Generate and verify SSH and GPG signatures in integration tests (#219)

Author: casey

Cargo.toml

@@ -61,6 +61,7 @@ float-cmp = "allow"
 large_enum_variant = "allow"
 missing-errors-doc = "allow"
 missing-panics-doc = "allow"
+must-use-candidate = "allow"
 needless-pass-by-value = "allow"
 pedantic = { level = "deny", priority = -1 }
 result-large-err = "allow"

src/directory.rs

@@ -65,7 +65,7 @@ impl Directory {
     hasher.finalize()
   }
 
-  pub(crate) fn new() -> Self {
+  pub fn new() -> Self {
     Self::default()
   }
 }

src/display_secret.rs

@@ -1,6 +1,6 @@
 use super::*;
 
-pub(crate) struct DisplaySecret(pub(crate) PrivateKey);
+pub struct DisplaySecret(pub(crate) PrivateKey);
 
 impl Display for DisplaySecret {
   fn fmt(&self, f: &mut Formatter) -> fmt::Result {

src/fingerprint.rs

@@ -6,7 +6,6 @@ pub struct Fingerprint(pub(crate) Hash);
 impl Fingerprint {
   pub(crate) const LEN: usize = Hash::LEN;
 
-  #[must_use]
   pub(crate) fn as_bytes(&self) -> &[u8; Self::LEN] {
     self.0.as_bytes()
   }

src/hash.rs

@@ -6,7 +6,6 @@ pub struct Hash(blake3::Hash);
 impl Hash {
   pub(crate) const LEN: usize = blake3::OUT_LEN;
 
-  #[must_use]
   pub fn as_bytes(&self) -> &[u8; Self::LEN] {
     self.0.as_bytes()
   }

src/lib.rs

@@ -13,8 +13,9 @@
 //! long as the manifest itself is kept secure.
 //!
 //! The `filepack` library crate is not intended for general consumption, and
-//! exists mainly to facilitate code-sharing between the `filepack` binary and
-//! integration tests. As such, it provides no semantic versioning guarantees.
+//! exists only to facilitate code-sharing between the `filepack` binary and
+//! integration tests. As such, it should not be used by outside consumers, and
+//! provides no semantic versioning guarantees.
 
 use {
   self::{
@@ -54,7 +55,7 @@ use {
     public_key_error::PublicKeyError,
     sign_options::SignOptions,
     signature_error::SignatureError,
-    signature_scheme::{SignatureScheme, SignatureSchemeType},
+    signature_scheme::SignatureSchemeType,
     style::Style,
     subcommand::Subcommand,
     tag::Tag,
@@ -105,7 +106,7 @@ pub use self::{
   directory::Directory, entry::Entry, error::Error, file::File, fingerprint::Fingerprint,
   hash::Hash, manifest::Manifest, message::Message, note::Note, private_key::PrivateKey,
   public_key::PublicKey, relative_path::RelativePath, serialized_message::SerializedMessage,
-  signature::Signature,
+  signature::Signature, signature_scheme::SignatureScheme,
 };
 
 #[cfg(test)]
@@ -194,10 +195,6 @@ mod tag;
 mod ticked;
 mod utf8_path_ext;
 
-#[cfg(test)]
-mod pgp;
-#[cfg(test)]
-mod ssh;
 #[cfg(test)]
 mod test;
 

src/manifest.rs

@@ -41,7 +41,6 @@ impl Manifest {
     files
   }
 
-  #[must_use]
   pub fn fingerprint(&self) -> Fingerprint {
     Fingerprint(self.files.fingerprint())
   }

src/message.rs

@@ -7,7 +7,6 @@ pub struct Message {
 }
 
 impl Message {
-  #[must_use]
   pub fn serialize(&self) -> SerializedMessage {
     let mut serializer =
       FingerprintSerializer::new(FingerprintPrefix::Message, Vec::new()).unwrap();

src/private_key.rs

@@ -10,13 +10,14 @@ impl PrivateKey {
     self.0.to_bytes()
   }
 
-  pub(crate) fn display_secret(&self) -> DisplaySecret {
+  pub fn display_secret(&self) -> DisplaySecret {
     DisplaySecret(self.clone())
   }
 
-  #[cfg(test)]
-  pub(crate) fn from_bytes(bytes: [u8; Self::LEN]) -> Self {
-    Self(ed25519_dalek::SigningKey::from_bytes(&bytes))
+  pub fn from_bytes(bytes: [u8; Self::LEN]) -> Self {
+    let inner = ed25519_dalek::SigningKey::from_bytes(&bytes);
+    assert!(!inner.verifying_key().is_weak());
+    Self(inner)
   }
 
   pub(crate) fn generate() -> Self {
@@ -42,7 +43,6 @@ impl PrivateKey {
     Ok(private_key)
   }
 
-  #[must_use]
   pub fn public_key(&self) -> PublicKey {
     self.clone().into()
   }

src/public_key.rs

@@ -4,15 +4,29 @@ use super::*;
 pub struct PublicKey(ed25519_dalek::VerifyingKey);
 
 impl PublicKey {
-  #[cfg(test)]
   pub(crate) const LEN: usize = ed25519_dalek::PUBLIC_KEY_LENGTH;
 
-  #[cfg(test)]
-  pub(crate) fn from_bytes(bytes: [u8; Self::LEN]) -> Self {
-    Self(ed25519_dalek::VerifyingKey::from_bytes(&bytes).unwrap())
+  fn encode_bytes(bytes: [u8; Self::LEN]) -> Bech32Encoder {
+    let mut encoder = Bech32Encoder::new(Bech32Type::PublicKey);
+    encoder.bytes(&bytes);
+    encoder
+  }
+
+  pub fn from_bytes(bytes: [u8; Self::LEN]) -> Result<Self, PublicKeyError> {
+    let format = || Self::encode_bytes(bytes).to_string();
+
+    let key = ed25519_dalek::VerifyingKey::from_bytes(&bytes)
+      .map_err(DalekSignatureError)
+      .context(public_key_error::Invalid { key: format() })?;
+
+    ensure! {
+      !key.is_weak(),
+      public_key_error::Weak { key: format() },
+    }
+
+    Ok(Self(key))
   }
 
-  #[must_use]
   pub fn inner(&self) -> ed25519_dalek::VerifyingKey {
     self.0
   }
@@ -48,24 +62,13 @@ impl FromStr for PublicKey {
     let inner = decoder.byte_array()?;
     decoder.done()?;
 
-    let inner = ed25519_dalek::VerifyingKey::from_bytes(&inner)
-      .map_err(DalekSignatureError)
-      .context(public_key_error::Invalid { key })?;
-
-    ensure! {
-      !inner.is_weak(),
-      public_key_error::Weak { key },
-    }
-
-    Ok(Self(inner))
+    Self::from_bytes(inner)
   }
 }
 
 impl Display for PublicKey {
   fn fmt(&self, f: &mut Formatter) -> fmt::Result {
-    let mut encoder = Bech32Encoder::new(Bech32Type::PublicKey);
-    encoder.bytes(self.0.as_bytes());
-    write!(f, "{encoder}")
+    write!(f, "{}", Self::encode_bytes(*self.0.as_bytes()))
   }
 }