public void GetRepositoryAllowList_RepoSignatureInfoCertificateListWithMultipleEntriesCorrectlyPassedToSetting()
{
// Arrange
var target = VerificationTarget.Repository;
var placement = SignaturePlacement.PrimarySignature | SignaturePlacement.Countersignature;
var firstCertFingerprints = new Dictionary <string, string>()
{
{ HashAlgorithmName.SHA256.ConvertToOidString(), $"{HashAlgorithmName.SHA256.ToString()}_first" },
{ HashAlgorithmName.SHA384.ConvertToOidString(), $"{HashAlgorithmName.SHA384.ToString()}_first" },
{ HashAlgorithmName.SHA512.ConvertToOidString(), $"{HashAlgorithmName.SHA512.ToString()}_first" }
};
var secondCertFingerprints = new Dictionary <string, string>()
{
{ HashAlgorithmName.SHA256.ConvertToOidString(), $"{HashAlgorithmName.SHA256.ToString()}_second" },
};
var repoCertificateInfo = new List <IRepositoryCertificateInfo>()
{
new TestRepositoryCertificateInfo()
{
ContentUrl = @"https://unit.test/1",
Fingerprints = new Fingerprints(firstCertFingerprints),
Issuer = "CN=Issuer1",
Subject = "CN=Subject1",
NotBefore = DateTimeOffset.UtcNow,
NotAfter = DateTimeOffset.UtcNow
},
new TestRepositoryCertificateInfo()
{
ContentUrl = @"https://unit.test/2",
Fingerprints = new Fingerprints(secondCertFingerprints),
Issuer = "CN=Issuer2",
Subject = "CN=Subject2",
NotBefore = DateTimeOffset.UtcNow,
NotAfter = DateTimeOffset.UtcNow
}
};
var expectedAllowList = new List <CertificateHashAllowListEntry>()
{
new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA256.ToString()}_first", HashAlgorithmName.SHA256),
new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA384.ToString()}_first", HashAlgorithmName.SHA384),
new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA512.ToString()}_first", HashAlgorithmName.SHA512),
new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA256.ToString()}_second", HashAlgorithmName.SHA256)
};
// Act
var allowList = RepositorySignatureInfoUtility.GetRepositoryAllowList(repoCertificateInfo);
// Assert
allowList.ShouldBeEquivalentTo(expectedAllowList);
}
public void GetRepositoryAllowList_RepoSignatureInfoCertificateListWithOneEntryCorrectlyPassedToSetting()
{
// Arrange
var target = VerificationTarget.Repository;
var placement = SignaturePlacement.PrimarySignature | SignaturePlacement.Countersignature;
var certFingerprints = new Dictionary <string, string>()
{
{ HashAlgorithmName.SHA256.ConvertToOidString(), HashAlgorithmName.SHA256.ToString() },
{ HashAlgorithmName.SHA384.ConvertToOidString(), HashAlgorithmName.SHA384.ToString() },
{ HashAlgorithmName.SHA512.ConvertToOidString(), HashAlgorithmName.SHA512.ToString() },
{ "1.3.14.3.2.26", "SHA1" },
};
var testCertInfo = new TestRepositoryCertificateInfo()
{
ContentUrl = @"https://unit.test",
Fingerprints = new Fingerprints(certFingerprints),
Issuer = "CN=Issuer",
Subject = "CN=Subject",
NotBefore = DateTimeOffset.UtcNow,
NotAfter = DateTimeOffset.UtcNow
};
var repoCertificateInfo = new List <IRepositoryCertificateInfo>()
{
testCertInfo
};
var expectedAllowList = new List <CertificateHashAllowListEntry>()
{
new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA256.ToString(), HashAlgorithmName.SHA256),
new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA384.ToString(), HashAlgorithmName.SHA384),
new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA512.ToString(), HashAlgorithmName.SHA512)
};
// Act
var allowList = RepositorySignatureInfoUtility.GetRepositoryAllowList(repoCertificateInfo);
// Assert
allowList.Should().BeEquivalentTo(expectedAllowList);
}
