// EmptyCryptoServiceInterfaceBehaviorTests tests expected behavior for
// an empty signed.CryptoService:
// 1. Getting the public key of a key that doesn't exist should fail
// 2. Listing an empty cryptoservice returns no keys
// 3. Removing a non-existent key succeeds (no-op)
func EmptyCryptoServiceInterfaceBehaviorTests(t *testing.T, empty signed.CryptoService) {
for _, role := range append(data.BaseRoles, "targets/delegation", "invalid") {
keys := empty.ListKeys(role)
require.Len(t, keys, 0)
}
keys := empty.ListAllKeys()
require.Len(t, keys, 0)
require.NoError(t, empty.RemoveKey("nonexistent"))
require.Nil(t, empty.GetKey("nonexistent"))
k, role, err := empty.GetPrivateKey("nonexistent")
require.Error(t, err)
require.Nil(t, k)
require.Equal(t, "", role)
}
// The signer does not yet support listing keys or tracking roles, so skip those parts of this test if we're testing
// the signer
func testListKeys(t *testing.T, cs signed.CryptoService, expectedRolesToKeys map[string]string) {
for _, role := range append(data.BaseRoles, "targets/delegation", "invalid") {
keys := cs.ListKeys(role)
if keyID, ok := expectedRolesToKeys[role]; ok {
require.Len(t, keys, 1)
require.Equal(t, keyID, keys[0])
} else {
require.Len(t, keys, 0)
}
}
keys := cs.ListAllKeys()
require.Len(t, keys, len(expectedRolesToKeys))
for role, keyID := range expectedRolesToKeys {
require.Equal(t, role, keys[keyID])
}
}