| 1 | // SPDX-License-Identifier: AGPL-3.0-or-later |
| 2 | |
| 3 | package webhook |
| 4 | |
| 5 | import "testing" |
| 6 | |
| 7 | func TestSignAndVerifyRoundtrip(t *testing.T) { |
| 8 | secret := []byte("super-secret") |
| 9 | body := []byte(`{"hello":"world"}`) |
| 10 | |
| 11 | sig := SignSHA256(secret, body) |
| 12 | if !VerifySHA256(secret, body, sig) { |
| 13 | t.Fatalf("VerifySHA256 returned false on a freshly signed body") |
| 14 | } |
| 15 | } |
| 16 | |
| 17 | func TestVerifyRejectsTamperedBody(t *testing.T) { |
| 18 | secret := []byte("super-secret") |
| 19 | body := []byte(`{"hello":"world"}`) |
| 20 | sig := SignSHA256(secret, body) |
| 21 | |
| 22 | tampered := []byte(`{"hello":"WORLD"}`) |
| 23 | if VerifySHA256(secret, tampered, sig) { |
| 24 | t.Fatalf("VerifySHA256 accepted tampered body") |
| 25 | } |
| 26 | } |
| 27 | |
| 28 | func TestVerifyRejectsWrongSecret(t *testing.T) { |
| 29 | body := []byte(`{"x":1}`) |
| 30 | sig := SignSHA256([]byte("alice"), body) |
| 31 | if VerifySHA256([]byte("bob"), body, sig) { |
| 32 | t.Fatalf("VerifySHA256 accepted wrong secret") |
| 33 | } |
| 34 | } |
| 35 | |
| 36 | func TestSignaturePrefix(t *testing.T) { |
| 37 | sig := SignSHA256([]byte("k"), []byte("v")) |
| 38 | if got := sig[:7]; got != "sha256=" { |
| 39 | t.Fatalf("signature prefix = %q; want %q", got, "sha256=") |
| 40 | } |
| 41 | } |
| 42 |