Add a unit test for apkindex verification

Signed-off-by: Nghia Tran <[email protected]>
chainguard-dev · Jan 22, 2025 · 0edcb42 · 0edcb42
1 parent 4cb8022
commit 0edcb42
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 0 deletions.
diff --git a/pkg/apk/apk/apkindex_test.go b/pkg/apk/apk/apkindex_test.go
@@ -3,6 +3,7 @@ package apk
 import (
 	"archive/tar"
 	"compress/gzip"
+	"context"
 	"fmt"
 	"io"
 	"os"
@@ -238,3 +239,45 @@ k:9001
 	require.Len(t, pkg.Provides, 0, "Expected no provides")
 	require.Len(t, pkg.Dependencies, 0, "Expected no dependencies")
 }
+
+func TestMultipleKeys(t *testing.T) {
+	assert := assert.New(t)
+	// read all the keys from testdata/sigining/keys
+	folder := "testdata/signing/keys"
+	// get all the files in the folder
+	files, err := os.ReadDir(folder)
+	keys := make(map[string][]byte)
+	for _, file := range files {
+		if file.IsDir() {
+			continue
+		}
+		// read the file
+		keyFile, err := os.Open(fmt.Sprintf("%s/%s", folder, file.Name()))
+		require.Nil(t, err)
+		// parse the key
+		key, err := os.ReadFile(keyFile.Name())
+		require.Nil(t, err)
+		keys[file.Name()] = key
+	}
+	// read the index file into []byte
+	indexBytes, err := os.ReadFile("testdata/signing/APKINDEX.tar.gz")
+	require.Nil(t, err)
+
+	ctx := context.Background()
+	// There are 2^N-1 combinations of keys, where N is the number of keys
+	// We will test all of them
+	for comb := 1; comb < (1 << len(keys)); comb++ {
+		// get the keys to use
+		usedKeys := make(map[string][]byte)
+		for i := 0; i < len(keys); i++ {
+			if (comb & (1 << i)) != 0 {
+				usedKeys[files[i].Name()] = keys[files[i].Name()]
+			}
+		}
+		// parse the index
+		apkIndex, err := parseRepositoryIndex(ctx, "testdata/signing/APKINDEX.tar.gz",
+			usedKeys, "aarch64", indexBytes, &indexOpts{})
+		require.Nil(t, err)
+		assert.Greater(len(apkIndex.Signature), 0, "Signature missing")
+	}
+}
diff --git a/pkg/apk/apk/testdata/signing/APKINDEX.tar.gz b/pkg/apk/apk/testdata/signing/APKINDEX.tar.gz
diff --git a/.../keys/chainguard-0106f58bac88057c2ff5c2829850df492717a876ed700443550353c7ab23f5a0.rsa.pub b/.../keys/chainguard-0106f58bac88057c2ff5c2829850df492717a876ed700443550353c7ab23f5a0.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2TxPZPC1Cdb647P0kvi5
+wtwcoaFCOGHspL3RmmD2idG2FNZc/rpwyIp2bnprFvOCWm7bKAEl/9JDfAGm7DAP
+q/EC7UeJ9yx03jY1I7+Oj1/1UUIyuvfDwyiMxEwcABaivAn9WhYZ5YeZKK8pUYoX
+hOPNqgI+N3BY1H+hgg3xgTrzWmfRSsvTEhSqoLHdl4qbsM5EE/T5W7u+96y9J2vn
+M89rUP557K3n1QKGzTIGjlesFQd8y+uH0TdAe6AFmxFpftdXRu4KInjdrDOArfBO
+cKLB0gHOERkd08JVMWYHd6Ne7BfWpwxmge371GgTj8XYOJrkAj3cg8ked/51Maw0
+FLt4aErQR6y02QIluGZ4gwbIZ8y+iBWvoh8egiab3Whr3SwGuX6X8WJbOgKLCyGK
+CmrxgPO/ahS4XUWtuTp3woIZBnnHGOBdHjRARkl9PdBgN2HhZPS9vj8rrIqbTp3c
+dmqhcsjsgmss6Sb3rOcOL3N3V8+dMiD7VZXeIgVocOpRtLJGQFCupjAfmz5ub4t5
+lBI2EgbR9LdSg9mrFoYbG11sU6MLa0iPMA8gU3nG4dzLDpsF9PbXy6sfBXXc8W25
+tfwZnV4wHouWEhiQ9Hfc4NOGcs+01Zwg9CZRS2SBKC9iqUPsz3RaTAKWsS/QNTND
+Zy9znhL5yGrbHaq2BOlnVqMCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/.../keys/chainguard-60912bbc46bfc8ed6bda0b50db3a8a5f3c4344d6bc8549ec9b84d96140b475d1.rsa.pub b/.../keys/chainguard-60912bbc46bfc8ed6bda0b50db3a8a5f3c4344d6bc8549ec9b84d96140b475d1.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAizNP/QKfB5NKlVBba6dX
+Jzz0/icPE++eM3aAtCARwlAKyRm3ivWM5sAz88lwHFjMAQV0QPD3hDgswcAExTXa
+EPN8M0RroxxnWuJLGhz99ONaGOLo66GDkcdBaaZIinXoWmhqg1zcequ6dLDOGArm
+ZR99egaBFKyQHvBYHIl5dQ1yT8us/m1Yfb7DlERcU2lf3lFhLDrJsBgVw5QYa5h+
+aSneA/B2ZB1BwfyE3F5+UUn0qWRy3Yg526oaWpjjwCaPVq4yaJfg4XuMS82wdVm9
+G6awP1PE0EWwgkcc8z8w7BmxFhdCRt0VNjmept14tJwiU0d81j1HPHsIkqWr2TBA
+f7Wwp34+ByfA7iHbKXFPgK1MKmNzyANoyPaPRo+x+MU8D2AqUBslKOKrhckyd4tQ
+ch3SyaMKMa7hc0PWnFrCCtDTmNZQaquNrUWnbbMtdkjCA/is//W+Lqn+O6BjmR9U
+yztR26l2OwGMu6uf3CMUADX/ra4k2BuxSnaPTgm7M19AAzXSnICa+aupgFsIfx1w
+UyGlq8dvCz8bnipXW4EbTWTSPdFrxQl/LQUB5w82kMorML1TQEpSLjoSmnhNg+rh
+rqIsjp7fwEnX/qTbiwUhgcN1fyLkGGv/UV/H62WcclStKiRHp+ND0ePMABefA+cv
+f9tYynbOV78qct+dQKkQ17kCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/.../keys/chainguard-61cb6bccd1f584b007db7be51ebce2b0530a54cc5a94e7650b570d113d537cf3.rsa.pub b/.../keys/chainguard-61cb6bccd1f584b007db7be51ebce2b0530a54cc5a94e7650b570d113d537cf3.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwlV2kG9xGtkVWc/dS9nC
+Qqef/hx0AysYfrMFetY+mZ0MPvELqOaDJgtjlbMM6w/ujqDtScxbnNNf5/vY/wBh
+rHTeKU+oDlkRTsh8ZxKINFfGGSDxR2pKkvPZeVzxdhTNEPK9ZggbFHe5RhXUT9iK
+CNgF+Xa3p5A1Yi8zR6zEFJ5EDBMnTMagV2ueLfJrpFMm/4hBn6zWtjyDhDPVZyTD
+DyQc2/FIDXM1tJONWDT8wO2xuHf7xKGr6lO/CZca5Pnd/QS5jODoNbTo9VvG+oQt
+mRsWsdVFst0vS54s3mchtuAB2NXnWAZZuux9uYPgvO8eqI0RLqCKX7VLJ8tGOTmL
+3dblTzKbKbVcy4uHsyH2mZPvPUTO+ck7c58iSeUrOFV50B6zqynAXgCrDo3XMjpI
+mLC26LRMqF/Q/RWc9R0K+ZgiLQ7ootyOJILPSR69RhgdQJVt7/gz55dM89yoq/B9
+U2V+1mv0rBQmmNgCM1U3QdgUv5WeIm4Ed2avKZBwJLBVR5AxlY9xlwJ7sEU4Ms2t
+cEblWhqDze/sSsjCYOAmD4/M/90OnBelg+/BU2jOD4nqQdEQDOZdo+EUVeCIuPwD
+kz8kTv8pPtLjKI0jRhYLn2dhg/vTIDJf19iXexGQXOyK/rNwi41i+9snypVb8YSe
+cWTnq+m2CFOiXFsDWQh7RsUCAwEAAQ==
+-----END PUBLIC KEY-----