package nebula import ( "bytes" "errors" "net" "testing" ) var ( ip net.IP ipNet *net.IPNet caCredsA, caCredsB CACredentials hostCredsA, hostCredsB HostCredentials ) func init() { var err error ip, ipNet, err = net.ParseCIDR("192.168.0.1/24") if err != nil { panic(err) } caCredsA, err = NewCACredentials("a.example.com", ipNet) if err != nil { panic(err) } caCredsB, err = NewCACredentials("b.example.com", ipNet) if err != nil { panic(err) } hostCredsA, err = NewHostCredentials(caCredsA, "foo", ip) if err != nil { panic(err) } hostCredsB, err = NewHostCredentials(caCredsB, "bar", ip) if err != nil { panic(err) } } func TestSignAndWrap(t *testing.T) { b := []byte("foo bar baz") buf := new(bytes.Buffer) if err := SignAndWrap(buf, hostCredsA.SigningPrivateKeyPEM, b); err != nil { t.Fatal(err) } gotB, gotSig, err := Unwrap(buf) if err != nil { t.Fatal(err) } else if !bytes.Equal(b, gotB) { t.Fatalf("got %q but expected %q", gotB, b) } if err := ValidateSignature(hostCredsA.Public.SigningKeyPEM, b, gotSig); err != nil { t.Fatal(err) } if err := ValidateSignature(hostCredsB.Public.SigningKeyPEM, b, gotSig); !errors.Is(err, ErrInvalidSignature) { t.Fatalf("expected ErrInvalidSignature but got %v", err) } }