(t *testing.T)
| 122 | } |
| 123 | |
| 124 | func TestVerifyPluginBadSignature(t *testing.T) { |
| 125 | tempDir := t.TempDir() |
| 126 | |
| 127 | // Create a plugin tarball |
| 128 | pluginDir := filepath.Join(tempDir, "bad-plugin") |
| 129 | if err := os.MkdirAll(pluginDir, 0755); err != nil { |
| 130 | t.Fatal(err) |
| 131 | } |
| 132 | |
| 133 | if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(testPluginYAML), 0644); err != nil { |
| 134 | t.Fatal(err) |
| 135 | } |
| 136 | |
| 137 | tarballPath := filepath.Join(tempDir, "bad-plugin.tar.gz") |
| 138 | tarFile, err := os.Create(tarballPath) |
| 139 | if err != nil { |
| 140 | t.Fatal(err) |
| 141 | } |
| 142 | |
| 143 | if err := CreatePluginTarball(pluginDir, "test-plugin", tarFile); err != nil { |
| 144 | tarFile.Close() |
| 145 | t.Fatal(err) |
| 146 | } |
| 147 | tarFile.Close() |
| 148 | |
| 149 | // Create a bad signature (just some text) |
| 150 | badSig := `-----BEGIN PGP SIGNED MESSAGE----- |
| 151 | Hash: SHA512 |
| 152 | |
| 153 | This is not a real signature |
| 154 | -----BEGIN PGP SIGNATURE----- |
| 155 | |
| 156 | InvalidSignatureData |
| 157 | |
| 158 | -----END PGP SIGNATURE-----` |
| 159 | |
| 160 | provFile := tarballPath + ".prov" |
| 161 | if err := os.WriteFile(provFile, []byte(badSig), 0644); err != nil { |
| 162 | t.Fatal(err) |
| 163 | } |
| 164 | |
| 165 | // Read the files |
| 166 | archiveData, err := os.ReadFile(tarballPath) |
| 167 | if err != nil { |
| 168 | t.Fatal(err) |
| 169 | } |
| 170 | |
| 171 | provData, err := os.ReadFile(provFile) |
| 172 | if err != nil { |
| 173 | t.Fatal(err) |
| 174 | } |
| 175 | |
| 176 | // Try to verify - should fail |
| 177 | _, err = VerifyPlugin(archiveData, provData, filepath.Base(tarballPath), testPubFile) |
| 178 | if err == nil { |
| 179 | t.Error("Expected verification to fail with bad signature") |
| 180 | } |
| 181 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…