def test_common_name_suffix_long(self):
     upload = SigningUpload()
     common_name = upload.generateKeyCommonName('t' * 40, 'p' * 40,
                                                'kmod-plus')
     expected_name = 'PPA ' + 't' * 40 + ' ' + 'p' * 9 + ' kmod-plus'
     self.assertEqual(expected_name, common_name)
     self.assertEqual(64, len(common_name))
    def test_correct_opal_openssl_config(self):
        # Check that calling generateOpensslConfig() will return an appropriate
        # openssl configuration.
        upload = SigningUpload()
        text = upload.generateOpensslConfig('Opal', 'something-unique')

        cn_re = re.compile(r'\bCN\s*=\s*something-unique\b')

        self.assertIn('[ req ]', text)
        self.assertIsNotNone(cn_re.search(text))
        self.assertNotIn('extendedKeyUsage', text)
    def process_emulate(self):
        self.tarfile.close()
        self.buffer.close()
        upload = SigningUpload()
        # Under no circumstances is it safe to execute actual commands.
        self.fake_call = FakeMethod(result=0)
        upload.callLog = FakeMethodCallLog(upload=upload)
        self.useFixture(MonkeyPatch("subprocess.call", self.fake_call))
        upload.process(self.archive, self.path, self.suite)

        return upload
    def test_correct_kmod_openssl_config(self):
        # Check that calling generateOpensslConfig() will return an appropriate
        # openssl configuration.
        upload = SigningUpload()
        text = upload.generateOpensslConfig('Kmod', 'something-unique')

        cn_re = re.compile(r'\bCN\s*=\s*something-unique\b')
        eku_re = re.compile(r'\bextendedKeyUsage\s*=\s*'
                            r'codeSigning,1.3.6.1.4.1.2312.16.1.2\s*\b')

        self.assertIn('[ req ]', text)
        self.assertIsNotNone(cn_re.search(text))
        self.assertIsNotNone(eku_re.search(text))
 def test_correct_opal_keygen_command_executed(self):
     # Check that calling generateOpalKeys() will generate the
     # expected command.
     self.setUpPPA()
     self.setUpOpalKeys(create=False)
     fake_call = FakeMethod(result=0)
     self.useFixture(MonkeyPatch("subprocess.call", fake_call))
     upload = SigningUpload()
     upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
                               "distroseries")
     upload.generateOpalKeys()
     self.assertEqual(2, fake_call.call_count)
     # Assert the actual command matches.
     args = fake_call.calls[0][0][0]
     # Sanitise the keygen tmp file.
     if args[11].endswith('.keygen'):
         args[11] = 'XXX.keygen'
     expected_cmd = [
         'openssl', 'req', '-new', '-nodes', '-utf8', '-sha512', '-days',
         '3650', '-batch', '-x509', '-config', 'XXX.keygen', '-outform',
         'PEM', '-out', self.opal_pem, '-keyout', self.opal_pem
     ]
     self.assertEqual(expected_cmd, args)
     args = fake_call.calls[1][0][0]
     expected_cmd = [
         'openssl', 'x509', '-in', self.opal_pem, '-outform', 'DER', '-out',
         self.opal_x509
     ]
     self.assertEqual(expected_cmd, args)
 def test_correct_uefi_keygen_command_executed(self):
     # Check that calling generateUefiKeys() will generate the
     # expected command.
     self.setUpPPA()
     self.setUpUefiKeys(create=False)
     fake_call = FakeMethod(result=0)
     self.useFixture(MonkeyPatch("subprocess.call", fake_call))
     upload = SigningUpload()
     upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
                               "distroseries")
     upload.generateUefiKeys()
     self.assertEqual(1, fake_call.call_count)
     # Assert the actual command matches.
     args = fake_call.calls[0][0][0]
     expected_cmd = [
         'openssl',
         'req',
         '-new',
         '-x509',
         '-newkey',
         'rsa:2048',
         '-subj',
         self.testcase_cn,
         '-keyout',
         self.key,
         '-out',
         self.cert,
         '-days',
         '3650',
         '-nodes',
         '-sha256',
     ]
     self.assertEqual(expected_cmd, args)
 def test_correct_opal_signing_command_executed_no_keys(self):
     # Check that calling signOpal() will generate no commands when
     # no keys are present.
     self.setUpOpalKeys(create=False)
     fake_call = FakeMethod(result=0)
     self.useFixture(MonkeyPatch("subprocess.call", fake_call))
     upload = SigningUpload()
     upload.generateOpalKeys = FakeMethod()
     upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
                               "distroseries")
     upload.signOpal('t.opal')
     self.assertEqual(0, fake_call.call_count)
     self.assertEqual(0, upload.generateOpalKeys.call_count)
    def process(self):
        self.tarfile.close()
        self.buffer.close()
        upload = SigningUpload()
        upload.signUefi = FakeMethod()
        upload.signKmod = FakeMethod()
        upload.signOpal = FakeMethod()
        # Under no circumstances is it safe to execute actual commands.
        fake_call = FakeMethod(result=0)
        self.useFixture(MonkeyPatch("subprocess.call", fake_call))
        upload.process(self.archive, self.path, self.suite)
        self.assertEqual(0, fake_call.call_count)

        return upload
 def test_create_uefi_keys_autokey_off(self):
     # Keys are not created.
     self.setUpUefiKeys(create=False)
     self.assertFalse(os.path.exists(self.key))
     self.assertFalse(os.path.exists(self.cert))
     fake_call = FakeMethod(result=0)
     self.useFixture(MonkeyPatch("subprocess.call", fake_call))
     upload = SigningUpload()
     upload.callLog = FakeMethodCallLog(upload=upload)
     upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
                               "distroseries")
     upload.signUefi(os.path.join(self.makeTemporaryDirectory(), 't.efi'))
     self.assertEqual(0, upload.callLog.caller_count('UEFI keygen'))
     self.assertFalse(os.path.exists(self.key))
     self.assertFalse(os.path.exists(self.cert))
Beispiel #10
0
 def test_create_opal_keys_autokey_on(self):
     # Keys are created on demand.
     self.setUpPPA()
     self.setUpOpalKeys(create=False)
     self.assertFalse(os.path.exists(self.opal_pem))
     self.assertFalse(os.path.exists(self.opal_x509))
     fake_call = FakeMethod(result=0)
     self.useFixture(MonkeyPatch("subprocess.call", fake_call))
     upload = SigningUpload()
     upload.callLog = FakeMethodCallLog(upload=upload)
     upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
                               "distroseries")
     upload.signOpal(os.path.join(self.makeTemporaryDirectory(), 't.opal'))
     self.assertEqual(1, upload.callLog.caller_count('Opal keygen key'))
     self.assertEqual(1, upload.callLog.caller_count('Opal keygen cert'))
     self.assertTrue(os.path.exists(self.opal_pem))
     self.assertTrue(os.path.exists(self.opal_x509))
     self.assertEqual(stat.S_IMODE(os.stat(self.opal_pem).st_mode), 0o600)
     self.assertEqual(stat.S_IMODE(os.stat(self.opal_x509).st_mode), 0o644)
Beispiel #11
0
 def test_correct_opal_signing_command_executed(self):
     # Check that calling signOpal() will generate the expected command
     # when appropriate keys are present.
     self.setUpOpalKeys()
     fake_call = FakeMethod(result=0)
     self.useFixture(MonkeyPatch("subprocess.call", fake_call))
     upload = SigningUpload()
     upload.generateOpalKeys = FakeMethod()
     upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
                               "distroseries")
     upload.signOpal('t.opal')
     self.assertEqual(1, fake_call.call_count)
     # Assert command form.
     args = fake_call.calls[0][0][0]
     expected_cmd = [
         'kmodsign', '-D', 'sha512', self.opal_pem, self.opal_x509,
         't.opal', 't.opal.sig'
     ]
     self.assertEqual(expected_cmd, args)
     self.assertEqual(0, upload.generateOpalKeys.call_count)
Beispiel #12
0
 def test_correct_uefi_signing_command_executed(self):
     # Check that calling signUefi() will generate the expected command
     # when appropriate keys are present.
     self.setUpUefiKeys()
     fake_call = FakeMethod(result=0)
     self.useFixture(MonkeyPatch("subprocess.call", fake_call))
     upload = SigningUpload()
     upload.generateUefiKeys = FakeMethod()
     upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
                               "distroseries")
     upload.signUefi('t.efi')
     self.assertEqual(1, fake_call.call_count)
     # Assert command form.
     args = fake_call.calls[0][0][0]
     expected_cmd = [
         'sbsign',
         '--key',
         self.key,
         '--cert',
         self.cert,
         't.efi',
     ]
     self.assertEqual(expected_cmd, args)
     self.assertEqual(0, upload.generateUefiKeys.call_count)
Beispiel #13
0
 def test_common_name_plain_long(self):
     upload = SigningUpload()
     common_name = upload.generateKeyCommonName('t' * 40, 'p' * 40)
     expected_name = 'PPA ' + 't' * 40 + ' ' + 'p' * 19
     self.assertEqual(expected_name, common_name)
     self.assertEqual(64, len(common_name))
Beispiel #14
0
 def test_common_name_suffix_just_short(self):
     upload = SigningUpload()
     common_name = upload.generateKeyCommonName('t' * 30, 'p' * 24, 'kmod')
     expected_name = 'PPA ' + 't' * 30 + ' ' + 'p' * 24 + ' kmod'
     self.assertEqual(expected_name, common_name)
     self.assertEqual(64, len(common_name))
Beispiel #15
0
 def test_common_name_suffix(self):
     upload = SigningUpload()
     common_name = upload.generateKeyCommonName('testing-team', 'ppa',
                                                'kmod')
     self.assertEqual('PPA testing-team ppa kmod', common_name)