registry/manifest/schema1/manifest_test.go
Sebastiaan van Stijn e0281dc609
format code with gofumpt
gofumpt (https://github.com/mvdan/gofumpt) provides a supserset of `gofmt` / `go fmt`,
and addresses various formatting issues that linters may be checking for.

We can consider enabling the `gofumpt` linter to verify the formatting in CI, although
not every developer may have it installed, so for now this runs it once to get formatting
in shape.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-03 22:48:20 +01:00

135 lines
2.7 KiB
Go

package schema1
import (
"bytes"
"encoding/json"
"reflect"
"testing"
"github.com/docker/libtrust"
)
type testEnv struct {
name, tag string
invalidSigned *SignedManifest
signed *SignedManifest
pk libtrust.PrivateKey
}
func TestManifestMarshaling(t *testing.T) {
env := genEnv(t)
// Check that the all field is the same as json.MarshalIndent with these
// parameters.
p, err := json.MarshalIndent(env.signed, "", " ")
if err != nil {
t.Fatalf("error marshaling manifest: %v", err)
}
if !bytes.Equal(p, env.signed.all) {
t.Fatalf("manifest bytes not equal: %q != %q", string(env.signed.all), string(p))
}
}
func TestManifestUnmarshaling(t *testing.T) {
env := genEnv(t)
var signed SignedManifest
if err := json.Unmarshal(env.signed.all, &signed); err != nil {
t.Fatalf("error unmarshaling signed manifest: %v", err)
}
if !reflect.DeepEqual(&signed, env.signed) {
t.Fatalf("manifests are different after unmarshaling: %v != %v", signed, env.signed)
}
}
func TestManifestVerification(t *testing.T) {
env := genEnv(t)
publicKeys, err := Verify(env.signed)
if err != nil {
t.Fatalf("error verifying manifest: %v", err)
}
if len(publicKeys) == 0 {
t.Fatalf("no public keys found in signature")
}
var found bool
publicKey := env.pk.PublicKey()
// ensure that one of the extracted public keys matches the private key.
for _, candidate := range publicKeys {
if candidate.KeyID() == publicKey.KeyID() {
found = true
break
}
}
if !found {
t.Fatalf("expected public key, %v, not found in verified keys: %v", publicKey, publicKeys)
}
// Check that an invalid manifest fails verification
_, err = Verify(env.invalidSigned)
if err != nil {
t.Fatalf("Invalid manifest should not pass Verify()")
}
}
func genEnv(t *testing.T) *testEnv {
pk, err := libtrust.GenerateECP256PrivateKey()
if err != nil {
t.Fatalf("error generating test key: %v", err)
}
name, tag := "foo/bar", "test"
invalid := Manifest{
Versioned: SchemaVersion,
Name: name,
Tag: tag,
FSLayers: []FSLayer{
{
BlobSum: "asdf",
},
{
BlobSum: "qwer",
},
},
}
valid := Manifest{
Versioned: SchemaVersion,
Name: name,
Tag: tag,
FSLayers: []FSLayer{
{
BlobSum: "asdf",
},
},
History: []History{
{
V1Compatibility: "",
},
},
}
sm, err := Sign(&valid, pk)
if err != nil {
t.Fatalf("error signing manifest: %v", err)
}
invalidSigned, err := Sign(&invalid, pk)
if err != nil {
t.Fatalf("error signing manifest: %v", err)
}
return &testEnv{
name: name,
tag: tag,
invalidSigned: invalidSigned,
signed: sm,
pk: pk,
}
}