-
Dan Lorenc authoredI noticed this when running some tests locally.
Dan Lorenc authoredI noticed this when running some tests locally.
e2e_test.go 6.14 KiB
// +build e2e
package e2e
import (
"encoding/json"
"io/ioutil"
"path/filepath"
"strconv"
"strings"
"testing"
"time"
)
func TestDuplicates(t *testing.T) {
artifactPath := filepath.Join(t.TempDir(), "artifact")
sigPath := filepath.Join(t.TempDir(), "signature.asc")
createdSignedArtifact(t, artifactPath, sigPath)
// Write the public key to a file
pubPath := filepath.Join(t.TempDir(), "pubKey.asc")
if err := ioutil.WriteFile(pubPath, []byte(publicKey), 0644); err != nil {
t.Fatal(err)
}
// Now upload to rekor!
out := runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
outputContains(t, out, "Created entry at")
// Now upload the same one again, we should get a dupe entry.
out = runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
outputContains(t, out, "Entry already exists")
// Now do a new one, we should get a new entry
createdSignedArtifact(t, artifactPath, sigPath)
out = runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
outputContains(t, out, "Created entry at")
}
func TestUploadVerifyRekord(t *testing.T) {
// Create a random artifact and sign it.
artifactPath := filepath.Join(t.TempDir(), "artifact")
sigPath := filepath.Join(t.TempDir(), "signature.asc")
createdSignedArtifact(t, artifactPath, sigPath)
// Write the public key to a file
pubPath := filepath.Join(t.TempDir(), "pubKey.asc")
if err := ioutil.WriteFile(pubPath, []byte(publicKey), 0644); err != nil {
t.Fatal(err)
}
// Verify should fail initially
runCliErr(t, "verify", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
// It should upload successfully.
out := runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
outputContains(t, out, "Created entry at")
// We have to wait some time for the log to get signed and included.
time.Sleep(3 * time.Second)
// Now we should be able to verify it.
out = runCli(t, "verify", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
outputContains(t, out, "Inclusion Proof:")
}
func TestUploadVerifyRpm(t *testing.T) {
// Create a random rpm and sign it.
td := t.TempDir()
rpmPath := filepath.Join(td, "rpm")
createSignedRpm(t, rpmPath)
// Write the public key to a file
pubPath := filepath.Join(t.TempDir(), "pubKey.asc")
if err := ioutil.WriteFile(pubPath, []byte(publicKey), 0644); err != nil {
t.Fatal(err)
}
// Verify should fail initially
runCliErr(t, "verify", "--type=rpm", "--artifact", rpmPath, "--public-key", pubPath)
// It should upload successfully.
out := runCli(t, "upload", "--type=rpm", "--artifact", rpmPath, "--public-key", pubPath)
outputContains(t, out, "Created entry at")
// We have to wait some time for the log to get signed and included.
time.Sleep(3 * time.Second)
// Now we should be able to verify it.
out = runCli(t, "verify", "--type=rpm", "--artifact", rpmPath, "--public-key", pubPath)
outputContains(t, out, "Inclusion Proof:")
}
func TestLogInfo(t *testing.T) {
// TODO: figure out some way to check the length, add something, and make sure the length increments!
out := runCli(t, "loginfo")
outputContains(t, out, "Verification Successful!")
}
func TestGet(t *testing.T) {
// Create something and add it to the log
artifactPath := filepath.Join(t.TempDir(), "artifact")
sigPath := filepath.Join(t.TempDir(), "signature.asc")
createdSignedArtifact(t, artifactPath, sigPath)
// Write the public key to a file
pubPath := filepath.Join(t.TempDir(), "pubKey.asc")
if err := ioutil.WriteFile(pubPath, []byte(publicKey), 0644); err != nil {
t.Fatal(err)
}
out := runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
outputContains(t, out, "Created entry at")
// Wait a second for the entry to be added.
time.Sleep(1 * time.Second)
// Output looks like "Created entry at $URL/UUID", so grab the UUID:
url := strings.Split(strings.TrimSpace(out), " ")[3]
splitUrl := strings.Split(url, "/")
uuid := splitUrl[len(splitUrl)-1]
out = runCli(t, "get", "--format=json", "--uuid", uuid)
// The output here should be in JSON with this structure:
g := struct {
Body string
LogIndex int
IntegratedTime int64
}{}
if err := json.Unmarshal([]byte(out), &g); err != nil {
t.Error(err)
}
if g.IntegratedTime == 0 {
t.Errorf("Expected IntegratedTime to be set. Got %s", out) }
// Get it with the logindex as well
runCli(t, "get", "--format=json", "--log-index", strconv.Itoa(g.LogIndex))
// check index via the file and public key to ensure that the index has updated correctly
out = runCli(t, "search", "--artifact", artifactPath)
outputContains(t, out, uuid)
out = runCli(t, "search", "--public-key", pubPath)
outputContains(t, out, uuid)
}
func TestMinisign(t *testing.T) {
// Create a keypair
keyPath := filepath.Join(t.TempDir(), "minisign.key")
pubPath := filepath.Join(t.TempDir(), "minisign.pub")
// Set an empty password, we have to hit enter twice to confirm
run(t, "\n\n", "minisign", "-G", "-s", keyPath, "-p", pubPath)
// Create a random artifact and sign it.
artifactPath := filepath.Join(t.TempDir(), "artifact")
sigPath := filepath.Join(t.TempDir(), "signature.asc")
createArtifact(t, artifactPath)
// Send in one empty password over stdin
out := run(t, "\n", "minisign", "-S", "-s", keyPath, "-m", artifactPath, "-x", sigPath)
t.Log(out)
// Now upload to the log!
out = runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath,
"--public-key", pubPath, "--pki-format", "minisign")
outputContains(t, out, "Created entry at")
// Output looks like "Created entry at $URL/UUID", so grab the UUID:
url := strings.Split(strings.TrimSpace(out), " ")[3]
splitUrl := strings.Split(url, "/")
uuid := splitUrl[len(splitUrl)-1]
// Wait and check it.
time.Sleep(3 * time.Second)
out = runCli(t, "verify", "--artifact", artifactPath, "--signature", sigPath,
"--public-key", pubPath, "--pki-format", "minisign")
outputContains(t, out, "Inclusion Proof")
out = runCli(t, "search", "--public-key", pubPath, "--pki-format", "minisign")
outputContains(t, out, uuid)
}