Merge pull request #196 from wking/test-armored-multi-key-keyring

pkg/verify: Test an armored, multi-key keyring

Author: openshift-merge-robot

pkg/verify/testdata/keyrings/combined.txt

@@ -0,0 +1,56 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+mQINBErgSTsBEACh2A4b0O9t+vzC9VrVtL1AKvUWi9OPCjkvR7Xd8DtJxeeMZ5eF
+0HtzIG58qDRybwUe89FZprB1ffuUKzdE+HcL3FbNWSSOXVjZIersdXyH3NvnLLLF
+0DNRB2ix3bXG9Rh/RXpFsNxDp2CEMdUvbYCzE79K1EnUTVh1L0Of023FtPSZXX0c
+u7Pb5DI5lX5YeoXO6RoodrIGYJsVBQWnrWw4xNTconUfNPk0EGZtEnzvH2zyPoJh
+XGF+Ncu9XwbalnYde10OCvSWAZ5zTCpoLMTvQjWpbCdWXJzCm6G+/hx9upke546H
+5IjtYm4dTIVTnc3wvDiODgBKRzOl9rEOCIgOuGtDxRxcQkjrC+xvg5Vkqn7vBUyW
+9pHedOU+PoF3DGOM+dqv+eNKBvh9YF9ugFAQBkcG7viZgvGEMGGUpzNgN7XnS1gj
+/DPo9mZESOYnKceve2tIC87p2hqjrxOHuI7fkZYeNIcAoa83rBltFXaBDYhWAKS1
+PcXS1/7JzP0ky7d0L6Xbu/If5kqWQpKwUInXtySRkuraVfuK3Bpa+X1XecWi24JY
+HVtlNX025xx1ewVzGNCTlWn1skQN2OOoQTV4C8/qFpTW6DTWYurd4+fE0OJFJZQF
+buhfXYwmRlVOgN5i77NTIJZJQfYFj38c/Iv5vZBPokO6mffrOTv3MHWVgQARAQAB
+tDNSZWQgSGF0LCBJbmMuIChyZWxlYXNlIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0
+LmNvbT6JAjYEEwECACAFAkrgSTsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
+CRAZni+R/UMdUWzpD/9s5SFR/ZF3yjY5VLUFLMXIKUztNN3oc45fyLdTI3+UClKC
+2tEruzYjqNHhqAEXa2sN1fMrsuKec61Ll2NfvJjkLKDvgVIh7kM7aslNYVOP6BTf
+C/JJ7/ufz3UZmyViH/WDl+AYdgk3JqCIO5w5ryrC9IyBzYv2m0HqYbWfphY3uHw5
+un3ndLJcu8+BGP5F+ONQEGl+DRH58Il9Jp3HwbRa7dvkPgEhfFR+1hI+Btta2C7E
+0/2NKzCxZw7Lx3PBRcU92YKyaEihfy/aQKZCAuyfKiMvsmzs+4poIX7I9NQCJpyE
+IGfINoZ7VxqHwRn/d5mw2MZTJjbzSf+Um9YJyA0iEEyD6qjriWQRbuxpQXmlAJbh
+8okZ4gbVFv1F8MzK+4R8VvWJ0XxgtikSo72fHjwha7MAjqFnOq6eo6fEC/75g3NL
+Ght5VdpGuHk0vbdENHMC8wS99e5qXGNDued3hlTavDMlEAHl34q2H9nakTGRF5Ki
+JUfNh3DVRGhg8cMIti21njiRh7gyFI2OccATY7bBSr79JhuNwelHuxLrCFpY7V25
+OFktl15jZJaMxuQBqYdBgSay2G0U6D1+7VsWufpzd/Abx1/c3oi9ZaJvW22kAggq
+dzdA27UUYjWvx42w9menJwh/0jeQcTecIUd0d0rFcw/c1pvgMMl/Q73yzKgKY5kB
+DQRcvUOrAQgA9TL3MF/X9VbvzP3YfkiWG7gD+Lq7WWe2KGTpc6OpcP8Qxfc9BHn/
+AVwLTu2DErX28Z+Uam95D5wNtAkV62luD6gOZgd+7mwxk4cW/HGrQk3lqXf+aJq2
+4yzKygqYNDg304DWWI/YEQ8g0yj45VtsY1/Qpo/5Zphj2AxuKnazaXonJjI6WF8m
+A1cRU0RTHYn8U4x0EU+UfT3avFgxS63d2WVqOHzeUW/gclofDLrB4/hch8QOCXw/
+xulR8p9fU+8U/4OdyXz6Gyi3WqFynUmqKwmClrshmhsi0rQJ9TF4HIbMHAWXFPdh
+HoHKGWPCt3GIUW8O60FFJMd6dMr4ktQ6zwARAQABtAxvcGVuc2hpZnQtY2mJAVQE
+EwEIAD4WIQTQR2GxFiA7DAhZthYot24FuSOIjgUCXL1DqwIbAwUJA8JnAAULCQgH
+AgYVCgkICwIEFgIDAQIeAQIXgAAKCRAot24FuSOIjqsFB/sE0V12ZAej3ZLENrRf
+8d7092AKdRb5vmgbdC9/p1MiOFuMFpgr0PZmKpFzA0sfK4EsDLcMCXu8SQZANXyv
+AqD3gqh3P6JqC1EuvwY3G7F8kv57OneWb9HylR7pmdt1dqlScD6ZjXaZHXwYcBxS
+ptByz2gsijN/Hzj4a1MBFvDnHlXR3wZ5JAMmFwPfvahhd4BwtzFzC5Gh+qQ2GDX8
+dj+PqmJzJ0zEjjryrCVmO7fE579UKLWoP7lvMlpSAUp74NQUO7tWSbNRCksIcEGy
+K2I/nkvnvHXTe6khyU6DMx7LU40mEE4QNYglVOkvih2ixXsp39Xej6pMnh/xg25P
+hPobuQENBFy9Q6sBCADYVORXM8KrhAHI4QPpH/p4tFJfUNmqvqwC99XYPrBjGWsH
+A7uWqHMKJV3gSJFZdt+RhXyUnWEcyG5OZUqlSvlreWI+MjiDvkBAJOSOdXczguYt
+wD06jjNFD0NevLm3KE+S2P2liyap1QI4GP0p9r1wMLGL5LiWTKXjj6DYKHAFsMBs
+V5DxMv/zgN68MsujxEdlO8S1i+Ujh/KMY57JxwPfJxeIrjkKm8D08H8lje8a+xwG
+OiomsB5g9E98sLMEdWxGdQmJ/CsaTTLh3+7W2jDzjb2sFRKjNcXPfuLQdyJnTFAf
+XiIsCLKauvJnRON3slHjPX9n6DUeuyo+he4bwcA7ABEBAAGJATYEGAEIACAWIQTQ
+R2GxFiA7DAhZthYot24FuSOIjgUCXL1DqwIbDAAKCRAot24FuSOIjiwgCADTXQcB
+RSaU2hGYTrwxLHzphwxRPsRtnwavkjudwODP+MXyegVZ6UbwID7xLvxA/CzCAW7m
+jFKV4wMFCyDpzRAbGHpvptyCnK2QCIX1wIyPBKs6a43IlIlRMdPl0eniG7BZtoJu
+tbx3274ikskIN4aShvP4NrBYEPQjYuQxYISGHrKfuzcAgvlDlRgbvdDuEiKviDLN
+p9zk0dhiBM9C4BLwv90e6ZATYyzU3HBMQTajkoSct158J7b2H5cVcBAVbMhGyi7y
+1NsbZSBPyHRrLCkEfFBRbIBZhol97dU3GoRZy5a+hLfrweCdNl6/rr2fNb/2atTh
+8+4iI63dvDLJWLtu
+=8lmj
+-----END PGP PUBLIC KEY BLOCK-----

pkg/verify/verify_test.go

@@ -36,6 +36,14 @@ func Test_releaseVerifier_Verify(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	data, err = ioutil.ReadFile(filepath.Join("testdata", "keyrings", "combined.txt"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	combined, err := openpgp.ReadArmoredKeyRing(bytes.NewBuffer(data))
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	serveSignatures := http.FileServer(http.Dir(filepath.Join("testdata", "signatures")))
 	sigServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
@@ -85,6 +93,14 @@ func Test_releaseVerifier_Verify(t *testing.T) {
 			},
 			verifiers: map[string]openpgp.EntityList{"simple": simple},
 		},
+		{
+			name:          "valid signature for sha over http with multi-key keyring",
+			releaseDigest: "sha256:edd9824f0404f1a139688017e7001370e2f3fbc088b94da84506653b473fe140",
+			stores: []*url.URL{
+				sigServerURL,
+			},
+			verifiers: map[string]openpgp.EntityList{"combined": combined},
+		},
 
 		{
 			name:          "file store rejects if digest is not found",