RubyGems - easy_code_sign - Versions diffs - 0.1.0 - Mend

easy_code_sign 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +95 -0
data/LICENSE +21 -0
data/README.md +331 -0
data/Rakefile +16 -0
data/exe/easysign +7 -0
data/lib/easy_code_sign/cli.rb +428 -0
data/lib/easy_code_sign/configuration.rb +102 -0
data/lib/easy_code_sign/deferred_signing_request.rb +104 -0
data/lib/easy_code_sign/errors.rb +113 -0
data/lib/easy_code_sign/pdf/appearance_builder.rb +104 -0
data/lib/easy_code_sign/pdf/timestamp_handler.rb +31 -0
data/lib/easy_code_sign/providers/base.rb +126 -0
data/lib/easy_code_sign/providers/pkcs11_base.rb +197 -0
data/lib/easy_code_sign/providers/safenet.rb +109 -0
data/lib/easy_code_sign/signable/base.rb +98 -0
data/lib/easy_code_sign/signable/gem_file.rb +224 -0
data/lib/easy_code_sign/signable/pdf_file.rb +486 -0
data/lib/easy_code_sign/signable/zip_file.rb +226 -0
data/lib/easy_code_sign/signer.rb +254 -0
data/lib/easy_code_sign/timestamp/client.rb +184 -0
data/lib/easy_code_sign/timestamp/request.rb +114 -0
data/lib/easy_code_sign/timestamp/response.rb +246 -0
data/lib/easy_code_sign/timestamp/verifier.rb +227 -0
data/lib/easy_code_sign/verification/certificate_chain.rb +298 -0
data/lib/easy_code_sign/verification/result.rb +222 -0
data/lib/easy_code_sign/verification/signature_checker.rb +196 -0
data/lib/easy_code_sign/verification/trust_store.rb +140 -0
data/lib/easy_code_sign/verifier.rb +426 -0
data/lib/easy_code_sign/version.rb +5 -0
data/lib/easy_code_sign.rb +183 -0
data/plugin/.gitignore +21 -0
data/plugin/Gemfile +24 -0
data/plugin/Gemfile.lock +134 -0
data/plugin/README.md +248 -0
data/plugin/Rakefile +121 -0
data/plugin/docs/API_REFERENCE.md +366 -0
data/plugin/docs/DEVELOPMENT.md +522 -0
data/plugin/docs/INSTALLATION.md +204 -0
data/plugin/native_host/build/Rakefile +90 -0
data/plugin/native_host/install/com.easysign.host.json +9 -0
data/plugin/native_host/install/install_chrome.sh +81 -0
data/plugin/native_host/install/install_firefox.sh +81 -0
data/plugin/native_host/src/easy_sign_host.rb +158 -0
data/plugin/native_host/src/protocol.rb +101 -0
data/plugin/native_host/src/signing_service.rb +167 -0
data/plugin/native_host/test/native_host_test.rb +113 -0
data/plugin/src/easy_sign/background.rb +323 -0
data/plugin/src/easy_sign/content.rb +74 -0
data/plugin/src/easy_sign/inject.rb +239 -0
data/plugin/src/easy_sign/messaging.rb +109 -0
data/plugin/src/easy_sign/popup.rb +200 -0
data/plugin/templates/manifest.json +58 -0
data/plugin/templates/popup.css +223 -0
data/plugin/templates/popup.html +59 -0
data/sig/easy_code_sign.rbs +4 -0
data/test/easy_code_sign_test.rb +122 -0
data/test/pdf_signable_test.rb +569 -0
data/test/signable_test.rb +334 -0
data/test/test_helper.rb +18 -0
data/test/timestamp_test.rb +163 -0
data/test/verification_test.rb +350 -0
metadata +219 -0

data/test/signable_test.rb ADDED Viewed

@@ -0,0 +1,334 @@
+# frozen_string_literal: true
+require "test_helper"
+require "tempfile"
+require "zip"
+class SignableBaseTest < Minitest::Test
+  def test_raises_for_nonexistent_file
+    assert_raises(EasyCodeSign::InvalidFileError) do
+      EasyCodeSign::Signable::Base.new("/nonexistent/file.txt")
+    end
+  end
+  def test_default_hash_algorithm_is_sha256
+    file = Tempfile.new(["test", ".txt"])
+    file.write("test content")
+    file.close
+    signable = TestSignable.new(file.path)
+    assert_equal :sha256, signable.hash_algorithm
+  ensure
+    file.unlink
+  end
+  def test_compute_hash_returns_correct_digest
+    file = Tempfile.new(["test", ".txt"])
+    file.write("test content")
+    file.close
+    signable = TestSignable.new(file.path)
+    expected = OpenSSL::Digest::SHA256.digest("hello")
+    assert_equal expected, signable.compute_hash("hello")
+  ensure
+    file.unlink
+  end
+  def test_signature_algorithm_for_rsa
+    file = Tempfile.new(["test", ".txt"])
+    file.close
+    signable = TestSignable.new(file.path)
+    assert_equal :sha256_rsa, signable.signature_algorithm(:rsa)
+  ensure
+    file.unlink
+  end
+  # Concrete implementation for testing abstract base
+  class TestSignable < EasyCodeSign::Signable::Base
+    def prepare_for_signing; end
+    def content_to_sign; "test"; end
+    def apply_signature(sig, chain, timestamp_token: nil); file_path; end
+    def extract_signature; nil; end
+  end
+end
+class ZipFileSignableTest < Minitest::Test
+  def setup
+    @temp_zip = Tempfile.new(["test", ".zip"])
+    create_test_zip(@temp_zip.path)
+  end
+  def teardown
+    @temp_zip.close
+    @temp_zip.unlink
+  end
+  def test_validates_zip_extension
+    txt_file = Tempfile.new(["test", ".txt"])
+    txt_file.write("content")
+    txt_file.close
+    assert_raises(EasyCodeSign::InvalidFileError) do
+      EasyCodeSign::Signable::ZipFile.new(txt_file.path)
+    end
+  ensure
+    txt_file.unlink
+  end
+  def test_accepts_valid_zip_file
+    signable = EasyCodeSign::Signable::ZipFile.new(@temp_zip.path)
+    assert_instance_of EasyCodeSign::Signable::ZipFile, signable
+  end
+  def test_file_list_returns_zip_contents
+    signable = EasyCodeSign::Signable::ZipFile.new(@temp_zip.path)
+    files = signable.file_list
+    assert_includes files, "hello.txt"
+    assert_includes files, "subdir/world.txt"
+  end
+  def test_prepare_for_signing_builds_manifest
+    signable = EasyCodeSign::Signable::ZipFile.new(@temp_zip.path)
+    signable.prepare_for_signing
+    # Should not raise and content_to_sign should return data
+    refute_nil signable.content_to_sign
+  end
+  def test_signed_returns_false_for_unsigned_zip
+    signable = EasyCodeSign::Signable::ZipFile.new(@temp_zip.path)
+    refute signable.signed?
+  end
+  def test_extract_signature_returns_nil_for_unsigned
+    signable = EasyCodeSign::Signable::ZipFile.new(@temp_zip.path)
+    assert_nil signable.extract_signature
+  end
+  private
+  def create_test_zip(path)
+    Zip::File.open(path, Zip::File::CREATE) do |zip|
+      zip.get_output_stream("hello.txt") { |f| f.write("Hello, World!") }
+      zip.get_output_stream("subdir/world.txt") { |f| f.write("Nested file") }
+    end
+  end
+end
+class GemFileSignableTest < Minitest::Test
+  def setup
+    @temp_gem = Tempfile.new(["test", ".gem"])
+    create_test_gem(@temp_gem.path)
+  end
+  def teardown
+    @temp_gem.close
+    @temp_gem.unlink
+  end
+  def test_validates_gem_extension
+    txt_file = Tempfile.new(["test", ".txt"])
+    txt_file.write("content")
+    txt_file.close
+    assert_raises(EasyCodeSign::InvalidFileError) do
+      EasyCodeSign::Signable::GemFile.new(txt_file.path)
+    end
+  ensure
+    txt_file.unlink
+  end
+  def test_accepts_valid_gem_file
+    signable = EasyCodeSign::Signable::GemFile.new(@temp_gem.path)
+    assert_instance_of EasyCodeSign::Signable::GemFile, signable
+  end
+  def test_signed_returns_false_for_unsigned_gem
+    signable = EasyCodeSign::Signable::GemFile.new(@temp_gem.path)
+    refute signable.signed?
+  end
+  def test_prepare_for_signing_extracts_content
+    signable = EasyCodeSign::Signable::GemFile.new(@temp_gem.path)
+    signable.prepare_for_signing
+    refute_nil signable.content_to_sign
+  end
+  private
+  def create_test_gem(path)
+    # Create a minimal gem-like tar archive
+    File.open(path, "wb") do |io|
+      Gem::Package::TarWriter.new(io) do |tar|
+        # Add a fake data.tar.gz
+        data = "fake gem data content"
+        tar.add_file_simple("data.tar.gz", 0o644, data.bytesize) { |f| f.write(data) }
+        # Add a fake metadata.gz
+        metadata = "fake metadata content"
+        tar.add_file_simple("metadata.gz", 0o644, metadata.bytesize) { |f| f.write(metadata) }
+        # Add checksums
+        checksums = "checksums content"
+        tar.add_file_simple("checksums.yaml.gz", 0o644, checksums.bytesize) { |f| f.write(checksums) }
+      end
+    end
+  end
+end
+class SignerTest < Minitest::Test
+  def test_creates_signable_for_gem_extension
+    signer = EasyCodeSign::Signer.new
+    temp_gem = Tempfile.new(["test", ".gem"])
+    create_minimal_gem(temp_gem.path)
+    signable = signer.send(:create_signable, temp_gem.path)
+    assert_instance_of EasyCodeSign::Signable::GemFile, signable
+  ensure
+    temp_gem&.close
+    temp_gem&.unlink
+  end
+  def test_creates_signable_for_zip_extension
+    signer = EasyCodeSign::Signer.new
+    temp_zip = Tempfile.new(["test", ".zip"])
+    Zip::File.open(temp_zip.path, Zip::File::CREATE) do |zip|
+      zip.get_output_stream("test.txt") { |f| f.write("test") }
+    end
+    signable = signer.send(:create_signable, temp_zip.path)
+    assert_instance_of EasyCodeSign::Signable::ZipFile, signable
+  ensure
+    temp_zip&.close
+    temp_zip&.unlink
+  end
+  def test_raises_for_unsupported_extension
+    signer = EasyCodeSign::Signer.new
+    temp_file = Tempfile.new(["test", ".exe"])
+    temp_file.close
+    assert_raises(EasyCodeSign::InvalidFileError) do
+      signer.send(:create_signable, temp_file.path)
+    end
+  ensure
+    temp_file&.unlink
+  end
+  private
+  def create_minimal_gem(path)
+    File.open(path, "wb") do |io|
+      Gem::Package::TarWriter.new(io) do |tar|
+        tar.add_file_simple("data.tar.gz", 0o644, 4) { |f| f.write("data") }
+        tar.add_file_simple("metadata.gz", 0o644, 4) { |f| f.write("meta") }
+        tar.add_file_simple("checksums.yaml.gz", 0o644, 4) { |f| f.write("sums") }
+      end
+    end
+  end
+end
+class SigningResultTest < Minitest::Test
+  def test_timestamped_returns_true_when_timestamp_present
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/CN=Test Signer")
+    token = EasyCodeSign::Timestamp::TimestampToken.new(
+      token_der: "fake",
+      timestamp: Time.now,
+      serial_number: 1,
+      policy_oid: "1.2.3",
+      tsa_url: "http://tsa.example.com"
+    )
+    result = EasyCodeSign::SigningResult.new(
+      file_path: "/path/to/file",
+      certificate: cert,
+      algorithm: :sha256_rsa,
+      timestamp_token: token,
+      signed_at: Time.now
+    )
+    assert result.timestamped?
+  end
+  def test_timestamped_returns_false_when_no_timestamp
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/CN=Test Signer")
+    result = EasyCodeSign::SigningResult.new(
+      file_path: "/path/to/file",
+      certificate: cert,
+      algorithm: :sha256_rsa,
+      timestamp_token: nil,
+      signed_at: Time.now
+    )
+    refute result.timestamped?
+  end
+  def test_signer_name_returns_certificate_subject
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/CN=Test Signer/O=Test Org")
+    result = EasyCodeSign::SigningResult.new(
+      file_path: "/path/to/file",
+      certificate: cert,
+      algorithm: :sha256_rsa,
+      timestamp_token: nil,
+      signed_at: Time.now
+    )
+    assert_includes result.signer_name, "Test Signer"
+  end
+  def test_to_h_returns_hash_representation
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/CN=Test")
+    signed_at = Time.now
+    result = EasyCodeSign::SigningResult.new(
+      file_path: "/path/to/file.gem",
+      certificate: cert,
+      algorithm: :sha256_rsa,
+      timestamp_token: nil,
+      signed_at: signed_at
+    )
+    hash = result.to_h
+    assert_equal "/path/to/file.gem", hash[:file_path]
+    assert_equal :sha256_rsa, hash[:algorithm]
+    assert_equal false, hash[:timestamped]
+    assert_equal signed_at, hash[:signed_at]
+  end
+  def test_timestamp_returns_time_from_token
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/CN=Test")
+    ts_time = Time.utc(2024, 1, 15, 12, 0, 0)
+    token = EasyCodeSign::Timestamp::TimestampToken.new(
+      token_der: "fake",
+      timestamp: ts_time,
+      serial_number: 1,
+      policy_oid: "1.2.3",
+      tsa_url: "http://tsa.example.com"
+    )
+    result = EasyCodeSign::SigningResult.new(
+      file_path: "/path/to/file",
+      certificate: cert,
+      algorithm: :sha256_rsa,
+      timestamp_token: token,
+      signed_at: Time.now
+    )
+    assert_equal ts_time, result.timestamp
+  end
+end

data/test/test_helper.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
+require "easy_code_sign"
+require "minitest/autorun"
+# Base test class with common helpers
+class EasyCodeSignTest < Minitest::Test
+  def setup
+    EasyCodeSign.reset_configuration!
+    EasyCodeSign.reset_provider!
+  end
+  def teardown
+    EasyCodeSign.reset_configuration!
+    EasyCodeSign.reset_provider!
+  end
+end

data/test/timestamp_test.rb ADDED Viewed

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+require "test_helper"
+class TimestampRequestTest < Minitest::Test
+  def test_creates_request_with_defaults
+    request = EasyCodeSign::Timestamp::Request.new("test data")
+    assert_equal :sha256, request.algorithm
+    assert request.cert_req
+    assert_nil request.policy_oid
+    refute_nil request.nonce
+  end
+  def test_computes_message_imprint_hash
+    data = "test signature data"
+    request = EasyCodeSign::Timestamp::Request.new(data, algorithm: :sha256)
+    expected = OpenSSL::Digest::SHA256.digest(data)
+    assert_equal expected, request.message_imprint_hash
+  end
+  def test_supports_different_algorithms
+    data = "test data"
+    sha256_request = EasyCodeSign::Timestamp::Request.new(data, algorithm: :sha256)
+    sha384_request = EasyCodeSign::Timestamp::Request.new(data, algorithm: :sha384)
+    sha512_request = EasyCodeSign::Timestamp::Request.new(data, algorithm: :sha512)
+    assert_equal "2.16.840.1.101.3.4.2.1", sha256_request.algorithm_oid
+    assert_equal "2.16.840.1.101.3.4.2.2", sha384_request.algorithm_oid
+    assert_equal "2.16.840.1.101.3.4.2.3", sha512_request.algorithm_oid
+  end
+  def test_to_der_produces_valid_asn1
+    request = EasyCodeSign::Timestamp::Request.new("test data")
+    der = request.to_der
+    # Should be parseable ASN.1
+    asn1 = OpenSSL::ASN1.decode(der)
+    assert_instance_of OpenSSL::ASN1::Sequence, asn1
+    # First element should be version (INTEGER 1)
+    assert_equal 1, asn1.value[0].value
+  end
+  def test_generates_unique_nonces
+    request1 = EasyCodeSign::Timestamp::Request.new("data")
+    request2 = EasyCodeSign::Timestamp::Request.new("data")
+    refute_equal request1.nonce, request2.nonce
+  end
+  def test_raises_for_unsupported_algorithm
+    assert_raises(ArgumentError) do
+      EasyCodeSign::Timestamp::Request.new("data", algorithm: :md5).algorithm_oid
+    end
+  end
+end
+class TimestampClientTest < Minitest::Test
+  def test_initializes_with_url
+    client = EasyCodeSign::Timestamp::Client.new("http://timestamp.example.com")
+    assert_equal "http://timestamp.example.com", client.url
+    assert_equal 30, client.timeout
+    assert_nil client.username
+    assert_nil client.password
+  end
+  def test_initializes_with_custom_options
+    client = EasyCodeSign::Timestamp::Client.new(
+      "http://timestamp.example.com",
+      timeout: 60,
+      username: "user",
+      password: "pass"
+    )
+    assert_equal 60, client.timeout
+    assert_equal "user", client.username
+    assert_equal "pass", client.password
+  end
+  def test_known_tsas_are_defined
+    assert_includes EasyCodeSign::Timestamp::Client::KNOWN_TSAS, :digicert
+    assert_includes EasyCodeSign::Timestamp::Client::KNOWN_TSAS, :globalsign
+    assert_includes EasyCodeSign::Timestamp::Client::KNOWN_TSAS, :sectigo
+  end
+end
+class TimestampTokenTest < Minitest::Test
+  def setup
+    @token = EasyCodeSign::Timestamp::TimestampToken.new(
+      token_der: "fake_der_data",
+      timestamp: Time.utc(2024, 1, 15, 12, 0, 0),
+      serial_number: 12345,
+      policy_oid: "1.2.3.4",
+      tsa_url: "http://timestamp.example.com"
+    )
+  end
+  def test_stores_all_attributes
+    assert_equal "fake_der_data", @token.token_der
+    assert_equal 12345, @token.serial_number
+    assert_equal "1.2.3.4", @token.policy_oid
+    assert_equal "http://timestamp.example.com", @token.tsa_url
+  end
+  def test_timestamp_iso8601
+    assert_equal "2024-01-15T12:00:00Z", @token.timestamp_iso8601
+  end
+  def test_to_h_returns_hash
+    hash = @token.to_h
+    assert_equal "2024-01-15T12:00:00Z", hash[:timestamp]
+    assert_equal 12345, hash[:serial_number]
+    assert_equal "1.2.3.4", hash[:policy_oid]
+    assert_equal "http://timestamp.example.com", hash[:tsa_url]
+  end
+end
+class TimestampVerifierTest < Minitest::Test
+  def test_initializes_with_default_trust_store
+    verifier = EasyCodeSign::Timestamp::Verifier.new
+    assert_instance_of OpenSSL::X509::Store, verifier.trust_store
+  end
+  def test_initializes_with_custom_trust_store
+    custom_store = OpenSSL::X509::Store.new
+    verifier = EasyCodeSign::Timestamp::Verifier.new(trust_store: custom_store)
+    assert_same custom_store, verifier.trust_store
+  end
+end
+class TimestampVerificationResultTest < Minitest::Test
+  def test_initializes_with_default_values
+    result = EasyCodeSign::Timestamp::VerificationResult.new
+    refute result.valid?
+    refute result.token_parsed
+    refute result.signature_valid
+    refute result.imprint_valid
+    refute result.chain_valid
+    assert_empty result.errors
+    assert_empty result.warnings
+  end
+  def test_to_h_returns_complete_hash
+    result = EasyCodeSign::Timestamp::VerificationResult.new
+    result.valid = true
+    result.timestamp = Time.utc(2024, 1, 15)
+    result.serial_number = 123
+    hash = result.to_h
+    assert hash[:valid]
+    assert_equal Time.utc(2024, 1, 15), hash[:timestamp]
+    assert_equal 123, hash[:serial_number]
+  end
+end