From 2d8c9106f74e4ec970f90560b64d08d7e97523ad Mon Sep 17 00:00:00 2001 From: Effi-S Date: Wed, 6 Aug 2025 12:34:44 +0300 Subject: [PATCH 1/8] Added Utils unit tests - envelope and crypto Signed-off-by: Effi-S --- utils/serialization/envelope_wrapper_test.go | 86 +++++++++++++++++ utils/signature/sigtest/crypto.go | 6 ++ utils/signature/sigtest/crypto_test.go | 99 ++++++++++++++++++++ 3 files changed, 191 insertions(+) create mode 100644 utils/serialization/envelope_wrapper_test.go create mode 100644 utils/signature/sigtest/crypto_test.go diff --git a/utils/serialization/envelope_wrapper_test.go b/utils/serialization/envelope_wrapper_test.go new file mode 100644 index 00000000..33cc438d --- /dev/null +++ b/utils/serialization/envelope_wrapper_test.go @@ -0,0 +1,86 @@ +package serialization_test + +import ( + "testing" + + "github.com/hyperledger/fabric-protos-go-apiv2/common" + "github.com/hyperledger/fabric-x-committer/utils/serialization" + "github.com/hyperledger/fabric-x-committer/utils/test" + "github.com/hyperledger/fabric/protoutil" + "github.com/stretchr/testify/require" +) + +// UnwrapEnvelope function with invalid inputs +func TestUnwrapEnvelopeBadInput(t *testing.T) { + t.Run("Not an envelope", func(t *testing.T) { + _, _, err := serialization.UnwrapEnvelope([]byte("invalid input")) + require.Error(t, err) + }) + + t.Run("OK Header with an invalid payload", func(t *testing.T) { + envelope := &common.Envelope{ + Payload: []byte("not-a-payload"), + } + + envelopeBytes := protoutil.MarshalOrPanic(envelope) + + _, _, err := serialization.UnwrapEnvelope(envelopeBytes) + require.Error(t, err) + }) + + t.Run(" OK Payload with a nil Header", func(t *testing.T) { + payload := &common.Payload{ + Header: nil, + Data: []byte("some data"), + } + payloadBytes := protoutil.MarshalOrPanic(payload) + + envelope := &common.Envelope{ + Payload: payloadBytes, + } + envelopeBytes := protoutil.MarshalOrPanic(envelope) + + _, _, err := serialization.UnwrapEnvelope(envelopeBytes) + require.Error(t, err) + }) + + t.Run("OK payload but invalid ChannelHeader", func(t *testing.T) { + header := &common.Header{ + ChannelHeader: []byte("not-a-channel-header"), + } + payload := &common.Payload{ + Header: header, + Data: []byte("some data"), + } + payloadBytes := protoutil.MarshalOrPanic(payload) + + envelope := &common.Envelope{ + Payload: payloadBytes, + } + envelopeBytes := protoutil.MarshalOrPanic(envelope) + + _, _, err := serialization.UnwrapEnvelope(envelopeBytes) + require.Error(t, err) + }) +} + +// Test properly wrapped envelope is unwrapped correctly +func TestUnwrapEnvelopeGoodInput(t *testing.T) { + + // -1- Check unwrap envelope has no error + originalPayload := []byte("test payload") + originalChannelHeader := &common.ChannelHeader{ + ChannelId: "test-channel", + } + originalHeader := &common.Header{ + ChannelHeader: protoutil.MarshalOrPanic(originalChannelHeader), + } + + wrappedEnvelope := serialization.WrapEnvelope(originalPayload, originalHeader) + payload, channelHeader, err := serialization.UnwrapEnvelope(wrappedEnvelope) + + // -2- Check we get the correct Payload & Header + require.NoError(t, err) + require.Equal(t, originalPayload, payload) + test.RequireProtoEqual(t, originalChannelHeader, channelHeader) +} diff --git a/utils/signature/sigtest/crypto.go b/utils/signature/sigtest/crypto.go index 99d2e05d..44cbd4b9 100644 --- a/utils/signature/sigtest/crypto.go +++ b/utils/signature/sigtest/crypto.go @@ -32,10 +32,16 @@ func SerializeVerificationKey(key *ecdsa.PublicKey) ([]byte, error) { // SerializeSigningKey encodes a ECDSA private key into a PEM file. func SerializeSigningKey(key *ecdsa.PrivateKey) ([]byte, error) { + + if key == nil { + return nil, errors.New("key is nil") + } + x509encodedPri, err := x509.MarshalECPrivateKey(key) if err != nil { return nil, errors.Wrap(err, "cannot serialize private key") } + return pem.EncodeToMemory(&pem.Block{ Type: "EC PRIVATE KEY", Bytes: x509encodedPri, diff --git a/utils/signature/sigtest/crypto_test.go b/utils/signature/sigtest/crypto_test.go new file mode 100644 index 00000000..1e4dc70c --- /dev/null +++ b/utils/signature/sigtest/crypto_test.go @@ -0,0 +1,99 @@ +package sigtest + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "fmt" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestSerializeVerificationKey(t *testing.T) { + tests := []struct { + name string + curve elliptic.Curve + wantErr bool + }{ + { + name: "P256", + curve: elliptic.P256(), + }, + { + name: "P384", + curve: elliptic.P384(), + }, + { + name: "P224", + curve: elliptic.P224(), + }, + { + name: "P521", + curve: elliptic.P521(), + }, + + // { + // // ? TODO find an invalid example? + // name: "Invalid input", + // curve: elliptic.(), + // wantErr: true, + // }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + privKey, err := ecdsa.GenerateKey(tt.curve, rand.Reader) + require.NoError(t, err) + + _, err = SerializeVerificationKey(&privKey.PublicKey) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + }) + } +} + +func TestSerializeSigningKey(t *testing.T) { + + // Panic can happen from unwanted side effects when nil and empty Keys are passed + defer func() { + if r := recover(); r != nil { + t.Errorf("SerializeSigningKey() panics: %v", r) + } + }() + + t.Run("Key Empty", func(t *testing.T) { + emptyKey := &ecdsa.PrivateKey{} + _, err := SerializeSigningKey(emptyKey) + require.Error(t, err) + }) + t.Run("Key is nil", func(t *testing.T) { + _, err := SerializeSigningKey(nil) + require.Error(t, err) + }) + + t.Run("Key OK", func(t *testing.T) { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := SerializeSigningKey(privateKey) + fmt.Println(key) + require.NoError(t, err) + }) + +} + +func TestParseSigningKey(t *testing.T) { + t.Run("Key is nil", func(t *testing.T) { + _, err := ParseSigningKey(nil) + require.Error(t, err) + }) + t.Run("Key OK", func(t *testing.T) { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := SerializeSigningKey(privateKey) + require.NoError(t, err) + _, err = ParseSigningKey(key) + require.NoError(t, err) + }) +} From cae9d23c17dfb29f9146318bc795ec4acd704092 Mon Sep 17 00:00:00 2001 From: Effi-S Date: Wed, 6 Aug 2025 12:40:17 +0300 Subject: [PATCH 2/8] Linter Fixes Signed-off-by: Effi-S --- utils/serialization/envelope_wrapper_test.go | 22 ++++++++++++++------ utils/signature/sigtest/crypto.go | 1 - utils/signature/sigtest/crypto_test.go | 19 +++++++++++++---- 3 files changed, 31 insertions(+), 11 deletions(-) diff --git a/utils/serialization/envelope_wrapper_test.go b/utils/serialization/envelope_wrapper_test.go index 33cc438d..264d233f 100644 --- a/utils/serialization/envelope_wrapper_test.go +++ b/utils/serialization/envelope_wrapper_test.go @@ -1,23 +1,32 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ package serialization_test import ( "testing" + "github.com/stretchr/testify/require" + "github.com/hyperledger/fabric-protos-go-apiv2/common" + "github.com/hyperledger/fabric/protoutil" + "github.com/hyperledger/fabric-x-committer/utils/serialization" "github.com/hyperledger/fabric-x-committer/utils/test" - "github.com/hyperledger/fabric/protoutil" - "github.com/stretchr/testify/require" ) -// UnwrapEnvelope function with invalid inputs +// TestUnwrapEnvelopeBadInput tests UnwrapEnvelope function with invalid inputs. func TestUnwrapEnvelopeBadInput(t *testing.T) { t.Run("Not an envelope", func(t *testing.T) { + t.Parallel() _, _, err := serialization.UnwrapEnvelope([]byte("invalid input")) require.Error(t, err) }) t.Run("OK Header with an invalid payload", func(t *testing.T) { + t.Parallel() envelope := &common.Envelope{ Payload: []byte("not-a-payload"), } @@ -29,6 +38,7 @@ func TestUnwrapEnvelopeBadInput(t *testing.T) { }) t.Run(" OK Payload with a nil Header", func(t *testing.T) { + t.Parallel() payload := &common.Payload{ Header: nil, Data: []byte("some data"), @@ -45,6 +55,7 @@ func TestUnwrapEnvelopeBadInput(t *testing.T) { }) t.Run("OK payload but invalid ChannelHeader", func(t *testing.T) { + t.Parallel() header := &common.Header{ ChannelHeader: []byte("not-a-channel-header"), } @@ -64,9 +75,9 @@ func TestUnwrapEnvelopeBadInput(t *testing.T) { }) } -// Test properly wrapped envelope is unwrapped correctly +// TestUnwrapEnvelopeGoodInput Tests properly wrapped envelope is unwrapped correctly. func TestUnwrapEnvelopeGoodInput(t *testing.T) { - + t.Parallel() // -1- Check unwrap envelope has no error originalPayload := []byte("test payload") originalChannelHeader := &common.ChannelHeader{ @@ -75,7 +86,6 @@ func TestUnwrapEnvelopeGoodInput(t *testing.T) { originalHeader := &common.Header{ ChannelHeader: protoutil.MarshalOrPanic(originalChannelHeader), } - wrappedEnvelope := serialization.WrapEnvelope(originalPayload, originalHeader) payload, channelHeader, err := serialization.UnwrapEnvelope(wrappedEnvelope) diff --git a/utils/signature/sigtest/crypto.go b/utils/signature/sigtest/crypto.go index 44cbd4b9..0aa7927d 100644 --- a/utils/signature/sigtest/crypto.go +++ b/utils/signature/sigtest/crypto.go @@ -32,7 +32,6 @@ func SerializeVerificationKey(key *ecdsa.PublicKey) ([]byte, error) { // SerializeSigningKey encodes a ECDSA private key into a PEM file. func SerializeSigningKey(key *ecdsa.PrivateKey) ([]byte, error) { - if key == nil { return nil, errors.New("key is nil") } diff --git a/utils/signature/sigtest/crypto_test.go b/utils/signature/sigtest/crypto_test.go index 1e4dc70c..257d05c8 100644 --- a/utils/signature/sigtest/crypto_test.go +++ b/utils/signature/sigtest/crypto_test.go @@ -1,16 +1,21 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ package sigtest import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" - "fmt" "testing" "github.com/stretchr/testify/require" ) func TestSerializeVerificationKey(t *testing.T) { + t.Parallel() tests := []struct { name string curve elliptic.Curve @@ -43,6 +48,7 @@ func TestSerializeVerificationKey(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + t.Parallel() privKey, err := ecdsa.GenerateKey(tt.curve, rand.Reader) require.NoError(t, err) @@ -57,7 +63,6 @@ func TestSerializeVerificationKey(t *testing.T) { } func TestSerializeSigningKey(t *testing.T) { - // Panic can happen from unwanted side effects when nil and empty Keys are passed defer func() { if r := recover(); r != nil { @@ -66,31 +71,37 @@ func TestSerializeSigningKey(t *testing.T) { }() t.Run("Key Empty", func(t *testing.T) { + t.Parallel() emptyKey := &ecdsa.PrivateKey{} _, err := SerializeSigningKey(emptyKey) require.Error(t, err) }) t.Run("Key is nil", func(t *testing.T) { + t.Parallel() _, err := SerializeSigningKey(nil) require.Error(t, err) }) t.Run("Key OK", func(t *testing.T) { + t.Parallel() privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + require.NoError(t, err) key, err := SerializeSigningKey(privateKey) - fmt.Println(key) + require.NotNil(t, key) require.NoError(t, err) }) - } func TestParseSigningKey(t *testing.T) { t.Run("Key is nil", func(t *testing.T) { + t.Parallel() _, err := ParseSigningKey(nil) require.Error(t, err) }) t.Run("Key OK", func(t *testing.T) { + t.Parallel() privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + require.NoError(t, err) key, err := SerializeSigningKey(privateKey) require.NoError(t, err) _, err = ParseSigningKey(key) From 4929276c63aa34e232228e80b4474bfcad7165b5 Mon Sep 17 00:00:00 2001 From: Effi-S <57197982+Effi-S@users.noreply.github.com> Date: Thu, 7 Aug 2025 14:06:30 +0300 Subject: [PATCH 3/8] Update utils/serialization/envelope_wrapper_test.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Effi-S <57197982+Effi-S@users.noreply.github.com> --- utils/serialization/envelope_wrapper_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/serialization/envelope_wrapper_test.go b/utils/serialization/envelope_wrapper_test.go index 264d233f..72c646d2 100644 --- a/utils/serialization/envelope_wrapper_test.go +++ b/utils/serialization/envelope_wrapper_test.go @@ -37,7 +37,7 @@ func TestUnwrapEnvelopeBadInput(t *testing.T) { require.Error(t, err) }) - t.Run(" OK Payload with a nil Header", func(t *testing.T) { + t.Run("OK Payload with a nil Header", func(t *testing.T) { t.Parallel() payload := &common.Payload{ Header: nil, From 914f0f8a897a1343cc29405d43b99832b6fac53b Mon Sep 17 00:00:00 2001 From: Effi-S <57197982+Effi-S@users.noreply.github.com> Date: Thu, 7 Aug 2025 14:07:05 +0300 Subject: [PATCH 4/8] Update utils/signature/sigtest/crypto_test.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Effi-S <57197982+Effi-S@users.noreply.github.com> --- utils/signature/sigtest/crypto_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/signature/sigtest/crypto_test.go b/utils/signature/sigtest/crypto_test.go index 257d05c8..2b95750a 100644 --- a/utils/signature/sigtest/crypto_test.go +++ b/utils/signature/sigtest/crypto_test.go @@ -39,7 +39,7 @@ func TestSerializeVerificationKey(t *testing.T) { }, // { - // // ? TODO find an invalid example? + // // TODO: find an invalid example? // name: "Invalid input", // curve: elliptic.(), // wantErr: true, From 4df6db617ffb762cc1f05be5b6c0ff2ed3ca5c9d Mon Sep 17 00:00:00 2001 From: Effi-S Date: Wed, 29 Oct 2025 14:38:39 +0200 Subject: [PATCH 5/8] Updated changes to reflect upstream repo Signed-off-by: Effi-S --- utils/serialization/envelope.go | 9 ++ utils/serialization/envelope_wrapper_test.go | 110 +++++++++++++++++++ utils/signature/sigtest/crypto.go | 5 + utils/signature/sigtest/crypto_test.go | 110 +++++++++++++++++++ 4 files changed, 234 insertions(+) create mode 100644 utils/serialization/envelope_wrapper_test.go create mode 100644 utils/signature/sigtest/crypto_test.go diff --git a/utils/serialization/envelope.go b/utils/serialization/envelope.go index f105a5da..0926e0ba 100644 --- a/utils/serialization/envelope.go +++ b/utils/serialization/envelope.go @@ -29,10 +29,19 @@ func UnwrapEnvelope(message []byte) ([]byte, *common.ChannelHeader, error) { // ParseEnvelope parse the envelope content. func ParseEnvelope(envelope *common.Envelope) (*common.Payload, *common.ChannelHeader, error) { + if envelope == nil { + return nil, nil, errors.New("nil envelope") + } + payload, err := protoutil.UnmarshalPayload(envelope.Payload) if err != nil { return nil, nil, errors.Wrap(err, "error unmarshaling payload") } + + if payload.Header == nil { // Will panic if payload.Header is nil + return nil, nil, errors.New("nil payload header") + } + channelHdr, err := protoutil.UnmarshalChannelHeader(payload.Header.ChannelHeader) if err != nil { return nil, nil, errors.Wrap(err, "error unmarshaling channel header") diff --git a/utils/serialization/envelope_wrapper_test.go b/utils/serialization/envelope_wrapper_test.go new file mode 100644 index 00000000..4bc384d5 --- /dev/null +++ b/utils/serialization/envelope_wrapper_test.go @@ -0,0 +1,110 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ +package serialization_test + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/hyperledger/fabric-protos-go-apiv2/common" + "github.com/hyperledger/fabric-x-common/protoutil" + + "github.com/hyperledger/fabric-x-committer/utils/serialization" + "github.com/hyperledger/fabric-x-committer/utils/test" +) + +// TestUnwrapEnvelopeBadInput tests UnwrapEnvelope function with invalid inputs. +func TestUnwrapEnvelopeBadInput(t *testing.T) { + t.Parallel() + t.Run("Not an envelope", func(t *testing.T) { + t.Parallel() + _, _, err := serialization.UnwrapEnvelope([]byte("invalid input")) + require.Error(t, err) + }) + + t.Run("OK Header with an invalid payload", func(t *testing.T) { + t.Parallel() + envelope := &common.Envelope{ + Payload: []byte("not-a-payload"), + } + + envelopeBytes := protoutil.MarshalOrPanic(envelope) + + _, _, err := serialization.UnwrapEnvelope(envelopeBytes) + require.Error(t, err) + }) + + t.Run("OK Payload with a nil Header", func(t *testing.T) { + t.Parallel() + payload := &common.Payload{ + Header: nil, + Data: []byte("some data"), + } + + payloadBytes := protoutil.MarshalOrPanic(payload) + envelope := &common.Envelope{ + Payload: payloadBytes, + } + + envelopeBytes := protoutil.MarshalOrPanic(envelope) + + _, _, err := serialization.UnwrapEnvelope(envelopeBytes) + require.Error(t, err) + }) + + t.Run("OK payload but invalid ChannelHeader", func(t *testing.T) { + t.Parallel() + header := &common.Header{ + ChannelHeader: []byte("not-a-channel-header"), + } + payload := &common.Payload{ + Header: header, + Data: []byte("some data"), + } + payloadBytes := protoutil.MarshalOrPanic(payload) + + envelope := &common.Envelope{ + Payload: payloadBytes, + } + envelopeBytes := protoutil.MarshalOrPanic(envelope) + + _, _, err := serialization.UnwrapEnvelope(envelopeBytes) + require.Error(t, err) + }) +} + +// TestUnwrapEnvelopeGoodInput Tests properly wrapped envelope is unwrapped correctly. +func TestUnwrapEnvelopeGoodInput(t *testing.T) { + t.Parallel() + originalPayload := []byte("test payload") + + originalChannelHeader := &common.ChannelHeader{ + ChannelId: "test-channel", + } + + originalHeader := &common.Header{ + ChannelHeader: protoutil.MarshalOrPanic(originalChannelHeader), + } + + // Wrap + wrappedEnvelope := protoutil.MarshalOrPanic(&common.Envelope{ + Payload: protoutil.MarshalOrPanic(&common.Payload{ + Header: originalHeader, + Data: originalPayload, + }), + }) + + // Unwrap + payload, channelHeader, err := serialization.UnwrapEnvelope(wrappedEnvelope) + + // -Check 1- Check unwrap envelope has no error + require.NoError(t, err) + + // -Check 2- Check we get the correct Payload & Header + require.Equal(t, originalPayload, payload) + test.RequireProtoEqual(t, originalChannelHeader, channelHeader) +} diff --git a/utils/signature/sigtest/crypto.go b/utils/signature/sigtest/crypto.go index 99d2e05d..0aa7927d 100644 --- a/utils/signature/sigtest/crypto.go +++ b/utils/signature/sigtest/crypto.go @@ -32,10 +32,15 @@ func SerializeVerificationKey(key *ecdsa.PublicKey) ([]byte, error) { // SerializeSigningKey encodes a ECDSA private key into a PEM file. func SerializeSigningKey(key *ecdsa.PrivateKey) ([]byte, error) { + if key == nil { + return nil, errors.New("key is nil") + } + x509encodedPri, err := x509.MarshalECPrivateKey(key) if err != nil { return nil, errors.Wrap(err, "cannot serialize private key") } + return pem.EncodeToMemory(&pem.Block{ Type: "EC PRIVATE KEY", Bytes: x509encodedPri, diff --git a/utils/signature/sigtest/crypto_test.go b/utils/signature/sigtest/crypto_test.go new file mode 100644 index 00000000..2b95750a --- /dev/null +++ b/utils/signature/sigtest/crypto_test.go @@ -0,0 +1,110 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ +package sigtest + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestSerializeVerificationKey(t *testing.T) { + t.Parallel() + tests := []struct { + name string + curve elliptic.Curve + wantErr bool + }{ + { + name: "P256", + curve: elliptic.P256(), + }, + { + name: "P384", + curve: elliptic.P384(), + }, + { + name: "P224", + curve: elliptic.P224(), + }, + { + name: "P521", + curve: elliptic.P521(), + }, + + // { + // // TODO: find an invalid example? + // name: "Invalid input", + // curve: elliptic.(), + // wantErr: true, + // }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + privKey, err := ecdsa.GenerateKey(tt.curve, rand.Reader) + require.NoError(t, err) + + _, err = SerializeVerificationKey(&privKey.PublicKey) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + }) + } +} + +func TestSerializeSigningKey(t *testing.T) { + // Panic can happen from unwanted side effects when nil and empty Keys are passed + defer func() { + if r := recover(); r != nil { + t.Errorf("SerializeSigningKey() panics: %v", r) + } + }() + + t.Run("Key Empty", func(t *testing.T) { + t.Parallel() + emptyKey := &ecdsa.PrivateKey{} + _, err := SerializeSigningKey(emptyKey) + require.Error(t, err) + }) + t.Run("Key is nil", func(t *testing.T) { + t.Parallel() + _, err := SerializeSigningKey(nil) + require.Error(t, err) + }) + + t.Run("Key OK", func(t *testing.T) { + t.Parallel() + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + require.NoError(t, err) + key, err := SerializeSigningKey(privateKey) + require.NotNil(t, key) + require.NoError(t, err) + }) +} + +func TestParseSigningKey(t *testing.T) { + t.Run("Key is nil", func(t *testing.T) { + t.Parallel() + _, err := ParseSigningKey(nil) + require.Error(t, err) + }) + t.Run("Key OK", func(t *testing.T) { + t.Parallel() + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + require.NoError(t, err) + key, err := SerializeSigningKey(privateKey) + require.NoError(t, err) + _, err = ParseSigningKey(key) + require.NoError(t, err) + }) +} From 1c0050ccd1c48660a7b9f5d89d39f7a20a2a2e13 Mon Sep 17 00:00:00 2001 From: Effi-S Date: Wed, 29 Oct 2025 14:48:26 +0200 Subject: [PATCH 6/8] Added Review suggestions from https://github.com/hyperledger/fabric-x-committer/pull/103/commits/a9067e9d6e6c50c686e50a8391145df2e08b428b#diff-54cff32e590e50ad2a514477b29d5e1229160034bc7345b03b2f539e5de01746 Signed-off-by: Effi-S --- utils/signature/sigtest/crypto.go | 3 +++ utils/signature/sigtest/crypto_test.go | 8 ++------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/utils/signature/sigtest/crypto.go b/utils/signature/sigtest/crypto.go index 0aa7927d..f93b4538 100644 --- a/utils/signature/sigtest/crypto.go +++ b/utils/signature/sigtest/crypto.go @@ -20,6 +20,9 @@ import ( // SerializeVerificationKey encodes a ECDSA public key into a PEM file. func SerializeVerificationKey(key *ecdsa.PublicKey) ([]byte, error) { + if key == nil { + return nil, errors.New("key is nil") + } x509encodedPub, err := x509.MarshalPKIXPublicKey(key) if err != nil { return nil, errors.Wrap(err, "cannot serialize public key") diff --git a/utils/signature/sigtest/crypto_test.go b/utils/signature/sigtest/crypto_test.go index 2b95750a..b7121c1b 100644 --- a/utils/signature/sigtest/crypto_test.go +++ b/utils/signature/sigtest/crypto_test.go @@ -63,12 +63,7 @@ func TestSerializeVerificationKey(t *testing.T) { } func TestSerializeSigningKey(t *testing.T) { - // Panic can happen from unwanted side effects when nil and empty Keys are passed - defer func() { - if r := recover(); r != nil { - t.Errorf("SerializeSigningKey() panics: %v", r) - } - }() + t.Parallel() t.Run("Key Empty", func(t *testing.T) { t.Parallel() @@ -93,6 +88,7 @@ func TestSerializeSigningKey(t *testing.T) { } func TestParseSigningKey(t *testing.T) { + t.Parallel() t.Run("Key is nil", func(t *testing.T) { t.Parallel() _, err := ParseSigningKey(nil) From 83580c103711dba865b7d9e3e693a3cbfb6c17bc Mon Sep 17 00:00:00 2001 From: Effi-S Date: Wed, 29 Oct 2025 16:07:34 +0200 Subject: [PATCH 7/8] combined and into Signed-off-by: Effi-S --- utils/signature/sigtest/crypto_test.go | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/utils/signature/sigtest/crypto_test.go b/utils/signature/sigtest/crypto_test.go index b7121c1b..0dc9dc03 100644 --- a/utils/signature/sigtest/crypto_test.go +++ b/utils/signature/sigtest/crypto_test.go @@ -14,6 +14,7 @@ import ( "github.com/stretchr/testify/require" ) +// TODO: Combine into 1 single tests for signing and verifying keys func TestSerializeVerificationKey(t *testing.T) { t.Parallel() tests := []struct { @@ -62,7 +63,7 @@ func TestSerializeVerificationKey(t *testing.T) { } } -func TestSerializeSigningKey(t *testing.T) { +func TestSerializeAndParseSigningKey(t *testing.T) { t.Parallel() t.Run("Key Empty", func(t *testing.T) { @@ -84,22 +85,6 @@ func TestSerializeSigningKey(t *testing.T) { key, err := SerializeSigningKey(privateKey) require.NotNil(t, key) require.NoError(t, err) - }) -} - -func TestParseSigningKey(t *testing.T) { - t.Parallel() - t.Run("Key is nil", func(t *testing.T) { - t.Parallel() - _, err := ParseSigningKey(nil) - require.Error(t, err) - }) - t.Run("Key OK", func(t *testing.T) { - t.Parallel() - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - require.NoError(t, err) - key, err := SerializeSigningKey(privateKey) - require.NoError(t, err) _, err = ParseSigningKey(key) require.NoError(t, err) }) From de8fa775bc79a3acf708ab113fef8331bd8a453d Mon Sep 17 00:00:00 2001 From: Effi-S Date: Wed, 29 Oct 2025 16:11:35 +0200 Subject: [PATCH 8/8] combined TestSerializeSigningKey and TestParseSigningKey into TestSerializeAndParseSigningKey Signed-off-by: Effi-S --- utils/signature/sigtest/crypto_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/signature/sigtest/crypto_test.go b/utils/signature/sigtest/crypto_test.go index 0dc9dc03..25990ce6 100644 --- a/utils/signature/sigtest/crypto_test.go +++ b/utils/signature/sigtest/crypto_test.go @@ -14,7 +14,6 @@ import ( "github.com/stretchr/testify/require" ) -// TODO: Combine into 1 single tests for signing and verifying keys func TestSerializeVerificationKey(t *testing.T) { t.Parallel() tests := []struct {