fix: re-enable verify tests

As part of the signer registry refactor I commented these tests out to work on some other tests. Turns out I forgot to uncomment and fix these before merging the refactor... Ooops.
in-toto · Aug 7, 2023 · 69d124c · 69d124c
1 parent edaca39
commit 69d124c
Showing 1 changed file with 78 additions and 17 deletions.
diff --git a/cmd/verify_test.go b/cmd/verify_test.go
@@ -14,19 +14,48 @@
 
 package cmd
 
-/*
+import (
+	"bytes"
+	"context"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	witness "github.com/testifysec/go-witness"
+	"github.com/testifysec/go-witness/attestation/commandrun"
+	"github.com/testifysec/go-witness/cryptoutil"
+	"github.com/testifysec/go-witness/dsse"
+	"github.com/testifysec/go-witness/policy"
+	"github.com/testifysec/go-witness/signer"
+	"github.com/testifysec/go-witness/signer/file"
+	"github.com/testifysec/witness/options"
+)
 
 func TestRunVerifyCA(t *testing.T) {
 	ca, intermediates, leafcert, leafkey := fullChain(t)
 
-	ko := options.SignerOptions{
-		KeyPath: leafkey.Name(),
-		IntermediatePaths: []string{
-			intermediates[0].Name(),
+	so := options.SignerOptions{}
+	so["file"] = []func(signer.SignerProvider) (signer.SignerProvider, error){
+		func(sp signer.SignerProvider) (signer.SignerProvider, error) {
+			fsp := sp.(file.FileSignerProvider)
+			fsp.KeyPath = leafkey.Name()
+			fsp.IntermediatePaths = []string{intermediates[0].Name()}
+			fsp.CertPath = leafcert.Name()
+			return fsp, nil
 		},
-		CertPath: leafcert.Name(),
 	}
 
+	signers, err := loadSigners(context.Background(), so, map[string]struct{}{"file": {}})
+	require.NoError(t, err)
+
 	caBytes, err := os.ReadFile(ca.Name())
 	require.NoError(t, err)
 
@@ -51,15 +80,15 @@ func TestRunVerifyCA(t *testing.T) {
 
 	s1FilePath := filepath.Join(attestationDir, "step01.json")
 	s1RunOptions := options.RunOptions{
-		SignerOptions: ko,
+		SignerOptions: so,
 		WorkingDir:    workingDir,
 		Attestations:  []string{},
 		OutFilePath:   s1FilePath,
 		StepName:      "step01",
 		Tracing:       false,
 	}
 
-	require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args))
+	require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args, signers...))
 
 	subjects := []string{}
 	artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256})
@@ -77,15 +106,15 @@ func TestRunVerifyCA(t *testing.T) {
 
 	s2FilePath := filepath.Join(attestationDir, "step02.json")
 	s2RunOptions := options.RunOptions{
-		SignerOptions: ko,
+		SignerOptions: so,
 		WorkingDir:    workingDir,
 		Attestations:  []string{},
 		OutFilePath:   s2FilePath,
 		StepName:      "step02",
 		Tracing:       false,
 	}
 
-	require.NoError(t, runRun(context.Background(), s2RunOptions, step2Args))
+	require.NoError(t, runRun(context.Background(), s2RunOptions, step2Args, signers...))
 
 	vo := options.VerifyOptions{
 		KeyPath:              policyPubFilePath,
@@ -128,10 +157,17 @@ func TestRunVerifyKeyPair(t *testing.T) {
 	funcPrivFilepath := filepath.Join(workingDir, "func-priv.pem")
 	require.NoError(t, os.WriteFile(funcPrivFilepath, funcPriv, 0644))
 
-	keyOptions := options.SignerOptions{
-		KeyPath: funcPrivFilepath,
+	so := options.SignerOptions{}
+	so["file"] = []func(signer.SignerProvider) (signer.SignerProvider, error){
+		func(sp signer.SignerProvider) (signer.SignerProvider, error) {
+			fsp := sp.(file.FileSignerProvider)
+			fsp.KeyPath = funcPrivFilepath
+			return fsp, nil
+		},
 	}
 
+	signers, err := loadSigners(context.Background(), so, map[string]struct{}{"file": {}})
+
 	artifactPath := filepath.Join(workingDir, "test.txt")
 	step1Args := []string{
 		"bash",
@@ -141,15 +177,15 @@ func TestRunVerifyKeyPair(t *testing.T) {
 
 	s1FilePath := filepath.Join(attestationDir, "step01.json")
 	s1RunOptions := options.RunOptions{
-		SignerOptions: keyOptions,
+		SignerOptions: so,
 		WorkingDir:    workingDir,
 		Attestations:  []string{},
 		OutFilePath:   s1FilePath,
 		StepName:      "step01",
 		Tracing:       false,
 	}
 
-	require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args))
+	require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args, signers...))
 
 	subjects := []string{}
 	artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256})
@@ -167,15 +203,15 @@ func TestRunVerifyKeyPair(t *testing.T) {
 
 	s2FilePath := filepath.Join(attestationDir, "step02.json")
 	s2RunOptions := options.RunOptions{
-		SignerOptions: keyOptions,
+		SignerOptions: so,
 		WorkingDir:    workingDir,
 		Attestations:  []string{},
 		OutFilePath:   s2FilePath,
 		StepName:      "step02",
 		Tracing:       false,
 	}
 
-	require.NoError(t, runRun(context.Background(), s2RunOptions, step2Args))
+	require.NoError(t, runRun(context.Background(), s2RunOptions, step2Args, signers...))
 
 	vo := options.VerifyOptions{
 		KeyPath:              policyPubFilePath,
@@ -299,4 +335,29 @@ func makepolicy(t *testing.T, functionary policy.Functionary, publicKey policy.P
 	require.NoError(t, err)
 	return pb
 }
-*/
+
+func createTestRSAKey() (cryptoutil.Signer, cryptoutil.Verifier, []byte, []byte, error) {
+	privKey, err := rsa.GenerateKey(rand.Reader, keybits)
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	signer := cryptoutil.NewRSASigner(privKey, crypto.SHA256)
+	verifier := cryptoutil.NewRSAVerifier(&privKey.PublicKey, crypto.SHA256)
+	keyBytes, err := x509.MarshalPKIXPublicKey(&privKey.PublicKey)
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	pemBytes := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: keyBytes})
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	privKeyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privKey)})
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	return signer, verifier, pemBytes, privKeyBytes, nil
+}