github.com/in-toto/in-toto-golang@v0.9.1-0.20240517212500-990269f763cf/in_toto/envelope_test.go (about) 1 package in_toto 2 3 import ( 4 "testing" 5 6 "github.com/secure-systems-lab/go-securesystemslib/dsse" 7 "github.com/stretchr/testify/assert" 8 ) 9 10 func TestEnvelopeSetPayload(t *testing.T) { 11 t.Run("set layout payload", func(t *testing.T) { 12 env := &Envelope{} 13 14 payload := Layout{ 15 Type: "layout", 16 Steps: []Step{}, 17 Inspect: []Inspection{}, 18 Keys: map[string]Key{}, 19 Expires: "2030-01-01T12:00:00Z", 20 Readme: "readme", 21 } 22 23 err := env.SetPayload(payload) 24 assert.Nil(t, err) 25 }) 26 27 t.Run("set link payload", func(t *testing.T) { 28 env := &Envelope{} 29 30 payload := Link{ 31 Type: "link", 32 Name: "test", 33 Materials: map[string]HashObj{}, 34 Products: map[string]HashObj{}, 35 ByProducts: map[string]any{}, 36 Environment: map[string]any{}, 37 Command: []string{}, 38 } 39 err := env.SetPayload(payload) 40 assert.Nil(t, err) 41 }) 42 } 43 44 func TestEnvelopeGetPayload(t *testing.T) { 45 t.Run("get layout payload", func(t *testing.T) { 46 env := &Envelope{} 47 48 payload := Layout{ 49 Type: "layout", 50 Steps: []Step{}, 51 Inspect: []Inspection{}, 52 Keys: map[string]Key{}, 53 Expires: "2030-01-01T12:00:00Z", 54 Readme: "readme", 55 } 56 57 err := env.SetPayload(payload) 58 assert.Nil(t, err) 59 60 storedPayload := env.GetPayload() 61 assert.Equal(t, payload, storedPayload.(Layout)) 62 }) 63 64 t.Run("get link payload", func(t *testing.T) { 65 env := &Envelope{} 66 67 payload := Link{ 68 Type: "link", 69 Name: "test", 70 Materials: map[string]HashObj{}, 71 Products: map[string]HashObj{}, 72 ByProducts: map[string]any{}, 73 Environment: map[string]any{}, 74 Command: []string{}, 75 } 76 err := env.SetPayload(payload) 77 assert.Nil(t, err) 78 79 storedPayload := env.GetPayload() 80 assert.Equal(t, payload, storedPayload.(Link)) 81 }) 82 83 t.Run("get overwritten payload", func(t *testing.T) { 84 env := &Envelope{} 85 86 payload := Link{ 87 Type: "link", 88 Name: "test", 89 Materials: map[string]HashObj{}, 90 Products: map[string]HashObj{}, 91 ByProducts: map[string]any{}, 92 Environment: map[string]any{}, 93 Command: []string{}, 94 } 95 err := env.SetPayload(payload) 96 assert.Nil(t, err) 97 98 storedPayload := env.GetPayload() 99 assert.Equal(t, payload, storedPayload.(Link)) 100 101 newPayload := Layout{ 102 Type: "layout", 103 Steps: []Step{}, 104 Inspect: []Inspection{}, 105 Keys: map[string]Key{}, 106 Expires: "2030-01-01T12:00:00Z", 107 Readme: "readme", 108 } 109 110 err = env.SetPayload(newPayload) 111 assert.Nil(t, err) 112 113 storedPayload = env.GetPayload() 114 assert.Equal(t, newPayload, storedPayload.(Layout)) 115 }) 116 } 117 118 func TestEnvelopeDump(t *testing.T) { 119 env := &Envelope{ 120 envelope: &dsse.Envelope{ 121 PayloadType: PayloadType, 122 Payload: "eyJfdHlwZSI6ICJsYXlvdXQiLCAiZXhwaXJlcyI6ICIyMDMwLTExLTE4VDE2OjA2OjM2WiIsICJpbnNwZWN0IjogW3siX3R5cGUiOiAiaW5zcGVjdGlvbiIsICJleHBlY3RlZF9tYXRlcmlhbHMiOiBbWyJNQVRDSCIsICJmb28udGFyLmd6IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJwYWNrYWdlIl0sIFsiRElTQUxMT1ciLCAiZm9vLnRhci5neiJdXSwgImV4cGVjdGVkX3Byb2R1Y3RzIjogW1siTUFUQ0giLCAiZm9vLnB5IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJ3cml0ZS1jb2RlIl0sIFsiRElTQUxMT1ciLCAiZm9vLnB5Il1dLCAibmFtZSI6ICJ1bnRhciIsICJydW4iOiBbInRhciIsICJ4ZnoiLCAiZm9vLnRhci5neiJdfV0sICJrZXlzIjogeyJiN2Q2NDNkZWMwYTA1MTA5NmVlNWQ4NzIyMWI1ZDkxYTMzZGFhNjU4Njk5ZDMwOTAzZTFjZWZiOTBjNDE4NDAxIjogeyJrZXlpZCI6ICJiN2Q2NDNkZWMwYTA1MTA5NmVlNWQ4NzIyMWI1ZDkxYTMzZGFhNjU4Njk5ZDMwOTAzZTFjZWZiOTBjNDE4NDAxIiwgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsic2hhMjU2IiwgInNoYTUxMiJdLCAia2V5dHlwZSI6ICJyc2EiLCAia2V5dmFsIjogeyJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJvakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBWThBTUlJQmlnS0NBWUVBeUNUaWs5ODk1M2hLbDYrQjZuNWxcbjhEVklEd0RudnJKZnBhc2JKMytSdzY2WWNhd09aaW5ScE14UFRxV0JLczdzUm9wN2pxc1FOY3NsVW9JWkxyWFBcbnIzZm9QSEY0NTVUbHJxUFZmQ1ppRlErTzRDYWZ4V09CNG1MMU5kZHZwRlhURWptVWl3RnJyTDdQY3ZRS01iWXpcbmVVSEg0dEg5TU56cUtXYmJKb2VrQnNEcENESXhwMU5iZ2l2R0JLd2pSR2EyODFzQ2xLZ3BkMFEwZWJsK1JUY1RcbnZwZlpWRGJYYXpRN1ZxWmtpZHQ3Z2VXcTJCaWRPWFpwL2Nqb1h5Vm5lS3gvZ1lpT1V2OHg5NHN2UU16U0VodzJcbkxGTVEwNEExS25HbjFqeE8zNS9mZDYvT1czMm5qeVdzOTZSS3U5VVFWYWNZSHNRZnNBQ1BXd21WcWduWC9zcDVcbnVqbHZTRGp5Zlp1N2M1eVVRMmFzWWZRUEx2bmpHK3U3UWNCdWtHZjhoQWZWZ3NlenpYOVFQaUszNUJLRGdCVS9cblZrNDNyaUpzMTY1VEpHWUdWdUxVaElFaEhnaVF0d284cFVUSlM1bnBFZTVYTUR1Wm9pZ2hOZHpvV1kybmZzQmZcbnA4MzQ4azZ2SnRETUIwOTMvdDZWOXNUR1lRY1NiZ0tQeUVRbzVQazZXZDRaQWdNQkFBRT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLSJ9LCAic2NoZW1lIjogInJzYXNzYS1wc3Mtc2hhMjU2In0sICJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIjogeyJrZXlpZCI6ICJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIiwgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsic2hhMjU2IiwgInNoYTUxMiJdLCAia2V5dHlwZSI6ICJyc2EiLCAia2V5dmFsIjogeyJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeGN6OUF1Y05ia0piUXB3VEhsRUhcblJCK2grTWtZS1FqdzA2SWdaOFRYbFhHcXA1cGR3VEhJNW41aUZvbDAvcmtzbWlaeGF0SHdodGg3cnlZTkMzVmtcbjlnL0xBczlFNjB5V3l0aVNnVjkzRUt2NjVibWhZcWlTQWtKZHlhUEt2Q2I3Y0c5NzlCNGUrSFZwZFZ4NnM3RXhcbklvYURSWWNYM1ZJdDZWMjUvU1F6NWlOVWVWbGIrK1F0U2ZRRkVmM2xIYXVvRmhXWm9Dc2UyNG5XdFlabyszVXRcbnVUbXh5Z3A3dFUvOU5tWWIyQlhFZlVDZGdqb0NRMVVzRkxCUVE0aGFJZEpOT3RSRmw4S05ZMDl6Yk1VaWpLSWVcblgwWnZnVDg3N0xVdE15eWRLUEVvMDQvdTNERXI5WmJhL1NrSHc0M2pZRS9vamxYZWlrNXVWakxTcjNzSkxEU1Bcbkh3SURBUUFCXG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0ifSwgInNjaGVtZSI6ICJyc2Fzc2EtcHNzLXNoYTI1NiJ9fSwgInJlYWRtZSI6ICIiLCAic3RlcHMiOiBbeyJfdHlwZSI6ICJzdGVwIiwgImV4cGVjdGVkX2NvbW1hbmQiOiBbXSwgImV4cGVjdGVkX21hdGVyaWFscyI6IFtdLCAiZXhwZWN0ZWRfcHJvZHVjdHMiOiBbWyJBTExPVyIsICJmb28ucHkiXV0sICJuYW1lIjogIndyaXRlLWNvZGUiLCAicHVia2V5cyI6IFsiYjdkNjQzZGVjMGEwNTEwOTZlZTVkODcyMjFiNWQ5MWEzM2RhYTY1ODY5OWQzMDkwM2UxY2VmYjkwYzQxODQwMSJdLCAidGhyZXNob2xkIjogMX0sIHsiX3R5cGUiOiAic3RlcCIsICJleHBlY3RlZF9jb21tYW5kIjogWyJ0YXIiLCAiemN2ZiIsICJmb28udGFyLmd6IiwgImZvby5weSJdLCAiZXhwZWN0ZWRfbWF0ZXJpYWxzIjogW1siTUFUQ0giLCAiZm9vLnB5IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJ3cml0ZS1jb2RlIl0sIFsiRElTQUxMT1ciLCAiKiJdXSwgImV4cGVjdGVkX3Byb2R1Y3RzIjogW1siQUxMT1ciLCAiZm9vLnRhci5neiJdLCBbIkFMTE9XIiwgImZvby5weSJdXSwgIm5hbWUiOiAicGFja2FnZSIsICJwdWJrZXlzIjogWyJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIl0sICJ0aHJlc2hvbGQiOiAxfV19", 123 Signatures: []dsse.Signature{ 124 { 125 KeyID: "70ca5750c2eda80b18f41f4ec5f92146789b5d68dd09577be422a0159bd13680", 126 Sig: "m5eJXn/whrDdgJ94u8pYI5BVUnQGpjkTQkhqjrB1nD0XFQ6+doHZLCZRzWwxO670vhZMxhLP6kPl5CK4yL42niG0+09tzKlAOsVAMnTsleJNkn6wy5SHsWBTELqlTvDyNs81FdhdEonvbm2zrQs6a0qstMVabBpkwPNVNf0jK463PAFU9jXwFV2dPDdqUCKoy7TcDi6kZOeNmXNANXhV5PGY6wh+FNAuxTWnTHMKGLiSnSyao92y8yKu+fxy4KoZkm923IQyYxSRNZT4DYTnehYDL3tJnDebWRssknZyZIuq9+aTAh7ospe8+Ak4CurdtAHjR7QBugR5iwCUIBKuww==", 127 }, 128 }, 129 }, 130 } 131 132 existing := "demo.dsse.layout" 133 tmp := existing + ".tmp" 134 135 if err := env.Dump(tmp); err != nil { 136 t.Error(err) 137 } 138 139 savedMetadata, err := LoadMetadata(existing) 140 if err != nil { 141 t.Error(err) 142 } 143 144 assert.Equal(t, env.envelope, savedMetadata.(*Envelope).envelope) 145 146 tmpMetadata, err := LoadMetadata(tmp) 147 if err != nil { 148 t.Error(err) 149 } 150 151 assert.Equal(t, env.envelope, tmpMetadata.(*Envelope).envelope) 152 } 153 154 func TestEnvelopeVerifySignature(t *testing.T) { 155 env, err := LoadMetadata("demo.dsse.layout") 156 if err != nil { 157 t.Fatal(err) 158 } 159 160 t.Run("successful signature verification", func(t *testing.T) { 161 var key Key 162 if err := key.LoadKey("alice.pub", "rsassa-pss-sha256", []string{"sha256", "sha512"}); err != nil { 163 t.Fatal(err) 164 } 165 166 err = env.VerifySignature(key) 167 assert.Nil(t, err) 168 }) 169 170 t.Run("fail signature verification", func(t *testing.T) { 171 var key Key 172 if err := key.LoadKey("carol.pub", "ed25519", []string{"sha256", "sha512"}); err != nil { 173 t.Fatal(err) 174 } 175 176 err = env.VerifySignature(key) 177 assert.NotNil(t, err) 178 }) 179 180 t.Run("invalid key", func(t *testing.T) { 181 key := Key{ 182 KeyID: "invalid", 183 KeyType: "invalid", 184 } 185 186 err := env.VerifySignature(key) 187 assert.ErrorIs(t, err, ErrUnsupportedKeyType) 188 }) 189 } 190 191 func TestEnvelopeSign(t *testing.T) { 192 env := &Envelope{ 193 envelope: &dsse.Envelope{ 194 PayloadType: PayloadType, 195 Payload: "eyJfdHlwZSI6ICJsYXlvdXQiLCAiZXhwaXJlcyI6ICIyMDMwLTExLTE4VDE2OjA2OjM2WiIsICJpbnNwZWN0IjogW3siX3R5cGUiOiAiaW5zcGVjdGlvbiIsICJleHBlY3RlZF9tYXRlcmlhbHMiOiBbWyJNQVRDSCIsICJmb28udGFyLmd6IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJwYWNrYWdlIl0sIFsiRElTQUxMT1ciLCAiZm9vLnRhci5neiJdXSwgImV4cGVjdGVkX3Byb2R1Y3RzIjogW1siTUFUQ0giLCAiZm9vLnB5IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJ3cml0ZS1jb2RlIl0sIFsiRElTQUxMT1ciLCAiZm9vLnB5Il1dLCAibmFtZSI6ICJ1bnRhciIsICJydW4iOiBbInRhciIsICJ4ZnoiLCAiZm9vLnRhci5neiJdfV0sICJrZXlzIjogeyJiN2Q2NDNkZWMwYTA1MTA5NmVlNWQ4NzIyMWI1ZDkxYTMzZGFhNjU4Njk5ZDMwOTAzZTFjZWZiOTBjNDE4NDAxIjogeyJrZXlpZCI6ICJiN2Q2NDNkZWMwYTA1MTA5NmVlNWQ4NzIyMWI1ZDkxYTMzZGFhNjU4Njk5ZDMwOTAzZTFjZWZiOTBjNDE4NDAxIiwgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsic2hhMjU2IiwgInNoYTUxMiJdLCAia2V5dHlwZSI6ICJyc2EiLCAia2V5dmFsIjogeyJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJvakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBWThBTUlJQmlnS0NBWUVBeUNUaWs5ODk1M2hLbDYrQjZuNWxcbjhEVklEd0RudnJKZnBhc2JKMytSdzY2WWNhd09aaW5ScE14UFRxV0JLczdzUm9wN2pxc1FOY3NsVW9JWkxyWFBcbnIzZm9QSEY0NTVUbHJxUFZmQ1ppRlErTzRDYWZ4V09CNG1MMU5kZHZwRlhURWptVWl3RnJyTDdQY3ZRS01iWXpcbmVVSEg0dEg5TU56cUtXYmJKb2VrQnNEcENESXhwMU5iZ2l2R0JLd2pSR2EyODFzQ2xLZ3BkMFEwZWJsK1JUY1RcbnZwZlpWRGJYYXpRN1ZxWmtpZHQ3Z2VXcTJCaWRPWFpwL2Nqb1h5Vm5lS3gvZ1lpT1V2OHg5NHN2UU16U0VodzJcbkxGTVEwNEExS25HbjFqeE8zNS9mZDYvT1czMm5qeVdzOTZSS3U5VVFWYWNZSHNRZnNBQ1BXd21WcWduWC9zcDVcbnVqbHZTRGp5Zlp1N2M1eVVRMmFzWWZRUEx2bmpHK3U3UWNCdWtHZjhoQWZWZ3NlenpYOVFQaUszNUJLRGdCVS9cblZrNDNyaUpzMTY1VEpHWUdWdUxVaElFaEhnaVF0d284cFVUSlM1bnBFZTVYTUR1Wm9pZ2hOZHpvV1kybmZzQmZcbnA4MzQ4azZ2SnRETUIwOTMvdDZWOXNUR1lRY1NiZ0tQeUVRbzVQazZXZDRaQWdNQkFBRT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLSJ9LCAic2NoZW1lIjogInJzYXNzYS1wc3Mtc2hhMjU2In0sICJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIjogeyJrZXlpZCI6ICJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIiwgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsic2hhMjU2IiwgInNoYTUxMiJdLCAia2V5dHlwZSI6ICJyc2EiLCAia2V5dmFsIjogeyJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeGN6OUF1Y05ia0piUXB3VEhsRUhcblJCK2grTWtZS1FqdzA2SWdaOFRYbFhHcXA1cGR3VEhJNW41aUZvbDAvcmtzbWlaeGF0SHdodGg3cnlZTkMzVmtcbjlnL0xBczlFNjB5V3l0aVNnVjkzRUt2NjVibWhZcWlTQWtKZHlhUEt2Q2I3Y0c5NzlCNGUrSFZwZFZ4NnM3RXhcbklvYURSWWNYM1ZJdDZWMjUvU1F6NWlOVWVWbGIrK1F0U2ZRRkVmM2xIYXVvRmhXWm9Dc2UyNG5XdFlabyszVXRcbnVUbXh5Z3A3dFUvOU5tWWIyQlhFZlVDZGdqb0NRMVVzRkxCUVE0aGFJZEpOT3RSRmw4S05ZMDl6Yk1VaWpLSWVcblgwWnZnVDg3N0xVdE15eWRLUEVvMDQvdTNERXI5WmJhL1NrSHc0M2pZRS9vamxYZWlrNXVWakxTcjNzSkxEU1Bcbkh3SURBUUFCXG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0ifSwgInNjaGVtZSI6ICJyc2Fzc2EtcHNzLXNoYTI1NiJ9fSwgInJlYWRtZSI6ICIiLCAic3RlcHMiOiBbeyJfdHlwZSI6ICJzdGVwIiwgImV4cGVjdGVkX2NvbW1hbmQiOiBbXSwgImV4cGVjdGVkX21hdGVyaWFscyI6IFtdLCAiZXhwZWN0ZWRfcHJvZHVjdHMiOiBbWyJBTExPVyIsICJmb28ucHkiXV0sICJuYW1lIjogIndyaXRlLWNvZGUiLCAicHVia2V5cyI6IFsiYjdkNjQzZGVjMGEwNTEwOTZlZTVkODcyMjFiNWQ5MWEzM2RhYTY1ODY5OWQzMDkwM2UxY2VmYjkwYzQxODQwMSJdLCAidGhyZXNob2xkIjogMX0sIHsiX3R5cGUiOiAic3RlcCIsICJleHBlY3RlZF9jb21tYW5kIjogWyJ0YXIiLCAiemN2ZiIsICJmb28udGFyLmd6IiwgImZvby5weSJdLCAiZXhwZWN0ZWRfbWF0ZXJpYWxzIjogW1siTUFUQ0giLCAiZm9vLnB5IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJ3cml0ZS1jb2RlIl0sIFsiRElTQUxMT1ciLCAiKiJdXSwgImV4cGVjdGVkX3Byb2R1Y3RzIjogW1siQUxMT1ciLCAiZm9vLnRhci5neiJdLCBbIkFMTE9XIiwgImZvby5weSJdXSwgIm5hbWUiOiAicGFja2FnZSIsICJwdWJrZXlzIjogWyJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIl0sICJ0aHJlc2hvbGQiOiAxfV19", 196 Signatures: []dsse.Signature{}, 197 }, 198 } 199 200 var key Key 201 if err := key.LoadKey("carol", "ed25519", []string{"sha256", "sha512"}); err != nil { 202 t.Fatal(err) 203 } 204 205 t.Run("valid ed25519 key", func(t *testing.T) { 206 if err := env.Sign(key); err != nil { 207 t.Fatal(err) 208 } 209 210 assert.Equal(t, "be6371bc627318218191ce0780fd3183cce6c36da02938a477d2e4dfae1804a6", env.envelope.Signatures[0].KeyID) 211 assert.Equal(t, "HeacKZDQD+EIYz1dLJ2NpXxcG70tn62BOzcxnAArFSKJcWIL0qcyzvdtpSJQ0pOyq8lBxMk5nIRO0Kr89SZoBA==", env.envelope.Signatures[0].Sig) 212 }) 213 214 t.Run("invalid key", func(t *testing.T) { 215 key := Key{ 216 KeyID: "invalid", 217 KeyType: "invalid", 218 } 219 220 err := env.Sign(key) 221 assert.ErrorIs(t, err, ErrUnsupportedKeyType) 222 }) 223 224 t.Run("invalid payload", func(t *testing.T) { 225 env.envelope.Payload = "abcdef" 226 227 err := env.Sign(key) 228 assert.ErrorContains(t, err, "unable to base64 decode payload") 229 }) 230 } 231 232 func TestEnvelopeGetSignatureForKeyID(t *testing.T) { 233 env := &Envelope{ 234 envelope: &dsse.Envelope{ 235 PayloadType: PayloadType, 236 Payload: "eyJfdHlwZSI6ICJsYXlvdXQiLCAiZXhwaXJlcyI6ICIyMDMwLTExLTE4VDE2OjA2OjM2WiIsICJpbnNwZWN0IjogW3siX3R5cGUiOiAiaW5zcGVjdGlvbiIsICJleHBlY3RlZF9tYXRlcmlhbHMiOiBbWyJNQVRDSCIsICJmb28udGFyLmd6IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJwYWNrYWdlIl0sIFsiRElTQUxMT1ciLCAiZm9vLnRhci5neiJdXSwgImV4cGVjdGVkX3Byb2R1Y3RzIjogW1siTUFUQ0giLCAiZm9vLnB5IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJ3cml0ZS1jb2RlIl0sIFsiRElTQUxMT1ciLCAiZm9vLnB5Il1dLCAibmFtZSI6ICJ1bnRhciIsICJydW4iOiBbInRhciIsICJ4ZnoiLCAiZm9vLnRhci5neiJdfV0sICJrZXlzIjogeyJiN2Q2NDNkZWMwYTA1MTA5NmVlNWQ4NzIyMWI1ZDkxYTMzZGFhNjU4Njk5ZDMwOTAzZTFjZWZiOTBjNDE4NDAxIjogeyJrZXlpZCI6ICJiN2Q2NDNkZWMwYTA1MTA5NmVlNWQ4NzIyMWI1ZDkxYTMzZGFhNjU4Njk5ZDMwOTAzZTFjZWZiOTBjNDE4NDAxIiwgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsic2hhMjU2IiwgInNoYTUxMiJdLCAia2V5dHlwZSI6ICJyc2EiLCAia2V5dmFsIjogeyJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJvakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBWThBTUlJQmlnS0NBWUVBeUNUaWs5ODk1M2hLbDYrQjZuNWxcbjhEVklEd0RudnJKZnBhc2JKMytSdzY2WWNhd09aaW5ScE14UFRxV0JLczdzUm9wN2pxc1FOY3NsVW9JWkxyWFBcbnIzZm9QSEY0NTVUbHJxUFZmQ1ppRlErTzRDYWZ4V09CNG1MMU5kZHZwRlhURWptVWl3RnJyTDdQY3ZRS01iWXpcbmVVSEg0dEg5TU56cUtXYmJKb2VrQnNEcENESXhwMU5iZ2l2R0JLd2pSR2EyODFzQ2xLZ3BkMFEwZWJsK1JUY1RcbnZwZlpWRGJYYXpRN1ZxWmtpZHQ3Z2VXcTJCaWRPWFpwL2Nqb1h5Vm5lS3gvZ1lpT1V2OHg5NHN2UU16U0VodzJcbkxGTVEwNEExS25HbjFqeE8zNS9mZDYvT1czMm5qeVdzOTZSS3U5VVFWYWNZSHNRZnNBQ1BXd21WcWduWC9zcDVcbnVqbHZTRGp5Zlp1N2M1eVVRMmFzWWZRUEx2bmpHK3U3UWNCdWtHZjhoQWZWZ3NlenpYOVFQaUszNUJLRGdCVS9cblZrNDNyaUpzMTY1VEpHWUdWdUxVaElFaEhnaVF0d284cFVUSlM1bnBFZTVYTUR1Wm9pZ2hOZHpvV1kybmZzQmZcbnA4MzQ4azZ2SnRETUIwOTMvdDZWOXNUR1lRY1NiZ0tQeUVRbzVQazZXZDRaQWdNQkFBRT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLSJ9LCAic2NoZW1lIjogInJzYXNzYS1wc3Mtc2hhMjU2In0sICJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIjogeyJrZXlpZCI6ICJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIiwgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsic2hhMjU2IiwgInNoYTUxMiJdLCAia2V5dHlwZSI6ICJyc2EiLCAia2V5dmFsIjogeyJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeGN6OUF1Y05ia0piUXB3VEhsRUhcblJCK2grTWtZS1FqdzA2SWdaOFRYbFhHcXA1cGR3VEhJNW41aUZvbDAvcmtzbWlaeGF0SHdodGg3cnlZTkMzVmtcbjlnL0xBczlFNjB5V3l0aVNnVjkzRUt2NjVibWhZcWlTQWtKZHlhUEt2Q2I3Y0c5NzlCNGUrSFZwZFZ4NnM3RXhcbklvYURSWWNYM1ZJdDZWMjUvU1F6NWlOVWVWbGIrK1F0U2ZRRkVmM2xIYXVvRmhXWm9Dc2UyNG5XdFlabyszVXRcbnVUbXh5Z3A3dFUvOU5tWWIyQlhFZlVDZGdqb0NRMVVzRkxCUVE0aGFJZEpOT3RSRmw4S05ZMDl6Yk1VaWpLSWVcblgwWnZnVDg3N0xVdE15eWRLUEVvMDQvdTNERXI5WmJhL1NrSHc0M2pZRS9vamxYZWlrNXVWakxTcjNzSkxEU1Bcbkh3SURBUUFCXG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0ifSwgInNjaGVtZSI6ICJyc2Fzc2EtcHNzLXNoYTI1NiJ9fSwgInJlYWRtZSI6ICIiLCAic3RlcHMiOiBbeyJfdHlwZSI6ICJzdGVwIiwgImV4cGVjdGVkX2NvbW1hbmQiOiBbXSwgImV4cGVjdGVkX21hdGVyaWFscyI6IFtdLCAiZXhwZWN0ZWRfcHJvZHVjdHMiOiBbWyJBTExPVyIsICJmb28ucHkiXV0sICJuYW1lIjogIndyaXRlLWNvZGUiLCAicHVia2V5cyI6IFsiYjdkNjQzZGVjMGEwNTEwOTZlZTVkODcyMjFiNWQ5MWEzM2RhYTY1ODY5OWQzMDkwM2UxY2VmYjkwYzQxODQwMSJdLCAidGhyZXNob2xkIjogMX0sIHsiX3R5cGUiOiAic3RlcCIsICJleHBlY3RlZF9jb21tYW5kIjogWyJ0YXIiLCAiemN2ZiIsICJmb28udGFyLmd6IiwgImZvby5weSJdLCAiZXhwZWN0ZWRfbWF0ZXJpYWxzIjogW1siTUFUQ0giLCAiZm9vLnB5IiwgIldJVEgiLCAiUFJPRFVDVFMiLCAiRlJPTSIsICJ3cml0ZS1jb2RlIl0sIFsiRElTQUxMT1ciLCAiKiJdXSwgImV4cGVjdGVkX3Byb2R1Y3RzIjogW1siQUxMT1ciLCAiZm9vLnRhci5neiJdLCBbIkFMTE9XIiwgImZvby5weSJdXSwgIm5hbWUiOiAicGFja2FnZSIsICJwdWJrZXlzIjogWyJkM2ZmZDEwODY5MzhiMzY5ODYxOGFkZjA4OGJmMTRiMTNkYjRjOGFlMTllNGU3OGQ3M2RhNDllZTg4NDkyNzEwIl0sICJ0aHJlc2hvbGQiOiAxfV19", 237 Signatures: []dsse.Signature{ 238 { 239 KeyID: "testKeyID1", 240 Sig: "dummy sig 1", 241 }, 242 { 243 KeyID: "testKeyID2", 244 Sig: "dummy sig 2", 245 }, 246 }, 247 }, 248 } 249 250 sig, err := env.GetSignatureForKeyID("testKeyID1") 251 assert.Nil(t, err) 252 assert.Equal(t, Signature{KeyID: "testKeyID1", Sig: "dummy sig 1"}, sig) 253 254 sig, err = env.GetSignatureForKeyID("testKeyID2") 255 assert.Nil(t, err) 256 assert.Equal(t, Signature{KeyID: "testKeyID2", Sig: "dummy sig 2"}, sig) 257 258 _, err = env.GetSignatureForKeyID("unknown") 259 assert.ErrorContains(t, err, "no signature found for key") 260 }