Exemple #1
0
        public void GetRepositoryAllowList_RepoSignatureInfoCertificateListWithMultipleEntriesCorrectlyPassedToSetting()
        {
            // Arrange
            var target    = VerificationTarget.Repository;
            var placement = SignaturePlacement.PrimarySignature | SignaturePlacement.Countersignature;

            var firstCertFingerprints = new Dictionary <string, string>()
            {
                { HashAlgorithmName.SHA256.ConvertToOidString(), $"{HashAlgorithmName.SHA256.ToString()}_first" },
                { HashAlgorithmName.SHA384.ConvertToOidString(), $"{HashAlgorithmName.SHA384.ToString()}_first" },
                { HashAlgorithmName.SHA512.ConvertToOidString(), $"{HashAlgorithmName.SHA512.ToString()}_first" }
            };

            var secondCertFingerprints = new Dictionary <string, string>()
            {
                { HashAlgorithmName.SHA256.ConvertToOidString(), $"{HashAlgorithmName.SHA256.ToString()}_second" },
            };

            var repoCertificateInfo = new List <IRepositoryCertificateInfo>()
            {
                new TestRepositoryCertificateInfo()
                {
                    ContentUrl   = @"https://unit.test/1",
                    Fingerprints = new Fingerprints(firstCertFingerprints),
                    Issuer       = "CN=Issuer1",
                    Subject      = "CN=Subject1",
                    NotBefore    = DateTimeOffset.UtcNow,
                    NotAfter     = DateTimeOffset.UtcNow
                },
                new TestRepositoryCertificateInfo()
                {
                    ContentUrl   = @"https://unit.test/2",
                    Fingerprints = new Fingerprints(secondCertFingerprints),
                    Issuer       = "CN=Issuer2",
                    Subject      = "CN=Subject2",
                    NotBefore    = DateTimeOffset.UtcNow,
                    NotAfter     = DateTimeOffset.UtcNow
                }
            };

            var expectedAllowList = new List <CertificateHashAllowListEntry>()
            {
                new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA256.ToString()}_first", HashAlgorithmName.SHA256),
                new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA384.ToString()}_first", HashAlgorithmName.SHA384),
                new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA512.ToString()}_first", HashAlgorithmName.SHA512),
                new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA256.ToString()}_second", HashAlgorithmName.SHA256)
            };

            // Act
            var allowList = RepositorySignatureInfoUtility.GetRepositoryAllowList(repoCertificateInfo);

            // Assert
            allowList.ShouldBeEquivalentTo(expectedAllowList);
        }
Exemple #2
0
        public void GetRepositoryAllowList_RepoSignatureInfoCertificateListWithOneEntryCorrectlyPassedToSetting()
        {
            // Arrange
            var target    = VerificationTarget.Repository;
            var placement = SignaturePlacement.PrimarySignature | SignaturePlacement.Countersignature;

            var certFingerprints = new Dictionary <string, string>()
            {
                { HashAlgorithmName.SHA256.ConvertToOidString(), HashAlgorithmName.SHA256.ToString() },
                { HashAlgorithmName.SHA384.ConvertToOidString(), HashAlgorithmName.SHA384.ToString() },
                { HashAlgorithmName.SHA512.ConvertToOidString(), HashAlgorithmName.SHA512.ToString() },
                { "1.3.14.3.2.26", "SHA1" },
            };

            var testCertInfo = new TestRepositoryCertificateInfo()
            {
                ContentUrl   = @"https://unit.test",
                Fingerprints = new Fingerprints(certFingerprints),
                Issuer       = "CN=Issuer",
                Subject      = "CN=Subject",
                NotBefore    = DateTimeOffset.UtcNow,
                NotAfter     = DateTimeOffset.UtcNow
            };

            var repoCertificateInfo = new List <IRepositoryCertificateInfo>()
            {
                testCertInfo
            };

            var expectedAllowList = new List <CertificateHashAllowListEntry>()
            {
                new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA256.ToString(), HashAlgorithmName.SHA256),
                new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA384.ToString(), HashAlgorithmName.SHA384),
                new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA512.ToString(), HashAlgorithmName.SHA512)
            };

            // Act
            var allowList = RepositorySignatureInfoUtility.GetRepositoryAllowList(repoCertificateInfo);

            // Assert
            allowList.Should().BeEquivalentTo(expectedAllowList);
        }