@@ -25,70 +25,58 @@ import (
2525 "github.com/stretchr/testify/require"
2626)
2727
28- // Guards against the double-base64 bug in https://github.com/chainloop-dev/chainloop/issues/1832.
29- func TestBundleFromDSSEEnvelopeDecodesSignature ( t * testing. T ) {
30- rawSig : = []byte { 0x30 , 0x44 , 0x02 , 0x20 , 0xAA , 0xBB , 0xCC , 0xDD }
31- rawPayload := [] byte ( `{"_type":"statement"}` )
28+ var (
29+ testRawSig = [] byte { 0x30 , 0x44 , 0x02 , 0x20 , 0xAA , 0xBB , 0xCC , 0xDD }
30+ testRawPayload = []byte ( `{"_type":"statement"}` )
31+ )
3232
33- env := & dsse.Envelope {
33+ func newTestEnvelope (t * testing.T ) * dsse.Envelope {
34+ t .Helper ()
35+ return & dsse.Envelope {
3436 PayloadType : "application/vnd.in-toto+json" ,
35- Payload : base64 .StdEncoding .EncodeToString (rawPayload ),
37+ Payload : base64 .StdEncoding .EncodeToString (testRawPayload ),
3638 Signatures : []dsse.Signature {
37- {KeyID : "key-1" , Sig : base64 .StdEncoding .EncodeToString (rawSig )},
39+ {KeyID : "key-1" , Sig : base64 .StdEncoding .EncodeToString (testRawSig )},
3840 },
3941 }
42+ }
4043
41- bundle , err := attestation .BundleFromDSSEEnvelope (env )
44+ // Guards against the double-base64 bug in https://github.com/chainloop-dev/chainloop/issues/1832.
45+ func TestBundleFromDSSEEnvelopeDecodesSignature (t * testing.T ) {
46+ bundle , err := attestation .BundleFromDSSEEnvelope (newTestEnvelope (t ))
4247 require .NoError (t , err )
4348
4449 gotEnv := bundle .GetDsseEnvelope ()
45- assert .Equal (t , rawPayload , gotEnv .GetPayload ())
50+ assert .Equal (t , testRawPayload , gotEnv .GetPayload ())
4651 require .Len (t , gotEnv .GetSignatures (), 1 )
47- assert .Equal (t , rawSig , gotEnv .GetSignatures ()[0 ].GetSig ())
52+ assert .Equal (t , testRawSig , gotEnv .GetSignatures ()[0 ].GetSig ())
4853 assert .Equal (t , "key-1" , gotEnv .GetSignatures ()[0 ].GetKeyid ())
4954}
5055
51- func TestBundleRoundTripWithFixedSignature (t * testing.T ) {
52- rawSig := []byte {0x30 , 0x44 , 0x02 , 0x20 , 0xAA , 0xBB , 0xCC , 0xDD }
53- encodedSig := base64 .StdEncoding .EncodeToString (rawSig )
54-
55- env := & dsse.Envelope {
56- PayloadType : "application/vnd.in-toto+json" ,
57- Payload : base64 .StdEncoding .EncodeToString ([]byte ("payload" )),
58- Signatures : []dsse.Signature {
59- {KeyID : "key-1" , Sig : encodedSig },
60- },
61- }
56+ func TestBundleFromDSSEEnvelopeNoSignatures (t * testing.T ) {
57+ env := newTestEnvelope (t )
58+ env .Signatures = nil
59+ _ , err := attestation .BundleFromDSSEEnvelope (env )
60+ require .Error (t , err )
61+ }
6262
63- bundle , err := attestation .BundleFromDSSEEnvelope (env )
63+ func TestFixSignatureInBundleIsNoOpOnFixedBundles (t * testing.T ) {
64+ bundle , err := attestation .BundleFromDSSEEnvelope (newTestEnvelope (t ))
6465 require .NoError (t , err )
6566
6667 before := bundle .GetDsseEnvelope ().GetSignatures ()[0 ].GetSig ()
6768 attestation .FixSignatureInBundle (bundle )
68- assert .Equal (t , before , bundle .GetDsseEnvelope ().GetSignatures ()[0 ].GetSig (),
69- "FixSignatureInBundle should be a no-op on properly formed bundles" )
70-
71- gotEnv := attestation .DSSEEnvelopeFromBundle (bundle )
72- assert .Equal (t , encodedSig , gotEnv .Signatures [0 ].Sig )
69+ assert .Equal (t , before , bundle .GetDsseEnvelope ().GetSignatures ()[0 ].GetSig ())
7370}
7471
7572func TestFixSignatureInBundleRepairsLegacyBundles (t * testing.T ) {
76- rawSig := []byte {0x30 , 0x44 , 0x02 , 0x20 , 0xAA , 0xBB , 0xCC , 0xDD }
77- encodedSig := base64 .StdEncoding .EncodeToString (rawSig )
78-
79- env := & dsse.Envelope {
80- PayloadType : "application/vnd.in-toto+json" ,
81- Payload : base64 .StdEncoding .EncodeToString ([]byte ("payload" )),
82- Signatures : []dsse.Signature {
83- {KeyID : "key-1" , Sig : encodedSig },
84- },
85- }
86- bundle , err := attestation .BundleFromDSSEEnvelope (env )
73+ bundle , err := attestation .BundleFromDSSEEnvelope (newTestEnvelope (t ))
8774 require .NoError (t , err )
8875
8976 // Simulate the legacy bug: signature is stored as the ASCII bytes of the base64 string.
77+ encodedSig := base64 .StdEncoding .EncodeToString (testRawSig )
9078 bundle .GetDsseEnvelope ().GetSignatures ()[0 ].Sig = []byte (encodedSig )
9179
9280 attestation .FixSignatureInBundle (bundle )
93- assert .Equal (t , rawSig , bundle .GetDsseEnvelope ().GetSignatures ()[0 ].GetSig ())
81+ assert .Equal (t , testRawSig , bundle .GetDsseEnvelope ().GetSignatures ()[0 ].GetSig ())
9482}
0 commit comments