test signature verification

use a published provider's checksum file and signature to check the
verification.

plugin/discovery/get_test.go

@@ -22,6 +22,20 @@ func testListingHandler(w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(versionList))
 }
 
+func testChecksumHandler(w http.ResponseWriter, r *http.Request) {
+	// this exact plugin has a signnature and checksum file
+	if r.URL.Path == "/terraform-provider-template/0.1.0/terraform-provider-template_0.1.0_SHA256SUMS" {
+		http.ServeFile(w, r, "testdata/terraform-provider-template_0.1.0_SHA256SUMS")
+		return
+	}
+	if r.URL.Path == "/terraform-provider-template/0.1.0/terraform-provider-template_0.1.0_SHA256SUMS.sig" {
+		http.ServeFile(w, r, "testdata/terraform-provider-template_0.1.0_SHA256SUMS.sig")
+		return
+	}
+
+	http.Error(w, "signtaure files not found", http.StatusNotFound)
+}
+
 // returns a 200 for a valid provider url, using the patch number for the
 // plugin protocol version.
 func testHandler(w http.ResponseWriter, r *http.Request) {
@@ -62,6 +76,7 @@ func testHandler(w http.ResponseWriter, r *http.Request) {
 func testReleaseServer() *httptest.Server {
 	handler := http.NewServeMux()
 	handler.HandleFunc("/terraform-provider-test/", testHandler)
+	handler.HandleFunc("/terraform-provider-template/", testChecksumHandler)
 
 	return httptest.NewServer(handler)
 }
@@ -222,6 +237,27 @@ func TestProviderInstallerPurgeUnused(t *testing.T) {
 	}
 }
 
+// Test fetching a provider's checksum file while verifying its signature.
+func TestProviderChecksum(t *testing.T) {
+	// we only need the checksum, as getter is doing the actual file comparison.
+	sha256sum, err := getProviderChecksum("template", "0.1.0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// get the expected checksum for our os/arch
+	sumData, err := ioutil.ReadFile("testdata/terraform-provider-template_0.1.0_SHA256SUMS")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := checksumForFile(sumData, providerFileName("template", "0.1.0"))
+
+	if sha256sum != expected {
+		t.Fatalf("expected: %s\ngot %s\n", sha256sum, expected)
+	}
+}
+
 const versionList = `<!DOCTYPE html>
 <html>
 <body>

plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS

@@ -0,0 +1,12 @@
+3c3e7df78b1f0161a3f941c271d5501f7b5e5f2c53738e7a371459712f5d4726  terraform-provider-template_0.1.0_darwin_amd64.zip
+83fefe878e2dfb2ed0a7da1d0eb6e62e4703d3df93ebf22bc12a5f571bb38b7c  terraform-provider-template_0.1.0_freebsd_386.zip
+a19c9268ebf089b63e53b2a476cf21a4f18c52e303673e2219edc0dc8cc25622  terraform-provider-template_0.1.0_freebsd_amd64.zip
+158b0c5ef0f43d47ecf93c313a6d58b398b8df8a10d2fb5dbed3f7ac2b81cee7  terraform-provider-template_0.1.0_freebsd_arm.zip
+27ef86a6d15ddb46903c8733c84b69893e4f088ceb96560c76c876df49bce2f4  terraform-provider-template_0.1.0_linux_386.zip
+7018b681ee2e077588a68e4a2271c49e2da22b149f440ff7a362581ec113e380  terraform-provider-template_0.1.0_linux_amd64.zip
+c810969a5b34e8fc94f7653fd8bb42654cb449c1d3902d8f729d3b1792da99fe  terraform-provider-template_0.1.0_linux_arm.zip
+77b8eca7d33808ec5e1027d83c42824ac9c05f5a4582997c9ae86f4a04d7664b  terraform-provider-template_0.1.0_openbsd_386.zip
+d4d18466c1590fc3cce5efd619b29d6ea4ec113aab97639dc64d1f5652d5c4af  terraform-provider-template_0.1.0_openbsd_amd64.zip
+00be603de6fd573101757842002c0cc53472c44f1cf568d306884009fd80d224  terraform-provider-template_0.1.0_solaris_amd64.zip
+2457a87ae47c383991f31774be8dfb70b7786cfef220497fe2d8b48dfcfe5ca1  terraform-provider-template_0.1.0_windows_386.zip
+38f12267bf26a5754f740e28f445cf015e66f59a89b681564ac45888ebd83ff0  terraform-provider-template_0.1.0_windows_amd64.zip