From 13d835f99634abbcd8616db8615942aed69b79cd Mon Sep 17 00:00:00 2001
From: James Bardin <j.bardin@gmail.com>
Date: Mon, 19 Jun 2017 16:20:10 -0400
Subject: [PATCH] test signature verification

use a published provider's checksum file and signature to check the
verification.
---
 plugin/discovery/get_test.go                  |  36 ++++++++++++++++++
 ...rraform-provider-template_0.1.0_SHA256SUMS |  12 ++++++
 ...orm-provider-template_0.1.0_SHA256SUMS.sig | Bin 0 -> 287 bytes
 3 files changed, 48 insertions(+)
 create mode 100644 plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS
 create mode 100644 plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS.sig

diff --git a/plugin/discovery/get_test.go b/plugin/discovery/get_test.go
index 4cc12dce3..232beed6b 100644
--- a/plugin/discovery/get_test.go
+++ b/plugin/discovery/get_test.go
@@ -22,6 +22,20 @@ func testListingHandler(w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(versionList))
 }
 
+func testChecksumHandler(w http.ResponseWriter, r *http.Request) {
+	// this exact plugin has a signnature and checksum file
+	if r.URL.Path == "/terraform-provider-template/0.1.0/terraform-provider-template_0.1.0_SHA256SUMS" {
+		http.ServeFile(w, r, "testdata/terraform-provider-template_0.1.0_SHA256SUMS")
+		return
+	}
+	if r.URL.Path == "/terraform-provider-template/0.1.0/terraform-provider-template_0.1.0_SHA256SUMS.sig" {
+		http.ServeFile(w, r, "testdata/terraform-provider-template_0.1.0_SHA256SUMS.sig")
+		return
+	}
+
+	http.Error(w, "signtaure files not found", http.StatusNotFound)
+}
+
 // returns a 200 for a valid provider url, using the patch number for the
 // plugin protocol version.
 func testHandler(w http.ResponseWriter, r *http.Request) {
@@ -62,6 +76,7 @@ func testHandler(w http.ResponseWriter, r *http.Request) {
 func testReleaseServer() *httptest.Server {
 	handler := http.NewServeMux()
 	handler.HandleFunc("/terraform-provider-test/", testHandler)
+	handler.HandleFunc("/terraform-provider-template/", testChecksumHandler)
 
 	return httptest.NewServer(handler)
 }
@@ -222,6 +237,27 @@ func TestProviderInstallerPurgeUnused(t *testing.T) {
 	}
 }
 
+// Test fetching a provider's checksum file while verifying its signature.
+func TestProviderChecksum(t *testing.T) {
+	// we only need the checksum, as getter is doing the actual file comparison.
+	sha256sum, err := getProviderChecksum("template", "0.1.0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// get the expected checksum for our os/arch
+	sumData, err := ioutil.ReadFile("testdata/terraform-provider-template_0.1.0_SHA256SUMS")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := checksumForFile(sumData, providerFileName("template", "0.1.0"))
+
+	if sha256sum != expected {
+		t.Fatalf("expected: %s\ngot %s\n", sha256sum, expected)
+	}
+}
+
 const versionList = `<!DOCTYPE html>
 <html>
 <body>
diff --git a/plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS b/plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS
new file mode 100644
index 000000000..d5da59eb6
--- /dev/null
+++ b/plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS
@@ -0,0 +1,12 @@
+3c3e7df78b1f0161a3f941c271d5501f7b5e5f2c53738e7a371459712f5d4726  terraform-provider-template_0.1.0_darwin_amd64.zip
+83fefe878e2dfb2ed0a7da1d0eb6e62e4703d3df93ebf22bc12a5f571bb38b7c  terraform-provider-template_0.1.0_freebsd_386.zip
+a19c9268ebf089b63e53b2a476cf21a4f18c52e303673e2219edc0dc8cc25622  terraform-provider-template_0.1.0_freebsd_amd64.zip
+158b0c5ef0f43d47ecf93c313a6d58b398b8df8a10d2fb5dbed3f7ac2b81cee7  terraform-provider-template_0.1.0_freebsd_arm.zip
+27ef86a6d15ddb46903c8733c84b69893e4f088ceb96560c76c876df49bce2f4  terraform-provider-template_0.1.0_linux_386.zip
+7018b681ee2e077588a68e4a2271c49e2da22b149f440ff7a362581ec113e380  terraform-provider-template_0.1.0_linux_amd64.zip
+c810969a5b34e8fc94f7653fd8bb42654cb449c1d3902d8f729d3b1792da99fe  terraform-provider-template_0.1.0_linux_arm.zip
+77b8eca7d33808ec5e1027d83c42824ac9c05f5a4582997c9ae86f4a04d7664b  terraform-provider-template_0.1.0_openbsd_386.zip
+d4d18466c1590fc3cce5efd619b29d6ea4ec113aab97639dc64d1f5652d5c4af  terraform-provider-template_0.1.0_openbsd_amd64.zip
+00be603de6fd573101757842002c0cc53472c44f1cf568d306884009fd80d224  terraform-provider-template_0.1.0_solaris_amd64.zip
+2457a87ae47c383991f31774be8dfb70b7786cfef220497fe2d8b48dfcfe5ca1  terraform-provider-template_0.1.0_windows_386.zip
+38f12267bf26a5754f740e28f445cf015e66f59a89b681564ac45888ebd83ff0  terraform-provider-template_0.1.0_windows_amd64.zip
diff --git a/plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS.sig b/plugin/discovery/testdata/terraform-provider-template_0.1.0_SHA256SUMS.sig
new file mode 100644
index 0000000000000000000000000000000000000000..30c9937caa31f28c075cf1eccf4b04f7af6ee61e
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0RjL91p-+=;++5r2@p|*Er&FZ{7lQ@2mf96N;HM24A2ay#SxIR
znT*xsWu>Lf>IAb<VxCP)HwLCF+l-EQV-{OE=D0`a{7D=qk1@&6^u*}2#_*!j<RDX<
zs98&>-{-ygZLP!k<be@QxbLc(SGCOVXD$TP-!Xm^M=&$lBDkXI=-=UV3Ox97CRvSa
ztL8rzgQ?|x1mv;7WmZmrT&Dc)(i}GSGLFr3H6H<4TPya@0oQb_+u*>RO))r1<dC^%
z-yU&%M0y1==a@me^(PP;AUOxFd0FFvNQwOdf+WemlCF*06~Ma<>n2RL0dEpRFWz?#
l>7L0X;fF|n^4mg(*Oj73h(dYfdsr+P1gDRxi_}k=(YAS%jdB10

literal 0
HcmV?d00001