85 lines
2.4 KiB
Nim
85 lines
2.4 KiB
Nim
import unittest, os, strutils, base64
|
|
import ../src/nimpak/signature
|
|
import ../src/nip/types
|
|
|
|
suite "Signature Management Tests":
|
|
|
|
var
|
|
manager: SignatureManager
|
|
testRoot = getTempDir() / "nip_sig_test_" & $getCurrentProcessId()
|
|
keyId = "test-key-1"
|
|
testData = "Hello, Signed World!"
|
|
|
|
setup:
|
|
createDir(testRoot)
|
|
manager = initSignatureManager(testRoot)
|
|
|
|
teardown:
|
|
removeDir(testRoot)
|
|
|
|
test "Initialization":
|
|
check dirExists(manager.keysPath)
|
|
check dirExists(manager.privateKeysPath)
|
|
check dirExists(manager.publicKeysPath)
|
|
check dirExists(manager.trustedKeysPath)
|
|
|
|
test "Key Generation":
|
|
let kpInfo = manager.generateKeyPair(keyId)
|
|
check kpInfo.id == keyId
|
|
check kpInfo.publicKey.len > 0
|
|
check kpInfo.privateKey.len > 0
|
|
|
|
check fileExists(manager.privateKeysPath / keyId & ".key")
|
|
check fileExists(manager.publicKeysPath / keyId & ".pub")
|
|
|
|
test "Sign and Verify":
|
|
discard manager.generateKeyPair(keyId)
|
|
manager.trustKey(keyId) # Must trust key to verify
|
|
|
|
# Reload trusted keys
|
|
var mutManager = manager # Make mutable copy for loading
|
|
mutManager.loadTrustedKeys()
|
|
|
|
let signature = manager.sign(testData, keyId)
|
|
check signature.len > 0
|
|
|
|
let isValid = mutManager.verify(testData, signature, keyId)
|
|
check isValid
|
|
|
|
test "Verification Failure - Tampered Data":
|
|
discard manager.generateKeyPair(keyId)
|
|
manager.trustKey(keyId)
|
|
var mutManager = manager
|
|
mutManager.loadTrustedKeys()
|
|
|
|
let signature = manager.sign(testData, keyId)
|
|
let isValid = mutManager.verify(testData & "tampered", signature, keyId)
|
|
check not isValid
|
|
|
|
test "Verification Failure - Invalid Signature":
|
|
discard manager.generateKeyPair(keyId)
|
|
manager.trustKey(keyId)
|
|
var mutManager = manager
|
|
mutManager.loadTrustedKeys()
|
|
|
|
# Create a fake signature (valid base64 but wrong content)
|
|
let fakeSigBytes = newSeq[byte](64)
|
|
let fakeSig = base64.encode(fakeSigBytes)
|
|
|
|
let isValid = mutManager.verify(testData, fakeSig, keyId)
|
|
check not isValid
|
|
|
|
test "Trust Management":
|
|
discard manager.generateKeyPair(keyId)
|
|
|
|
# Initially not trusted
|
|
check not fileExists(manager.trustedKeysPath / keyId & ".pub")
|
|
|
|
# Trust
|
|
manager.trustKey(keyId)
|
|
check fileExists(manager.trustedKeysPath / keyId & ".pub")
|
|
|
|
# Revoke
|
|
manager.revokeKey(keyId)
|
|
check not fileExists(manager.trustedKeysPath / keyId & ".pub")
|