Commit ef469c91 authored by Lucas Carvalho's avatar Lucas Carvalho

Added more tests related to signature verification.

parent 1bc1ac5c
...@@ -134,3 +134,71 @@ class TestNetworkcacheClient(LibNetworkCacheMixin): ...@@ -134,3 +134,71 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
shadir=self.shadir_url, shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file) signature_private_key_file=self.signature_private_key_file)
self.assertNotEquals('', nc._getSignatureString()) self.assertNotEquals('', nc._getSignatureString())
def test_verification_without_signature_certificate_file_list(self):
"""
Without the signature certificate file list it is not possible to
verify if the signature if trusted or not.
So, the _verifySignatureInCertificateList should return False.
"""
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file)
signature_string = nc._getSignatureString()
self.assertFalse(nc._verifySignatureInCertificateList(signature_string))
def test_verification_with_signature_certificate_file_list(self):
"""
With the signature certificate file list it is possible to
verify if the signature if trusted or not.
So, the _verifySignatureInCertificateList should return True
if the signature_string is valid and it should return False if the
signature_string is not correct.
"""
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=[self.signature_certificate_file])
signature_string = nc._getSignatureString()
self.assertTrue(nc._verifySignatureInCertificateList(signature_string))
wrong_signature_string = 'InvalidSignatureString'.encode('base64')
result_bool = nc._verifySignatureInCertificateList(wrong_signature_string)
self.assertFalse(result_bool)
# XXX(lucas): Should we provide the file under HTTP server using
# SimpleHTTPServer? Because actually it gonna just throw an IOError.
def test_verification_with_signature_certificate_file_list_url(self):
"""
NetworkcacheClient supports to have the certification file under an HTTP
server.
During the _verifySignatureInCertificateList method, it'll try to
download the certification from the given URL and check if the signature
is valid.
"""
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=['http://localhost:0/public.pem'])
signature_string = nc._getSignatureString()
self.assertRaises(IOError, \
nc._verifySignatureInCertificateList, signature_string)
def test_signature_verification_priority(self):
"""
During the signature vefirication, the filesystem path has priority over
urls. So, if the public key is
"""
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=['http://localhost:0/public.pem'])
signature_string = nc._getSignatureString()
self.assertRaises(IOError, \
nc._verifySignatureInCertificateList, signature_string)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment