mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-04-28 11:30:15 +00:00
a6a8efaa65
New test files with expanded coverage: API tests: - ai_handler_test.go: AI handler unit tests with mocking - agent_profiles_tools_test.go: Profile management tests - alerts_endpoints_test.go: Alert API endpoint tests - alerts_test.go: Updated for interface changes - audit_handlers_test.go: Audit handler tests - frontend_embed_test.go: Frontend embedding tests - metadata_handlers_test.go, metadata_provider_test.go: Metadata tests - notifications_test.go: Updated for interface changes - profile_suggestions_test.go: Profile suggestion tests - saml_service_test.go: SAML authentication tests - sensor_proxy_gate_test.go: Sensor proxy tests - updates_test.go: Updated for interface changes Agent tests: - dockeragent/signature_test.go: Docker agent signature tests - hostagent/agent_metrics_test.go: Host agent metrics tests - hostagent/commands_test.go: Command execution tests - hostagent/network_helpers_test.go: Network helper tests - hostagent/proxmox_setup_test.go: Updated setup tests - kubernetesagent/*_test.go: Kubernetes agent tests Core package tests: - monitoring/kubernetes_agents_test.go, reload_test.go - remoteconfig/client_test.go, signature_test.go - sensors/collector_test.go - updates/adapter_installsh_*_test.go: Install adapter tests - updates/manager_*_test.go: Update manager tests - websocket/hub_*_test.go: WebSocket hub tests Library tests: - pkg/audit/export_test.go: Audit export tests - pkg/metrics/store_test.go: Metrics store tests - pkg/proxmox/*_test.go: Proxmox client tests - pkg/reporting/reporting_test.go: Reporting tests - pkg/server/*_test.go: Server tests - pkg/tlsutil/extra_test.go: TLS utility tests Total: ~8000 lines of new test code
119 lines
3.2 KiB
Go
119 lines
3.2 KiB
Go
package dockeragent
|
|
|
|
import (
|
|
"crypto/ed25519"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"encoding/pem"
|
|
"os"
|
|
"testing"
|
|
)
|
|
|
|
func TestVerifySignature(t *testing.T) {
|
|
originalKeys := trustedPublicKeysPEM
|
|
defer func() {
|
|
trustedPublicKeysPEM = originalKeys
|
|
}()
|
|
|
|
publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
|
if err != nil {
|
|
t.Fatalf("generate key: %v", err)
|
|
}
|
|
pubBytes, err := x509.MarshalPKIXPublicKey(publicKey)
|
|
if err != nil {
|
|
t.Fatalf("marshal public key: %v", err)
|
|
}
|
|
trustedPublicKeysPEM = []string{string(pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pubBytes}))}
|
|
|
|
data := []byte("payload")
|
|
sig := ed25519.Sign(privateKey, data)
|
|
signature := base64.StdEncoding.EncodeToString(sig)
|
|
|
|
if err := verifySignature(data, signature); err != nil {
|
|
t.Fatalf("expected signature to verify: %v", err)
|
|
}
|
|
|
|
if err := verifySignature(data, ""); err == nil {
|
|
t.Fatal("expected missing signature error")
|
|
}
|
|
if err := verifySignature(data, "!!!"); err == nil {
|
|
t.Fatal("expected invalid base64 error")
|
|
}
|
|
|
|
// Invalid signature
|
|
invalidSig := base64.StdEncoding.EncodeToString([]byte("bad"))
|
|
if err := verifySignature(data, invalidSig); err == nil {
|
|
t.Fatal("expected invalid signature error")
|
|
}
|
|
}
|
|
|
|
func TestVerifySignatureInvalidKeys(t *testing.T) {
|
|
originalKeys := trustedPublicKeysPEM
|
|
defer func() {
|
|
trustedPublicKeysPEM = originalKeys
|
|
}()
|
|
|
|
trustedPublicKeysPEM = []string{"not-pem"}
|
|
if err := verifySignature([]byte("data"), base64.StdEncoding.EncodeToString([]byte("sig"))); err == nil {
|
|
t.Fatal("expected error for invalid pem")
|
|
}
|
|
|
|
rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
if err != nil {
|
|
t.Fatalf("generate rsa: %v", err)
|
|
}
|
|
pubBytes, err := x509.MarshalPKIXPublicKey(&rsaKey.PublicKey)
|
|
if err != nil {
|
|
t.Fatalf("marshal rsa: %v", err)
|
|
}
|
|
trustedPublicKeysPEM = []string{string(pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pubBytes}))}
|
|
|
|
if err := verifySignature([]byte("data"), base64.StdEncoding.EncodeToString([]byte("sig"))); err == nil {
|
|
t.Fatal("expected error for non-ed25519 key")
|
|
}
|
|
}
|
|
|
|
func TestVerifyFileSignature(t *testing.T) {
|
|
originalKeys := trustedPublicKeysPEM
|
|
defer func() {
|
|
trustedPublicKeysPEM = originalKeys
|
|
}()
|
|
|
|
publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
|
if err != nil {
|
|
t.Fatalf("generate key: %v", err)
|
|
}
|
|
pubBytes, err := x509.MarshalPKIXPublicKey(publicKey)
|
|
if err != nil {
|
|
t.Fatalf("marshal public key: %v", err)
|
|
}
|
|
trustedPublicKeysPEM = []string{string(pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pubBytes}))}
|
|
|
|
file := filepathJoin(t)
|
|
data := []byte("file")
|
|
if err := os.WriteFile(file, data, 0600); err != nil {
|
|
t.Fatalf("write file: %v", err)
|
|
}
|
|
|
|
sig := ed25519.Sign(privateKey, data)
|
|
signature := base64.StdEncoding.EncodeToString(sig)
|
|
if err := verifyFileSignature(file, signature); err != nil {
|
|
t.Fatalf("expected file signature to verify: %v", err)
|
|
}
|
|
|
|
if err := verifyFileSignature("missing", signature); err == nil {
|
|
t.Fatal("expected error for missing file")
|
|
}
|
|
|
|
if err := verifyFileSignature(file, "!!!"); err == nil {
|
|
t.Fatal("expected base64 error")
|
|
}
|
|
}
|
|
|
|
func filepathJoin(t *testing.T) string {
|
|
t.Helper()
|
|
tmp := t.TempDir()
|
|
return tmp + "/payload"
|
|
}
|