Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
get TimestampTests working again
Browse files Browse the repository at this point in the history
zkat authored and heng-liu committed Jun 17, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent d5a3abd commit c4d5c53
Showing 2 changed files with 19 additions and 12 deletions.
Original file line number Diff line number Diff line change
@@ -81,17 +81,14 @@ public async Task Timestamp_Verify_WithOfflineRevocation_ReturnsCorrectFlagsAndL
result.HasFlag(SignatureVerificationStatusFlags.UnknownRevocation).Should().BeTrue();

var errors = logs.Where(l => l.Level == LogLevel.Error);
errors.Count().Should().Be(RuntimeEnvironmentHelper.IsWindows ? 2 : 1);

if (RuntimeEnvironmentHelper.IsWindows)
{
errors.Should().Contain(w => w.Code == NuGetLogCode.NU3028 && w.Message.Contains("The revocation function was unable to check revocation because the revocation server could not be reached."));
errors.Should().Contain(w => w.Code == NuGetLogCode.NU3028 && w.Message.Contains("The revocation function was unable to check revocation for the certificate."));
}
else
errors.Count().Should().Be(RuntimeEnvironmentHelper.IsMacOSX ? 1 : 2);
SigningTestUtility.AssertRevocationStatusUnknown(errors, LogLevel.Error, NuGetLogCode.NU3028);

if (!RuntimeEnvironmentHelper.IsMacOSX)
{
errors.Should().Contain(w => w.Code == NuGetLogCode.NU3028 && w.Message.Contains("unable to get certificate CRL"));
}
SigningTestUtility.AssertOfflineRevocationOnlineMode(errors, LogLevel.Error, NuGetLogCode.NU3028);
}
}
}
}
16 changes: 13 additions & 3 deletions test/TestUtilities/Test.Utility/Signing/SigningTestUtility.cs
Original file line number Diff line number Diff line change
@@ -678,18 +678,28 @@ public static void AssertOfflineRevocation(IEnumerable<ILogMessage> issues, LogL
//We will change the original X509ChainStatus.StatusInformation of OfflineRevocation to VerifyCertTrustOfflineWhileRevocationModeOffline or VerifyCertTrustOfflineWhileRevocationModeOnline in Signature.cs and Timestamp.cs
//So if we use APIs above to verify the results of chain.build, we should use assert AssertOfflineRevocationOnlineMode and AssertOfflineRevocationOfflineMode
public static void AssertOfflineRevocationOnlineMode(IEnumerable<SignatureLog> issues, LogLevel logLevel)
{
AssertOfflineRevocationOnlineMode(issues, logLevel, NuGetLogCode.NU3018);
}

public static void AssertOfflineRevocationOnlineMode(IEnumerable<SignatureLog> issues, LogLevel logLevel, NuGetLogCode code)
{
Assert.Contains(issues, issue =>
issue.Code == NuGetLogCode.NU3018 &&
issue.Code == code &&
issue.Level == logLevel &&
issue.Message.Contains("The revocation function was unable to check revocation because the revocation server could not be reached. For more information, visit https://aka.ms/certificateRevocationMode."));
}

public static void AssertOfflineRevocationOfflineMode(IEnumerable<SignatureLog> issues)
{
AssertOfflineRevocationOfflineMode(issues, LogLevel.Information, NuGetLogCode.Undefined);
}

public static void AssertOfflineRevocationOfflineMode(IEnumerable<SignatureLog> issues, LogLevel logLevel, NuGetLogCode code)
{
Assert.Contains(issues, issue =>
issue.Code == NuGetLogCode.Undefined &&
issue.Level == LogLevel.Information &&
issue.Code == code &&
issue.Level == logLevel &&
issue.Message.Contains("The revocation function was unable to check revocation because the certificate is not available in the cached certificate revocation list and NUGET_CERT_REVOCATION_MODE environment variable has been set to offline. For more information, visit https://aka.ms/certificateRevocationMode."));
}

0 comments on commit c4d5c53

Please sign in to comment.