github.com/mika/distribution@v2.2.2-0.20160108133430-a75790e3d8e0+incompatible/manifest/schema1/manifest_test.go

github.com/mika/distribution@v2.2.2-0.20160108133430-a75790e3d8e0+incompatible/manifest/schema1/manifest_test.go (about)

     1  package schema1
     2  
     3  import (
     4  	"bytes"
     5  	"encoding/json"
     6  	"reflect"
     7  	"testing"
     8  
     9  	"github.com/docker/libtrust"
    10  )
    11  
    12  type testEnv struct {
    13  	name, tag     string
    14  	invalidSigned *SignedManifest
    15  	signed        *SignedManifest
    16  	pk            libtrust.PrivateKey
    17  }
    18  
    19  func TestManifestMarshaling(t *testing.T) {
    20  	env := genEnv(t)
    21  
    22  	// Check that the all field is the same as json.MarshalIndent with these
    23  	// parameters.
    24  	p, err := json.MarshalIndent(env.signed, "", "   ")
    25  	if err != nil {
    26  		t.Fatalf("error marshaling manifest: %v", err)
    27  	}
    28  
    29  	if !bytes.Equal(p, env.signed.all) {
    30  		t.Fatalf("manifest bytes not equal: %q != %q", string(env.signed.all), string(p))
    31  	}
    32  }
    33  
    34  func TestManifestUnmarshaling(t *testing.T) {
    35  	env := genEnv(t)
    36  
    37  	var signed SignedManifest
    38  	if err := json.Unmarshal(env.signed.all, &signed); err != nil {
    39  		t.Fatalf("error unmarshaling signed manifest: %v", err)
    40  	}
    41  
    42  	if !reflect.DeepEqual(&signed, env.signed) {
    43  		t.Fatalf("manifests are different after unmarshaling: %v != %v", signed, env.signed)
    44  	}
    45  
    46  }
    47  
    48  func TestManifestVerification(t *testing.T) {
    49  	env := genEnv(t)
    50  
    51  	publicKeys, err := Verify(env.signed)
    52  	if err != nil {
    53  		t.Fatalf("error verifying manifest: %v", err)
    54  	}
    55  
    56  	if len(publicKeys) == 0 {
    57  		t.Fatalf("no public keys found in signature")
    58  	}
    59  
    60  	var found bool
    61  	publicKey := env.pk.PublicKey()
    62  	// ensure that one of the extracted public keys matches the private key.
    63  	for _, candidate := range publicKeys {
    64  		if candidate.KeyID() == publicKey.KeyID() {
    65  			found = true
    66  			break
    67  		}
    68  	}
    69  
    70  	if !found {
    71  		t.Fatalf("expected public key, %v, not found in verified keys: %v", publicKey, publicKeys)
    72  	}
    73  
    74  	// Check that an invalid manifest fails verification
    75  	_, err = Verify(env.invalidSigned)
    76  	if err != nil {
    77  		t.Fatalf("Invalid manifest should not pass Verify()")
    78  	}
    79  }
    80  
    81  func genEnv(t *testing.T) *testEnv {
    82  	pk, err := libtrust.GenerateECP256PrivateKey()
    83  	if err != nil {
    84  		t.Fatalf("error generating test key: %v", err)
    85  	}
    86  
    87  	name, tag := "foo/bar", "test"
    88  
    89  	invalid := Manifest{
    90  		Versioned: SchemaVersion,
    91  		Name:      name,
    92  		Tag:       tag,
    93  		FSLayers: []FSLayer{
    94  			{
    95  				BlobSum: "asdf",
    96  			},
    97  			{
    98  				BlobSum: "qwer",
    99  			},
   100  		},
   101  	}
   102  
   103  	valid := Manifest{
   104  		Versioned: SchemaVersion,
   105  		Name:      name,
   106  		Tag:       tag,
   107  		FSLayers: []FSLayer{
   108  			{
   109  				BlobSum: "asdf",
   110  			},
   111  		},
   112  		History: []History{
   113  			{
   114  				V1Compatibility: "",
   115  			},
   116  		},
   117  	}
   118  
   119  	sm, err := Sign(&valid, pk)
   120  	if err != nil {
   121  		t.Fatalf("error signing manifest: %v", err)
   122  	}
   123  
   124  	invalidSigned, err := Sign(&invalid, pk)
   125  	if err != nil {
   126  		t.Fatalf("error signing manifest: %v", err)
   127  	}
   128  
   129  	return &testEnv{
   130  		name:          name,
   131  		tag:           tag,
   132  		invalidSigned: invalidSigned,
   133  		signed:        sm,
   134  		pk:            pk,
   135  	}
   136  }