// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. // See LICENSE.txt for license information. package app import ( "os" "path/filepath" "testing" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/v8/channels/store/storetest/mocks" "github.com/mattermost/mattermost/server/v8/channels/utils/fileutils" ) func TestPluginPublicKeys(t *testing.T) { mainHelper.Parallel(t) th := SetupWithStoreMock(t) defer th.TearDown() mockStore := th.App.Srv().Store().(*mocks.Store) mockUserStore := mocks.UserStore{} mockUserStore.On("Count", mock.Anything).Return(int64(10), nil) mockPostStore := mocks.PostStore{} mockPostStore.On("GetMaxPostSize").Return(65535, nil) mockSystemStore := mocks.SystemStore{} mockSystemStore.On("GetByName", "UpgradedFromTE").Return(&model.System{Name: "UpgradedFromTE", Value: "false"}, nil) mockSystemStore.On("GetByName", "InstallationDate").Return(&model.System{Name: "InstallationDate", Value: "10"}, nil) mockSystemStore.On("GetByName", "FirstServerRunTimestamp").Return(&model.System{Name: "FirstServerRunTimestamp", Value: "10"}, nil) mockStore.On("User").Return(&mockUserStore) mockStore.On("Post").Return(&mockPostStore) mockStore.On("System").Return(&mockSystemStore) mockStore.On("GetDBSchemaVersion").Return(1, nil) path, _ := fileutils.FindDir("tests") publicKeyFilename := "test-public-key.plugin.gpg" publicKey, err := os.ReadFile(filepath.Join(path, publicKeyFilename)) require.NoError(t, err) fileReader, err := os.Open(filepath.Join(path, publicKeyFilename)) require.NoError(t, err) defer fileReader.Close() appErr := th.App.AddPublicKey(publicKeyFilename, fileReader) require.Nil(t, appErr) file, appErr := th.App.GetPublicKey(publicKeyFilename) require.Nil(t, appErr) require.Equal(t, publicKey, file) _, appErr = th.App.GetPublicKey("wrong file name") require.NotNil(t, appErr) _, appErr = th.App.GetPublicKey("wrong-file-name.plugin.gpg") require.NotNil(t, appErr) appErr = th.App.DeletePublicKey("wrong file name") require.Nil(t, appErr) appErr = th.App.DeletePublicKey("wrong-file-name.plugin.gpg") require.Nil(t, appErr) appErr = th.App.DeletePublicKey(publicKeyFilename) require.Nil(t, appErr) _, appErr = th.App.GetPublicKey(publicKeyFilename) require.NotNil(t, appErr) } func TestVerifySignature(t *testing.T) { mainHelper.Parallel(t) path, _ := fileutils.FindDir("tests") pluginFilename := "testplugin.tar.gz" signatureFilename := "testplugin.tar.gz.sig" armoredSignatureFilename := "testplugin.tar.gz.asc" publicKeyFilename := "development-public-key.gpg" armoredPublicKeyFilename := "development-public-key.asc" t.Run("verify armored signature and armored public key", func(t *testing.T) { publicKeyFileReader, err := os.Open(filepath.Join(path, armoredPublicKeyFilename)) require.NoError(t, err) defer publicKeyFileReader.Close() pluginFileReader, err := os.Open(filepath.Join(path, pluginFilename)) require.NoError(t, err) defer pluginFileReader.Close() signatureFileReader, err := os.Open(filepath.Join(path, armoredSignatureFilename)) require.NoError(t, err) defer signatureFileReader.Close() require.NoError(t, verifySignature(publicKeyFileReader, pluginFileReader, signatureFileReader)) }) t.Run("verify non armored signature and armored public key", func(t *testing.T) { publicKeyFileReader, err := os.Open(filepath.Join(path, armoredPublicKeyFilename)) require.NoError(t, err) defer publicKeyFileReader.Close() pluginFileReader, err := os.Open(filepath.Join(path, pluginFilename)) require.NoError(t, err) defer pluginFileReader.Close() signatureFileReader, err := os.Open(filepath.Join(path, signatureFilename)) require.NoError(t, err) defer signatureFileReader.Close() require.NoError(t, verifySignature(publicKeyFileReader, pluginFileReader, signatureFileReader)) }) t.Run("verify armored signature and non armored public key", func(t *testing.T) { publicKeyFileReader, err := os.Open(filepath.Join(path, publicKeyFilename)) require.NoError(t, err) defer publicKeyFileReader.Close() pluginFileReader, err := os.Open(filepath.Join(path, pluginFilename)) require.NoError(t, err) defer pluginFileReader.Close() armoredSignatureFileReader, err := os.Open(filepath.Join(path, armoredSignatureFilename)) require.NoError(t, err) defer armoredSignatureFileReader.Close() require.NoError(t, verifySignature(publicKeyFileReader, pluginFileReader, armoredSignatureFileReader)) }) t.Run("verify non armored signature and non armored public key", func(t *testing.T) { publicKeyFileReader, err := os.Open(filepath.Join(path, publicKeyFilename)) require.NoError(t, err) defer publicKeyFileReader.Close() pluginFileReader, err := os.Open(filepath.Join(path, pluginFilename)) require.NoError(t, err) defer pluginFileReader.Close() signatureFileReader, err := os.Open(filepath.Join(path, signatureFilename)) require.NoError(t, err) defer signatureFileReader.Close() require.NoError(t, verifySignature(publicKeyFileReader, pluginFileReader, signatureFileReader)) }) }