github.com/zntrio/harp/v2@v2.0.9/pkg/container/identity/codec_test.go

github.com/zntrio/harp/v2@v2.0.9/pkg/container/identity/codec_test.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //	http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  package identity
    18  
    19  import (
    20  	"bytes"
    21  	"crypto/rand"
    22  	"testing"
    23  
    24  	"github.com/stretchr/testify/assert"
    25  
    26  	"github.com/zntrio/harp/v2/pkg/container/identity/key"
    27  )
    28  
    29  var (
    30  	v1SecurityIdentity = []byte(`{"@apiVersion":"harp.elastic.co/v1","@kind":"ContainerIdentity","@timestamp":"2021-12-01T22:15:11.144249Z","@description":"security","public":"v1.ipk.7u8B1VFrHyMeWyt8Jzj1Nj2BgVB7z-umD8R-OOnJahE","private":{"content":"ZXlKaGJHY2lPaUpRUWtWVE1pMUlVelV4TWl0Qk1qVTJTMWNpTENKbGJtTWlPaUpCTWpVMlIwTk5JaXdpY0RKaklqbzFNREF3TURFc0luQXljeUk2SW1obU1UVnpUVmRwTmtaMmNUSlVZM0p5TVhReVZtY2lmUS5ZOGtfVXR2dWtmcVRxTE5fQ2l5ajdTejU2dThOYV9uMG1FTG5jMHFCQ1d0MkVqX2VHRk80RmcuN0p2ekhGYkZrRXdXWGxOeC5ycVJLSno1ZWFGajRqSl9wOVAzUVBuUUs3dXhkWUhBOUNIZFUxTEswWkQ3Q2dickJzUDFRRFRTRU1lX3lqbTZVQ1dpNzFUVmxfX3JISVdSR3VDVVpWSE1KMXNtRnR5c2UzdHBURkdnZFRCaVQxTmw4dWlNZ2JiUEN1cHJ4Uy0wUjRGU2dobXFLU0s3TGhRcUxFWFVaNFF0SVliMDd6Y19vMnRZNlVnU3NMaFBlSUFPM1M2WlBwQXFYU3lfSjR3NzEzdFhEU1ZTX2ZuOFJ5MlF2NTJmOHg0cXBiN0Q3NGlTTndOb052Zy5rcHVzTTVoZ21RT3JhS1luNGxTVjZ3"},"signature":"Kq1OJlAOexIvt9TXETYeYGotqqCz8PiqFEYuSbHmJPVBqtYpI2Q_zNE0fO5hs-JdTqG3p6oLiITHK9cYyx2hBw"}`)
    31  	publicOnly         = []byte(`{"@apiVersion":"harp.elastic.co/v1","@kind":"ContainerIdentity","@timestamp":"2021-12-01T20:56:30.832199Z","@description":"security","public":"v1.ipk.PRdbQ8qbrDsfTLA-aeQIdUF0VwnauvWqQF-CXNFp9oM"}`)
    32  	v2SecurityIdentity = []byte(`{"@apiVersion":"harp.elastic.co/v1","@kind":"ContainerIdentity","@timestamp":"2021-12-01T22:15:07.586373Z","@description":"security","public":"v2.ipk.AkLr_HHMO5Loy2bK42mvCADrJ7s2PSYCRTnqDWJV8PCK2EXmu-GTV8HmNJwmA8IJ8Q","private":{"content":"ZXlKaGJHY2lPaUpRUWtWVE1pMUlVelV4TWl0Qk1qVTJTMWNpTENKbGJtTWlPaUpCTWpVMlIwTk5JaXdpY0RKaklqbzFNREF3TURFc0luQXljeUk2SWpCMFozUk5OMm80TmxacFNrWXpjemhYWDBsb05VRWlmUS5QXzVVMTdSR3JSRVg4UHoyNGpRQkQzdGROWGU3ci1UMVh2bnBnT21aMkwweGZXQXNfT2dWcVEuYUpuekZCQTNBWllXSld2TC53SVAtZlRERjN5R0NaRGtldThOM3A1NUZPRF9ZX3QzSV9ubHN2MDVqcWNLdlJLczFfWjVfM2Zhc2Z0cU0tMlRoN25VdDZIaXZWLVB1ckVIQ2hBRENHaF9SZTBySVVwZkV4OHBCcUk4V3BIYTdSYktUTUN3RmNpSDMzeTQxZ1duT1lpN1R1TmJBamhNMjZMdDZZMFN0ekcyRi1FUm9jSWotWklwMDJwcGZjdUpKOU91S1BDOThKTl9ZV3EzcVA2TW55Ym1WTnFFZ1hwdWFVZm9GcTN3ZWlSX2paVkNsRzU5cTBGdWplVHN0UnRzU2xuZFlndTVBTl9LanFWRmluNDBXNGcxZWRMdWZDM1U0UGZhZVMzUlQxSS0wRkVnN0ZGMnE0QVdINy01aF9IQWg4WFR4eXBCTjR3THE1TTd6ZExRLlkzTTlBeDc1bGNYbmNNaGNxV3dOMXc"},"signature":"dpbnMGAPvFbHSjEXs1GMyO8Kmw9cZqTOKI5wAA1ApcO1RXtFGS_GyC1zAtuFDhhVmTWdFzS4HdVg0LEhxBivbqsr_cft_9CR-7uVUPpkb2Hz2d4BkL3yzDo9bkLfllaM"}`)
    33  )
    34  
    35  func TestCodec_New(t *testing.T) {
    36  	t.Run("invalid description", func(t *testing.T) {
    37  		id, pub, err := New(rand.Reader, "é", key.Ed25519)
    38  		assert.Error(t, err)
    39  		assert.Nil(t, pub)
    40  		assert.Nil(t, id)
    41  	})
    42  
    43  	t.Run("ed25519 - invalid random source", func(t *testing.T) {
    44  		id, pub, err := New(bytes.NewBuffer(nil), "test", key.Ed25519)
    45  		assert.Error(t, err)
    46  		assert.Nil(t, pub)
    47  		assert.Nil(t, id)
    48  	})
    49  
    50  	t.Run("p384 - invalid random source", func(t *testing.T) {
    51  		id, pub, err := New(bytes.NewBuffer(nil), "test", key.P384)
    52  		assert.Error(t, err)
    53  		assert.Nil(t, pub)
    54  		assert.Nil(t, id)
    55  	})
    56  
    57  	t.Run("legacy - invalid random source", func(t *testing.T) {
    58  		id, pub, err := New(bytes.NewBuffer(nil), "test", key.Legacy)
    59  		assert.Error(t, err)
    60  		assert.Nil(t, pub)
    61  		assert.Nil(t, id)
    62  	})
    63  
    64  	t.Run("valid - ed25519", func(t *testing.T) {
    65  		id, pub, err := New(bytes.NewBuffer([]byte("deterministic-random-source-for-test-0001")), "security", key.Ed25519)
    66  		assert.NoError(t, err)
    67  		assert.NotNil(t, pub)
    68  		assert.NotNil(t, id)
    69  		assert.Equal(t, "harp.elastic.co/v1", id.APIVersion)
    70  		assert.Equal(t, "security", id.Description)
    71  		assert.Equal(t, "ContainerIdentity", id.Kind)
    72  		assert.Equal(t, "v1.ipk.2BdsL_FTiaLRwyYwlA2urcZ8TLDdisbzBSEp-LUuHos", id.Public)
    73  		assert.Nil(t, id.Private)
    74  		assert.False(t, id.HasPrivateKey())
    75  	})
    76  
    77  	t.Run("valid - p-384", func(t *testing.T) {
    78  		id, pub, err := New(bytes.NewBuffer([]byte("deterministic-random-source-for-test-0001-1ioQiLEbVCm1Y7NfWCf6oNWoV6p5E4spJgRXKQHdV44XcNvqywMnIYYcL8qZ4Wk")), "security", key.P384)
    79  		assert.NoError(t, err)
    80  		assert.NotNil(t, pub)
    81  		assert.NotNil(t, id)
    82  		assert.Equal(t, "harp.elastic.co/v1", id.APIVersion)
    83  		assert.Equal(t, "security", id.Description)
    84  		assert.Equal(t, "ContainerIdentity", id.Kind)
    85  		assert.Equal(t, "v2.ipk.A0X20rlE8Pqp-YoMG8SNOop918AyfoSF_R9Z7MF5vP5nUoc_ZSRWauQR6cL4DqgrRA", id.Public)
    86  		assert.Nil(t, id.Private)
    87  		assert.False(t, id.HasPrivateKey())
    88  	})
    89  
    90  	t.Run("valid - legacy", func(t *testing.T) {
    91  		id, pub, err := New(bytes.NewBuffer([]byte("deterministic-random-source-for-test-0001")), "security", key.Legacy)
    92  		assert.NoError(t, err)
    93  		assert.NotNil(t, pub)
    94  		assert.NotNil(t, id)
    95  		assert.Equal(t, "harp.elastic.co/v1", id.APIVersion)
    96  		assert.Equal(t, "security", id.Description)
    97  		assert.Equal(t, "ContainerIdentity", id.Kind)
    98  		assert.Equal(t, "ZxTKWxgrG341_FxatkkfAxedMtfz1zJzAm6FUmitxHM", id.Public)
    99  		assert.Nil(t, id.Private)
   100  		assert.False(t, id.HasPrivateKey())
   101  	})
   102  }
   103  
   104  func TestCodec_FromReader(t *testing.T) {
   105  	t.Run("nil", func(t *testing.T) {
   106  		id, err := FromReader(nil)
   107  		assert.Error(t, err)
   108  		assert.Nil(t, id)
   109  	})
   110  
   111  	t.Run("empty", func(t *testing.T) {
   112  		id, err := FromReader(bytes.NewReader([]byte("{}")))
   113  		assert.Error(t, err)
   114  		assert.Nil(t, id)
   115  	})
   116  
   117  	t.Run("invalid json", func(t *testing.T) {
   118  		id, err := FromReader(bytes.NewReader([]byte("{")))
   119  		assert.Error(t, err)
   120  		assert.Nil(t, id)
   121  	})
   122  
   123  	t.Run("public key only", func(t *testing.T) {
   124  		id, err := FromReader(bytes.NewReader(publicOnly))
   125  		assert.Error(t, err)
   126  		assert.Nil(t, id)
   127  	})
   128  
   129  	t.Run("valid - v1", func(t *testing.T) {
   130  		id, err := FromReader(bytes.NewReader(v1SecurityIdentity))
   131  		assert.NoError(t, err)
   132  		assert.NotNil(t, id)
   133  	})
   134  
   135  	t.Run("valid - v2", func(t *testing.T) {
   136  		id, err := FromReader(bytes.NewReader(v2SecurityIdentity))
   137  		assert.NoError(t, err)
   138  		assert.NotNil(t, id)
   139  	})
   140  }