Open jku opened 3 weeks ago
So I guess we should write a single parametrized test (or one test for the keys mentioned in specification, another for additional keys) that
We could add more pre-generated keys to repository_simulator.py
(like RSA_PKCS_SIGNERS
) so at least the keys are ready in case we decide to use them in more than one test.
maybe an additional test: use an incorrect but supported key like ecdsa-sha2-nistp256
but have the metadata claim that it's ecdsa-sha2-nistp521
. I think a client should fail this even though it could parse the public key and correctly handle it: as it looks like the repository is trying to mislead a human reader.
I've got an initial test in #167
Status:
The only obstacles are:
--expected-failures
should work fine but we may want to make it more ergonomic before adding a dozen tests that someone will need to set to xfail (see https://github.com/theupdateframework/tuf-conformance/issues/33#issuecomment-2310051042 for a possible solution)
We should use a default keytype in most tests (currently RSA, ecdsa maybe makes sense after #155). In addition we should have specific tests for support of various other keytypes. Specification does not really require support for any specific keys but these are mentioned in spec:
We should definitely test these.