testsign

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package testsign implements both a mock and fake type for testing the endorsement signing code paths.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtendManifest 

func ExtendManifest(initial, key, path, primarySigningKey string) []byte

ExtendManifest creates a textproto based on an initial textproto with extensions to the entries and a possible modification to the primary signing key version name.

func Init 

func Init(t testing.TB, s **nonprod.Signer, opts *Options) func()

Init returns a thunk that sets the given signer pointer to a testsign.Signer.

func MakeSigner 

func MakeSigner(_ context.Context, opts *Options) (*nonprod.Signer, error)

MakeSigner creates a new Signer with signer keys of the given names.

func RootRand 

func RootRand() io.Reader

RootRand is a test-only deterministic source of randomness for use with the root key.

func SignerRand 

func SignerRand() io.Reader

SignerRand is a test-only deterministic source of randomness for use with the signer key.

Types

type FakeMutation 

type FakeMutation struct {
	Root     string
	Signer   string
	RootCert *x509.Certificate
	Certs    map[string]*x509.Certificate
}

FakeMutation manages changes to the MockSigner through the CertificateAuthorityMutation interface.

func (*FakeMutation) AddSigningKeyCert 

func (m *FakeMutation) AddSigningKeyCert(keyVersionName string, cert *x509.Certificate)

AddSigningKeyCert adds a certificate for the given keyVersionName to the CA.

func (*FakeMutation) SetPrimaryRootKeyVersion 

func (m *FakeMutation) SetPrimaryRootKeyVersion(keyVersionName string)

SetPrimaryRootKeyVersion updates the mutation object to change the primary root key version to the given one.

func (*FakeMutation) SetPrimarySigningKeyVersion 

func (m *FakeMutation) SetPrimarySigningKeyVersion(keyVersionName string)

SetPrimarySigningKeyVersion updates the mutation object to change the primary signing key version to the given one.

func (*FakeMutation) SetRootKeyCert 

func (m *FakeMutation) SetRootKeyCert(cert *x509.Certificate)

SetRootKeyCert changes the CA's stored root certificate to cert.

type KeyInfo 

type KeyInfo struct {
	// CommonName is the key's certificate subject common name.
	CommonName string
	// KeyVersionName is the key's unique name (path) for use in signing requests.
	KeyVersionName string
}

KeyInfo represents configurable parts of a fake signer's representation of a key.

func (KeyInfo) Nonprod 

func (k KeyInfo) Nonprod(serialNumber int64) nonprod.Key

Nonprod returns the nonprod signer's key representation from test-only key metadata.

type MockSigner 

type MockSigner struct {
	Certificates map[string][]byte
	CABundles    map[string][]byte
	// Signatures maps a key name to a map of hex-encoded toSign bytes to its signature bytes
	Signatures        map[string]map[string][]byte
	PublicKeys        map[string][]byte
	RootKeyVersion    string
	SigningKeyVersion string
	PrepareErr        error
}

MockSigner implements the CertificateAuthority and Signer interfaces to parrot back results.

func (*MockSigner) CABundle 

func (m *MockSigner) CABundle(_ context.Context, keyName string) ([]byte, error)

CABundle returns the CA chain of certificates for certifying the given key's certificate.

func (*MockSigner) Certificate 

func (m *MockSigner) Certificate(_ context.Context, keyVersionName string) ([]byte, error)

Certificate returns the certificate of the given keyVersionName.

func (*MockSigner) Finalize 

func (m *MockSigner) Finalize(_ context.Context, mutation styp.CertificateAuthorityMutation) error

Finalize completes any unflushed changes that the given mutation represents. The mutation object should be the same type as NewMutation returns.

func (*MockSigner) NewMutation 

func (m *MockSigner) NewMutation() styp.CertificateAuthorityMutation

NewMutation returns an object that manages changes to the CA's persistent state.

func (*MockSigner) PrepareResources 

func (m *MockSigner) PrepareResources(context.Context) error

PrepareResources ensures all necessary resources are present for the CA to function. This is needed for bootstrapping.

func (*MockSigner) PrimaryRootKeyVersion 

func (m *MockSigner) PrimaryRootKeyVersion(_ context.Context) (string, error)

PrimaryRootKeyVersion returns the keyVersionName of the active root key.

func (*MockSigner) PrimarySigningKeyVersion 

func (m *MockSigner) PrimarySigningKeyVersion(_ context.Context) (string, error)

PrimarySigningKeyVersion returns the keyVersionName of the active signing key.

func (*MockSigner) PublicKey 

func (m *MockSigner) PublicKey(_ context.Context, keyVersionName string) ([]byte, error)

PublicKey returns the PEM encoded public key for the named key.

func (*MockSigner) Sign 

func (m *MockSigner) Sign(_ context.Context, keyVersionName string, toSign []byte) ([]byte, error)

Sign signs the given data with the named key version.

func (*MockSigner) Wipeout 

func (m *MockSigner) Wipeout(context.Context) error

Wipeout removes all certificates and keys from the mock.

type Options 

type Options struct {
	Now               time.Time
	Random            io.Reader
	CA                styp.CertificateAuthority
	Root              KeyInfo
	PrimarySigningKey KeyInfo
	SigningKeys       []KeyInfo
}

Options carries all the configurable components for a non-production in-memory signer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.