From 3eed1fa75554bcdc07dd3b351a3052949cfc200d Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 12 May 2025 08:35:20 +0200 Subject: [PATCH 1/3] [ingest] ensure C4GH keylist is not empty on startup. --- sda/cmd/ingest/ingest.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sda/cmd/ingest/ingest.go b/sda/cmd/ingest/ingest.go index 6c66889fb..c864df608 100644 --- a/sda/cmd/ingest/ingest.go +++ b/sda/cmd/ingest/ingest.go @@ -8,6 +8,7 @@ import ( "crypto/sha256" "encoding/hex" "encoding/json" + "errors" "fmt" "io" "os" @@ -75,10 +76,9 @@ func main() { panic(err) } app.ArchiveKeyList, err = config.GetC4GHprivateKeys() - if err != nil { - log.Error(err) + if err != nil || len(app.ArchiveKeyList) == 0 { sigc <- syscall.SIGINT - panic(err) + panic(errors.New("no C4GH private keys configured")) } app.Archive, err = storage.NewBackend(app.Conf.Archive) if err != nil { From 3abd66bf7f3d724c8d73d00a25e56fa97f322fdc Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 12 May 2025 08:44:57 +0200 Subject: [PATCH 2/3] [ingest-test] check for empty C4GH key list --- sda/cmd/ingest/ingest_test.go | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/sda/cmd/ingest/ingest_test.go b/sda/cmd/ingest/ingest_test.go index bd647a2e9..c2e391e40 100644 --- a/sda/cmd/ingest/ingest_test.go +++ b/sda/cmd/ingest/ingest_test.go @@ -169,13 +169,18 @@ type TestSuite struct { filePath string pubKeyList [][32]byte ingest Ingest + tempDir string } func (ts *TestSuite) SetupSuite() { + var err error viper.Set("log.level", "debug") - tempDir := ts.T().TempDir() - keyFile1 := fmt.Sprintf("%s/c4gh1.key", tempDir) - keyFile2 := fmt.Sprintf("%s/c4gh2.key", tempDir) + ts.tempDir, err = os.MkdirTemp("", "c4gh-keys") + if err != nil { + ts.FailNow("Failed to create temp directory") + } + keyFile1 := fmt.Sprintf("%s/c4gh1.key", ts.tempDir) + keyFile2 := fmt.Sprintf("%s/c4gh2.key", ts.tempDir) publicKey, err := helper.CreatePrivateKeyFile(keyFile1, "test") if err != nil { @@ -237,6 +242,7 @@ func (ts *TestSuite) SetupSuite() { func (ts *TestSuite) TearDownSuite() { _ = os.RemoveAll(ts.ingest.Conf.Archive.Posix.Location) _ = os.RemoveAll(ts.ingest.Conf.Inbox.Posix.Location) + _ = os.RemoveAll(ts.tempDir) } func (ts *TestSuite) SetupTest() { @@ -295,6 +301,11 @@ func (ts *TestSuite) SetupTest() { if err != nil { ts.FailNow("failed to setup inbox backend") } + + viper.Set("c4gh.privateKeys", []config.C4GHprivateKeyConf{ + {FilePath: filepath.Join(ts.tempDir, "c4gh1.key"), Passphrase: "test"}, + {FilePath: filepath.Join(ts.tempDir, "c4gh2.key"), Passphrase: "test"}, + }) } func (ts *TestSuite) TestTryDecrypt_wrongFile() { tempDir := ts.T().TempDir() @@ -345,6 +356,7 @@ func (ts *TestSuite) TestTryDecrypt() { privateKeys, err := config.GetC4GHprivateKeys() assert.NoError(ts.T(), err) + assert.Equal(ts.T(), 2, len(privateKeys)) for i, key := range privateKeys { header, err := tryDecrypt(key, buf) @@ -353,7 +365,7 @@ func (ts *TestSuite) TestTryDecrypt() { assert.NoError(ts.T(), err) assert.NotNil(ts.T(), header) default: - assert.Contains(ts.T(), err.Error(), "could not find matching public key heade") + assert.Contains(ts.T(), err.Error(), "could not find matching public key header") assert.Nil(ts.T(), header) } } @@ -723,3 +735,9 @@ func (ts *TestSuite) TestIngestFile_missingFile() { assert.Equal(ts.T(), "ack", ts.ingest.ingestFile(corrID, message)) } +func (ts *TestSuite) TestDetectMisingC4GHKeys() { + viper.Set("c4gh.privateKeys", "") + privateKeys, err := config.GetC4GHprivateKeys() + assert.NoError(ts.T(), err) + assert.Equal(ts.T(), 0, len(privateKeys)) +} From 69f7594d38615d376b6a9e3cdc67b8e068f5372f Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 12 May 2025 08:46:15 +0200 Subject: [PATCH 3/3] [verify] ensure C4GH keylist is not empty on startup. --- sda/cmd/verify/verify.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sda/cmd/verify/verify.go b/sda/cmd/verify/verify.go index 908a2546a..53c3623f6 100644 --- a/sda/cmd/verify/verify.go +++ b/sda/cmd/verify/verify.go @@ -41,8 +41,8 @@ func main() { log.Fatal(err) } archiveKeyList, err := config.GetC4GHprivateKeys() - if err != nil { - log.Fatal(err) + if err != nil || len(archiveKeyList) == 0 { + log.Fatal("no C4GH private keys configured") } defer mq.Channel.Close()