Skip to content

Commit

Permalink
Add testcase to sign and verify DSSE GPGSignatures
Browse files Browse the repository at this point in the history
Tests creation and verification of different types of GPGSignatures
for a DSSE envelope.

Signed-off-by: Pradyumna Krishna <[email protected]>
  • Loading branch information
PradyumnaKrishna committed Jul 22, 2022
1 parent 5a06521 commit a290b94
Showing 1 changed file with 71 additions and 0 deletions.
71 changes: 71 additions & 0 deletions tests/test_gpg.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
import tempfile
import unittest

from typing import List

if sys.version_info >= (3, 3):
from unittest.mock import patch # pylint: disable=no-name-in-module,import-error
else:
Expand Down Expand Up @@ -55,8 +57,12 @@
from securesystemslib.gpg.exceptions import (PacketParsingError,
PacketVersionNotSupportedError, SignatureAlgorithmNotSupportedError,
KeyNotFoundError, CommandError, KeyExpirationError)
from securesystemslib.exceptions import SignatureVerificationError
from securesystemslib.formats import (GPG_PUBKEY_SCHEMA,
ANY_PUBKEY_DICT_SCHEMA)
from securesystemslib.key import GPGKey, Key
from securesystemslib.metadata import Envelope
from securesystemslib.signer import GPGSignature, GPGSigner


class GPGTestUtils:
Expand Down Expand Up @@ -649,6 +655,31 @@ def test_verify_signature_with_expired_key(self):
"\nexpected: {}"
"\ngot: {}".format(expected, ctx.exception))

def test_dsse_envelope(self):
"""Test signing and verifying DSSE signatures."""

# Create the DSSE Envelope.
envelope = Envelope(
payload=b"hello world",
payload_type="http://example.com/HelloWorld",
signatures=[],
)

# Create a GPGSigner and create a DSSE signature.
gpg_signer = GPGSigner(homedir=self.gnupg_home)
gpg_signature = envelope.sign(gpg_signer)
self.assertIsInstance(gpg_signature, GPGSignature)

# Create a GPGKey and verify the DSSE signature.
gpgkey = GPGKey.from_keyring(keyid=self.default_keyid, homedir=self.gnupg_home)
key_list: List[Key] = [gpgkey]
envelope.verify(key_list, 1)

# Duplicate GPGKey.
new_key_list = key_list + key_list
with self.assertRaises(SignatureVerificationError):
envelope.verify(new_key_list, 2)


@unittest.skipIf(not HAVE_GPG, "gpg not found")
class TestGPGDSA(unittest.TestCase):
Expand Down Expand Up @@ -733,6 +764,26 @@ def test_gpg_sign_and_verify_object(self):
self.assertTrue(verify_signature(signature, key_data, test_data))
self.assertFalse(verify_signature(signature, key_data, wrong_data))

def test_dsse_envelope(self):
"""Test signing and verifying DSSE signatures."""

# Create the DSSE Envelope.
envelope = Envelope(
payload=b"hello world",
payload_type="http://example.com/HelloWorld",
signatures=[],
)

# Create a GPGSigner and create a DSSE signature.
gpg_signer = GPGSigner(homedir=self.gnupg_home)
gpg_signature = envelope.sign(gpg_signer)
self.assertIsInstance(gpg_signature, GPGSignature)

# Create a GPGKey and verify the DSSE signature.
gpgkey = GPGKey.from_keyring(keyid=self.default_keyid, homedir=self.gnupg_home)
key_list: List[Key] = [gpgkey]
envelope.verify(key_list, 1)



@unittest.skipIf(not HAVE_GPG, "gpg not found")
Expand Down Expand Up @@ -808,6 +859,26 @@ def test_verify_short_signature(self):
key = export_pubkey(self.default_keyid, homedir=self.gnupg_home)
self.assertTrue(verify_signature(signature, key, test_data))

def test_dsse_envelope(self):
"""Test signing and verifying DSSE signatures."""

# Create the DSSE Envelope.
envelope = Envelope(
payload=b"hello world",
payload_type="http://example.com/HelloWorld",
signatures=[],
)

# Create a GPGSigner and create a DSSE signature.
gpg_signer = GPGSigner(homedir=self.gnupg_home)
gpg_signature = envelope.sign(gpg_signer)
self.assertIsInstance(gpg_signature, GPGSignature)

# Create a GPGKey and verify the DSSE signature.
gpgkey = GPGKey.from_keyring(keyid=self.default_keyid, homedir=self.gnupg_home)
key_list: List[Key] = [gpgkey]
envelope.verify(key_list, 1)


if __name__ == "__main__":
unittest.main()

0 comments on commit a290b94

Please sign in to comment.