From 2d7311ed658feddd9419a7daa72acb78fbbd582a Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Thu, 3 Nov 2022 15:36:00 +1100 Subject: [PATCH] test: Add unit tests for verifying SANs Signed-off-by: Alex Cameron --- test/assets/c.txt | 5 +++++ test/assets/c.txt.crt | 23 +++++++++++++++++++++++ test/assets/c.txt.sig | 1 + test/test_verify.py | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 69 insertions(+) create mode 100644 test/assets/c.txt create mode 100644 test/assets/c.txt.crt create mode 100644 test/assets/c.txt.sig diff --git a/test/assets/c.txt b/test/assets/c.txt new file mode 100644 index 000000000..5e897d322 --- /dev/null +++ b/test/assets/c.txt @@ -0,0 +1,5 @@ +DO NOT MODIFY ME! + +this is "c.txt", a sample input for sigstore-python's unit tests. + +DO NOT MODIFY ME! diff --git a/test/assets/c.txt.crt b/test/assets/c.txt.crt new file mode 100644 index 000000000..22ce8c754 --- /dev/null +++ b/test/assets/c.txt.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCA0igAwIBAgIUdXPCI40ren/SEkqxmHcCc6lIV7MwCgYIKoZIzj0EAwMw +NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl +cm1lZGlhdGUwHhcNMjIxMTAzMDc0NTM1WhcNMjIxMTAzMDc1NTM1WjAAMHYwEAYH +KoZIzj0CAQYFK4EEACIDYgAELVUlqi4FjTw4mHzuyE8sOsK6mVvzOTv0EX7ot+aZ +ftaf+ato9xuemqA69qARscFPwG15It1F9PVdKUOeJkTPjZC+lRHNAIeamJpilskz +xqR6fisI7q72zHY8OhgMnSSHo4ICSjCCAkYwDgYDVR0PAQH/BAQDAgeAMBMGA1Ud +JQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBREb7Dfm1g8gILV3K9rT9WSF7GnzzAf +BgNVHSMEGDAWgBRxhjCmFHxib/n31vQFGn9f/+tvrDBmBgNVHREBAf8EXDBahlho +dHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUvc2lnc3RvcmUtcHl0aG9uLy5naXRo +dWIvd29ya2Zsb3dzL2NpLnltbEByZWZzL3B1bGwvMjg4L21lcmdlMDkGCisGAQQB +g78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5j +b20wGgYKKwYBBAGDvzABAgQMcHVsbF9yZXF1ZXN0MDYGCisGAQQBg78wAQMEKDNi +ZTcyMzU2ZWY0NTE3YmI4ZTUwZjI5Njg4N2Y5YzU3ODZmOTAzMTYwEAYKKwYBBAGD +vzABBAQCQ0kwJgYKKwYBBAGDvzABBQQYc2lnc3RvcmUvc2lnc3RvcmUtcHl0aG9u +MCEGCisGAQQBg78wAQYEE3JlZnMvcHVsbC8yODgvbWVyZ2UwgYoGCisGAQQB1nkC +BAIEfAR6AHgAdgArMLzcaIjJ4uHYJiledB9IOTGWAvKcM8teQ0D+sqyGegAAAYQ8 +c9igAAAEAwBHMEUCIQCn/JSbLxs0ds3Nycn0yINUQABeltbAmcYDFEn/sdm50gIg +fm4lKdhXJoWHJRC8IS7MxYI3yR/oNzX6dntuqpHJ24YwCgYIKoZIzj0EAwMDZwAw +ZAIwE0F3B/HgHn+ov6axOY0TMR/hv2DUVlC3qkGBQEEMtglf5qtT+a9g7aQ5g4pG +of+JAjB+qUeUdSAyGPDK+5Ti6aROy0oAbwl+B3bH7QmmZ/i5M++PXIW4l4lcuAmA +UkjTgLw= +-----END CERTIFICATE----- diff --git a/test/assets/c.txt.sig b/test/assets/c.txt.sig new file mode 100644 index 000000000..c85875461 --- /dev/null +++ b/test/assets/c.txt.sig @@ -0,0 +1 @@ +MGUCMAQYRaYOdZEOT3C3WP22sC9+2euiFGYbC4VNefWVL31+MAL7oKMWsHsBwh1ngjTZHAIxALuUf+mzlACBqYUSTTwl3LFIGUGl8g3Z6wkTMsqdI1NrtHj0rVpcWA1DIO4GhGOM5w== diff --git a/test/test_verify.py b/test/test_verify.py index 31c179ebc..35827c294 100644 --- a/test/test_verify.py +++ b/test/test_verify.py @@ -64,3 +64,43 @@ def test_verify_result_boolish(): assert not VerificationFailure(reason="foo") assert not CertificateVerificationFailure(reason="foo", exception=ValueError("bar")) assert VerificationSuccess() + + +@pytest.mark.online +def test_verifier_issuer(signed_asset): + a_assets = signed_asset("a.txt") + + verifier = Verifier.staging() + assert verifier.verify( + a_assets[0], + a_assets[1], + a_assets[2], + expected_cert_oidc_issuer="https://github.com/login/oauth", + ) + + +@pytest.mark.online +def test_verifier_san_email(signed_asset): + a_assets = signed_asset("a.txt") + + verifier = Verifier.staging() + assert verifier.verify( + a_assets[0], + a_assets[1], + a_assets[2], + expected_cert_email="william@yossarian.net", + ) + + +@pytest.mark.online +def test_verifier_san_uri(signed_asset): + a_assets = signed_asset("c.txt") + + verifier = Verifier.staging() + assert verifier.verify( + a_assets[0], + a_assets[1], + a_assets[2], + expected_cert_email="https://github.com/sigstore/" + "sigstore-python/.github/workflows/ci.yml@refs/pull/288/merge", + )