(t *testing.T)
| 1911 | } |
| 1912 | |
| 1913 | func TestPickSignatureAlgorithmRespectsSignerPreference(t *testing.T) { |
| 1914 | algoSigner, ok := testSigners["rsa"].(AlgorithmSigner) |
| 1915 | if !ok { |
| 1916 | t.Fatalf("rsa test signer does not implement the AlgorithmSigner interface") |
| 1917 | } |
| 1918 | |
| 1919 | serverExtensions := map[string][]byte{ |
| 1920 | "server-sig-algs": []byte(KeyAlgoRSASHA256 + "," + KeyAlgoRSASHA512), |
| 1921 | } |
| 1922 | |
| 1923 | tests := []struct { |
| 1924 | name string |
| 1925 | signerPrefs []string |
| 1926 | expectedAlgo string |
| 1927 | }{ |
| 1928 | { |
| 1929 | name: "Signer prefers SHA512 then SHA256", |
| 1930 | signerPrefs: []string{KeyAlgoRSASHA512, KeyAlgoRSASHA256}, |
| 1931 | expectedAlgo: KeyAlgoRSASHA512, |
| 1932 | }, |
| 1933 | { |
| 1934 | name: "Signer prefers SHA256 then SHA512", |
| 1935 | signerPrefs: []string{KeyAlgoRSASHA256, KeyAlgoRSASHA512}, |
| 1936 | expectedAlgo: KeyAlgoRSASHA256, |
| 1937 | }, |
| 1938 | } |
| 1939 | |
| 1940 | for _, tc := range tests { |
| 1941 | t.Run(tc.name, func(t *testing.T) { |
| 1942 | orderedSigner, err := NewSignerWithAlgorithms(algoSigner, tc.signerPrefs) |
| 1943 | if err != nil { |
| 1944 | t.Fatalf("failed to create ordered signer: %v", err) |
| 1945 | } |
| 1946 | |
| 1947 | _, selectedAlgo, err := pickSignatureAlgorithm(orderedSigner, serverExtensions) |
| 1948 | if err != nil { |
| 1949 | t.Fatalf("unexpected error: %v", err) |
| 1950 | } |
| 1951 | |
| 1952 | if selectedAlgo != tc.expectedAlgo { |
| 1953 | t.Errorf("Algorithm mismatch; got %q want %q", selectedAlgo, tc.expectedAlgo) |
| 1954 | } |
| 1955 | }) |
| 1956 | } |
| 1957 | } |
| 1958 | |
| 1959 | // configurablePublicKeyCallback is a public key callback that allows to |
| 1960 | // configure the signature algorithm and format. This way we can emulate the |
nothing calls this directly
no test coverage detected
searching dependent graphs…