Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manually execute NuGet's .NET SDK integration tests for signing #623

Closed
dtivel opened this issue Mar 31, 2023 · 0 comments
Closed

Manually execute NuGet's .NET SDK integration tests for signing #623

dtivel opened this issue Mar 31, 2023 · 0 comments
Assignees
@dtivel

Comments

@dtivel
Copy link
Collaborator

dtivel commented Mar 31, 2023
edited
Loading

NuGet.Client's Dotnet.Integration.Test project contains the following signing-related tests. Where it makes sense, I'll rerun these tests manually by signing with Sign CLI and then verifying with NuGet in the .NET SDK.

Test Result
DotnetSign_ResignPackageWithoutOverwrite_FailsAsync ✔️ Sign CLI always overwrites, so the expected results between NuGet and Sign CLI are different. That said, Sign CLI behaves as expected.
DotnetSign_ResignPackageWithOverwrite_SuccessAsync ✔️ same as above
DotnetSign_SignPackageWithExpiredCertificate_FailsAsync ➖ It's not possible to sign with an expired certificate in Sign CLI; Azure Key Vault automatically renews certificates.
DotnetSign_SignPackageWithInvalidEku_FailsAsync ✔️ Like NuGet, Sign CLI fails with an error like NU3018: NotValidForUsage: The certificate is not valid for the requested usage.
DotnetSign_SignPackageWithNotYetValidCertificate_FailsAsync ➖ It's not possible to sign with a not-yet-valid certificate in Sign CLI, because you cannot create one in Azure Key Vault.
DotnetSign_SignPackageWithOutputDirectory_SucceedsAsync ➖ Does not apply to Sign CLI.
DotnetSign_SignPackageWithOverwrite_SuccessAsync ✔️ Like NuGet, Sign CLI succeeds.
DotnetSign_SignPackageWithPfxFile_SuccessAsync ➖ Does not apply to Sign CLI.
DotnetSign_SignPackageWithPfxFileOfRelativePath_SuccessAsync ➖ Does not apply to Sign CLI.
DotnetSign_SignPackageWithPfxFileWithoutPasswordAndWithNonInteractive_FailsAsync ➖ Does not apply to Sign CLI.
DotnetSign_SignPackageWithRevokedLeafCertChain_FailsAsync ➖ Not feasible to test this with Sign CLI.
DotnetSign_SignPackageWithTimestamping_SucceedsAsync ✔️ Like NuGet, Sign CLI succeeds.
DotnetSign_SignPackageWithTrustedCertificate_SucceedsAsync ✔️ Like NuGet, Sign CLI succeeds.
DotnetSign_SignPackageWithTrustedCertificateWithRelativePath_SucceedsAsync ➖ Does not apply to Sign CLI.
DotnetSign_SignPackageWithUnknownRevocationCertChain_SucceedsAsync ➖ Not feasible to test this with Sign CLI.
DotnetSign_SignPackageWithUnsuportedTimestampHashAlgorithm_FailsAsync ❌ Found #624
DotnetSign_SignPackageWithUntrustedSelfIssuedCertificateInCertificateStore_SuccessAsync ➖ Not feasible to test this with Sign CLI.

CC @clairernovotny
@dtivel dtivel closed this as completed Mar 31, 2023
@dtivel dtivel self-assigned this Mar 31, 2023
@dtivel dtivel mentioned this issue Apr 5, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dtivel dtivel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dtivel