From d06a838e0d28d6d24e2d2bd3a04edd4b0163c893 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 24 Jun 2024 12:54:41 +0800 Subject: [PATCH] added more tests Signed-off-by: Patrick Zheng --- verifier/helpers_test.go | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/verifier/helpers_test.go b/verifier/helpers_test.go index 24dc44a0..e732afd6 100644 --- a/verifier/helpers_test.go +++ b/verifier/helpers_test.go @@ -114,6 +114,33 @@ func TestIsCriticalFailure(t *testing.T) { } } +func TestLoadX509TSATrustStores(t *testing.T) { + policyDoc := trustpolicy.Document{ + Version: "1.0", + TrustPolicies: []trustpolicy.TrustPolicy{ + { + Name: "testTSA", + RegistryScopes: []string{"*"}, + SignatureVerification: trustpolicy.SignatureVerification{VerificationLevel: "strict"}, + TrustStores: []string{"tsa:test-timestamp"}, + TrustedIdentities: []string{"*"}, + }, + }, + } + dir.UserConfigDir = "testdata" + x509truststore := truststore.NewX509TrustStore(dir.ConfigFS()) + _, err := loadX509TSATrustStores(context.Background(), signature.SigningSchemeX509, &policyDoc.TrustPolicies[0], x509truststore) + if err != nil { + t.Fatalf("TestLoadX509TrustStore should not throw error for a valid trust store. Error: %v", err) + } + + _, err = loadX509TSATrustStores(context.Background(), signature.SigningSchemeX509SigningAuthority, &policyDoc.TrustPolicies[0], x509truststore) + expectedErrMsg := "error while loading the TSA trust store, signing scheme must be notary.x509, but got notary.x509.signingAuthority" + if err == nil || err.Error() != expectedErrMsg { + t.Fatalf("expected %s, but got %s", expectedErrMsg, err) + } +} + func getArtifactDigestFromReference(artifactReference string) (string, error) { invalidUriErr := fmt.Errorf("artifact URI %q could not be parsed, make sure it is the fully qualified OCI artifact URI without the scheme/protocol. e.g domain.com:80/my/repository@sha256:digest", artifactReference) i := strings.LastIndex(artifactReference, "@")