def do_attest_verify_ok(self):
with patch('sys.stdout') as attest1_stdout_mock:
with patch('__builtin__.raw_input', side_effect=['yes', 'y', 'n', 'yes', 'test']) as attest1_input_mock:
signet.SigCLI().run(['attest', fixtures.path('test.txt')])
attest1_input_mock.assert_any_call('I have reviewed this file (yes/no): ')
attest1_input_mock.assert_any_call('It performs as expected and is free of major flaws (yes/no): ')
attest1_input_mock.assert_any_call('It performs as expected and is free of major flaws (yes/no): ')
attest1_input_mock.assert_any_call('It performs as expected and is free of major flaws (yes/no): ')
attest1_input_mock.assert_any_call('Comment: ')
json_preview = ''.join(call[0][0] for call in attest1_stdout_mock.write.call_args_list[1:])
parsed = json.loads(json_preview)
self.assertEqual(parsed, {
u'comment': u'test',
u'ok': True,
u'id': u'sha256:4dca0fd5f424a31b03ab807cbae77eb32bf2d089eed1cee154b3afed458de0dc',
u'reviewed': True,
})
with patch('sys.stdout') as verify1_stdout_mock:
signet.SigCLI().run(['verify', fixtures.path('test.txt')])
self.assertRegexpMatches(verify1_stdout_mock.write.call_args[0][0], 'file [\w\/]+/tests/fixtures/test.txt is \x1b\[1;32mok\x1b\[0m.\n')
def test_save_and_load_config(self):
c = signet.Config(config_dir=fixtures.path('signet'), keyid=TEST_KEYID)
c.init_defaults()
c['secret_keyring'] = TEST_SECRET_KEYRING
self.assertEqual(c['secret_keyring'], TEST_SECRET_KEYRING)
c['test'] = True
self.assertTrue(c['test'])
with patch('os.path.exists', return_value=True):
with patch('__builtin__.open', mock_open()) as open_write_mock:
c.save()
open_write_mock.assert_called_once_with(fixtures.path('signet/config'), 'w')
attestation_text = ''.join(call[0][0] for call in open_write_mock.return_value.write.call_args_list)
attestation = json.loads(attestation_text)
self.assertEqual(attestation['data']['version'], signet.__version__)
signet.verify_attestation(attestation, TEST_KEYRING)
c2 = signet.Config(config_dir=fixtures.path('signet'))
with patch('os.path.exists', return_value=True):
with patch('__builtin__.open', mock_open(read_data=attestation_text)) as open_read_mock:
c2.load()
open_read_mock.assert_called_once_with(fixtures.path('signet/config'))
self.assertEqual(c2.config, c.config)
def test_save_and_load_config(self):
c = signet.Config(config_dir=fixtures.path('signet'), keyid=TEST_KEYID)
c.init_defaults()
c['secret_keyring'] = TEST_SECRET_KEYRING
self.assertEqual(c['secret_keyring'], TEST_SECRET_KEYRING)
c['test'] = True
self.assertTrue(c['test'])
with patch('os.path.exists', return_value=True):
with patch('__builtin__.open', mock_open()) as open_write_mock:
c.save()
open_write_mock.assert_called_once_with(fixtures.path('signet/config'),
'w')
attestation_text = ''.join(
call[0][0]
for call in open_write_mock.return_value.write.call_args_list)
attestation = json.loads(attestation_text)
self.assertEqual(attestation['data']['version'], signet.__version__)
signet.verify_attestation(attestation, TEST_KEYRING)
c2 = signet.Config(config_dir=fixtures.path('signet'))
with patch('os.path.exists', return_value=True):
with patch(
'__builtin__.open',
mock_open(read_data=attestation_text)) as open_read_mock:
c2.load()
open_read_mock.assert_called_once_with(fixtures.path('signet/config'))
self.assertEqual(c2.config, c.config)
def do_attest_verify_not_ok(self):
with patch('sys.stdout'):
with patch('__builtin__.raw_input', side_effect=['yes', 'no', 'test2']):
signet.SigCLI().run(['attest', fixtures.path('test2.txt')])
with self.assertRaises(SystemExit) as exit_exc:
with patch('sys.stdout') as verify2_stdout_mock:
signet.SigCLI().run(['verify', fixtures.path('test2.txt')])
self.assertEqual(exit_exc.exception.code, 1)
self.assertRegexpMatches(verify2_stdout_mock.write.call_args[0][0], 'file [\w\/]+/tests/fixtures/test2.txt is \x1b\[1;31mmarked bad\x1b\[0m!\n')
def do_setup(self):
with patch('sys.stdout') as stdout_mock:
signet.SigCLI().run(['setup', TEST_KEYID[-8:]])
stdout_mock.write.assert_any_call(
'With public key fingerprint: 9C75CB915794A44DD7697E21571D8816D9886717\n'
)
self.assertTrue(os.path.isfile(fixtures.path('work/signet/config')))
self.assertTrue(
os.path.isfile(fixtures.path('work/signet/keyring.gpg')))
self.assertTrue(os.path.isdir(fixtures.path('work/signet/repo')))
self.assertTrue(
os.path.isfile(fixtures.path('work/signet/repo/key.asc')))
self.assertTrue(
os.path.isfile(fixtures.path('work/signet/repo/repo.json')))
self.assertTrue(os.path.isdir(fixtures.path('work/signet/remotes')))
with open(fixtures.path('work/signet/config')) as f:
config_attestation = json.load(f)
signet.verify_attestation(config_attestation, keyring=TEST_KEYRING)
self.assertEqual(config_attestation['key'], TEST_KEYID)
with open(fixtures.path('work/signet/repo/repo.json')) as f:
repo_attestation = json.load(f)
signet.verify_attestation(repo_attestation, keyring=TEST_KEYRING)
self.assertEqual(repo_attestation['key'], TEST_KEYID)
def do_attest_verify_not_ok(self):
with patch('sys.stdout'):
with patch('__builtin__.raw_input',
side_effect=['yes', 'no', 'test2']):
signet.SigCLI().run(['attest', fixtures.path('test2.txt')])
with self.assertRaises(SystemExit) as exit_exc:
with patch('sys.stdout') as verify2_stdout_mock:
signet.SigCLI().run(['verify', fixtures.path('test2.txt')])
self.assertEqual(exit_exc.exception.code, 1)
self.assertRegexpMatches(
verify2_stdout_mock.write.call_args[0][0],
'file [\w\/]+/tests/fixtures/test2.txt is \x1b\[1;31mmarked bad\x1b\[0m!\n'
)
def test_sign_and_verify(self):
signature = signet.gpg_sign(
TEST_KEYID,
TEST_DATA,
keyring=TEST_KEYRING,
secret_keyring=TEST_SECRET_KEYRING,
)
signet.gpg_verify(
TEST_KEYID,
TEST_DATA,
signature,
keyring=TEST_KEYRING,
)
with self.assertRaisesRegexp(signet.GPGInvalidSignatureError,
'Invalid signature'):
signet.gpg_verify(
TEST_KEYID,
TEST_DATA,
b'invalid:' + signature,
keyring=TEST_KEYRING,
)
with self.assertRaisesRegexp(signet.GPGInvalidSignatureError,
'Invalid signature'):
signet.gpg_verify(
TEST_KEYID,
'wrong:' + TEST_DATA,
signature,
keyring=TEST_KEYRING,
)
with self.assertRaisesRegexp(signet.GPGInvalidSignatureError,
'Key mismatch: got \w+; expected \w+'):
signet.gpg_verify(
'wrongkeyid',
TEST_DATA,
signature,
keyring=TEST_KEYRING,
)
with self.assertRaisesRegexp(signet.GPGKeyNotFoundError,
'Unknown key'):
signet.gpg_verify(
TEST_KEYID,
TEST_DATA,
signature,
keyring=fixtures.path('empty'),
)
def do_attest_verify_ok(self):
with patch('sys.stdout') as attest1_stdout_mock:
with patch('__builtin__.raw_input',
side_effect=['yes', 'y', 'n', 'yes',
'test']) as attest1_input_mock:
signet.SigCLI().run(['attest', fixtures.path('test.txt')])
attest1_input_mock.assert_any_call(
'I have reviewed this file (yes/no): ')
attest1_input_mock.assert_any_call(
'It performs as expected and is free of major flaws (yes/no): ')
attest1_input_mock.assert_any_call(
'It performs as expected and is free of major flaws (yes/no): ')
attest1_input_mock.assert_any_call(
'It performs as expected and is free of major flaws (yes/no): ')
attest1_input_mock.assert_any_call('Comment: ')
json_preview = ''.join(
call[0][0]
for call in attest1_stdout_mock.write.call_args_list[1:])
parsed = json.loads(json_preview)
self.assertEqual(
parsed, {
u'comment': u'test',
u'ok': True,
u'id':
u'sha256:4dca0fd5f424a31b03ab807cbae77eb32bf2d089eed1cee154b3afed458de0dc',
u'reviewed': True,
})
with patch('sys.stdout') as verify1_stdout_mock:
signet.SigCLI().run(['verify', fixtures.path('test.txt')])
self.assertRegexpMatches(
verify1_stdout_mock.write.call_args[0][0],
'file [\w\/]+/tests/fixtures/test.txt is \x1b\[1;32mok\x1b\[0m.\n')
def do_setup(self):
with patch('sys.stdout') as stdout_mock:
signet.SigCLI().run(['setup', TEST_KEYID[-8:]])
stdout_mock.write.assert_any_call('With public key fingerprint: 9C75CB915794A44DD7697E21571D8816D9886717\n')
self.assertTrue(os.path.isfile(fixtures.path('work/signet/config')))
self.assertTrue(os.path.isfile(fixtures.path('work/signet/keyring.gpg')))
self.assertTrue(os.path.isdir(fixtures.path('work/signet/repo')))
self.assertTrue(os.path.isfile(fixtures.path('work/signet/repo/key.asc')))
self.assertTrue(os.path.isfile(fixtures.path('work/signet/repo/repo.json')))
self.assertTrue(os.path.isdir(fixtures.path('work/signet/remotes')))
with open(fixtures.path('work/signet/config')) as f:
config_attestation = json.load(f)
signet.verify_attestation(config_attestation, keyring=TEST_KEYRING)
self.assertEqual(config_attestation['key'], TEST_KEYID)
with open(fixtures.path('work/signet/repo/repo.json')) as f:
repo_attestation = json.load(f)
signet.verify_attestation(repo_attestation, keyring=TEST_KEYRING)
self.assertEqual(repo_attestation['key'], TEST_KEYID)
def test_missing_files(self):
c = signet.Config(config_dir=fixtures.path('.'))
with self.assertRaisesRegexp(signet.NoConfigError, '^Could not find'):
c.save()
def tearDown(self):
del os.environ['GNUPGHOME']
del os.environ['SIG_DIR']
shutil.rmtree(fixtures.path('work/signet'))
def tearDown(self):
del os.environ['GNUPGHOME']
del os.environ['SIG_DIR']
shutil.rmtree(fixtures.path('work/signet'))
def test_new_config_no_key(self):
c = signet.Config(config_dir=fixtures.path('signet'))
with self.assertRaisesRegexp(signet.NoConfigError, 'No key specified'):
c.save()
def test_missing_files(self):
c = signet.Config(config_dir=fixtures.path('.'))
with self.assertRaisesRegexp(signet.NoConfigError, '^Could not find'):
c.save()
def setUp(self):
os.environ['GNUPGHOME'] = fixtures.path('gpg/')
os.environ['SIG_DIR'] = fixtures.path('work/signet')
def test_new_config_no_key(self):
c = signet.Config(config_dir=fixtures.path('signet'))
with self.assertRaisesRegexp(signet.NoConfigError, 'No key specified'):
c.save()
def setUp(self):
os.environ['GNUPGHOME'] = fixtures.path('gpg/')
os.environ['SIG_DIR'] = fixtures.path('work/signet')