def test_multiple_signatures(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig(certificate_subject_name='my cert', input_path='foo.exe', timestamping_servers=['timestamp1.com'], signature_digest_algos=['sha1', 'sha256'], **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) command.run() assert len(re.findall(r'signtool sign', caplog.text)) == 2 signtool_line = ( r"signtool sign /v /fd sha1 /tr timestamp1\.com /td sha1 /n 'my cert' foo\.exe$" ) assert re.search(signtool_line, caplog.text, re.MULTILINE) signtool_line = ( r"signtool sign /v /fd sha256 /tr timestamp1\.com /td sha256 /as /n 'my cert' foo\.exe$" ) assert re.search(signtool_line, caplog.text, re.MULTILINE)
def test_successful_signing_session(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig(certificate_subject_name='my cert', input_path='foo.exe', **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(utils, 'is_windows_64_bit', lambda: True) monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) command.run() getgrant_line = ( r"/CSPConfig.exe getgrant -force -authurl:http://tpp/auth -hsmurl:http://tpp/hsm " r"-username:user -password '\*\*\*'$") assert re.search(getgrant_line, caplog.text, re.MULTILINE) assert 'Successfully obtained grant from TPP' in caplog.text sync_line = (r"/CSPConfig.exe sync$") assert re.search(sync_line, caplog.text, re.MULTILINE) assert 'Successfully synchronized local certificate store with TPP' in caplog.text signtool_line = (r"signtool sign /v /fd sha256 /n 'my cert' foo\.exe$") assert re.search(signtool_line, caplog.text, re.MULTILINE) assert "Successfully signed 'foo.exe'" in caplog.text revokegrant_line = r"/CSPConfig.exe revokegrant -force -clear$" assert re.search(revokegrant_line, caplog.text, re.MULTILINE) assert 'Successfully revoked server grant' in caplog.text
def test_signtool_path(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig( certificate_subject_name='my cert', input_path='foo.exe', signtool_path='C:\\Windows SDK\\bin\\signtool.exe', **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) command.run() assert "'C:\\Windows SDK\\bin\\signtool.exe' sign" in caplog.text
def test_venafi_client_tools_dir(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig(certificate_subject_name='my cert', input_path='foo.jar', venafi_client_tools_dir='C:\\Venafi', **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(utils, 'is_windows_64_bit', lambda: True) monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) command.run() assert os.path.join('C:\\Venafi', 'CSPConfig.exe') in caplog.text
def test_append_signature(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig(certificate_subject_name='my cert', input_path='foo.exe', append_signatures=True, **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) command.run() signtool_line = (r"signtool sign /v /fd sha256 /as /n 'my cert' foo\.exe$") assert re.search(signtool_line, caplog.text, re.MULTILINE)
def test_sign_with_certificate_sha1(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig(certificate_sha1='abcd1234', input_path='foo.exe', **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) command.run() signtool_line = (r"signtool sign /v /fd sha256 /sha1 abcd1234 foo\.exe$") assert re.search(signtool_line, caplog.text, re.MULTILINE) assert "Successfully signed 'foo.exe'" in caplog.text
def test_tpp_logout_error(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig(certificate_subject_name='my cert', input_path='foo.exe', **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): if args[0][1] == 'revokegrant': return subprocess.CompletedProcess(args=[], returncode=1, stdout='') else: return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) command.run() assert 'Error revoking grant from TPP' in caplog.text
def test_signtool_error(monkeypatch, caplog): caplog.set_level(logging.INFO) config = SigntoolSignConfig(certificate_subject_name='my cert', input_path='foo.exe', **fake_tpp_config) def mock_subprocess_run(*args, **kwargs): if args[0][0] == 'signtool': return subprocess.CompletedProcess(args=[], returncode=1, stdout='') else: return subprocess.CompletedProcess(args=[], returncode=0, stdout='') monkeypatch.setattr(subprocess, 'run', mock_subprocess_run) command = SigntoolSignCommand(logging.getLogger(), config) with pytest.raises(utils.AbortException): command.run() assert "Error signing 'foo.exe': command exited with code 1" in caplog.text assert 'Logging out of TPP' in caplog.text