Skip to content

Commit b6d2c6a

Browse files
committed
TST: add tests for check-sign for invalid signature / contents / certificate
1 parent ecd39ec commit b6d2c6a

1 file changed

Lines changed: 76 additions & 0 deletions

File tree

tests/test_check_sign.py

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,82 @@
1+
import io
2+
from fpdf import FPDF
3+
from pypdf import PdfReader, PdfWriter
14
from .conftest import RESOURCES_ROOT, chdir, run_cli
25

36

7+
def test_check_sign_maniuplated_content(capsys, tmp_path):
8+
# Arrange
9+
pdf = FPDF()
10+
pdf.add_page()
11+
pdf.set_font("helvetica", style="B", size=16)
12+
pdf.add_text_markup_annotation(
13+
"Underline", "Hello World!", [0, 0, 0, 0, 0, 0, 0, 0]
14+
)
15+
pdf.sign_pkcs12(str(RESOURCES_ROOT / "signing-certificate.p12"), b"fpdf2")
16+
17+
input_pdf_bytes = pdf.output()
18+
19+
# manipulate signed pdf - leaving length intact
20+
input_pdf_bytes = input_pdf_bytes.replace(b"Hello World!", b"aaaaa aaaaa!")
21+
22+
input_pdf_manipulated = tmp_path / "signed_manipulated.pdf"
23+
input_pdf_manipulated.write_bytes(input_pdf_bytes)
24+
25+
# Act
26+
with chdir(tmp_path):
27+
exit_code = run_cli(
28+
[
29+
"check-sign",
30+
input_pdf_manipulated.name,
31+
"--pem",
32+
str(RESOURCES_ROOT / "signing-certificate.crt"),
33+
]
34+
)
35+
captured = capsys.readouterr()
36+
37+
# Assert
38+
assert exit_code == 1
39+
assert "Content hash ok: False" in captured.err
40+
41+
42+
def test_check_sign_missing_signature(capsys, tmp_path):
43+
# Act
44+
with chdir(tmp_path):
45+
exit_code = run_cli(
46+
[
47+
"check-sign",
48+
str(RESOURCES_ROOT / "input8.pdf"),
49+
"--pem",
50+
str(RESOURCES_ROOT / "signing-certificate.crt"),
51+
]
52+
)
53+
captured = capsys.readouterr()
54+
55+
# Assert
56+
assert exit_code == 2
57+
assert "Signature missing" in captured.err
58+
59+
60+
def test_check_sign_signature_not_matching_to_certificate(capsys, tmp_path):
61+
# Act
62+
with chdir(tmp_path):
63+
exit_code = run_cli(
64+
[
65+
"check-sign",
66+
str(RESOURCES_ROOT / "sign_pkcs12.pdf"),
67+
"--pem",
68+
str(
69+
RESOURCES_ROOT / "demo2_ca.root.crt.pem"
70+
), # sign_pkcs12.pdf signature matched to signing-certificate.crt
71+
]
72+
)
73+
captured = capsys.readouterr()
74+
75+
# Assert
76+
assert exit_code == 1
77+
assert "Certificate ok: False" in captured.err
78+
79+
480
def test_check_sign_pem(capsys, tmp_path):
581
# Act
682
with chdir(tmp_path):

0 commit comments

Comments
 (0)