public void GetRequireModeDefaultPolicy_InitializesProperties()
{
// Arrange
var repoList = new List <CertificateHashAllowListEntry>();
var clientList = new List <CertificateHashAllowListEntry>();
// Act
var settings = SignedPackageVerifierSettings.GetRequireModeDefaultPolicy(repoList, clientList);
// Assert
settings.AllowUnsigned.Should().Be(false);
settings.AllowIllegal.Should().Be(false);
settings.AllowUntrusted.Should().Be(false);
settings.AllowIgnoreTimestamp.Should().Be(true);
settings.AllowMultipleTimestamps.Should().Be(true);
settings.AllowNoTimestamp.Should().Be(true);
settings.AllowUnknownRevocation.Should().Be(true);
settings.ReportUnknownRevocation.Should().Be(true);
settings.AllowNoRepositoryCertificateList.Should().Be(false);
settings.AllowNoClientCertificateList.Should().Be(false);
settings.VerificationTarget.Should().Be(VerificationTarget.All);
settings.SignaturePlacement.Should().Be(SignaturePlacement.Any);
settings.RepositoryCountersignatureVerificationBehavior.Should().Be(SignatureVerificationBehavior.IfExistsAndIsNecessary);
settings.RepositoryCertificateList.Should().BeSameAs(repoList);
settings.ClientCertificateList.Should().BeSameAs(clientList);
}
public void GetRequireModeDefaultPolicy_InitializesProperties(string revocationModeEnvVar, RevocationMode expectedRevocationMode)
{
// Arrange
if (revocationModeEnvVar != null)
{
Environment.SetEnvironmentVariable(RevocationModeEnvVar, revocationModeEnvVar);
}
// Act
var settings = SignedPackageVerifierSettings.GetRequireModeDefaultPolicy();
// Assert
settings.AllowUnsigned.Should().Be(false);
settings.AllowIllegal.Should().Be(false);
settings.AllowUntrusted.Should().Be(false);
settings.AllowIgnoreTimestamp.Should().Be(true);
settings.AllowMultipleTimestamps.Should().Be(true);
settings.AllowNoTimestamp.Should().Be(true);
settings.AllowUnknownRevocation.Should().Be(true);
settings.ReportUnknownRevocation.Should().Be(true);
settings.VerificationTarget.Should().Be(VerificationTarget.All);
settings.SignaturePlacement.Should().Be(SignaturePlacement.Any);
settings.RepositoryCountersignatureVerificationBehavior.Should().Be(SignatureVerificationBehavior.IfExistsAndIsNecessary);
settings.RevocationMode.Should().Be(expectedRevocationMode);
Environment.SetEnvironmentVariable(RevocationModeEnvVar, string.Empty);
}
public async Task GetTrustResultAsync_WithUnavailableRevocationInformationInRequireMode_Warns()
{
// Arrange
var setting = SignedPackageVerifierSettings.GetRequireModeDefaultPolicy();
// Act & Assert
var matchingIssues = await VerifyUnavailableRevocationInfo(
SignatureVerificationStatus.Valid,
LogLevel.Warning,
setting);
Assert.Equal(2, matchingIssues.Count);
AssertOfflineRevocation(matchingIssues, LogLevel.Warning);
AssertRevocationStatusUnknown(matchingIssues, LogLevel.Warning);
}