2024-07-09 15:02:49 +01:00
|
|
|
//go:build e2e
|
|
|
|
|
|
2024-10-17 13:40:17 -05:00
|
|
|
/*
|
2024-10-18 09:25:31 -05:00
|
|
|
Copyright Docker attest authors
|
2024-10-17 13:40:17 -05:00
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
2024-10-18 09:25:31 -05:00
|
|
|
|
2024-07-04 15:32:10 +01:00
|
|
|
package signerverifier
|
|
|
|
|
|
2024-07-09 15:02:49 +01:00
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"crypto/ecdsa"
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/docker/attest/internal/util"
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
)
|
|
|
|
|
|
2024-07-04 15:32:10 +01:00
|
|
|
const publicKeyPEM = `-----BEGIN PUBLIC KEY-----
|
|
|
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMswW3iu7PR/rWTQjlhVmUsPK7rF
|
|
|
|
|
k2s4SO3XbQ2GG2alm289SUUpmBAuVxvT8muYQ8HC/QzixzyTACTXsBDjQg==
|
|
|
|
|
-----END PUBLIC KEY-----`
|
|
|
|
|
|
|
|
|
|
// to run locally, we need to impersonate the GCP service account
|
|
|
|
|
// gcloud auth application-default login --impersonate-service-account attest-kms-test@attest-kms-test.iam.gserviceaccount.com
|
|
|
|
|
|
2024-07-09 15:02:49 +01:00
|
|
|
func TestGCPKMS_Signer(t *testing.T) {
|
|
|
|
|
// create a new signer
|
2024-07-16 10:05:17 +01:00
|
|
|
ctx := context.TODO()
|
2024-07-09 15:02:49 +01:00
|
|
|
ref := "projects/attest-kms-test/locations/us-west1/keyRings/attest-kms-test/cryptoKeys/test-signing-key/cryptoKeyVersions/1"
|
|
|
|
|
signer, err := GetGCPSigner(ctx, ref)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
msg := []byte("hello world")
|
|
|
|
|
hash := util.SHA256(msg)
|
2024-07-04 15:32:10 +01:00
|
|
|
|
2024-07-09 15:02:49 +01:00
|
|
|
// sign message digest
|
|
|
|
|
sig, err := signer.Sign(ctx, hash)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.NotEmpty(t, sig)
|
|
|
|
|
// get Key ID from signer
|
|
|
|
|
keyId, err := signer.KeyID()
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.NotEmpty(t, keyId)
|
2024-08-01 15:35:15 +01:00
|
|
|
publicKey, err := ParsePublicKey([]byte(publicKeyPEM))
|
2024-07-09 15:02:49 +01:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
// verify payload ecdsa signature
|
2024-09-18 13:34:10 +01:00
|
|
|
|
|
|
|
|
ecdsaPublicKey, ok := publicKey.(*ecdsa.PublicKey)
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Fatal("Failed to convert publicKey to *ecdsa.PublicKey")
|
|
|
|
|
}
|
|
|
|
|
ok = ecdsa.VerifyASN1(ecdsaPublicKey, hash, sig)
|
2024-07-09 15:02:49 +01:00
|
|
|
assert.True(t, ok)
|
2024-09-18 13:34:10 +01:00
|
|
|
|
|
|
|
|
err = signer.Verify(ctx, msg, sig)
|
|
|
|
|
require.NoError(t, err)
|
2024-07-09 15:02:49 +01:00
|
|
|
}
|
