package image import ( "archive/zip" "crypto/sha256" "encoding/hex" "net/http" "net/http/httptest" "os" "path/filepath" "testing" ) func TestDownloadAndVerifyXZAndZIPBranches(t *testing.T) { dir := t.TempDir() src := filepath.Join(dir, "src.img") if err := os.WriteFile(src, []byte("xz-contents"), 0o644); err != nil { t.Fatal(err) } if err := os.WriteFile(filepath.Join(dir, "xz"), []byte("#!/usr/bin/env bash\nset -eu\nif [[ ${1:-} == -dc ]]; then\n cat \"$2\"\n exit 0\nfi\ncp \"${@: -1}\" \"${@: -1}.xz\"\n"), 0o755); err != nil { t.Fatal(err) } t.Setenv("PATH", dir+string(os.PathListSeparator)+os.Getenv("PATH")) if err := os.WriteFile(src+".xz", []byte("xz-contents"), 0o644); err != nil { t.Fatal(err) } zipPath := filepath.Join(dir, "archive.zip") zf, err := os.Create(zipPath) if err != nil { t.Fatal(err) } zw := zip.NewWriter(zf) w, err := zw.Create("image.img") if err != nil { t.Fatal(err) } if _, err := w.Write([]byte("zip-contents")); err != nil { t.Fatal(err) } if err := zw.Close(); err != nil { t.Fatal(err) } if err := zf.Close(); err != nil { t.Fatal(err) } checksum := sha256.Sum256([]byte("xz-contents")) if _, err := DownloadAndVerify("file://"+src+".xz", filepath.Join(dir, "out-xz.img"), "sha256:"+hex.EncodeToString(checksum[:])); err != nil { t.Fatalf("DownloadAndVerify xz: %v", err) } if _, err := DownloadAndVerify("file://"+zipPath, filepath.Join(dir, "out-zip.img"), ""); err != nil { t.Fatalf("DownloadAndVerify zip: %v", err) } } func TestDownloadAndVerifyErrorBranches(t *testing.T) { dir := t.TempDir() if err := VerifyChecksum(filepath.Join(dir, "missing"), "bogus"); err == nil { t.Fatal("expected invalid checksum format error") } if _, err := DownloadAndVerify("file://"+filepath.Join(dir, "missing.img"), filepath.Join(dir, "out.img"), "sha256:deadbeef"); err == nil { t.Fatal("expected missing source error") } } func TestDownloadAndVerifyAdditionalErrorBranches(t *testing.T) { dir := t.TempDir() src := filepath.Join(dir, "src.img") if err := os.WriteFile(src, []byte("download-errors"), 0o644); err != nil { t.Fatal(err) } blockedParent := filepath.Join(dir, "blocked-parent") if err := os.WriteFile(blockedParent, []byte("not-a-dir"), 0o644); err != nil { t.Fatal(err) } if _, err := DownloadAndVerify("file://"+src, filepath.Join(blockedParent, "out.img"), ""); err == nil { t.Fatal("expected destination parent creation failure") } if _, err := DownloadAndVerify("file://"+filepath.Join(dir, "missing.img.xz"), filepath.Join(dir, "missing-xz.img"), ""); err == nil { t.Fatal("expected missing xz archive source failure") } if _, err := DownloadAndVerify("file://"+filepath.Join(dir, "missing.zip"), filepath.Join(dir, "missing-zip.img"), ""); err == nil { t.Fatal("expected missing zip archive source failure") } fakeBin := filepath.Join(dir, "bin") if err := os.MkdirAll(fakeBin, 0o755); err != nil { t.Fatal(err) } if err := os.WriteFile(filepath.Join(fakeBin, "xz"), []byte("#!/usr/bin/env bash\nexit 7\n"), 0o755); err != nil { t.Fatal(err) } t.Setenv("PATH", fakeBin+string(os.PathListSeparator)+os.Getenv("PATH")) archive := filepath.Join(dir, "bad.img.xz") if err := os.WriteFile(archive, []byte("compressed"), 0o644); err != nil { t.Fatal(err) } if _, err := DownloadAndVerify("file://"+archive, filepath.Join(dir, "xz-out.img"), ""); err == nil { t.Fatal("expected xz decompression failure") } if err := decompressXZ(archive, dir); err == nil { t.Fatal("expected xz destination create failure") } invalidZip := filepath.Join(dir, "invalid.zip") if err := os.WriteFile(invalidZip, []byte("not-a-zip"), 0o644); err != nil { t.Fatal(err) } if _, err := DownloadAndVerify("file://"+invalidZip, filepath.Join(dir, "zip-out.img"), ""); err == nil { t.Fatal("expected zip decompression failure") } fallbackZip := filepath.Join(dir, "fallback.zip") if err := writeTestZIP(fallbackZip, map[string]string{"readme.txt": "fallback"}); err != nil { t.Fatal(err) } if _, err := DownloadAndVerify("file://"+fallbackZip, filepath.Join(dir, "fallback.img"), ""); err != nil { t.Fatalf("expected zip fallback file selection to succeed: %v", err) } if err := decompressZIP(fallbackZip, dir); err == nil { t.Fatal("expected zip destination create failure") } if err := downloadRaw("file://"+src, dir); err == nil { t.Fatal("expected file destination create failure") } if err := downloadRaw("http://127.0.0.1:1/image.img", filepath.Join(dir, "http.img")); err == nil { t.Fatal("expected HTTP connection failure") } srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { _, _ = w.Write([]byte("body")) })) defer srv.Close() if err := downloadRaw(srv.URL+"/image.img", dir); err == nil { t.Fatal("expected HTTP destination create failure") } if err := VerifyChecksum(filepath.Join(dir, "missing-checksum.img"), "sha256:abc"); err == nil { t.Fatal("expected checksum open failure") } if err := VerifyChecksum(dir, "sha256:abc"); err == nil { t.Fatal("expected sha256 read failure for directory") } if err := VerifyChecksum(dir, "md5:abc"); err == nil { t.Fatal("expected md5 read failure for directory") } if err := VerifyChecksum(src, "sha1:abc"); err == nil { t.Fatal("expected unsupported checksum algorithm") } }