async def test_sign_mar384_with_autograph_hash_returns_invalid_signature_length(
context, mocker, to, expected):
open_mock = mocker.mock_open(read_data=b'0xdeadbeef')
mocker.patch('builtins.open', open_mock, create=True)
session_mock = mocker.MagicMock()
session_mock.post.return_value.json.return_value = [{
'signature':
base64.b64encode(b'0')
}]
Session_mock = mocker.Mock()
Session_mock.return_value.__enter__ = mocker.Mock(
return_value=session_mock)
Session_mock.return_value.__exit__ = mocker.Mock()
mocker.patch('signingscript.sign.requests.Session',
Session_mock,
create=True)
add_signature_mock = mocker.Mock()
mocker.patch('signingscript.sign.add_signature_block',
add_signature_mock,
create=True)
m_mock = mocker.MagicMock()
m_mock.calculate_hashes.return_value = [[None, b'b64marhash']]
MarReader_mock = mocker.Mock()
MarReader_mock.return_value.__enter__ = mocker.Mock(return_value=m_mock)
MarReader_mock.return_value.__exit__ = mocker.Mock()
mocker.patch('signingscript.sign.MarReader', MarReader_mock, create=True)
context.task = {
'scopes': [
'project:releng:signing:cert:dep-signing',
'project:releng:signing:format:autograph_hash_only_mar384'
]
}
context.signing_servers = {
"project:releng:signing:cert:dep-signing": [
utils.SigningServer(*[
"https://autograph-hsm.dev.mozaws.net", "alice",
"fs5wgcer9qj819kfptdlp8gm227ewxnzvsuj9ztycsx08hfhzu",
["autograph_hash_only_mar384"], "autograph"
])
]
}
with pytest.raises(SigningScriptError):
assert await sign.sign_mar384_with_autograph_hash(
context, 'from', 'autograph_hash_only_mar384', to=to) == expected
open_mock.assert_called()
add_signature_mock.assert_called()
MarReader_mock.assert_called()
m_mock.calculate_hashes.assert_called()
session_mock.post.assert_called_with(
'https://autograph-hsm.dev.mozaws.net/sign/hash',
auth=mocker.ANY,
json=[{
'input': 'YjY0bWFyaGFzaA=='
}])
async def test_sign_file_with_autograph(context, mocker, to, expected, format,
options):
open_mock = mocker.mock_open(read_data=b'0xdeadbeef')
mocker.patch('builtins.open', open_mock, create=True)
session_mock = mocker.MagicMock()
session_mock.post.return_value.json.return_value = [{
'signed_file':
'bW96aWxsYQ=='
}]
Session_mock = mocker.Mock()
Session_mock.return_value.__enter__ = mocker.Mock(
return_value=session_mock)
Session_mock.return_value.__exit__ = mocker.Mock()
mocker.patch('signingscript.sign.requests.Session',
Session_mock,
create=True)
context.task = {
'scopes': [
'project:releng:signing:cert:dep-signing',
'project:releng:signing:format:{}'.format(format)
]
}
context.signing_servers = {
"project:releng:signing:cert:dep-signing": [
utils.SigningServer(*[
"https://autograph-hsm.dev.mozaws.net",
"alice", "fs5wgcer9qj819kfptdlp8gm227ewxnzvsuj9ztycsx08hfhzu",
[format], "autograph"
])
]
}
assert await sign.sign_file_with_autograph(context, 'from', format,
to=to) == expected
open_mock.assert_called()
kwargs = {'input': 'MHhkZWFkYmVlZg=='}
if options:
kwargs['options'] = options
session_mock.post.assert_called_with(
'https://autograph-hsm.dev.mozaws.net/sign/file',
auth=mocker.ANY,
json=[kwargs])
async def test_sign_file_with_autograph_raises_http_error(
context, mocker, to, expected):
open_mock = mocker.mock_open(read_data=b'0xdeadbeef')
mocker.patch('builtins.open', open_mock, create=True)
session_mock = mocker.MagicMock()
post_mock_response = session_mock.post.return_value
post_mock_response.raise_for_status.side_effect = sign.requests.exceptions.RequestException
post_mock_response.json.return_value = [{'signed_file': 'bW96aWxsYQ=='}]
@contextmanager
def session_context():
yield session_mock
mocker.patch('signingscript.sign.requests.Session', session_context)
async def fake_retry_async(func):
await func()
mocker.patch.object(sign, 'retry_async', new=fake_retry_async)
context.task = {
'scopes': [
'project:releng:signing:cert:dep-signing',
'project:releng:signing:format:autograph_mar'
]
}
context.signing_servers = {
"project:releng:signing:cert:dep-signing": [
utils.SigningServer(*[
"https://autograph-hsm.dev.mozaws.net", "alice",
"fs5wgcer9qj819kfptdlp8gm227ewxnzvsuj9ztycsx08hfhzu",
["autograph_mar"], "autograph"
])
]
}
with pytest.raises(sign.requests.exceptions.RequestException):
await sign.sign_file_with_autograph(context,
'from',
'autograph_mar',
to=to)
open_mock.assert_called()
async def test_sign_file_autograph(context, mocker, to, expected):
context.task = {
'scopes': [
'project:releng:signing:cert:dep-signing',
'project:releng:signing:format:autograph_mar'
]
}
context.signing_servers = {
"project:releng:signing:cert:dep-signing": [
utils.SigningServer(*[
"https://autograph-hsm.dev.mozaws.net", "alice",
"fs5wgcer9qj819kfptdlp8gm227ewxnzvsuj9ztycsx08hfhzu",
["autograph_mar"], "autograph"
])
]
}
mocker.patch.object(sign, 'sign_file_with_autograph', new=noop_async)
assert await sign.sign_file(context, 'from', 'autograph_mar',
to=to) == expected