Skip to content

Commit

Permalink
test: Add unit tests for verifying SANs
Browse files Browse the repository at this point in the history 
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
  • Loading branch information
@tetsuo-cpp
tetsuo-cpp committed Nov 3, 2022
1 parent e5bd0f1 commit 2d7311e
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 0 deletions.
5 changes: 5 additions & 0 deletions test/assets/c.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
DO NOT MODIFY ME!

this is "c.txt", a sample input for sigstore-python's unit tests.

DO NOT MODIFY ME!
23 changes: 23 additions & 0 deletions test/assets/c.txt.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDwTCCA0igAwIBAgIUdXPCI40ren/SEkqxmHcCc6lIV7MwCgYIKoZIzj0EAwMw
NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl
cm1lZGlhdGUwHhcNMjIxMTAzMDc0NTM1WhcNMjIxMTAzMDc1NTM1WjAAMHYwEAYH
KoZIzj0CAQYFK4EEACIDYgAELVUlqi4FjTw4mHzuyE8sOsK6mVvzOTv0EX7ot+aZ
ftaf+ato9xuemqA69qARscFPwG15It1F9PVdKUOeJkTPjZC+lRHNAIeamJpilskz
xqR6fisI7q72zHY8OhgMnSSHo4ICSjCCAkYwDgYDVR0PAQH/BAQDAgeAMBMGA1Ud
JQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBREb7Dfm1g8gILV3K9rT9WSF7GnzzAf
BgNVHSMEGDAWgBRxhjCmFHxib/n31vQFGn9f/+tvrDBmBgNVHREBAf8EXDBahlho
dHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUvc2lnc3RvcmUtcHl0aG9uLy5naXRo
dWIvd29ya2Zsb3dzL2NpLnltbEByZWZzL3B1bGwvMjg4L21lcmdlMDkGCisGAQQB
g78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5j
b20wGgYKKwYBBAGDvzABAgQMcHVsbF9yZXF1ZXN0MDYGCisGAQQBg78wAQMEKDNi
ZTcyMzU2ZWY0NTE3YmI4ZTUwZjI5Njg4N2Y5YzU3ODZmOTAzMTYwEAYKKwYBBAGD
vzABBAQCQ0kwJgYKKwYBBAGDvzABBQQYc2lnc3RvcmUvc2lnc3RvcmUtcHl0aG9u
MCEGCisGAQQBg78wAQYEE3JlZnMvcHVsbC8yODgvbWVyZ2UwgYoGCisGAQQB1nkC
BAIEfAR6AHgAdgArMLzcaIjJ4uHYJiledB9IOTGWAvKcM8teQ0D+sqyGegAAAYQ8
c9igAAAEAwBHMEUCIQCn/JSbLxs0ds3Nycn0yINUQABeltbAmcYDFEn/sdm50gIg
fm4lKdhXJoWHJRC8IS7MxYI3yR/oNzX6dntuqpHJ24YwCgYIKoZIzj0EAwMDZwAw
ZAIwE0F3B/HgHn+ov6axOY0TMR/hv2DUVlC3qkGBQEEMtglf5qtT+a9g7aQ5g4pG
of+JAjB+qUeUdSAyGPDK+5Ti6aROy0oAbwl+B3bH7QmmZ/i5M++PXIW4l4lcuAmA
UkjTgLw=
-----END CERTIFICATE-----
1 change: 1 addition & 0 deletions test/assets/c.txt.sig
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
MGUCMAQYRaYOdZEOT3C3WP22sC9+2euiFGYbC4VNefWVL31+MAL7oKMWsHsBwh1ngjTZHAIxALuUf+mzlACBqYUSTTwl3LFIGUGl8g3Z6wkTMsqdI1NrtHj0rVpcWA1DIO4GhGOM5w==
40 changes: 40 additions & 0 deletions test/test_verify.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,3 +64,43 @@ def test_verify_result_boolish():
assert not VerificationFailure(reason="foo")
assert not CertificateVerificationFailure(reason="foo", exception=ValueError("bar"))
assert VerificationSuccess()


@pytest.mark.online
def test_verifier_issuer(signed_asset):
a_assets = signed_asset("a.txt")

verifier = Verifier.staging()
assert verifier.verify(
a_assets[0],
a_assets[1],
a_assets[2],
expected_cert_oidc_issuer="https://github.com/login/oauth",
)


@pytest.mark.online
def test_verifier_san_email(signed_asset):
a_assets = signed_asset("a.txt")

verifier = Verifier.staging()
assert verifier.verify(
a_assets[0],
a_assets[1],
a_assets[2],
expected_cert_email="william@yossarian.net",
)


@pytest.mark.online
def test_verifier_san_uri(signed_asset):
a_assets = signed_asset("c.txt")

verifier = Verifier.staging()
assert verifier.verify(
a_assets[0],
a_assets[1],
a_assets[2],
expected_cert_email="https://github.com/sigstore/"
"sigstore-python/.github/workflows/ci.yml@refs/pull/288/merge",
)

0 comments on commit 2d7311e

Please sign in to comment.