github.com/venafi/vsign@v1.0.3-0.20240401203238-73aa00d811aa/test/e2e_test.go (about) 1 package test 2 3 import ( 4 "context" 5 "os" 6 "path/filepath" 7 "testing" 8 9 "github.com/spf13/pflag" 10 "github.com/venafi/vsign/cmd/vsign/cli/options" 11 "github.com/venafi/vsign/cmd/vsign/cli/sign" 12 "github.com/venafi/vsign/cmd/vsign/cli/verify" 13 c "github.com/venafi/vsign/pkg/crypto" 14 "github.com/venafi/vsign/pkg/venafi/tpp" 15 "github.com/venafi/vsign/pkg/vsign" 16 17 // Initialize signer providers 18 _ "github.com/venafi/vsign/pkg/plugin/signers/generic" 19 _ "github.com/venafi/vsign/pkg/plugin/signers/jar" 20 _ "github.com/venafi/vsign/pkg/plugin/signers/pdf" 21 _ "github.com/venafi/vsign/pkg/plugin/signers/xml" 22 ) 23 24 func TestSignVerifyCleanGeneric(t *testing.T) { 25 ctx := context.Background() 26 27 wd, err := os.Getwd() 28 if err != nil { 29 t.Fatal(err) 30 } 31 32 if err := os.Chdir("./"); err != nil { 33 t.Fatal(err) 34 } 35 defer func() { 36 os.Chdir(wd) 37 }() 38 39 configPath := filepath.Join("./", "config.ini") 40 payloadPath := filepath.Join("./", "payload.txt") 41 42 //Test RSAPKCS SHA256 43 signaturePath := filepath.Join("./", "testrsa2048sha256.sig") 44 publicKeyPath := filepath.Join("./", "rsa2048-cert.pub") 45 46 fs := pflag.NewFlagSet("sign", pflag.ContinueOnError) 47 fs.String("config", configPath, "config") 48 fs.String("payload", payloadPath, "payload") 49 fs.String("output-signature", signaturePath, "signature") 50 fs.String("digest", "sha256", "digest") 51 fs.Int("mechanism", 64, "mechanism") 52 53 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: 64, Digest: "sha256"}, nil), t) 54 must(verify.VerifyCmd(ctx, options.VerifyOptions{SignaturePath: signaturePath, PayloadPath: payloadPath, PublicKeyPath: publicKeyPath, Digest: "sha256"}, nil), t) 55 } 56 57 func TestJWKSLookupAndCertRetrievalPKS(t *testing.T) { 58 cfg, err := vsign.BuildConfig(context.TODO(), "config.ini") 59 if err != nil { 60 t.Error("error building config") 61 } 62 connector, err := vsign.NewClient(&cfg) 63 if err != nil { 64 t.Error("error") 65 } 66 env, err := connector.GetEnvironment() 67 if err != nil { 68 t.Error(err) 69 } 70 cert, err := c.ParseCertificates(env.CertificateChainData) 71 if err != nil { 72 t.Error(err) 73 } 74 url, err := connector.GetJwksX5u(cert[0]) 75 if err != nil { 76 t.Error(err) 77 } 78 _, err = tpp.GetPKSCertificate(url) 79 if err != nil { 80 t.Error(err) 81 } 82 } 83 84 func TestJarSign(t *testing.T) { 85 86 ctx := context.Background() 87 88 configPath := filepath.Join("./", "config.ini") 89 payloadPath := filepath.Join("./", "hello.jar") 90 println(payloadPath) 91 92 //Test RSAPKCS SHA256 93 signaturePath := filepath.Join("./", "hello-signed.jar") 94 //publicKeyPath := filepath.Join("../../../../test/", "rsa2048-cert.pub") 95 96 fs := pflag.NewFlagSet("sign", pflag.ContinueOnError) 97 fs.String("config", configPath, "config") 98 fs.String("payload", payloadPath, "payload") 99 fs.String("output-signature", signaturePath, "signature") 100 fs.String("digest", "sha256", "digest") 101 fs.Int("mechanism", 1, "mechanism") 102 103 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: 1, Digest: "sha256"}, nil), t) 104 must(verify.VerifyCmd(ctx, options.VerifyOptions{Config: configPath, SignaturePath: signaturePath, Digest: "sha256"}, nil), t) 105 106 // Verification using jarsigner 107 // jarsigner -verify hello-signed.jar 108 } 109 110 func TestXMLSign(t *testing.T) { 111 ctx := context.Background() 112 113 //Test RSAPKCS SHA256 114 configPath := filepath.Join("./", "config.ini") 115 payloadPath := filepath.Join("./", "payloadnosig-rsasha2.xml") 116 println(payloadPath) 117 118 signaturePath := filepath.Join("./", "payloadnosig-rsasha256.xml.signed") 119 //publicKeyPath := filepath.Join("../../../../test/", "rsa2048-cert.pub") 120 121 fs := pflag.NewFlagSet("sign", pflag.ContinueOnError) 122 fs.String("config", configPath, "config") 123 fs.String("payload", payloadPath, "payload") 124 fs.String("output-signature", signaturePath, "signature") 125 fs.String("digest", "sha256", "digest") 126 fs.Int("mechanism", c.RsaPkcs, "mechanism") 127 128 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: c.RsaPkcs, Digest: "sha256"}, nil), t) 129 must(verify.VerifyCmd(ctx, options.VerifyOptions{Config: configPath, SignaturePath: signaturePath, PayloadPath: payloadPath, Digest: "sha256"}, nil), t) 130 131 //Test RSAPKCS SHA1 132 configPath = filepath.Join("./", "config.ini") 133 payloadPath = filepath.Join("./", "payloadnosig-rsasha1.xml") 134 println(payloadPath) 135 136 signaturePath = filepath.Join("./", "payloadnosig-rsasha1.xml.signed") 137 //publicKeyPath := filepath.Join("../../../../test/", "rsa2048-cert.pub") 138 139 fs = pflag.NewFlagSet("sign", pflag.ContinueOnError) 140 fs.String("config", configPath, "config") 141 fs.String("payload", payloadPath, "payload") 142 fs.String("output-signature", signaturePath, "signature") 143 fs.String("digest", "sha1", "digest") 144 fs.Int("mechanism", c.RsaPkcs, "mechanism") 145 146 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: c.RsaPkcs, Digest: "sha1"}, nil), t) 147 must(verify.VerifyCmd(ctx, options.VerifyOptions{Config: configPath, SignaturePath: signaturePath, PayloadPath: payloadPath, Digest: "sha1"}, nil), t) 148 149 //Test ECDSA SHA256 150 configPath = filepath.Join("./", "config-ecdsa.ini") 151 payloadPath = filepath.Join("./", "payloadnosig-ecdsasha256.xml") 152 println(payloadPath) 153 154 signaturePath = filepath.Join("./", "payloadnosig-ecdsasha256.xml.signed") 155 //publicKeyPath := filepath.Join("../../../../test/", "rsa2048-cert.pub") 156 157 fs = pflag.NewFlagSet("sign", pflag.ContinueOnError) 158 fs.String("config", configPath, "config") 159 fs.String("payload", payloadPath, "payload") 160 fs.String("output-signature", signaturePath, "signature") 161 fs.String("digest", "sha256", "digest") 162 fs.Int("mechanism", c.EcDsa, "mechanism") 163 164 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: c.EcDsa, Digest: "sha256"}, nil), t) 165 must(verify.VerifyCmd(ctx, options.VerifyOptions{Config: configPath, SignaturePath: signaturePath, PayloadPath: payloadPath, Digest: "sha256"}, nil), t) 166 167 } 168 169 func TestPDFSign(t *testing.T) { 170 ctx := context.Background() 171 172 //Test RSAPKCS SHA256 173 configPath := filepath.Join("./", "config.ini") 174 payloadPath := filepath.Join("./", "dummy.pdf") 175 signaturePath := filepath.Join("./", "dummy-signed-rsasha256.pdf") 176 177 fs := pflag.NewFlagSet("sign", pflag.ContinueOnError) 178 fs.String("config", configPath, "config") 179 fs.String("payload", payloadPath, "payload") 180 fs.String("output-signature", signaturePath, "signature") 181 fs.String("digest", "sha256", "digest") 182 fs.Int("mechanism", c.RsaPkcs, "mechanism") 183 fs.String("name", "John Doe", "name") 184 fs.String("location", "Palo Alto", "location") 185 fs.String("reason", "Testing", "reason") 186 fs.String("contact", "johndoe@example.com", "contact") 187 fs.String("tsa", "http://timestamp.digicert.com", "tsa") 188 189 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: c.RsaPkcs, Digest: "sha256"}, nil), t) 190 must(verify.VerifyCmd(ctx, options.VerifyOptions{Config: configPath, SignaturePath: signaturePath, PayloadPath: payloadPath, Digest: "sha256"}, nil), t) 191 192 //Test RSAPKCS SHA1 193 signaturePath = filepath.Join("./", "dummy-signed-rsasha1.pdf") 194 195 fs = pflag.NewFlagSet("sign", pflag.ContinueOnError) 196 fs.String("config", configPath, "config") 197 fs.String("payload", payloadPath, "payload") 198 fs.String("output-signature", signaturePath, "signature") 199 fs.String("digest", "sha1", "digest") 200 fs.Int("mechanism", c.RsaPkcs, "mechanism") 201 fs.String("name", "John Doe", "name") 202 fs.String("location", "Palo Alto", "location") 203 fs.String("reason", "Testing", "reason") 204 fs.String("contact", "johndoe@example.com", "contact") 205 fs.String("tsa", "http://timestamp.digicert.com", "tsa") 206 207 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: c.RsaPkcs, Digest: "sha1"}, nil), t) 208 must(verify.VerifyCmd(ctx, options.VerifyOptions{Config: configPath, SignaturePath: signaturePath, PayloadPath: payloadPath, Digest: "sha1"}, nil), t) 209 210 //Test ECDSA SHA256 211 configPath = filepath.Join("./", "config-ecdsa.ini") 212 signaturePath = filepath.Join("./", "dummy-signed-ecdsasha256.pdf") 213 214 fs = pflag.NewFlagSet("sign", pflag.ContinueOnError) 215 fs.String("config", configPath, "config") 216 fs.String("payload", payloadPath, "payload") 217 fs.String("output-signature", signaturePath, "signature") 218 fs.String("digest", "sha256", "digest") 219 fs.Int("mechanism", c.EcDsa, "mechanism") 220 fs.String("name", "John Doe", "name") 221 fs.String("location", "Palo Alto", "location") 222 fs.String("reason", "Testing", "reason") 223 fs.String("contact", "johndoe@example.com", "contact") 224 fs.String("tsa", "http://timestamp.digicert.com", "tsa") 225 226 must(sign.SignCmd(ctx, fs, options.SignOptions{Config: configPath, OutputSignature: signaturePath, ImageRef: "", PayloadPath: payloadPath, Mechanism: c.EcDsa, Digest: "sha256"}, nil), t) 227 must(verify.VerifyCmd(ctx, options.VerifyOptions{Config: configPath, SignaturePath: signaturePath, PayloadPath: payloadPath, Digest: "sha256"}, nil), t) 228 229 } 230 231 func must(err error, t *testing.T) { 232 t.Helper() 233 if err != nil { 234 t.Fatal(err) 235 } 236 }