public void GetSignedPackageVerifierSettings_RepoSignatureInfoCertificateListWithOneEntryCorrectlyPassedToSetting()
{
// Arrange
var target = VerificationTarget.Repository;
var placement = SignaturePlacement.PrimarySignature | SignaturePlacement.Countersignature;
var allSigned = true;
var certFingerprints = new Dictionary <string, string>()
{
{ HashAlgorithmName.SHA256.ConvertToOidString(), HashAlgorithmName.SHA256.ToString() },
{ HashAlgorithmName.SHA384.ConvertToOidString(), HashAlgorithmName.SHA384.ToString() },
{ HashAlgorithmName.SHA512.ConvertToOidString(), HashAlgorithmName.SHA512.ToString() },
{ "1.3.14.3.2.26", "SHA1" },
};
var testCertInfo = new TestRepositoryCertificateInfo()
{
ContentUrl = @"https://unit.test",
Fingerprints = new Fingerprints(certFingerprints),
Issuer = "CN=Issuer",
Subject = "CN=Subject",
NotBefore = DateTimeOffset.UtcNow,
NotAfter = DateTimeOffset.UtcNow
};
var repoCertificateInfo = new List <IRepositoryCertificateInfo>()
{
testCertInfo
};
var expectedAllowList = new List <CertificateHashAllowListEntry>()
{
new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA256.ToString(), HashAlgorithmName.SHA256),
new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA384.ToString(), HashAlgorithmName.SHA384),
new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA512.ToString(), HashAlgorithmName.SHA512)
};
var repoSignatureInfo = new RepositorySignatureInfo(allSigned, repoCertificateInfo);
// Act
var settings = RepositorySignatureInfoUtility.GetSignedPackageVerifierSettings(repoSignatureInfo, _defaultSettings);
// Assert
settings.AllowUnsigned.Should().BeFalse();
settings.AllowNoClientCertificateList.Should().BeTrue();
settings.AllowNoRepositoryCertificateList.Should().BeFalse();
settings.RepositoryCertificateList.Should().NotBeNull();
settings.RepositoryCertificateList.ShouldBeEquivalentTo(expectedAllowList);
}
public void GetSignedPackageVerifierSettings_ClientAllowListInfoPassedToSetting()
{
// Arrange
var target = VerificationTarget.Repository;
var allSigned = true;
var certFingerprints = new Dictionary <string, string>()
{
{ HashAlgorithmName.SHA256.ConvertToOidString(), HashAlgorithmName.SHA256.ToString() },
{ HashAlgorithmName.SHA384.ConvertToOidString(), HashAlgorithmName.SHA384.ToString() },
{ HashAlgorithmName.SHA512.ConvertToOidString(), HashAlgorithmName.SHA512.ToString() },
{ "1.3.14.3.2.26", "SHA1" },
};
var testCertInfo = new TestRepositoryCertificateInfo()
{
ContentUrl = @"https://unit.test",
Fingerprints = new Fingerprints(certFingerprints),
Issuer = "CN=Issuer",
Subject = "CN=Subject",
NotBefore = DateTimeOffset.UtcNow,
NotAfter = DateTimeOffset.UtcNow
};
var repoCertificateInfo = new List <IRepositoryCertificateInfo>()
{
testCertInfo
};
var expectedClientAllowList = new List <CertificateHashAllowListEntry>()
{
new CertificateHashAllowListEntry(target, HashAlgorithmName.SHA256.ToString(), HashAlgorithmName.SHA256)
};
var expectedRepoAllowList = new List <CertificateHashAllowListEntry>()
{
new CertificateHashAllowListEntry(target, HashAlgorithmName.SHA256.ToString(), HashAlgorithmName.SHA256),
new CertificateHashAllowListEntry(target, HashAlgorithmName.SHA384.ToString(), HashAlgorithmName.SHA384),
new CertificateHashAllowListEntry(target, HashAlgorithmName.SHA512.ToString(), HashAlgorithmName.SHA512)
};
var repoSignatureInfo = new RepositorySignatureInfo(allSigned, repoCertificateInfo);
var fallbackSettings = new SignedPackageVerifierSettings(
allowUnsigned: true,
allowIllegal: true,
allowUntrusted: true,
allowUntrustedSelfIssuedCertificate: true,
allowIgnoreTimestamp: true,
allowMultipleTimestamps: true,
allowNoTimestamp: true,
allowUnknownRevocation: true,
allowNoRepositoryCertificateList: true,
allowNoClientCertificateList: false,
repoAllowListEntries: null,
clientAllowListEntries: expectedClientAllowList);
// Act
var settings = RepositorySignatureInfoUtility.GetSignedPackageVerifierSettings(repoSignatureInfo, fallbackSettings);
// Assert
settings.AllowUnsigned.Should().BeFalse();
settings.AllowNoClientCertificateList.Should().BeFalse();
settings.AllowNoRepositoryCertificateList.Should().BeFalse();
settings.ClientCertificateList.Should().NotBeNull();
settings.ClientCertificateList.ShouldBeEquivalentTo(expectedClientAllowList);
settings.RepositoryCertificateList.Should().NotBeNull();
settings.RepositoryCertificateList.ShouldBeEquivalentTo(expectedRepoAllowList);
}
