Added more tests related to signature verification.

ef469c91 · Lucas Carvalho · 1bc1ac5c · ef469c91
Commit ef469c91 authored Jul 22, 2011 by Lucas Carvalho
Hide whitespace changes
Inline Side-by-side

Showing with 68 additions and 0 deletions

slapos/libnetworkcachetests.py slapos/libnetworkcachetests.py +68 -0

No files found.
--- a/slapos/libnetworkcachetests.py
+++ b/slapos/libnetworkcachetests.py
@@ -134,3 +134,71 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
                   shadir=self.shadir_url,
                   signature_private_key_file=self.signature_private_key_file)
    self.assertNotEquals('', nc._getSignatureString())
+
+  def test_verification_without_signature_certificate_file_list(self):
+    """
+      Without the signature certificate file list it is not possible to
+      verify if the signature if trusted or not.
+      So, the _verifySignatureInCertificateList should return False.
+    """
+    nc = NetworkcacheClient(
+             shacache=self.shacache_url,
+             shadir=self.shadir_url,
+             signature_private_key_file=self.signature_private_key_file)
+    signature_string = nc._getSignatureString()
+    self.assertFalse(nc._verifySignatureInCertificateList(signature_string))
+
+  def test_verification_with_signature_certificate_file_list(self):
+    """
+      With the signature certificate file list it is possible to
+      verify if the signature if trusted or not.
+
+      So, the _verifySignatureInCertificateList should return True
+      if the signature_string is valid and it should return False if the
+      signature_string is not correct.
+    """
+    nc = NetworkcacheClient(
+             shacache=self.shacache_url,
+             shadir=self.shadir_url,
+             signature_private_key_file=self.signature_private_key_file,
+             signature_certificate_file_list=[self.signature_certificate_file])
+    signature_string = nc._getSignatureString()
+    self.assertTrue(nc._verifySignatureInCertificateList(signature_string))
+
+    wrong_signature_string = 'InvalidSignatureString'.encode('base64')
+    result_bool = nc._verifySignatureInCertificateList(wrong_signature_string)
+    self.assertFalse(result_bool)
+
+  # XXX(lucas): Should we provide the file under HTTP server using
+  # SimpleHTTPServer? Because actually it gonna just throw an IOError.
+  def test_verification_with_signature_certificate_file_list_url(self):
+    """
+      NetworkcacheClient supports to have the certification file under an HTTP
+      server.
+
+      During the _verifySignatureInCertificateList method, it'll try to
+      download the certification from the given URL and check if the signature
+      is valid.
+    """
+    nc = NetworkcacheClient(
+             shacache=self.shacache_url,
+             shadir=self.shadir_url,
+             signature_private_key_file=self.signature_private_key_file,
+             signature_certificate_file_list=['http://localhost:0/public.pem'])
+    signature_string = nc._getSignatureString()
+    self.assertRaises(IOError, \
+                        nc._verifySignatureInCertificateList, signature_string)
+
+  def test_signature_verification_priority(self):
+    """
+      During the signature vefirication, the filesystem path has priority over
+      urls. So, if the public key is 
+    """
+    nc = NetworkcacheClient(
+             shacache=self.shacache_url,
+             shadir=self.shadir_url,
+             signature_private_key_file=self.signature_private_key_file,
+             signature_certificate_file_list=['http://localhost:0/public.pem'])
+    signature_string = nc._getSignatureString()
+    self.assertRaises(IOError, \
+                        nc._verifySignatureInCertificateList, signature_string)