summaryrefslogtreecommitdiff
path: root/src/verify_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/verify_test.go')
-rw-r--r--src/verify_test.go134
1 files changed, 58 insertions, 76 deletions
diff --git a/src/verify_test.go b/src/verify_test.go
index b9cc033..fc78ec3 100644
--- a/src/verify_test.go
+++ b/src/verify_test.go
@@ -6,7 +6,6 @@ import (
"fmt"
"io/ioutil"
"os"
- "strconv"
"testing"
)
@@ -31,8 +30,20 @@ func Test_verifyWithKeys(t *testing.T) {
pk = []string{scanner.Text()}
}
+ var (
+ verifyCreatePublicKeyError *VerifyCreatePublicKeyError
+ verifyInvalidSignatureAlgorithmError *VerifyInvalidSignatureAlgorithmError
+ verifyWrongSigFilenameError *VerifyWrongSigFilenameError
+ verifyInvalidTrustedCommentError *VerifyInvalidTrustedCommentError
+ verifyInvalidSignatureFormatError *VerifyInvalidSignatureFormatError
+ verifyInvalidSignatureError *VerifyInvalidSignatureError
+ verifySigTimeEarlierError *VerifySigTimeEarlierError
+ verifyUnknownExpectedFilenameError *VerifyUnknownExpectedFilenameError
+ verifyUnknownKeyError *VerifyUnknownKeyError
+ )
+
tests := []struct {
- result detailedVerifyErrorCode
+ expectedErr interface{}
testName string
signatureFile string
jsonFile string
@@ -40,46 +51,46 @@ func Test_verifyWithKeys(t *testing.T) {
minSignTime uint64
allowedPks []string
}{
- {errInvalidSignatureAlgorithm, "pure", "server_list.json.pure.minisig", "server_list.json", "server_list.json", 10, pk},
-
- {ok, "valid server_list", "server_list.json.minisig", "server_list.json", "server_list.json", 10, pk},
- {ok, "TC no hashed", "server_list.json.tc_nohashed.minisig", "server_list.json", "server_list.json", 10, pk},
- {ok, "TC later time", "server_list.json.tc_latertime.minisig", "server_list.json", "server_list.json", 10, pk},
- {errWrongFileName, "server_list TC file:organization_list", "server_list.json.tc_orglist.minisig", "server_list.json", "server_list.json", 10, pk},
- {errWrongFileName, "organization_list as server_list", "organization_list.json.minisig", "organization_list.json", "server_list.json", 10, pk},
- {errWrongFileName, "TC file:otherfile", "server_list.json.tc_otherfile.minisig", "server_list.json", "server_list.json", 10, pk},
- {errInvalidTrustedComment, "TC no file", "server_list.json.tc_nofile.minisig", "server_list.json", "server_list.json", 10, pk},
- {errInvalidTrustedComment, "TC no time", "server_list.json.tc_notime.minisig", "server_list.json", "server_list.json", 10, pk},
- {errAny, "TC empty time", "server_list.json.tc_emptytime.minisig", "server_list.json", "server_list.json", 10, pk},
- {errAny, "TC empty file", "server_list.json.tc_emptyfile.minisig", "server_list.json", "server_list.json", 10, pk},
- {errInvalidTrustedComment, "TC random", "server_list.json.tc_random.minisig", "server_list.json", "server_list.json", 10, pk},
- {ok, "large time", "server_list.json.large_time.minisig", "server_list.json", "server_list.json", 43e8, pk},
- {ok, "lower min time", "server_list.json.minisig", "server_list.json", "server_list.json", 5, pk},
- {errTooOld, "higher min time", "server_list.json.minisig", "server_list.json", "server_list.json", 11, pk},
-
- {ok, "valid organization_list", "organization_list.json.minisig", "organization_list.json", "organization_list.json", 10, pk},
- {errWrongFileName, "organization_list TC file:server_list", "organization_list.json.tc_servlist.minisig", "organization_list.json", "organization_list.json", 10, pk},
- {errWrongFileName, "server_list as organization_list", "server_list.json.minisig", "server_list.json", "organization_list.json", 10, pk},
-
- {errUnknownExpectedFileName, "valid other_list", "other_list.json.minisig", "other_list.json", "other_list.json", 10, pk},
- {errWrongFileName, "other_list as server_list", "other_list.json.minisig", "other_list.json", "server_list.json", 10, pk},
-
- {errInvalidSignatureFormat, "invalid signature file", "random.txt", "server_list.json", "server_list.json", 10, pk},
- {errInvalidSignatureFormat, "empty signature file", "empty", "server_list.json", "server_list.json", 10, pk},
-
- {errWrongKey, "wrong key", "server_list.json.wrong_key.minisig", "server_list.json", "server_list.json", 10, pk},
-
- {errInvalidSignatureAlgorithm, "forged pure signature", "server_list.json.forged_pure.minisig", "server_list.json.blake2b", "server_list.json", 10, pk},
- {errInvalidSignature, "forged key ID", "server_list.json.forged_keyid.minisig", "server_list.json", "server_list.json", 10, pk},
-
- {errWrongKey, "no allowed keys", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{}},
- {ok, "multiple allowed keys 1", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{
+ {&verifyInvalidSignatureAlgorithmError, "pure", "server_list.json.pure.minisig", "server_list.json", "server_list.json", 10, pk},
+
+ {nil, "valid server_list", "server_list.json.minisig", "server_list.json", "server_list.json", 10, pk},
+ {nil, "TC no hashed", "server_list.json.tc_nohashed.minisig", "server_list.json", "server_list.json", 10, pk},
+ {nil, "TC later time", "server_list.json.tc_latertime.minisig", "server_list.json", "server_list.json", 10, pk},
+ {&verifyWrongSigFilenameError, "server_list TC file:organization_list", "server_list.json.tc_orglist.minisig", "server_list.json", "server_list.json", 10, pk},
+ {&verifyWrongSigFilenameError, "organization_list as server_list", "organization_list.json.minisig", "organization_list.json", "server_list.json", 10, pk},
+ {&verifyWrongSigFilenameError, "TC file:otherfile", "server_list.json.tc_otherfile.minisig", "server_list.json", "server_list.json", 10, pk},
+ {&verifySigTimeEarlierError, "TC no file", "server_list.json.tc_nofile.minisig", "server_list.json", "server_list.json", 10, pk},
+ {&verifySigTimeEarlierError, "TC no time", "server_list.json.tc_notime.minisig", "server_list.json", "server_list.json", 10, pk},
+ {&verifySigTimeEarlierError, "TC empty time", "server_list.json.tc_emptytime.minisig", "server_list.json", "server_list.json", 10, pk},
+ {&verifyInvalidSignatureFormatError, "TC empty file", "server_list.json.tc_emptyfile.minisig", "server_list.json", "server_list.json", 10, pk},
+ {&verifyInvalidTrustedCommentError, "TC random", "server_list.json.tc_random.minisig", "server_list.json", "server_list.json", 10, pk},
+ {nil, "large time", "server_list.json.large_time.minisig", "server_list.json", "server_list.json", 43e8, pk},
+ {nil, "lower min time", "server_list.json.minisig", "server_list.json", "server_list.json", 5, pk},
+ {&verifySigTimeEarlierError, "higher min time", "server_list.json.minisig", "server_list.json", "server_list.json", 11, pk},
+
+ {nil, "valid organization_list", "organization_list.json.minisig", "organization_list.json", "organization_list.json", 10, pk},
+ {&verifyWrongSigFilenameError, "organization_list TC file:server_list", "organization_list.json.tc_servlist.minisig", "organization_list.json", "organization_list.json", 10, pk},
+ {&verifyWrongSigFilenameError, "server_list as organization_list", "server_list.json.minisig", "server_list.json", "organization_list.json", 10, pk},
+
+ {&verifyUnknownExpectedFilenameError, "valid other_list", "other_list.json.minisig", "other_list.json", "other_list.json", 10, pk},
+ {&verifyWrongSigFilenameError, "other_list as server_list", "other_list.json.minisig", "other_list.json", "server_list.json", 10, pk},
+
+ {&verifyInvalidSignatureFormatError, "invalid signature file", "random.txt", "server_list.json", "server_list.json", 10, pk},
+ {&verifyInvalidSignatureFormatError, "empty signature file", "empty", "server_list.json", "server_list.json", 10, pk},
+
+ {&verifyUnknownKeyError, "wrong key", "server_list.json.wrong_key.minisig", "server_list.json", "server_list.json", 10, pk},
+
+ {&verifyInvalidSignatureAlgorithmError, "forged pure signature", "server_list.json.forged_pure.minisig", "server_list.json.blake2b", "server_list.json", 10, pk},
+ {&verifyInvalidSignatureError, "forged key ID", "server_list.json.forged_keyid.minisig", "server_list.json", "server_list.json", 10, pk},
+
+ {&verifyUnknownKeyError, "no allowed keys", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{}},
+ {nil, "multiple allowed keys 1", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{
pk[0], "RWSf0PYToIUJmDlsz21YOXvgQzHj9NSdyJUqEY5ZdfS9GepeXt3+JJRZ",
}},
- {ok, "multiple allowed keys 2", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{
+ {nil, "multiple allowed keys 2", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{
"RWSf0PYToIUJmDlsz21YOXvgQzHj9NSdyJUqEY5ZdfS9GepeXt3+JJRZ", pk[0],
}},
- {errInvalidPublicKey, "invalid allowed key", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{"AAA"}},
+ {&verifyCreatePublicKeyError, "invalid allowed key", "server_list.json.minisig", "server_list.json", "server_list.json", 10, []string{"AAA"}},
}
// Cache file contents in map, mapping file names to contents
@@ -105,7 +116,7 @@ func Test_verifyWithKeys(t *testing.T) {
t.Parallel()
valid, err := verifyWithKeys(string(files[tt.signatureFile]), files[tt.jsonFile],
tt.expectedFileName, tt.minSignTime, tt.allowedPks, forcePrehash)
- compareResults(t, valid, err, int(tt.result), func() string {
+ compareResults(t, valid, err, tt.expectedErr, func() string {
return fmt.Sprintf("verifyWithKeys(%q, %q, %q, %v, %v, %t)",
tt.signatureFile, tt.jsonFile, tt.expectedFileName, tt.minSignTime, tt.allowedPks, forcePrehash)
})
@@ -113,46 +124,17 @@ func Test_verifyWithKeys(t *testing.T) {
}
}
-const (
- ok = -1 // Test should not give an error.
- errAny = -2 // Test should give any error (specific error is an implementation detail).
-)
-
// compareResults compares returned ret, err from a verify function with expected error code expected.
// callStr is called to get the formatted parameters passed to the function.
-func compareResults(t *testing.T, ret bool, err error, expected int, callStr func() string) {
- getCode := func(err error) int {
- switch e := err.(type) {
- case detailedVerifyError:
- return int(e.Code)
- case VerifyError:
- return int(e.Code)
- }
- panic(nil)
- }
-
- if (err == nil) != (expected == ok) || err != nil && expected != errAny && getCode(err) != expected {
- var errMsg string
- if err != nil {
- errMsg = fmt.Sprintf("%v %v (cause %v)", getCode(err), err, errors.Unwrap(err))
- } else {
- errMsg = "<ok>"
- }
-
- var wantErrCode string
- switch expected {
- case ok:
- wantErrCode = "<ok>"
- case errAny:
- wantErrCode = "<any>"
- default:
- wantErrCode = strconv.Itoa(expected)
- }
-
- t.Errorf("%v\nerror = %v, wantErr %v", callStr(), errMsg, wantErrCode)
+func compareResults(t *testing.T, ret bool, err error, expectedErr interface{}, callStr func() string) {
+ // different error returned
+ if expectedErr != nil && !errors.As(err, expectedErr) {
+ t.Errorf("%v\nerror %T = %v, wantErr %T", callStr(), err, err, expectedErr)
return
}
- if ret != (expected == ok) {
- t.Errorf("%v\n= %v, want %v", callStr(), ret, expected == ok)
+ // different boolean returned
+ expectedBool := expectedErr == nil
+ if ret != expectedBool {
+ t.Errorf("%v\n= %v, want %v", callStr(), ret, expectedBool)
}
}