Merge PR #18

YubicoLabs · Dec 13, 2023 · 6bb3f2d · 6bb3f2d
2 parents ca4d35e + 9e60032
commit 6bb3f2d
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 53 deletions.
diff --git a/tests/test_signatures.py b/tests/test_signatures.py
@@ -9,7 +9,7 @@
     restore_from_dump,
 )
 
-from .util import configure_ssh, Key
+from .util import configure_ssh, Key, random_string
 
 from typing import Callable
 import pytest
@@ -45,17 +45,12 @@ def create_ssh_home():
     shutil.rmtree(ssh_dir)
 
 
-@pytest.fixture(autouse=True, scope="session")
+@pytest.fixture(scope="session")
 def alice_pgp_key(create_gpg_home):
     return Key.create_pgp_key("RSA", "1024", "Alice PGP", "[email protected]")
 
 
-@pytest.fixture(autouse=True, scope="session")
-def bob_pgp_key(create_gpg_home):
-    return Key.create_pgp_key("RSA", "1024", "Bob PGP", "[email protected]")
-
-
-@pytest.fixture(autouse=True, scope="session")
+@pytest.fixture(scope="session")
 def eve_pgp_key(create_gpg_home):
     return Key.create_pgp_key("RSA", "1024", "Eve PGP", "[email protected]")
 
@@ -67,7 +62,7 @@ def idfn(fixture_value):
     return id
 
 
-@pytest.fixture(autouse=True, scope="session", params=_SSH_KEYS, ids=idfn)
+@pytest.fixture(scope="session", params=_SSH_KEYS, ids=idfn)
 def alice_ssh_key_parameterized(create_ssh_home, request):
     key_type = request.param["type"]
     size = request.param.get("size", None)
@@ -76,68 +71,65 @@ def alice_ssh_key_parameterized(create_ssh_home, request):
     )
 
 
-@pytest.fixture(autouse=True, scope="session")
+@pytest.fixture(scope="session")
 def alice_ssh_key(create_ssh_home):
     return Key.create_ssh_key(create_ssh_home, "rsa", 1024, "alice", "[email protected]")
 
 
-@pytest.fixture(autouse=True, scope="session")
-def bob_ssh_key(create_ssh_home):
-    return Key.create_ssh_key(create_ssh_home, "rsa", 1024, "bob", "[email protected]")
-
-
-@pytest.fixture(autouse=True, scope="session")
+@pytest.fixture(scope="session")
 def eve_ssh_key(create_ssh_home):
     return Key.create_ssh_key(create_ssh_home, "rsa", 1024, "eve", "[email protected]")
 
 
+def _initialize_require_signature(repo: Repository, keys: list[Key]):
+    key_names = []
+    with on_dir(repo._path):
+        for key in keys:
+            file_name = random_string()
+            key_names.append(file_name)
+            key.add_to_repo(file_name)
+
+    cmd("git", "add", ".", cwd=repo._path)
+
+    commit_rules = {"rules": [{"require_signature": {"authorized_keys": key_names}}]}
+
+    write_commit_rules(repo, commit_rules)
+    cmd(
+        "git",
+        "commit",
+        "-m",
+        "Init require signature",
+        cwd=repo._path,
+    )
+
+
 @pytest.fixture(scope="session")
 def repo_signatures_dump(
     repo_installed_dump: tuple[Repository, str],
     tmp_path_factory,
     alice_pgp_key: Key,
-    bob_pgp_key: Key,
     alice_ssh_key: Key,
-    alice_ssh_key_parameterized: Key,
-    bob_ssh_key: Key,
 ):
     repo, dump_path = repo_installed_dump
     restore_from_dump(repo, dump_path)
 
-    with on_dir(repo._path):
-        alice_pgp_key.add_to_repo("alice.asc")
-        bob_pgp_key.add_to_repo("bob.asc")
-        alice_ssh_key.add_to_repo("alice.pub")
-        alice_ssh_key_parameterized.add_to_repo("alice_parameterized.pub")
-        bob_ssh_key.add_to_repo("bob.pub")
+    _initialize_require_signature(repo, [alice_pgp_key, alice_ssh_key])
 
-    cmd("git", "add", ".", cwd=repo._path)
+    dump_path = tmp_path_factory.mktemp("dump")
+    dump(repo, dump_path)
+    return repo, dump_path
 
-    commit_rules = {
-        "rules": [
-            {
-                "require_signature": {
-                    "authorized_keys": [
-                        "alice.asc",
-                        "bob.asc",
-                        "alice.pub",
-                        "alice_parameterized.pub",
-                        "bob.pub",
-                    ]
-                }
-            }
-        ]
-    }
 
-    write_commit_rules(repo, commit_rules)
-    cmd(
-        "git",
-        "commit",
-        "-m",
-        "Require signature",
-        f"--gpg-sign={alice_pgp_key.identifier}",
-        cwd=repo._path,
-    )
+@pytest.fixture(scope="session")
+def repo_signatures_parameterized_dump(
+    repo_installed_dump: tuple[Repository, str],
+    tmp_path_factory,
+    alice_ssh_key_parameterized: Key,
+):
+    repo, dump_path = repo_installed_dump
+    restore_from_dump(repo, dump_path)
+
+    _initialize_require_signature(repo, [alice_ssh_key_parameterized])
 
     dump_path = tmp_path_factory.mktemp("dump")
     dump(repo, dump_path)
@@ -151,6 +143,15 @@ def repo_signatures(repo_signatures_dump: tuple[Repository, str]):
     return repo
 
 
+@pytest.fixture(scope="function")
+def repo_signatures_parameterized(
+    repo_signatures_parameterized_dump: tuple[Repository, str]
+):
+    repo, dump_path = repo_signatures_parameterized_dump
+    restore_from_dump(repo, dump_path)
+    return repo
+
+
 def test_commit_unsigned(repo_signatures: Repository):
     action: Callable[[Repository], None] = lambda repo: cmd(
         "git", "commit", "-m", "Untrusted", "--allow-empty", cwd=repo._path
@@ -222,8 +223,10 @@ def test_commit_wrong_email_ssh(repo_signatures: Repository, alice_ssh_key):
     verify_action(repo=repo_signatures, passes=False, action=action)
 
 
-def test_commit_trusted_ssh(repo_signatures: Repository, alice_ssh_key_parameterized):
-    configure_ssh(repo_signatures, alice_ssh_key_parameterized)
+def test_commit_trusted_ssh(
+    repo_signatures_parameterized: Repository, alice_ssh_key_parameterized
+):
+    configure_ssh(repo_signatures_parameterized, alice_ssh_key_parameterized)
     action: Callable[[Repository], None] = lambda repo: cmd(
         "git",
         "commit",
@@ -234,4 +237,4 @@ def test_commit_trusted_ssh(repo_signatures: Repository, alice_ssh_key_parameter
         "-S",
         cwd=repo._path,
     )
-    verify_action(repo=repo_signatures, passes=True, action=action)
+    verify_action(repo=repo_signatures_parameterized, passes=True, action=action)
diff --git a/tests/util.py b/tests/util.py
@@ -6,6 +6,8 @@
 from typing import Union, Optional
 import subprocess
 import re
+import random
+import string
 
 
 class Key:
@@ -106,3 +108,7 @@ def configure_ssh(repo: Repository, key: Key):
     cmd("git", "config", "gpg.format", "ssh", cwd=repo._path)
     cmd("git", "config", "user.email", key.email, cwd=repo._path)
     cmd("git", "config", "user.signingkey", key.identifier, cwd=repo._path)
+
+
+def random_string(k: int = 5):
+    return "".join(random.choices(string.ascii_uppercase + string.digits, k=k))