|
|
@ -32,6 +32,9 @@ const (
|
|
|
|
// phrase. Use `gpg --export-secret-keys helm-test` to export the secret.
|
|
|
|
// phrase. Use `gpg --export-secret-keys helm-test` to export the secret.
|
|
|
|
testKeyfile = "testdata/helm-test-key.secret"
|
|
|
|
testKeyfile = "testdata/helm-test-key.secret"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// testPasswordKeyFile is a keyfile with a password.
|
|
|
|
|
|
|
|
testPasswordKeyfile = "testdata/helm-password-key.secret"
|
|
|
|
|
|
|
|
|
|
|
|
// testPubfile is the public key file.
|
|
|
|
// testPubfile is the public key file.
|
|
|
|
// Use `gpg --export helm-test` to export the public key.
|
|
|
|
// Use `gpg --export helm-test` to export the public key.
|
|
|
|
testPubfile = "testdata/helm-test-key.pub"
|
|
|
|
testPubfile = "testdata/helm-test-key.pub"
|
|
|
@ -39,6 +42,8 @@ const (
|
|
|
|
// Generated name for the PGP key in testKeyFile.
|
|
|
|
// Generated name for the PGP key in testKeyFile.
|
|
|
|
testKeyName = `Helm Testing (This key should only be used for testing. DO NOT TRUST.) <helm-testing@helm.sh>`
|
|
|
|
testKeyName = `Helm Testing (This key should only be used for testing. DO NOT TRUST.) <helm-testing@helm.sh>`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
testPasswordKeyName = `password key (fake) <fake@helm.sh>`
|
|
|
|
|
|
|
|
|
|
|
|
testChartfile = "testdata/hashtest-1.2.3.tgz"
|
|
|
|
testChartfile = "testdata/hashtest-1.2.3.tgz"
|
|
|
|
|
|
|
|
|
|
|
|
// testSigBlock points to a signature generated by an external tool.
|
|
|
|
// testSigBlock points to a signature generated by an external tool.
|
|
|
@ -177,6 +182,36 @@ func TestDigestFile(t *testing.T) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func TestDecryptKey(t *testing.T) {
|
|
|
|
|
|
|
|
k, err := NewFromKeyring(testPasswordKeyfile, testPasswordKeyName)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !k.Entity.PrivateKey.Encrypted {
|
|
|
|
|
|
|
|
t.Fatal("Key is not encrypted")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// We give this a simple callback that returns the password.
|
|
|
|
|
|
|
|
if err := k.DecryptKey(func(s string) ([]byte, error) {
|
|
|
|
|
|
|
|
return []byte("secret"), nil
|
|
|
|
|
|
|
|
}); err != nil {
|
|
|
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Re-read the key (since we already unlocked it)
|
|
|
|
|
|
|
|
k, err = NewFromKeyring(testPasswordKeyfile, testPasswordKeyName)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// Now we give it a bogus password.
|
|
|
|
|
|
|
|
if err := k.DecryptKey(func(s string) ([]byte, error) {
|
|
|
|
|
|
|
|
return []byte("secrets_and_lies"), nil
|
|
|
|
|
|
|
|
}); err == nil {
|
|
|
|
|
|
|
|
t.Fatal("Expected an error when giving a bogus passphrase")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func TestClearSign(t *testing.T) {
|
|
|
|
func TestClearSign(t *testing.T) {
|
|
|
|
signer, err := NewFromFiles(testKeyfile, testPubfile)
|
|
|
|
signer, err := NewFromFiles(testKeyfile, testPubfile)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|