Add tests to reject neither of keyPath / keyData being set

This will, admittedly, be removed soon.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

signature/policy_config_sigstore.go

@@ -9,9 +9,12 @@ import (
 
 // newPRSigstoreSigned returns a new prSigstoreSigned if parameters are valid.
 func newPRSigstoreSigned(keyPath string, keyData []byte, signedIdentity PolicyReferenceMatch) (*prSigstoreSigned, error) {
-	if len(keyPath) > 0 && len(keyData) > 0 {
+	if keyPath != "" && keyData != nil {
 		return nil, InvalidPolicyFormatError("keyType and keyData cannot be used simultaneously")
 	}
+	if keyPath == "" && keyData == nil {
+		return nil, InvalidPolicyFormatError("neither keyType nor keyData specified")
+	}
 	if signedIdentity == nil {
 		return nil, InvalidPolicyFormatError("signedIdentity not specified")
 	}

signature/policy_config_sigstore_test.go

@@ -52,6 +52,9 @@ func TestNewPRSigstoreSigned(t *testing.T) {
 	// Both keyPath and keyData specified
 	_, err = newPRSigstoreSigned(testPath, testData, testIdentity)
 	assert.Error(t, err)
+	// Neither keyPath nor keyData specified
+	_, err = newPRSigstoreSigned("", nil, testIdentity)
+	assert.Error(t, err)
 
 	// Invalid signedIdentity
 	_, err = newPRSigstoreSigned(testPath, nil, nil)

signature/policy_eval_sigstore_test.go

@@ -70,6 +70,9 @@ func TestPRrSigstoreSignedIsSignatureAccepted(t *testing.T) {
 		func() (*prSigstoreSigned, error) { // Both KeyPath and KeyData set. Do not use newPRSigstoreSigned*, because it would reject this.
 			return &prSigstoreSigned{KeyPath: "/foo/bar", KeyData: []byte("abc"), SignedIdentity: prm}, nil
 		},
+		func() (*prSigstoreSigned, error) { // Neither KeyPath nor KeyData set. Do not use newPRSigstoreSigned*, because it would reject this.
+			return &prSigstoreSigned{KeyPath: "", KeyData: nil, SignedIdentity: prm}, nil
+		},
 		func() (*prSigstoreSigned, error) { // Invalid KeyPath
 			return newPRSigstoreSignedKeyPath("/this/does/not/exist", prm)
 		},