Skip to content

Commit

Permalink
Add tests for sign and verify methods of Envelope
Browse files Browse the repository at this point in the history 
Tests to ensure integrity of creation and verification of DSSE signatures.

Signed-off-by: Pradyumna Krishna <[email protected]>
  • Loading branch information
@PradyumnaKrishna
PradyumnaKrishna committed Jul 20, 2022
1 parent 5945596 commit 68e76ab
Showing 1 changed file with 79 additions and 4 deletions.
83 changes: 79 additions & 4 deletions tests/test_metadata.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,28 @@
import copy
import unittest

from securesystemslib import exceptions
import securesystemslib.keys as KEYS
from securesystemslib.exceptions import (
FormatError,
SignatureVerificationError,
UnsupportedAlgorithmError,
)
from securesystemslib.key import SSlibKey
from securesystemslib.metadata import Envelope
from securesystemslib.signer import GPGSignature, Signature
from securesystemslib.signer import GPGSignature, Signature, SSlibSigner


class TestEnvelope(unittest.TestCase):
"""Test metadata interface provided by DSSE envelope."""

@classmethod
def setUpClass(cls):
cls.key_dicts = [
KEYS.generate_rsa_key(),
KEYS.generate_ed25519_key(),
KEYS.generate_ecdsa_key(),
]

cls.signature_dict = {
"keyid": "11fa391a0ed7a447",
"sig": "30460221009342e4566528fcecf6a7a5",
Expand Down Expand Up @@ -46,7 +58,7 @@ def test_envelope_from_to_dict(self):

# Assert TypeError on invalid signature.
envelope_dict["signatures"] = [""]
with self.assertRaises(exceptions.FormatError):
with self.assertRaises(FormatError):
Envelope.from_dict(envelope_dict)

# Assert GPGSignature formation.
Expand Down Expand Up @@ -88,8 +100,71 @@ def test_preauthencoding(self):
envelope_obj = Envelope.from_dict(copy.deepcopy(self.envelope_dict))

# Checking for Pre-Auth-Encoding generated is correct.
self.assertEqual(self.pae, envelope_obj.pae)
self.assertEqual(self.pae, envelope_obj.pae())

def test_sign_and_verify(self):
"""Test for creating and verifying DSSE signatures."""

# Create an Envelope with no signatures.
envelope_dict = copy.deepcopy(self.envelope_dict)
envelope_dict["signatures"] = []
envelope_obj = Envelope.from_dict(envelope_dict)

key_list = []
for key_dict in self.key_dicts:
# Test for invalid scheme.
valid_scheme = key_dict["scheme"]
key_dict["scheme"] = "invalid_scheme"
signer = SSlibSigner(key_dict)
with self.assertRaises((FormatError, UnsupportedAlgorithmError)):
envelope_obj.sign(signer)

# Sign the payload.
key_dict["scheme"] = valid_scheme
signer = SSlibSigner(key_dict)
envelope_obj.sign(signer)

# Create a List of "Key" from key_dict.
key_list.append(SSlibKey.from_securesystemslib_key(key_dict))

# Check for signatures of Envelope.
self.assertEqual(len(self.key_dicts), len(envelope_obj.signatures))
for signature in envelope_obj.signatures:
self.assertIsInstance(signature, Signature)

# Test for invalid threshold value for keys_list.
# threshold is 0.
with self.assertRaises(ValueError):
envelope_obj.verify(key_list, 0)

# threshold is greater than no of keys.
with self.assertRaises(ValueError):
envelope_obj.verify(key_list, 4)

# Test with valid keylist and threshold.
verified_keys = envelope_obj.verify(key_list, len(key_list))
self.assertEqual(len(verified_keys), len(key_list))

# Test for unknown keys and threshold of 1.
new_key_dicts = [
KEYS.generate_rsa_key(),
KEYS.generate_ed25519_key(),
KEYS.generate_ecdsa_key(),
]
new_key_list = []
for key_dict in new_key_dicts:
new_key_list.append(SSlibKey.from_securesystemslib_key(key_dict))

with self.assertRaises(SignatureVerificationError):
envelope_obj.verify(new_key_list, 1)

all_keys = key_list + new_key_list
envelope_obj.verify(all_keys, 3)

# Test with duplicate keys.
duplicate_keys = key_list + key_list
with self.assertRaises(SignatureVerificationError):
envelope_obj.verify(duplicate_keys, 4) # 3 unique keys, threshold 4.

# Run the unit tests.
if __name__ == "__main__":
Expand Down

0 comments on commit 68e76ab

Please sign in to comment.