def test_common_name_suffix_long(self): upload = SigningUpload() common_name = upload.generateKeyCommonName('t' * 40, 'p' * 40, 'kmod-plus') expected_name = 'PPA ' + 't' * 40 + ' ' + 'p' * 9 + ' kmod-plus' self.assertEqual(expected_name, common_name) self.assertEqual(64, len(common_name))
def test_correct_opal_openssl_config(self): # Check that calling generateOpensslConfig() will return an appropriate # openssl configuration. upload = SigningUpload() text = upload.generateOpensslConfig('Opal', 'something-unique') cn_re = re.compile(r'\bCN\s*=\s*something-unique\b') self.assertIn('[ req ]', text) self.assertIsNotNone(cn_re.search(text)) self.assertNotIn('extendedKeyUsage', text)
def process_emulate(self): self.tarfile.close() self.buffer.close() upload = SigningUpload() # Under no circumstances is it safe to execute actual commands. self.fake_call = FakeMethod(result=0) upload.callLog = FakeMethodCallLog(upload=upload) self.useFixture(MonkeyPatch("subprocess.call", self.fake_call)) upload.process(self.archive, self.path, self.suite) return upload
def test_correct_kmod_openssl_config(self): # Check that calling generateOpensslConfig() will return an appropriate # openssl configuration. upload = SigningUpload() text = upload.generateOpensslConfig('Kmod', 'something-unique') cn_re = re.compile(r'\bCN\s*=\s*something-unique\b') eku_re = re.compile(r'\bextendedKeyUsage\s*=\s*' r'codeSigning,1.3.6.1.4.1.2312.16.1.2\s*\b') self.assertIn('[ req ]', text) self.assertIsNotNone(cn_re.search(text)) self.assertIsNotNone(eku_re.search(text))
def test_correct_opal_keygen_command_executed(self): # Check that calling generateOpalKeys() will generate the # expected command. self.setUpPPA() self.setUpOpalKeys(create=False) fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload = SigningUpload() upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz", "distroseries") upload.generateOpalKeys() self.assertEqual(2, fake_call.call_count) # Assert the actual command matches. args = fake_call.calls[0][0][0] # Sanitise the keygen tmp file. if args[11].endswith('.keygen'): args[11] = 'XXX.keygen' expected_cmd = [ 'openssl', 'req', '-new', '-nodes', '-utf8', '-sha512', '-days', '3650', '-batch', '-x509', '-config', 'XXX.keygen', '-outform', 'PEM', '-out', self.opal_pem, '-keyout', self.opal_pem ] self.assertEqual(expected_cmd, args) args = fake_call.calls[1][0][0] expected_cmd = [ 'openssl', 'x509', '-in', self.opal_pem, '-outform', 'DER', '-out', self.opal_x509 ] self.assertEqual(expected_cmd, args)
def test_correct_uefi_keygen_command_executed(self): # Check that calling generateUefiKeys() will generate the # expected command. self.setUpPPA() self.setUpUefiKeys(create=False) fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload = SigningUpload() upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz", "distroseries") upload.generateUefiKeys() self.assertEqual(1, fake_call.call_count) # Assert the actual command matches. args = fake_call.calls[0][0][0] expected_cmd = [ 'openssl', 'req', '-new', '-x509', '-newkey', 'rsa:2048', '-subj', self.testcase_cn, '-keyout', self.key, '-out', self.cert, '-days', '3650', '-nodes', '-sha256', ] self.assertEqual(expected_cmd, args)
def test_correct_opal_signing_command_executed_no_keys(self): # Check that calling signOpal() will generate no commands when # no keys are present. self.setUpOpalKeys(create=False) fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload = SigningUpload() upload.generateOpalKeys = FakeMethod() upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz", "distroseries") upload.signOpal('t.opal') self.assertEqual(0, fake_call.call_count) self.assertEqual(0, upload.generateOpalKeys.call_count)
def process(self): self.tarfile.close() self.buffer.close() upload = SigningUpload() upload.signUefi = FakeMethod() upload.signKmod = FakeMethod() upload.signOpal = FakeMethod() # Under no circumstances is it safe to execute actual commands. fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload.process(self.archive, self.path, self.suite) self.assertEqual(0, fake_call.call_count) return upload
def test_create_uefi_keys_autokey_off(self): # Keys are not created. self.setUpUefiKeys(create=False) self.assertFalse(os.path.exists(self.key)) self.assertFalse(os.path.exists(self.cert)) fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload = SigningUpload() upload.callLog = FakeMethodCallLog(upload=upload) upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz", "distroseries") upload.signUefi(os.path.join(self.makeTemporaryDirectory(), 't.efi')) self.assertEqual(0, upload.callLog.caller_count('UEFI keygen')) self.assertFalse(os.path.exists(self.key)) self.assertFalse(os.path.exists(self.cert))
def test_create_opal_keys_autokey_on(self): # Keys are created on demand. self.setUpPPA() self.setUpOpalKeys(create=False) self.assertFalse(os.path.exists(self.opal_pem)) self.assertFalse(os.path.exists(self.opal_x509)) fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload = SigningUpload() upload.callLog = FakeMethodCallLog(upload=upload) upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz", "distroseries") upload.signOpal(os.path.join(self.makeTemporaryDirectory(), 't.opal')) self.assertEqual(1, upload.callLog.caller_count('Opal keygen key')) self.assertEqual(1, upload.callLog.caller_count('Opal keygen cert')) self.assertTrue(os.path.exists(self.opal_pem)) self.assertTrue(os.path.exists(self.opal_x509)) self.assertEqual(stat.S_IMODE(os.stat(self.opal_pem).st_mode), 0o600) self.assertEqual(stat.S_IMODE(os.stat(self.opal_x509).st_mode), 0o644)
def test_correct_opal_signing_command_executed(self): # Check that calling signOpal() will generate the expected command # when appropriate keys are present. self.setUpOpalKeys() fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload = SigningUpload() upload.generateOpalKeys = FakeMethod() upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz", "distroseries") upload.signOpal('t.opal') self.assertEqual(1, fake_call.call_count) # Assert command form. args = fake_call.calls[0][0][0] expected_cmd = [ 'kmodsign', '-D', 'sha512', self.opal_pem, self.opal_x509, 't.opal', 't.opal.sig' ] self.assertEqual(expected_cmd, args) self.assertEqual(0, upload.generateOpalKeys.call_count)
def test_correct_uefi_signing_command_executed(self): # Check that calling signUefi() will generate the expected command # when appropriate keys are present. self.setUpUefiKeys() fake_call = FakeMethod(result=0) self.useFixture(MonkeyPatch("subprocess.call", fake_call)) upload = SigningUpload() upload.generateUefiKeys = FakeMethod() upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz", "distroseries") upload.signUefi('t.efi') self.assertEqual(1, fake_call.call_count) # Assert command form. args = fake_call.calls[0][0][0] expected_cmd = [ 'sbsign', '--key', self.key, '--cert', self.cert, 't.efi', ] self.assertEqual(expected_cmd, args) self.assertEqual(0, upload.generateUefiKeys.call_count)
def test_common_name_plain_long(self): upload = SigningUpload() common_name = upload.generateKeyCommonName('t' * 40, 'p' * 40) expected_name = 'PPA ' + 't' * 40 + ' ' + 'p' * 19 self.assertEqual(expected_name, common_name) self.assertEqual(64, len(common_name))
def test_common_name_suffix_just_short(self): upload = SigningUpload() common_name = upload.generateKeyCommonName('t' * 30, 'p' * 24, 'kmod') expected_name = 'PPA ' + 't' * 30 + ' ' + 'p' * 24 + ' kmod' self.assertEqual(expected_name, common_name) self.assertEqual(64, len(common_name))
def test_common_name_suffix(self): upload = SigningUpload() common_name = upload.generateKeyCommonName('testing-team', 'ppa', 'kmod') self.assertEqual('PPA testing-team ppa kmod', common_name)