test: fix

DavSanchez · DavSanchez · commit 2a278271de00 · 2025-09-22T14:55:00.000+01:00
diff --git a/agent-control/src/opamp/remote_config/validators/signature/public_key_fetcher.rs b/agent-control/src/opamp/remote_config/validators/signature/public_key_fetcher.rs
@@ -131,7 +131,13 @@ pub mod tests {
             }
         }
         pub fn sign(&self, msg: &[u8]) -> String {
-            BASE64_STANDARD.encode(self.key_pair.sign(msg).as_ref())
+            // Actual implementation from FC side signs the Base64 representation of the SHA256 digest
+            // of the message (i.e. the remote configs). Hence, to verify the signature, we need to
+            // compute the SHA256 digest of the message, then Base64 encode it, and finally verify
+            // the signature against that.
+            let digest = ring::digest::digest(&ring::digest::SHA256, msg);
+            let msg = BASE64_STANDARD.encode(digest);
+            BASE64_STANDARD.encode(self.key_pair.sign(msg.as_bytes()).as_ref())
         }
     }
 
diff --git a/agent-control/src/opamp/remote_config/validators/signature/validator.rs b/agent-control/src/opamp/remote_config/validators/signature/validator.rs
@@ -677,8 +677,14 @@ pub mod tests {
         );
 
         let config = "value";
+        // Actual implementation from FC side signs the Base64 representation of the SHA256 digest
+        // of the message (i.e. the remote configs). Hence, to verify the signature, we need to
+        // compute the SHA256 digest of the message, then Base64 encode it, and finally verify
+        // the signature against that.
+        let digest = ring::digest::digest(&ring::digest::SHA256, config.as_bytes());
+        let msg = BASE64_STANDARD.encode(digest);
 
-        let encoded_signature = test_signer.encoded_signature(config);
+        let encoded_signature = test_signer.encoded_signature(&msg);
         let remote_config = OpampRemoteConfig::new(
             AgentID::AgentControl,
             Hash::from("test"),
diff --git a/agent-control/tests/common/opamp.rs b/agent-control/tests/common/opamp.rs
@@ -326,7 +326,14 @@ fn build_response(
             }),
         });
 
-        let signature = key_pair.sign(config.raw_body.as_bytes());
+        // Actual implementation from FC side signs the Base64 representation of the SHA256 digest
+        // of the message (i.e. the remote configs). Hence, to verify the signature, we need to
+        // compute the SHA256 digest of the message, then Base64 encode it, and finally verify
+        // the signature against that.
+        let digest = ring::digest::digest(&ring::digest::SHA256, config.raw_body.as_bytes());
+        let msg = BASE64_STANDARD.encode(digest);
+
+        let signature = key_pair.sign(msg.as_bytes());
 
         let custom_message_data = HashMap::from([(
             "fakeCRC".to_string(), //AC is not using the CRC.

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,13 @@ pub mod tests {`
`131`	`131`	`}`
`132`	`132`	`}`
`133`	`133`	`pub fn sign(&self, msg: &[u8]) -> String {`
`134`		`- BASE64_STANDARD.encode(self.key_pair.sign(msg).as_ref())`
	`134`	`+ // Actual implementation from FC side signs the Base64 representation of the SHA256 digest`
	`135`	`+ // of the message (i.e. the remote configs). Hence, to verify the signature, we need to`
	`136`	`+ // compute the SHA256 digest of the message, then Base64 encode it, and finally verify`
	`137`	`+ // the signature against that.`
	`138`	`+ let digest = ring::digest::digest(&ring::digest::SHA256, msg);`
	`139`	`+ let msg = BASE64_STANDARD.encode(digest);`
	`140`	`+ BASE64_STANDARD.encode(self.key_pair.sign(msg.as_bytes()).as_ref())`
`135`	`141`	`}`
`136`	`142`	`}`
`137`	`143`