github.com/freiheit-com/kuberpult@v1.24.2-0.20240328135542-315d5630abe6/services/cd-service/pkg/repository/certificates_test.go (about) 1 /*This file is part of kuberpult. 2 3 Kuberpult is free software: you can redistribute it and/or modify 4 it under the terms of the Expat(MIT) License as published by 5 the Free Software Foundation. 6 7 Kuberpult is distributed in the hope that it will be useful, 8 but WITHOUT ANY WARRANTY; without even the implied warranty of 9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 MIT License for more details. 11 12 You should have received a copy of the MIT License 13 along with kuberpult. If not, see <https://directory.fsf.org/wiki/License:Expat>. 14 15 Copyright 2023 freiheit.com*/ 16 17 package repository 18 19 import ( 20 "context" 21 "fmt" 22 "os" 23 "path/filepath" 24 "testing" 25 26 git "github.com/libgit2/git2go/v34" 27 ) 28 29 const example_known_hosts = "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=" 30 31 func TestCertificateStore(t *testing.T) { 32 tcs := []struct { 33 Name string 34 KnownHosts string 35 Host string 36 HashSHA256 [32]byte 37 Expected error 38 }{ 39 { 40 Name: "github.com working example", 41 KnownHosts: example_known_hosts, 42 Host: "github.com", 43 HashSHA256: [32]uint8{0x9d, 0x38, 0x5b, 0x83, 0xa9, 0x17, 0x52, 0x92, 0x56, 0x1a, 0x5e, 0xc4, 0xd4, 0x81, 0x8e, 0xa, 0xca, 0x51, 0xa2, 0x64, 0xf1, 0x74, 0x20, 0x11, 0x2e, 0xf8, 0x8a, 0xc3, 0xa1, 0x39, 0x49, 0x8f}, 44 Expected: nil, 45 }, 46 { 47 Name: "github.com bad hash", 48 KnownHosts: example_known_hosts, 49 Host: "github.com", 50 HashSHA256: [32]uint8{}, 51 Expected: fmt.Errorf("certificates error"), 52 }, 53 { 54 Name: "github.com wrong hostname", 55 KnownHosts: example_known_hosts, 56 Host: "gitlab.com", 57 HashSHA256: [32]uint8{0x9d, 0x38, 0x5b, 0x83, 0xa9, 0x17, 0x52, 0x92, 0x56, 0x1a, 0x5e, 0xc4, 0xd4, 0x81, 0x8e, 0xa, 0xca, 0x51, 0xa2, 0x64, 0xf1, 0x74, 0x20, 0x11, 0x2e, 0xf8, 0x8a, 0xc3, 0xa1, 0x39, 0x49, 0x8f}, 58 Expected: fmt.Errorf("certificates error"), 59 }, 60 } 61 for _, tc := range tcs { 62 tc := tc 63 t.Run(tc.Name, func(t *testing.T) { 64 t.Parallel() 65 file := writeFile(t, tc.KnownHosts) 66 certs := Certificates{ 67 KnownHostsFile: file, 68 } 69 store, err := certs.load() 70 if err != nil { 71 t.Fatal(err) 72 } 73 cert := git.Certificate{ 74 Kind: git.CertificateHostkey, 75 Hostkey: git.HostkeyCertificate{ 76 HashSHA256: tc.HashSHA256, 77 }, 78 } 79 cb := store.CertificateCheckCallback(context.Background()) 80 result := cb(&cert, false, tc.Host) 81 if result == nil && tc.Expected != nil { 82 t.Errorf(" Expected an error but got nil %s", tc.Expected) 83 } 84 if tc.Expected != nil && result != nil && result.Error() != tc.Expected.Error() { 85 t.Errorf("wrong check result: expected %s, actual %s", tc.Expected, result) 86 } 87 }) 88 } 89 } 90 91 func writeFile(t *testing.T, content string) string { 92 d := t.TempDir() 93 p := filepath.Join(d, "ssh_known_hosts") 94 file, err := os.OpenFile(p, os.O_CREATE|os.O_WRONLY, 0666) 95 if err != nil { 96 t.Fatal(err) 97 } 98 defer file.Close() 99 fmt.Fprint(file, content) 100 return p 101 }