t *testing.T) { signRequest, err := newSignRequest(signingScheme, keyType, size) @@ -59,7 +53,7 @@ func TestSign(t *testing.T) { }) t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize when minimal arguments are present", signingScheme, keyType, size), func(t *testing.T) { - signer, err := getTestSigner(keyType, size) + signer, err := signaturetest.GetLocalSigner(keyType, size) if err != nil { t.Fatalf("Sign() failed. Error = %s", err) } @@ -654,13 +648,8 @@ func TestSignerInfoErrors(t *testing.T) { func TestSignAndVerify(t *testing.T) { env := envelope{} for _, signingScheme := range signingSchemeString { - for _, keyType := range keyType { - var size []int - if keyType == signature.KeyTypeRSA { - size = []int{2048, 3072, 4096} - } else { - size = []int{256, 384, 521} - } + for _, keyType := range signaturetest.KeyTypes { + var size = signaturetest.GetKeySizes(keyType) for _, size := range size { t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize", signingScheme, keyType, size), func(t *testing.T) { // Sign @@ -686,13 +675,8 @@ func TestSignAndVerify(t *testing.T) { func TestSignAndParseVerify(t *testing.T) { for _, signingScheme := range signingSchemeString { - for _, keyType := range keyType { - var size []int - if keyType == signature.KeyTypeRSA { - size = []int{2048, 3072, 4096} - } else { - size = []int{256, 384, 521} - } + for _, keyType := range signaturetest.KeyTypes { + var size = signaturetest.GetKeySizes(keyType) for _, size := range size { t.Run(fmt.Sprintf("with %s scheme, %v keyType, %v keySize", signingScheme, keyType, size), func(t *testing.T) { //Verify after UnmarshalCBOR @@ -712,7 +696,7 @@ func TestSignAndParseVerify(t *testing.T) { } func newSignRequest(signingScheme string, keyType signature.KeyType, size int) (*signature.SignRequest, error) { - signer, err := getTestSigner(keyType, size) + signer, err := signaturetest.GetLocalSigner(keyType, size) if err != nil { return nil, err } @@ -733,47 +717,6 @@ func newSignRequest(signingScheme string, keyType signature.KeyType, size int) ( }, nil } -func getTestSigner(keyType signature.KeyType, size int) (signature.Signer, error) { - switch keyType { - case signature.KeyTypeEC: - switch size { - case 256: - leafCertTuple := testhelper.GetECCertTuple(elliptic.P256()) - certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert} - return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) - case 384: - leafCertTuple := testhelper.GetECCertTuple(elliptic.P384()) - certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert} - return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) - case 521: - leafCertTuple := testhelper.GetECCertTuple(elliptic.P521()) - certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert} - return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) - default: - return nil, fmt.Errorf("key size not supported") - } - case signature.KeyTypeRSA: - switch size { - case 2048: - leafCertTuple := testhelper.GetRSACertTuple(2048) - certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert} - return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) - case 3072: - leafCertTuple := testhelper.GetRSACertTuple(3072) - certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert} - return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) - case 4096: - leafCertTuple := testhelper.GetRSACertTuple(4096) - certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert} - return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) - default: - return nil, fmt.Errorf("key size not supported") - } - default: - return nil, fmt.Errorf("keyType not supported") - } -} - func getSignRequest() (*signature.SignRequest, error) { return newSignRequest("notary.x509", signature.KeyTypeRSA, 3072) } diff --git a/signature/jws/envelope_test.go b/signature/jws/envelope_test.go index 3f051535..8343122c 100644 --- a/signature/jws/envelope_test.go +++ b/signature/jws/envelope_test.go @@ -17,6 +17,7 @@ import ( "time" "github.com/notaryproject/notation-core-go/signature" + "github.com/notaryproject/notation-core-go/signature/signaturetest" "github.com/notaryproject/notation-core-go/testhelper" ) @@ -74,13 +75,13 @@ func (signer *remoteSignerMock) KeySpec() (signature.KeySpec, error) { return signature.ExtractKeySpec(signer.certs[0]) } -func checkError(t *testing.T, err error) { +func checkNoError(t *testing.T, err error) { if err != nil { t.Fatal(t) } } -func cmpError(t *testing.T, got string, want string) { +func checkErrorEqual(t *testing.T, want, got string) { if got != want { t.Fatalf("want: %v, got: %v\n", want, got) } @@ -99,7 +100,6 @@ var ( Value: "testValue2", }, } - extSignedAttrRepeated = []signature.Attribute{ { Key: "cty", @@ -107,7 +107,6 @@ var ( Value: "testValue2", }, } - extSignedAttrErrorValue = []signature.Attribute{ { Key: "add", @@ -169,12 +168,12 @@ func getEnvelope(signingScheme signature.SigningScheme, isLocal bool, extendedSi if err != nil { return nil, err } - var jwsEnv jwsEnvelope - err = json.Unmarshal(encoded, &jwsEnv) + var sigEnv jwsEnvelope + err = json.Unmarshal(encoded, &sigEnv) if err != nil { return nil, err } - return &jwsEnv, nil + return &sigEnv, nil } func getEncodedMessage(signingScheme signature.SigningScheme, isLocal bool, extendedSignedAttribute []signature.Attribute) ([]byte, error) { @@ -233,12 +232,12 @@ func TestNewEnvelope(t *testing.T) { func TestSignFailed(t *testing.T) { t.Run("extended attribute conflict with protected header keys", func(t *testing.T) { _, err := getEncodedMessage(signature.SigningSchemeX509, true, extSignedAttrRepeated) - cmpError(t, err.Error(), `repeated key: "cty" exists in the both protected header and extended signed attributes.`) + checkErrorEqual(t, `repeated key: "cty" exists in the both protected header and extended signed attributes.`, err.Error()) }) t.Run("extended attribute error value", func(t *testing.T) { _, err := getEncodedMessage(signature.SigningSchemeX509, true, extSignedAttrErrorValue) - cmpError(t, err.Error(), "json: unsupported value: +Inf") + checkErrorEqual(t, "json: unsupported value: +Inf", err.Error()) }) t.Run("unsupported sign algorithm", func(t *testing.T) { @@ -253,11 +252,11 @@ func TestSignFailed(t *testing.T) { } e := envelope{} _, err = e.Sign(signReq) - cmpError(t, err.Error(), `signature algorithm "#0" is not supported`) + checkErrorEqual(t, `signature algorithm "#0" is not supported`, err.Error()) }) } -func TestEnvelopeSigningScheme(t *testing.T) { +func TestSigningScheme(t *testing.T) { var signParams = []struct { isLocal bool signingScheme signature.SigningScheme @@ -271,86 +270,106 @@ func TestEnvelopeSigningScheme(t *testing.T) { for _, tt := range signParams { t.Run(fmt.Sprintf("verify_isLocal=%v_signingScheme=%v", tt.isLocal, tt.signingScheme), func(t *testing.T) { encoded, err := getEncodedMessage(tt.signingScheme, tt.isLocal, extSignedAttr) - checkError(t, err) + checkNoError(t, err) _, _, err = verifyCore(encoded) - checkError(t, err) + checkNoError(t, err) }) } } +func TestSignVerify(t *testing.T) { + for _, keyType := range signaturetest.KeyTypes { + for _, size := range signaturetest.GetKeySizes(keyType) { + t.Run(fmt.Sprintf("%s %d", keyType, size), func(t *testing.T) { + signer, err := signaturetest.GetLocalSigner(keyType, size) + checkNoError(t, err) + + signReq, err := getSignReq(signature.SigningSchemeX509, signer, nil) + checkNoError(t, err) + + e := envelope{} + encoded, err := e.Sign(signReq) + + _, _, err = verifyCore(encoded) + checkNoError(t, err) + }) + } + } +} + func TestVerify(t *testing.T) { t.Run("break json format", func(t *testing.T) { encoded, err := getEncodedMessage(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) encoded[0] = '}' _, _, err = verifyCore(encoded) - cmpError(t, err.Error(), "invalid character '}' looking for beginning of value") + checkErrorEqual(t, "invalid character '}' looking for beginning of value", err.Error()) }) t.Run("tamper signature", func(t *testing.T) { // get envelope env, err := getSignedEnvelope(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) // temper envelope env.Signature = "" err = verifyEnvelope(env) - cmpError(t, err.Error(), "signature is invalid. Error: crypto/rsa: verification error") + checkErrorEqual(t, "signature is invalid. Error: crypto/rsa: verification error", err.Error()) }) t.Run("empty certificate", func(t *testing.T) { // get envelope env, err := getSignedEnvelope(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) // temper envelope env.Header.CertChain = [][]byte{} err = verifyEnvelope(env) - cmpError(t, err.Error(), "certificate chain is not set") + checkErrorEqual(t, "certificate chain is not set", err.Error()) }) t.Run("tamper certificate", func(t *testing.T) { // get envelope env, err := getSignedEnvelope(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) // temper envelope env.Header.CertChain[0][0] = 'C' err = verifyEnvelope(env) - cmpError(t, err.Error(), "malformed leaf certificate") + checkErrorEqual(t, "malformed leaf certificate", err.Error()) }) t.Run("malformed protected header base64 encoded", func(t *testing.T) { // get envelope env, err := getSignedEnvelope(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) // temper envelope env.Protected = "$" + env.Protected err = verifyEnvelope(env) - cmpError(t, err.Error(), "jws envelope protected header can't be decoded: illegal base64 data at input byte 0") + checkErrorEqual(t, "jws envelope protected header can't be decoded: illegal base64 data at input byte 0", err.Error()) }) t.Run("malformed protected header raw", func(t *testing.T) { // get envelope env, err := getSignedEnvelope(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) // temper envelope rawProtected, err := base64.RawURLEncoding.DecodeString(env.Protected) - checkError(t, err) + checkNoError(t, err) rawProtected[0] = '}' env.Protected = base64.RawURLEncoding.EncodeToString(rawProtected) err = verifyEnvelope(env) - cmpError(t, err.Error(), "jws envelope protected header can't be decoded: invalid character '}' looking for beginning of value") + checkErrorEqual(t, "jws envelope protected header can't be decoded: invalid character '}' looking for beginning of value", err.Error()) }) } @@ -358,11 +377,11 @@ func TestSignerInfo(t *testing.T) { getEnvelopeAndHeader := func(signingScheme signature.SigningScheme) (*jwsEnvelope, *jwsProtectedHeader) { // get envelope env, err := getSignedEnvelope(signingScheme, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) // get protected header header, err := parseProtectedHeaders(env.Protected) - checkError(t, err) + checkNoError(t, err) return env, header } updateProtectedHeader := func(env *jwsEnvelope, protected *jwsProtectedHeader) { @@ -387,18 +406,18 @@ func TestSignerInfo(t *testing.T) { // marshal and write back to envelope rawProtected, err := json.Marshal(headerMap) - checkError(t, err) + checkNoError(t, err) env.Protected = base64.RawURLEncoding.EncodeToString(rawProtected) } getSignerInfo := func(env *jwsEnvelope, protected *jwsProtectedHeader) (*signature.SignerInfo, error) { updateProtectedHeader(env, protected) // marshal tampered envelope newEncoded, err := json.Marshal(env) - checkError(t, err) + checkNoError(t, err) // parse tampered envelope newEnv, err := ParseEnvelope(newEncoded) - checkError(t, err) + checkNoError(t, err) return newEnv.SignerInfo() } @@ -411,7 +430,7 @@ func TestSignerInfo(t *testing.T) { header.AuthenticSigningTime = &signingTime _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: "io.cncf.notary.authenticSigningTime" header must not be present for notary.x509 signing scheme`) + checkErrorEqual(t, `signature envelope format is malformed. error: "io.cncf.notary.authenticSigningTime" header must not be present for notary.x509 signing scheme`, err.Error()) }) t.Run("tamper protected header signing scheme X509 Signing Authority", func(t *testing.T) { @@ -422,7 +441,7 @@ func TestSignerInfo(t *testing.T) { header.SigningTime = &signingTime _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: "io.cncf.notary.signingTime" header must not be present for notary.x509.signingAuthority signing scheme`) + checkErrorEqual(t, `signature envelope format is malformed. error: "io.cncf.notary.signingTime" header must not be present for notary.x509.signingAuthority signing scheme`, err.Error()) }) t.Run("tamper protected header signing scheme X509 Signing Authority 2", func(t *testing.T) { @@ -432,7 +451,7 @@ func TestSignerInfo(t *testing.T) { header.AuthenticSigningTime = nil _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: "io.cncf.notary.authenticSigningTime" header must be present for notary.x509 signing scheme`) + checkErrorEqual(t, `signature envelope format is malformed. error: "io.cncf.notary.authenticSigningTime" header must be present for notary.x509 signing scheme`, err.Error()) }) t.Run("tamper protected header extended attributes", func(t *testing.T) { @@ -442,7 +461,7 @@ func TestSignerInfo(t *testing.T) { header.ExtendedAttributes = make(map[string]interface{}) _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: "testKey" header is marked critical but not present`) + checkErrorEqual(t, `signature envelope format is malformed. error: "testKey" header is marked critical but not present`, err.Error()) }) t.Run("add protected header critical key", func(t *testing.T) { @@ -452,7 +471,7 @@ func TestSignerInfo(t *testing.T) { header.Critical = header.Critical[:len(header.Critical)-2] _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: these required headers are not marked as critical: [io.cncf.notary.expiry]`) + checkErrorEqual(t, `signature envelope format is malformed. error: these required headers are not marked as critical: [io.cncf.notary.expiry]`, err.Error()) }) t.Run("empty critical section", func(t *testing.T) { @@ -462,7 +481,7 @@ func TestSignerInfo(t *testing.T) { header.Critical = []string{} _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: missing "crit" header`) + checkErrorEqual(t, `signature envelope format is malformed. error: missing "crit" header`, err.Error()) }) t.Run("unsupported algorithm", func(t *testing.T) { @@ -472,30 +491,30 @@ func TestSignerInfo(t *testing.T) { header.Algorithm = "ES222" _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: signature algorithm "ES222" is not supported`) + checkErrorEqual(t, `signature envelope format is malformed. error: signature algorithm "ES222" is not supported`, err.Error()) }) t.Run("tamper raw protected header json format", func(t *testing.T) { // get envelope env, err := getSignedEnvelope(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) rawProtected, err := base64.RawURLEncoding.DecodeString(env.Protected) - checkError(t, err) + checkNoError(t, err) // temper envelope rawProtected[0] = '}' env.Protected = base64.RawURLEncoding.EncodeToString(rawProtected) newEncoded, err := json.Marshal(env) - checkError(t, err) + checkNoError(t, err) // parse tampered envelope newEnv, err := ParseEnvelope(newEncoded) - checkError(t, err) + checkNoError(t, err) _, err = newEnv.SignerInfo() - cmpError(t, err.Error(), "signature envelope format is malformed. error: jws envelope protected header can't be decoded: invalid character '}' looking for beginning of value") + checkErrorEqual(t, "signature envelope format is malformed. error: jws envelope protected header can't be decoded: invalid character '}' looking for beginning of value", err.Error()) }) t.Run("tamper signature base64 encoding", func(t *testing.T) { env, header := getEnvelopeAndHeader(signature.SigningSchemeX509) @@ -504,7 +523,7 @@ func TestSignerInfo(t *testing.T) { env.Signature = "{" + env.Signature _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: illegal base64 data at input byte 0`) + checkErrorEqual(t, `signature envelope format is malformed. error: illegal base64 data at input byte 0`, err.Error()) }) t.Run("tamper empty signature", func(t *testing.T) { env, header := getEnvelopeAndHeader(signature.SigningSchemeX509) @@ -513,7 +532,7 @@ func TestSignerInfo(t *testing.T) { env.Signature = "" _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: cose envelope missing signature`) + checkErrorEqual(t, `signature envelope format is malformed. error: cose envelope missing signature`, err.Error()) }) t.Run("tamper cert chain", func(t *testing.T) { env, header := getEnvelopeAndHeader(signature.SigningSchemeX509) @@ -522,7 +541,7 @@ func TestSignerInfo(t *testing.T) { env.Header.CertChain[0] = append(env.Header.CertChain[0], 'v') _, err := getSignerInfo(env, header) - cmpError(t, err.Error(), `signature envelope format is malformed. error: x509: trailing data`) + checkErrorEqual(t, `signature envelope format is malformed. error: x509: trailing data`, err.Error()) }) } @@ -530,21 +549,21 @@ func TestPayload(t *testing.T) { t.Run("tamper envelope cause JWT parse failed", func(t *testing.T) { // get envelope env, err := getSignedEnvelope(signature.SigningSchemeX509, true, extSignedAttr) - checkError(t, err) + checkNoError(t, err) // tamper payload env.Payload = env.Payload[1:] // marshal tampered envelope newEncoded, err := json.Marshal(env) - checkError(t, err) + checkNoError(t, err) // parse tampered envelope newEnv, err := ParseEnvelope(newEncoded) - checkError(t, err) + checkNoError(t, err) _, err = newEnv.Payload() - cmpError(t, err.Error(), "illegal base64 data at input byte 476") + checkErrorEqual(t, "illegal base64 data at input byte 476", err.Error()) }) } diff --git a/signature/jws/jws_test.go b/signature/jws/jws_test.go index b6caace3..3074924e 100644 --- a/signature/jws/jws_test.go +++ b/signature/jws/jws_test.go @@ -1,23 +1,55 @@ package jws import ( + "encoding/json" "math" "testing" ) -func Test_convertToMapError(t *testing.T) { - _, err := convertToMap(math.Inf(1)) - if err == nil { - t.Fatal("should cause error") +func Test_convertToMap(t *testing.T) { + type S struct { + A string + B int + C float64 } + t.Run("invalid value", func(t *testing.T) { + _, err := convertToMap(math.Inf(1)) + if err == nil { + t.Fatal("should cause error") + } + }) + + t.Run("normal case", func(t *testing.T) { + testStruct := S{ + A: "test string", + B: 1, + C: 1.1, + } + // generate map + m, err := convertToMap(&testStruct) + checkNoError(t, err) + + // convert map to struct + bytes, err := json.Marshal(m) + checkNoError(t, err) + + var newStruct S + err = json.Unmarshal(bytes, &newStruct) + checkNoError(t, err) + + // check new struct equal with original struct + if newStruct != testStruct { + t.Fatal("convertToMap error") + } + }) } func Test_generateJWSError(t *testing.T) { _, err := generateJWS("", nil, nil) - cmpError(t, err.Error(), "unexpected error occurred while generating a JWS-JSON serialization from compact serialization") + checkErrorEqual(t, "unexpected error occurred while generating a JWS-JSON serialization from compact serialization", err.Error()) } func Test_getSignatureAlgorithmError(t *testing.T) { _, err := getSignatureAlgorithm("ES222") - cmpError(t, err.Error(), `signature algorithm "ES222" is not supported`) + checkErrorEqual(t, `signature algorithm "ES222" is not supported`, err.Error()) } diff --git a/signature/jws/jwt_test.go b/signature/jws/jwt_test.go index 5e1c8b1f..ea956f11 100644 --- a/signature/jws/jwt_test.go +++ b/signature/jws/jwt_test.go @@ -52,12 +52,12 @@ func Test_remoteSigningMethod_Verify(t *testing.T) { func Test_newLocalSigningMethod(t *testing.T) { signer := errorLocalSigner{} _, err := newLocalSigningMethod(&signer) - cmpError(t, err.Error(), `signature algorithm "#0" is not supported`) + checkErrorEqual(t, `signature algorithm "#0" is not supported`, err.Error()) } func Test_newRemoteSigningMethod(t *testing.T) { _, err := newRemoteSigningMethod(&errorLocalSigner{}) - cmpError(t, err.Error(), `signature algorithm "#0" is not supported`) + checkErrorEqual(t, `signature algorithm "#0" is not supported`, err.Error()) } func Test_remoteSigningMethod_CertificateChain(t *testing.T) { @@ -70,7 +70,7 @@ func Test_remoteSigningMethod_CertificateChain(t *testing.T) { t.Fatal(err) } _, err = signingScheme.CertificateChain() - cmpError(t, err.Error(), "remote signing error. Error: certificate chain is not set") + checkErrorEqual(t, "remote signing error. Error: certificate chain is not set", err.Error()) } func Test_remoteSigningMethod_Sign(t *testing.T) { @@ -84,16 +84,16 @@ func Test_remoteSigningMethod_Sign(t *testing.T) { t.Fatal(err) } _, err = signingScheme.Sign("", nil) - cmpError(t, err.Error(), "sign error") + checkErrorEqual(t, "sign error", err.Error()) } func Test_extractJwtAlgorithm(t *testing.T) { _, err := extractJwtAlgorithm(&errorLocalSigner{}) - cmpError(t, err.Error(), `signature algorithm "#0" is not supported`) + checkErrorEqual(t, `signature algorithm "#0" is not supported`, err.Error()) _, err = extractJwtAlgorithm(&errorLocalSigner{ keySpecError: errors.New("get key spec error"), }) - cmpError(t, err.Error(), `get key spec error`) + checkErrorEqual(t, `get key spec error`, err.Error()) } func Test_verifyJWT(t *testing.T) { diff --git a/signature/signaturetest/algorithm.go b/signature/signaturetest/algorithm.go new file mode 100644 index 00000000..93a8e9c2 --- /dev/null +++ b/signature/signaturetest/algorithm.go @@ -0,0 +1,18 @@ +package signaturetest + +import "github.com/notaryproject/notation-core-go/signature" + +// KeyTypes contains supported key type +var KeyTypes = []signature.KeyType{signature.KeyTypeRSA, signature.KeyTypeEC} + +// GetKeySizes returns the supported key size for the named keyType +func GetKeySizes(keyType signature.KeyType) []int { + switch keyType { + case signature.KeyTypeRSA: + return []int{2048, 3072, 4096} + case signature.KeyTypeEC: + return []int{256, 384, 521} + default: + return nil + } +} diff --git a/signature/signaturetest/signer.go b/signature/signaturetest/signer.go new file mode 100644 index 00000000..cdf03d43 --- /dev/null +++ b/signature/signaturetest/signer.go @@ -0,0 +1,52 @@ +package signaturetest + +import ( + "crypto/elliptic" + "crypto/x509" + "fmt" + + "github.com/notaryproject/notation-core-go/signature" + "github.com/notaryproject/notation-core-go/testhelper" +) + +// GetLocalSigner returns the local signer with named keyType and size +func GetLocalSigner(keyType signature.KeyType, size int) (signature.Signer, error) { + switch keyType { + case signature.KeyTypeEC: + switch size { + case 256: + leafCertTuple := testhelper.GetECCertTuple(elliptic.P256()) + certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert} + return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) + case 384: + leafCertTuple := testhelper.GetECCertTuple(elliptic.P384()) + certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert} + return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) + case 521: + leafCertTuple := testhelper.GetECCertTuple(elliptic.P521()) + certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetECRootCertificate().Cert} + return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) + default: + return nil, fmt.Errorf("key size not supported") + } + case signature.KeyTypeRSA: + switch size { + case 2048: + leafCertTuple := testhelper.GetRSACertTuple(2048) + certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert} + return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) + case 3072: + leafCertTuple := testhelper.GetRSACertTuple(3072) + certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert} + return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) + case 4096: + leafCertTuple := testhelper.GetRSACertTuple(4096) + certs := []*x509.Certificate{leafCertTuple.Cert, testhelper.GetRSARootCertificate().Cert} + return signature.NewLocalSigner(certs, leafCertTuple.PrivateKey) + default: + return nil, fmt.Errorf("key size not supported") + } + default: + return nil, fmt.Errorf("keyType not supported") + } +}