Unit test for SHA1 primary.

vcsjones · vcsjones · commit b3ccc024c7f9 · 2016-06-08T11:29:01.000-04:00
diff --git a/AuthenticodeLint/KnownOids.cs b/AuthenticodeLint/KnownOids.cs
@@ -2,7 +2,7 @@
 
 namespace AuthenticodeLint
 {
-    internal static class KnownOids
+    public static class KnownOids
     {
         public static class X509Algorithms
         {
diff --git a/AuthenticodeLintTests/AuthenticodeLintTests.csproj b/AuthenticodeLintTests/AuthenticodeLintTests.csproj
@@ -37,8 +37,10 @@
   </ItemGroup>
   <ItemGroup>
     <Compile Include="CommandLineParsingTests.cs" />
+    <Compile Include="FakeSignature.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="Rules\PublisherInformationPresentRuleTests.cs" />
+    <Compile Include="Rules\Sha1PrimarySignatureRuleTests.cs" />
     <Compile Include="Rules\TimestampedRuleTests.cs" />
     <Compile Include="Rules\WinCertificatePaddingRuleTests.cs" />
   </ItemGroup>
diff --git a/AuthenticodeLintTests/FakeSignature.cs b/AuthenticodeLintTests/FakeSignature.cs
@@ -0,0 +1,34 @@
+﻿using AuthenticodeLint;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace AuthenticodeLintTests
+{
+    public class FakeSignature : ISignature
+    {
+        private List<ISignature> _nestedSignatures = new List<ISignature>();
+
+        public X509Certificate2Collection AdditionalCertificates { get; set; }
+        public X509Certificate2 Certificate { get; set; }
+        public Oid DigestAlgorithm { get; set; }
+        public Oid HashEncryptionAlgorithm { get; set; }
+        public SignatureKind Kind { get; set; }
+        public CryptographicAttributeObjectCollection SignedAttributes { get; set; }
+        public CryptographicAttributeObjectCollection UnsignedAttributes { get; set; }
+        public IReadOnlyList<ISignature> GetNestedSignatures() => _nestedSignatures;
+
+        public void Add(ISignature signature) => _nestedSignatures.Add(signature);
+
+        public FakeSignature()
+        {
+            SignedAttributes = new CryptographicAttributeObjectCollection();
+            UnsignedAttributes = new CryptographicAttributeObjectCollection();
+            SignedAttributes.Add(new AsnEncodedData(new Oid(KnownOids.MessageDigest), new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }));
+        }
+    }
+}
diff --git a/AuthenticodeLintTests/Rules/Sha1PrimarySignatureRuleTests.cs b/AuthenticodeLintTests/Rules/Sha1PrimarySignatureRuleTests.cs
@@ -0,0 +1,50 @@
+﻿using AuthenticodeLint;
+using AuthenticodeLint.Rules;
+using System.Collections.Generic;
+using System.Security.Cryptography;
+using Xunit;
+
+namespace AuthenticodeLintTests.Rules
+{
+    public class Sha1PrimarySignatureRuleTests
+    {
+        private static CheckConfiguration Configuration => new CheckConfiguration(new List<string>(), null, false, new HashSet<int>(), false, RevocationChecking.None, null);
+
+        [
+            Theory,
+            InlineData(KnownOids.MD2),
+            InlineData(KnownOids.MD5),
+            InlineData(KnownOids.SHA256),
+            InlineData(KnownOids.SHA384),
+            InlineData(KnownOids.SHA512),
+        ]
+        public void ShouldFailOnNonSha1Algorithms(string oid)
+        {
+            var algorithm = new Oid(oid);
+            var signature = new FakeSignature
+            {
+                DigestAlgorithm = algorithm
+            };
+            var check = new Sha1PrimarySignatureRule();
+            var logger = new MemorySignatureLogger();
+            var result = check.Validate(new List<ISignature> { signature }, logger, Configuration);
+            Assert.Equal(RuleResult.Fail, result);
+            Assert.Contains($"Signature 000102030405060708090a: Expected {nameof(KnownOids.SHA1)} digest algorithm but is {algorithm.FriendlyName}.", logger.Messages);
+        }
+
+        [Fact]
+        public void ShouldPassOnSha1Algorithm()
+        {
+            var algorithm = new Oid(KnownOids.SHA1);
+            var signature = new FakeSignature
+            {
+                DigestAlgorithm = algorithm
+            };
+            var check = new Sha1PrimarySignatureRule();
+            var logger = new MemorySignatureLogger();
+            var result = check.Validate(new List<ISignature> { signature }, logger, Configuration);
+            Assert.Equal(RuleResult.Pass, result);
+            Assert.Empty(logger.Messages);
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`
`3`	`3`	`namespace AuthenticodeLint`
`4`	`4`	`{`
`5`		`- internal static class KnownOids`
	`5`	`+ public static class KnownOids`
`6`	`6`	`{`
`7`	`7`	`public static class X509Algorithms`
`8`	`8`	`{`