codesign/test/verify_test.dart - mirrors/cocoon - Git at Google

 // Copyright 2019 The Flutter Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 import 'package:codesign/verify.dart';
 import 'package:file/file.dart';
 import 'package:file/memory.dart';
 import 'package:logging/logging.dart';
 import 'package:test/test.dart';

 import 'src/fake_process_manager.dart';

 void main() {
   const String binaryPath = '/path/to/binary';

   late FakeProcessManager processManager;
   late FileSystem fs;
   late Logger logger;
   late VerificationService service;
   late List<LogRecord> logs;

   setUp(() {
     fs = MemoryFileSystem.test();
     fs.file(binaryPath).createSync(recursive: true);
     processManager = FakeProcessManager.empty();
     logs = <LogRecord>[];
     logger = Logger.detached('test');
     logger.onRecord.listen((LogRecord record) => logs.add(record));
     service = VerificationService(
       binaryPath: binaryPath,
       fs: fs,
       logger: logger,
       pm: processManager,
     );
   });

   test('parses codesign output and can present', () async {
     processManager.addCommands(const <FakeCommand>[
       FakeCommand(
         command: <String>['codesign', '--display', '-vv', binaryPath],
         stderr: '''
 Executable=$binaryPath
 Identifier=mybinary
 Format=Mach-O thin (x86_64)
 CodeDirectory v=20500 size=38000 flags=0x10000(runtime) hashes=1177+7 location=embedded
 Signature size=8979
 Authority=Developer ID Application: Dev Shop ABC (ABCC0VV123)
 Authority=Developer ID Certification Authority
 Authority=Apple Root CA
 Timestamp=Jan 9, 2023 at 9:39:07 AM
 Info.plist=not bound
 TeamIdentifier=ABCC0VV123
 Runtime Version=13.1.0
 Sealed Resources=none
 Internal requirements count=1 size=164
 ''',
       ),
       FakeCommand(
         command: <String>[
           'codesign',
           '--verify',
           '-v',
           '-R=notarized',
           '--check-notarization',
           binaryPath,
         ],
         stderr: '''
 $binaryPath: valid on disk
 $binaryPath: satisfies its Designated Requirement
 $binaryPath: explicit requirement satisfied
 ''',
       ),
     ]);
     final VerificationResult result = await service.run();
     expect(processManager, hasNoRemainingExpectations);
     expect(result, VerificationResult.codesignedAndNotarized);
     expect(
       service.present(),
       '''
 Authority:      Developer ID Application: Dev Shop ABC (ABCC0VV123)
 Time stamp:     Jan 9, 2023 at 9:39:07 AM
 Format:         Mach-O thin (x86_64)
 Signature size: 8979
 Notarization:   true
 ''',
     );
   });

   test('detects codesigned but not notarized binary', () async {
     processManager.addCommands(const <FakeCommand>[
       FakeCommand(
         command: <String>['codesign', '--display', '-vv', binaryPath],
         stderr: '''
 Executable=$binaryPath
 Identifier=mybinary
 Format=Mach-O thin (x86_64)
 CodeDirectory v=20500 size=38000 flags=0x10000(runtime) hashes=1177+7 location=embedded
 Signature size=8979
 Authority=Developer ID Application: Dev Shop ABC (ABCC0VV123)
 Authority=Developer ID Certification Authority
 Authority=Apple Root CA
 Timestamp=Jan 9, 2023 at 9:39:07 AM
 Info.plist=not bound
 TeamIdentifier=ABCC0VV123
 Runtime Version=13.1.0
 Sealed Resources=none
 Internal requirements count=1 size=164
 ''',
       ),
       FakeCommand(
         command: <String>[
           'codesign',
           '--verify',
           '-v',
           '-R=notarized',
           '--check-notarization',
           binaryPath,
         ],
         stderr: '''
 $binaryPath: valid on disk
 $binaryPath: satisfies its Designated Requirement
 test-requirement: code failed to satisfy specified code requirement(s)
 ''',
         exitCode: 3,
       ),
     ]);
     final VerificationResult result = await service.run();
     expect(processManager, hasNoRemainingExpectations);
     expect(result, VerificationResult.codesignedOnly);
     expect(
       service.present(),
       '''
 Authority:      Developer ID Application: Dev Shop ABC (ABCC0VV123)
 Time stamp:     Jan 9, 2023 at 9:39:07 AM
 Format:         Mach-O thin (x86_64)
 Signature size: 8979
 Notarization:   false
 ''',
     );
   });

   test('detects unsigned binary', () async {
     processManager.addCommands(const <FakeCommand>[
       FakeCommand(
         command: <String>['codesign', '--display', '-vv', binaryPath],
         stderr: '$binaryPath: code object is not signed at all',
         exitCode: 1,
       ),
     ]);
     final VerificationResult result = await service.run();
     expect(processManager, hasNoRemainingExpectations);
     expect(result, VerificationResult.unsigned);
     expect(
       logs.first,
       isA<LogRecord>().having(
         (LogRecord record) => record.message,
         'message',
         contains('File $binaryPath is not codesigned.'),
       ),
     );
   });
 }
	// Copyright 2019 The Flutter Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	import 'package:codesign/verify.dart';
	import 'package:file/file.dart';
	import 'package:file/memory.dart';
	import 'package:logging/logging.dart';
	import 'package:test/test.dart';

	import 'src/fake_process_manager.dart';

	void main() {
	const String binaryPath = '/path/to/binary';

	late FakeProcessManager processManager;
	late FileSystem fs;
	late Logger logger;
	late VerificationService service;
	late List<LogRecord> logs;

	setUp(() {
	fs = MemoryFileSystem.test();
	fs.file(binaryPath).createSync(recursive: true);
	processManager = FakeProcessManager.empty();
	logs = <LogRecord>[];
	logger = Logger.detached('test');
	logger.onRecord.listen((LogRecord record) => logs.add(record));
	service = VerificationService(
	binaryPath: binaryPath,
	fs: fs,
	logger: logger,
	pm: processManager,
	);
	});

	test('parses codesign output and can present', () async {
	processManager.addCommands(const <FakeCommand>[
	FakeCommand(
	command: <String>['codesign', '--display', '-vv', binaryPath],
	stderr: '''
	Executable=$binaryPath
	Identifier=mybinary
	Format=Mach-O thin (x86_64)
	CodeDirectory v=20500 size=38000 flags=0x10000(runtime) hashes=1177+7 location=embedded
	Signature size=8979
	Authority=Developer ID Application: Dev Shop ABC (ABCC0VV123)
	Authority=Developer ID Certification Authority
	Authority=Apple Root CA
	Timestamp=Jan 9, 2023 at 9:39:07 AM
	Info.plist=not bound
	TeamIdentifier=ABCC0VV123
	Runtime Version=13.1.0
	Sealed Resources=none
	Internal requirements count=1 size=164
	''',
	),
	FakeCommand(
	command: <String>[
	'codesign',
	'--verify',
	'-v',
	'-R=notarized',
	'--check-notarization',
	binaryPath,
	],
	stderr: '''
	$binaryPath: valid on disk
	$binaryPath: satisfies its Designated Requirement
	$binaryPath: explicit requirement satisfied
	''',
	),
	]);
	final VerificationResult result = await service.run();
	expect(processManager, hasNoRemainingExpectations);
	expect(result, VerificationResult.codesignedAndNotarized);
	expect(
	service.present(),
	'''
	Authority: Developer ID Application: Dev Shop ABC (ABCC0VV123)
	Time stamp: Jan 9, 2023 at 9:39:07 AM
	Format: Mach-O thin (x86_64)
	Signature size: 8979
	Notarization: true
	''',
	);
	});

	test('detects codesigned but not notarized binary', () async {
	processManager.addCommands(const <FakeCommand>[
	FakeCommand(
	command: <String>['codesign', '--display', '-vv', binaryPath],
	stderr: '''
	Executable=$binaryPath
	Identifier=mybinary
	Format=Mach-O thin (x86_64)
	CodeDirectory v=20500 size=38000 flags=0x10000(runtime) hashes=1177+7 location=embedded
	Signature size=8979
	Authority=Developer ID Application: Dev Shop ABC (ABCC0VV123)
	Authority=Developer ID Certification Authority
	Authority=Apple Root CA
	Timestamp=Jan 9, 2023 at 9:39:07 AM
	Info.plist=not bound
	TeamIdentifier=ABCC0VV123
	Runtime Version=13.1.0
	Sealed Resources=none
	Internal requirements count=1 size=164
	''',
	),
	FakeCommand(
	command: <String>[
	'codesign',
	'--verify',
	'-v',
	'-R=notarized',
	'--check-notarization',
	binaryPath,
	],
	stderr: '''
	$binaryPath: valid on disk
	$binaryPath: satisfies its Designated Requirement
	test-requirement: code failed to satisfy specified code requirement(s)
	''',
	exitCode: 3,
	),
	]);
	final VerificationResult result = await service.run();
	expect(processManager, hasNoRemainingExpectations);
	expect(result, VerificationResult.codesignedOnly);
	expect(
	service.present(),
	'''
	Authority: Developer ID Application: Dev Shop ABC (ABCC0VV123)
	Time stamp: Jan 9, 2023 at 9:39:07 AM
	Format: Mach-O thin (x86_64)
	Signature size: 8979
	Notarization: false
	''',
	);
	});

	test('detects unsigned binary', () async {
	processManager.addCommands(const <FakeCommand>[
	FakeCommand(
	command: <String>['codesign', '--display', '-vv', binaryPath],
	stderr: '$binaryPath: code object is not signed at all',
	exitCode: 1,
	),
	]);
	final VerificationResult result = await service.run();
	expect(processManager, hasNoRemainingExpectations);
	expect(result, VerificationResult.unsigned);
	expect(
	logs.first,
	isA<LogRecord>().having(
	(LogRecord record) => record.message,
	'message',
	contains('File $binaryPath is not codesigned.'),
	),
	);
	});
	}