public void GetRepositoryAllowList_RepoSignatureInfoCertificateListWithMultipleEntriesCorrectlyPassedToSetting() { // Arrange var target = VerificationTarget.Repository; var placement = SignaturePlacement.PrimarySignature | SignaturePlacement.Countersignature; var firstCertFingerprints = new Dictionary <string, string>() { { HashAlgorithmName.SHA256.ConvertToOidString(), $"{HashAlgorithmName.SHA256.ToString()}_first" }, { HashAlgorithmName.SHA384.ConvertToOidString(), $"{HashAlgorithmName.SHA384.ToString()}_first" }, { HashAlgorithmName.SHA512.ConvertToOidString(), $"{HashAlgorithmName.SHA512.ToString()}_first" } }; var secondCertFingerprints = new Dictionary <string, string>() { { HashAlgorithmName.SHA256.ConvertToOidString(), $"{HashAlgorithmName.SHA256.ToString()}_second" }, }; var repoCertificateInfo = new List <IRepositoryCertificateInfo>() { new TestRepositoryCertificateInfo() { ContentUrl = @"https://unit.test/1", Fingerprints = new Fingerprints(firstCertFingerprints), Issuer = "CN=Issuer1", Subject = "CN=Subject1", NotBefore = DateTimeOffset.UtcNow, NotAfter = DateTimeOffset.UtcNow }, new TestRepositoryCertificateInfo() { ContentUrl = @"https://unit.test/2", Fingerprints = new Fingerprints(secondCertFingerprints), Issuer = "CN=Issuer2", Subject = "CN=Subject2", NotBefore = DateTimeOffset.UtcNow, NotAfter = DateTimeOffset.UtcNow } }; var expectedAllowList = new List <CertificateHashAllowListEntry>() { new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA256.ToString()}_first", HashAlgorithmName.SHA256), new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA384.ToString()}_first", HashAlgorithmName.SHA384), new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA512.ToString()}_first", HashAlgorithmName.SHA512), new CertificateHashAllowListEntry(target, placement, $"{HashAlgorithmName.SHA256.ToString()}_second", HashAlgorithmName.SHA256) }; // Act var allowList = RepositorySignatureInfoUtility.GetRepositoryAllowList(repoCertificateInfo); // Assert allowList.ShouldBeEquivalentTo(expectedAllowList); }
public void GetRepositoryAllowList_RepoSignatureInfoCertificateListWithOneEntryCorrectlyPassedToSetting() { // Arrange var target = VerificationTarget.Repository; var placement = SignaturePlacement.PrimarySignature | SignaturePlacement.Countersignature; var certFingerprints = new Dictionary <string, string>() { { HashAlgorithmName.SHA256.ConvertToOidString(), HashAlgorithmName.SHA256.ToString() }, { HashAlgorithmName.SHA384.ConvertToOidString(), HashAlgorithmName.SHA384.ToString() }, { HashAlgorithmName.SHA512.ConvertToOidString(), HashAlgorithmName.SHA512.ToString() }, { "1.3.14.3.2.26", "SHA1" }, }; var testCertInfo = new TestRepositoryCertificateInfo() { ContentUrl = @"https://unit.test", Fingerprints = new Fingerprints(certFingerprints), Issuer = "CN=Issuer", Subject = "CN=Subject", NotBefore = DateTimeOffset.UtcNow, NotAfter = DateTimeOffset.UtcNow }; var repoCertificateInfo = new List <IRepositoryCertificateInfo>() { testCertInfo }; var expectedAllowList = new List <CertificateHashAllowListEntry>() { new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA256.ToString(), HashAlgorithmName.SHA256), new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA384.ToString(), HashAlgorithmName.SHA384), new CertificateHashAllowListEntry(target, placement, HashAlgorithmName.SHA512.ToString(), HashAlgorithmName.SHA512) }; // Act var allowList = RepositorySignatureInfoUtility.GetRepositoryAllowList(repoCertificateInfo); // Assert allowList.Should().BeEquivalentTo(expectedAllowList); }