Fix key marshalling

Author: pappz

client/internal/updatemanager/sign/key.go

@@ -27,6 +27,27 @@ func computeKeyID(pub ed25519.PublicKey) KeyID {
 	return id
 }
 
+// UnmarshalJSON implements json.Unmarshaler for KeyID
+func (k *KeyID) UnmarshalJSON(data []byte) error {
+	var s string
+	if err := json.Unmarshal(data, &s); err != nil {
+		return err
+	}
+
+	parsed, err := ParseKeyID(s)
+	if err != nil {
+		return err
+	}
+
+	*k = parsed
+	return nil
+}
+
+// MarshalJSON implements json.Marshaler for KeyID
+func (k KeyID) MarshalJSON() ([]byte, error) {
+	return json.Marshal(k.String())
+}
+
 // ParseKeyID parses a hex string (16 hex chars = 8 bytes) into a KeyID.
 func ParseKeyID(s string) (KeyID, error) {
 	var id KeyID

client/internal/updatemanager/sign/signature_test.go

@@ -0,0 +1,277 @@
+package sign
+
+import (
+	"encoding/json"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestParseSignature_Valid(t *testing.T) {
+	timestamp := time.Date(2024, 1, 15, 10, 30, 0, 0, time.UTC)
+	keyID, err := ParseKeyID("0123456789abcdef")
+	require.NoError(t, err)
+
+	signatureData := []byte{0x01, 0x02, 0x03, 0x04}
+
+	jsonData, err := json.Marshal(Signature{
+		Signature: signatureData,
+		Timestamp: timestamp,
+		KeyID:     keyID,
+		Algorithm: "ed25519",
+		HashAlgo:  "blake2s",
+	})
+	require.NoError(t, err)
+
+	sig, err := ParseSignature(jsonData)
+	require.NoError(t, err)
+	assert.NotNil(t, sig)
+	assert.Equal(t, signatureData, sig.Signature)
+	assert.Equal(t, timestamp.Unix(), sig.Timestamp.Unix())
+	assert.Equal(t, keyID, sig.KeyID)
+	assert.Equal(t, "ed25519", sig.Algorithm)
+	assert.Equal(t, "blake2s", sig.HashAlgo)
+}
+
+func TestParseSignature_InvalidJSON(t *testing.T) {
+	invalidJSON := []byte(`{invalid json}`)
+
+	sig, err := ParseSignature(invalidJSON)
+	assert.Error(t, err)
+	assert.Nil(t, sig)
+}
+
+func TestParseSignature_EmptyData(t *testing.T) {
+	emptyJSON := []byte(`{}`)
+
+	sig, err := ParseSignature(emptyJSON)
+	require.NoError(t, err)
+	assert.NotNil(t, sig)
+	assert.Empty(t, sig.Signature)
+	assert.True(t, sig.Timestamp.IsZero())
+	assert.Equal(t, KeyID{}, sig.KeyID)
+	assert.Empty(t, sig.Algorithm)
+	assert.Empty(t, sig.HashAlgo)
+}
+
+func TestParseSignature_MissingFields(t *testing.T) {
+	// JSON with only some fields
+	partialJSON := []byte(`{
+		"signature": "AQIDBA==",
+		"algorithm": "ed25519"
+	}`)
+
+	sig, err := ParseSignature(partialJSON)
+	require.NoError(t, err)
+	assert.NotNil(t, sig)
+	assert.NotEmpty(t, sig.Signature)
+	assert.Equal(t, "ed25519", sig.Algorithm)
+	assert.True(t, sig.Timestamp.IsZero())
+}
+
+func TestSignature_MarshalUnmarshal_Roundtrip(t *testing.T) {
+	timestamp := time.Date(2024, 6, 20, 14, 45, 30, 0, time.UTC)
+	keyID, err := ParseKeyID("fedcba9876543210")
+	require.NoError(t, err)
+
+	original := Signature{
+		Signature: []byte{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe},
+		Timestamp: timestamp,
+		KeyID:     keyID,
+		Algorithm: "ed25519",
+		HashAlgo:  "sha512",
+	}
+
+	// Marshal
+	jsonData, err := json.Marshal(original)
+	require.NoError(t, err)
+
+	// Unmarshal
+	parsed, err := ParseSignature(jsonData)
+	require.NoError(t, err)
+
+	// Verify
+	assert.Equal(t, original.Signature, parsed.Signature)
+	assert.Equal(t, original.Timestamp.Unix(), parsed.Timestamp.Unix())
+	assert.Equal(t, original.KeyID, parsed.KeyID)
+	assert.Equal(t, original.Algorithm, parsed.Algorithm)
+	assert.Equal(t, original.HashAlgo, parsed.HashAlgo)
+}
+
+func TestSignature_NilSignatureBytes(t *testing.T) {
+	timestamp := time.Now().UTC()
+	keyID, err := ParseKeyID("0011223344556677")
+	require.NoError(t, err)
+
+	sig := Signature{
+		Signature: nil,
+		Timestamp: timestamp,
+		KeyID:     keyID,
+		Algorithm: "ed25519",
+		HashAlgo:  "blake2s",
+	}
+
+	jsonData, err := json.Marshal(sig)
+	require.NoError(t, err)
+
+	parsed, err := ParseSignature(jsonData)
+	require.NoError(t, err)
+	assert.Nil(t, parsed.Signature)
+}
+
+func TestSignature_LargeSignature(t *testing.T) {
+	timestamp := time.Now().UTC()
+	keyID, err := ParseKeyID("aabbccddeeff0011")
+	require.NoError(t, err)
+
+	// Create a large signature (64 bytes for ed25519)
+	largeSignature := make([]byte, 64)
+	for i := range largeSignature {
+		largeSignature[i] = byte(i)
+	}
+
+	sig := Signature{
+		Signature: largeSignature,
+		Timestamp: timestamp,
+		KeyID:     keyID,
+		Algorithm: "ed25519",
+		HashAlgo:  "blake2s",
+	}
+
+	jsonData, err := json.Marshal(sig)
+	require.NoError(t, err)
+
+	parsed, err := ParseSignature(jsonData)
+	require.NoError(t, err)
+	assert.Equal(t, largeSignature, parsed.Signature)
+}
+
+func TestSignature_WithDifferentHashAlgorithms(t *testing.T) {
+	tests := []struct {
+		name     string
+		hashAlgo string
+	}{
+		{"blake2s", "blake2s"},
+		{"sha512", "sha512"},
+		{"sha256", "sha256"},
+		{"empty", ""},
+	}
+
+	keyID, err := ParseKeyID("1122334455667788")
+	require.NoError(t, err)
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			sig := Signature{
+				Signature: []byte{0x01, 0x02},
+				Timestamp: time.Now().UTC(),
+				KeyID:     keyID,
+				Algorithm: "ed25519",
+				HashAlgo:  tt.hashAlgo,
+			}
+
+			jsonData, err := json.Marshal(sig)
+			require.NoError(t, err)
+
+			parsed, err := ParseSignature(jsonData)
+			require.NoError(t, err)
+			assert.Equal(t, tt.hashAlgo, parsed.HashAlgo)
+		})
+	}
+}
+
+func TestSignature_TimestampPrecision(t *testing.T) {
+	// Test that timestamp preserves precision through JSON marshaling
+	timestamp := time.Date(2024, 3, 15, 10, 30, 45, 123456789, time.UTC)
+	keyID, err := ParseKeyID("8877665544332211")
+	require.NoError(t, err)
+
+	sig := Signature{
+		Signature: []byte{0xaa, 0xbb},
+		Timestamp: timestamp,
+		KeyID:     keyID,
+		Algorithm: "ed25519",
+		HashAlgo:  "blake2s",
+	}
+
+	jsonData, err := json.Marshal(sig)
+	require.NoError(t, err)
+
+	parsed, err := ParseSignature(jsonData)
+	require.NoError(t, err)
+
+	// JSON timestamps typically have second or millisecond precision
+	// so we check that at least seconds match
+	assert.Equal(t, timestamp.Unix(), parsed.Timestamp.Unix())
+}
+
+func TestParseSignature_MalformedKeyID(t *testing.T) {
+	// Test with a malformed KeyID field
+	malformedJSON := []byte(`{
+		"signature": "AQID",
+		"timestamp": "2024-01-15T10:30:00Z",
+		"key_id": "invalid_keyid_format",
+		"algorithm": "ed25519",
+		"hash_algo": "blake2s"
+	}`)
+
+	// This should fail since "invalid_keyid_format" is not a valid KeyID
+	sig, err := ParseSignature(malformedJSON)
+	assert.Error(t, err)
+	assert.Nil(t, sig)
+}
+
+func TestParseSignature_InvalidTimestamp(t *testing.T) {
+	// Test with an invalid timestamp format
+	invalidTimestampJSON := []byte(`{
+		"signature": "AQID",
+		"timestamp": "not-a-timestamp",
+		"key_id": "0123456789abcdef",
+		"algorithm": "ed25519",
+		"hash_algo": "blake2s"
+	}`)
+
+	sig, err := ParseSignature(invalidTimestampJSON)
+	assert.Error(t, err)
+	assert.Nil(t, sig)
+}
+
+func TestSignature_ZeroKeyID(t *testing.T) {
+	// Test with a zero KeyID
+	sig := Signature{
+		Signature: []byte{0x01, 0x02, 0x03},
+		Timestamp: time.Now().UTC(),
+		KeyID:     KeyID{},
+		Algorithm: "ed25519",
+		HashAlgo:  "blake2s",
+	}
+
+	jsonData, err := json.Marshal(sig)
+	require.NoError(t, err)
+
+	parsed, err := ParseSignature(jsonData)
+	require.NoError(t, err)
+	assert.Equal(t, KeyID{}, parsed.KeyID)
+}
+
+func TestParseSignature_ExtraFields(t *testing.T) {
+	// JSON with extra fields that should be ignored
+	jsonWithExtra := []byte(`{
+		"signature": "AQIDBA==",
+		"timestamp": "2024-01-15T10:30:00Z",
+		"key_id": "0123456789abcdef",
+		"algorithm": "ed25519",
+		"hash_algo": "blake2s",
+		"extra_field": "should be ignored",
+		"another_extra": 12345
+	}`)
+
+	sig, err := ParseSignature(jsonWithExtra)
+	require.NoError(t, err)
+	assert.NotNil(t, sig)
+	assert.NotEmpty(t, sig.Signature)
+	assert.Equal(t, "ed25519", sig.Algorithm)
+	assert.Equal(t, "blake2s", sig.HashAlgo)
+}