File: SigningEntityTests.swift

package info (click to toggle)
swiftlang 6.0.3-2
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 2,519,992 kB
  • sloc: cpp: 9,107,863; ansic: 2,040,022; asm: 1,135,751; python: 296,500; objc: 82,456; f90: 60,502; lisp: 34,951; pascal: 19,946; sh: 18,133; perl: 7,482; ml: 4,937; javascript: 4,117; makefile: 3,840; awk: 3,535; xml: 914; fortran: 619; cs: 573; ruby: 573
file content (110 lines) | stat: -rw-r--r-- 4,662 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
//===----------------------------------------------------------------------===//
//
// This source file is part of the Swift open source project
//
// Copyright (c) 2023 Apple Inc. and the Swift project authors
// Licensed under Apache License v2.0 with Runtime Library Exception
//
// See http://swift.org/LICENSE.txt for license information
// See http://swift.org/CONTRIBUTORS.txt for the list of Swift project authors
//
//===----------------------------------------------------------------------===//

import XCTest

import Basics
@testable import PackageSigning
import SPMTestSupport
import X509

final class SigningEntityTests: XCTestCase {
    func testTwoADPSigningEntitiesAreEqualIfTeamIDEqual() {
        let adp1 = SigningEntity.recognized(
            type: .adp,
            name: "A. Appleseed",
            organizationalUnit: "SwiftPM Test Unit X",
            organization: "A"
        )
        let adp2 = SigningEntity.recognized(
            type: .adp,
            name: "B. Appleseed",
            organizationalUnit: "SwiftPM Test Unit X",
            organization: "B"
        )
        let adp3 = SigningEntity.recognized(
            type: .adp,
            name: "C. Appleseed",
            organizationalUnit: "SwiftPM Test Unit Y",
            organization: "C"
        )
        XCTAssertEqual(adp1, adp2) // Only team ID (org unit) needs to match
        XCTAssertNotEqual(adp1, adp3)
    }

    func testFromECKeyCertificate() throws {
        try fixture(name: "Signing", createGitRepo: false) { fixturePath in
            let certificateBytes = try readFileContents(
                in: fixturePath,
                pathComponents: "Certificates",
                "Test_ec.cer"
            )
            let certificate = try Certificate(certificateBytes)

            let signingEntity = SigningEntity.from(certificate: certificate)
            guard case .unrecognized(let name, let organizationalUnit, let organization) = signingEntity else {
                return XCTFail("Expected SigningEntity.unrecognized but got \(signingEntity)")
            }
            XCTAssertEqual(name, certificate.subject.commonName)
            XCTAssertEqual(organizationalUnit, certificate.subject.organizationalUnitName)
            XCTAssertEqual(organization, certificate.subject.organizationName)
        }
    }

    func testFromRSAKeyCertificate() throws {
        try fixture(name: "Signing", createGitRepo: false) { fixturePath in
            let certificateBytes = try readFileContents(
                in: fixturePath,
                pathComponents: "Certificates",
                "Test_rsa.cer"
            )
            let certificate = try Certificate(certificateBytes)

            let signingEntity = SigningEntity.from(certificate: certificate)
            guard case .unrecognized(let name, let organizationalUnit, let organization) = signingEntity else {
                return XCTFail("Expected SigningEntity.unrecognized but got \(signingEntity)")
            }
            XCTAssertEqual(name, certificate.subject.commonName)
            XCTAssertEqual(organizationalUnit, certificate.subject.organizationalUnitName)
            XCTAssertEqual(organization, certificate.subject.organizationName)
        }
    }

    #if os(macOS)
    func testFromKeychainCertificate() async throws {
        #if ENABLE_REAL_SIGNING_IDENTITY_TEST
        #else
        try XCTSkipIf(true)
        #endif

        guard let label = Environment.current["REAL_SIGNING_IDENTITY_LABEL"] else {
            throw XCTSkip("Skipping because 'REAL_SIGNING_IDENTITY_LABEL' env var is not set")
        }
        let identityStore = SigningIdentityStore(observabilityScope: ObservabilitySystem.NOOP)
        let matches = identityStore.find(by: label)
        XCTAssertTrue(!matches.isEmpty)

        let certificate = try Certificate(secIdentity: matches[0] as! SecIdentity)
        let signingEntity = SigningEntity.from(certificate: certificate)
        switch signingEntity {
        case .recognized(_, let name, let organizationalUnit, let organization):
            XCTAssertEqual(name, certificate.subject.commonName)
            XCTAssertEqual(organizationalUnit, certificate.subject.organizationalUnitName)
            XCTAssertEqual(organization, certificate.subject.organizationName)
        case .unrecognized(let name, let organizationalUnit, let organization):
            XCTAssertEqual(name, certificate.subject.commonName)
            XCTAssertEqual(organizationalUnit, certificate.subject.organizationalUnitName)
            XCTAssertEqual(organization, certificate.subject.organizationName)
        }
    }
    #endif
}