Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106
fleet/third_party/httpsig-go/sigtest/helpers.go

86 lines
1.7 KiB
Go
Raw Normal View History

Added a vendored version of httpsig-go. (#30820) For #30473 This change adds a vendored `httpsig-go` library to our repo. We cannot use the upstream library because it has not merged the change we need: https://github.com/remitly-oss/httpsig-go/pull/25 Thus, we need our own copy at this point. The instructions for keeping this library up to date (if needed) are in `UPDATE_INSTRUCTIONS`. None of the coderabbitai review comments are relevant to the code/features we are going to use for HTTP message signatures. We will use this library in subsequent PRs for the TPM-backed HTTP message signature feature. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Introduced a Go library for HTTP message signing and verification, supporting multiple cryptographic algorithms (RSA, ECDSA, Ed25519, HMAC). * Added utilities for key management, including JWK and PEM key handling. * Provided HTTP client and server helpers for automatic request signing and signature verification. * Implemented structured error handling and metadata extraction for signatures. * **Documentation** * Added comprehensive README, usage examples, and update instructions. * Included license and configuration files for third-party and testing tools. * **Tests** * Added extensive unit, integration, and fuzz tests covering signing, verification, and key handling. * Included official RFC test vectors and various test data files for robust validation. * **Chores** * Integrated continuous integration workflows and ignore files for code quality and security analysis. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-14 18:26:50 +00:00
package sigtest
import (
"bufio"
"bytes"
"crypto"
"encoding/base64"
"fmt"
"io"
"net/http"
"os"
"testing"
"github.com/google/go-cmp/cmp"
"github.com/remitly-oss/httpsig-go/keyutil"
)
func ReadRequest(t testing.TB, reqFile string) *http.Request {
reqtxt, err := os.Open(fmt.Sprintf("testdata/%s", reqFile))
if err != nil {
t.Fatal(err)
}
req, err := http.ReadRequest(bufio.NewReader(reqtxt))
if err != nil {
t.Fatal(err)
}
return req
}
func MustReadFile(file string) []byte {
data, err := os.ReadFile(file)
if err != nil {
panic(err)
}
return data
}
func MakeBody(body string) io.ReadCloser {
return io.NopCloser(bytes.NewReader([]byte(body)))
}
func ReadSharedSecret(t *testing.T, sharedSecretFile string) []byte {
secretBytes, err := os.ReadFile(fmt.Sprintf("testdata/%s", sharedSecretFile))
if err != nil {
t.Fatal(err)
}
secret, err := base64.StdEncoding.DecodeString(string(secretBytes))
if err != nil {
t.Fatal(err)
}
return secret
}
func ReadTestPubkey(t *testing.T, pubkeyFile string) crypto.PublicKey {
keybytes, err := os.ReadFile(fmt.Sprintf("testdata/%s", pubkeyFile))
if err != nil {
t.Fatal(err)
}
pubkey, err := keyutil.ReadPublicKey(keybytes)
if err != nil {
t.Fatal(err)
}
return pubkey
}
func ReadTestPrivateKey(t testing.TB, pkFile string, hint ...string) crypto.PrivateKey {
keybytes, err := os.ReadFile(fmt.Sprintf("testdata/%s", pkFile))
if err != nil {
t.Fatal(err)
}
pkey, err := keyutil.ReadPrivateKey(keybytes)
if err != nil {
t.Fatal(err)
}
return pkey
}
func Diff(t *testing.T, expected, actual any, msg string, opts ...cmp.Option) bool {
if diff := cmp.Diff(expected, actual, opts...); diff != "" {
t.Errorf("%s (-want +got):\n%s", msg, diff)
return true
}
return false
}
Reference in a new issue Copy permalink