diff --git a/pkg/cosesign1/Makefile b/pkg/cosesign1/Makefile index a13c0e6..8c98213 100755 --- a/pkg/cosesign1/Makefile +++ b/pkg/cosesign1/Makefile @@ -26,6 +26,11 @@ # note test-fail is expected to fail +AUTOPARSE_CHAIN:=0 +ISSUER_DID:="TestIssuer" +FEED:="TestFeed" +DID_FINGERPRINT:="" + all: chain.pem cose test-fail test-pass cose: infra.rego.cose @@ -33,10 +38,10 @@ cose: infra.rego.cose %.pem: $(MAKE) -f Makefile.certs chain.pem +ifeq "$(AUTOPARSE_CHAIN)" "1" ISSUER_DID = $(shell ./sign1util did-x509 -chain chain.pem -policy cn) DID_FINGERPRINT = $(shell ./sign1util did-x509 -chain chain.pem -policy cn | cut -d: -f5) -FEED = acceuroperegistry.azurecr.io/infra - +endif # from these media types have to match containerd. The also need to change and the security policy one ought to be x-ms-ccepolicy-frag # fragment atrifact type = application/x-ms-ccepolicy-frag @@ -124,4 +129,4 @@ test-fail: did-fail clean: $(MAKE) -f Makefile.certs $@ - rm -f infra.rego.base64 infra.rego.cose sign1util + rm -f infra.rego.cose sign1util diff --git a/pkg/cosesign1/cosesign1util_test.go b/pkg/cosesign1/cosesign1util_test.go index 3342b8a..0dd4af8 100644 --- a/pkg/cosesign1/cosesign1util_test.go +++ b/pkg/cosesign1/cosesign1util_test.go @@ -49,13 +49,14 @@ var certChainPEM string func TestMain(m *testing.M) { fmt.Println("Generating files...") - err := exec.Command("make", "chain.pem", "infra.rego.cose").Run() + outputBytes, err := exec.Command("make", "chain.pem", "infra.rego.cose", "leaf.private.pem").CombinedOutput() if err != nil { fmt.Fprintf(os.Stderr, "Failed to build the required test files: %s", err) os.Exit(1) } + fmt.Println(string(outputBytes)) - fragmentRego = readFileStringOrExit("infra.rego.base64") + fragmentRego = readFileStringOrExit("infra.rego") fragmentCose = readFileBytesOrExit("infra.rego.cose") leafPrivatePem = readFileStringOrExit("leaf.private.pem") leafCertPEM = readFileStringOrExit("leaf.cert.pem") @@ -85,7 +86,7 @@ func Test_UnpackAndValidateCannedFragment(t *testing.T) { unpacked, err := UnpackAndValidateCOSE1CertChain(fragmentCose) if err != nil { - t.Errorf("UnpackAndValidateCOSE1CertChain failed: %s", err.Error()) + t.Fatalf("UnpackAndValidateCOSE1CertChain failed: %s", err) } iss := unpacked.Issuer @@ -101,17 +102,17 @@ func Test_UnpackAndValidateCannedFragment(t *testing.T) { if !comparePEMs(pubcert, leafCertPEM) { t.Fatal("pubcert did not match") } - if cty != "application/unknown+json" { - t.Fatal("cty did not match") + if cty != "application/unknown+rego" { + t.Fatalf("cty did not match: %s", cty) } if payload != fragmentRego { t.Fatal("payload did not match") } if iss != "TestIssuer" { - t.Fatal("iss did not match") + t.Fatalf("iss did not match: %s", iss) } if feed != "TestFeed" { - t.Fatal("feed did not match") + t.Fatalf("feed did not match: %s", feed) } } @@ -132,13 +133,13 @@ func Test_UnpackAndValidateCannedFragmentCorrupted(t *testing.T) { // Use CreateCoseSign1 to make a document that should match the one made by the makefile func Test_CreateCoseSign1Fragment(t *testing.T) { - var raw, err = CreateCoseSign1([]byte(fragmentRego), "TestIssuer", "TestFeed", "application/unknown+json", []byte(certChainPEM), []byte(leafPrivatePem), "zero", cose.AlgorithmES384) + var raw, err = CreateCoseSign1([]byte(fragmentRego), "TestIssuer", "TestFeed", "application/unknown+rego", []byte(certChainPEM), []byte(leafPrivatePem), "zero", cose.AlgorithmES384) if err != nil { t.Fatalf("CreateCoseSign1 failed: %s", err) } if len(raw) != len(fragmentCose) { - t.Fatal("created fragment length does not match expected") + t.Fatalf("created fragment length (%d) does not match expected (%d)", len(raw), len(fragmentCose)) } for i := range raw {