source: flexoentity/tests/test_signing.py

import platform
import pytest
from uuid import uuid4
from flexoentity import FlexOID, EntityState, EntityType, FlexoSignature, get_signing_backend

def test_sign_and_verify_linux(signing_backend):
    data = b"Hello Flex-O signing!"

    signature = signing_backend.sign(data)
    assert isinstance(signature, bytes)
    assert len(signature) > 20      # sanity check

    assert signing_backend.verify(data, signature) is True

def test_sign_and_verify_macos(signing_backend):
    data = b"Hello Flex-O signing!"

    signature = signing_backend.sign(data)
    assert isinstance(signature, bytes)
    assert len(signature) > 20      # sanity check

    assert signing_backend.verify(data, signature) is True

def test_verify_fails_with_wrong_data(signing_backend):
    data = b"Original Data"
    wrong_data = b"Tampered Data"

    signature = signing_backend.sign(data)

    assert signing_backend.verify(data, signature) == True
    assert signing_backend.verify(wrong_data, signature) == False

def test_verify_fails_with_invalid_signature(signing_backend):
    data = b"Hello world"
    invalid_sig = b"\x00\x01\x02garbagepkcs7data"

    assert signing_backend.verify(data, invalid_sig) is False

def test_signature_entity_create_and_verify(signing_backend):
    entity_id = FlexOID.safe_generate(
        domain_id="TEST",
        entity_type=EntityType.ATTESTATION.value,
        state=EntityState.DRAFT.value,
        text="abc",
        version=1,
    )
    signer = uuid4()
    data = b"Hello Entity Signing"

    sig = FlexoSignature.create_signed(
        data=data,
        entity=entity_id,
        signer_id=signer,
        backend=signing_backend,
    )

    assert isinstance(sig.signature_data, str)
    assert sig.signature_type == "PKCS7-DER"
    assert sig.signed_entity == entity_id
    assert sig.signer_id == signer
    assert sig.certificate_thumbprint != ""

    assert sig.verify(data, signing_backend) is True