Tidy up unit tests further + make more non-download

2025-03-24 15:26:22 +04:00 · 2025-03-24 15:26:22 +04:00 · 396ec03bae
commit 396ec03bae
--- a/src/auto_archiver/modules/timestamping_enricher/timestamping_enricher.py
+++ b/src/auto_archiver/modules/timestamping_enricher/timestamping_enricher.py
@ -78,7 +78,6 @@ class TimestampingEnricher(Enricher):
            try:
                message = bytes(data_to_sign, encoding='utf8')

-                print(tsa_url)
                logger.debug(f"Timestamping {url=} with {tsa_url=}")
                signed: TimeStampResponse = self.sign_data(tsa_url, message)
                
@ -118,8 +117,6 @@ class TimestampingEnricher(Enricher):
            f.write(timestamp_token)
        return tst_path

-        trust_roots = []
-        with open(certifi.where(), "rb") as f:
    def verify_signed(self, timestamp_response: TimeStampResponse, message: bytes) ->  x509.Certificate:
        """
        Verify a Signed Timestamp Response is trusted by a known Certificate Authority.
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -145,7 +145,7 @@ def sample_media(tmp_path) -> Media:
    """Fixture creating a Media object with temporary source file"""
    src_file = tmp_path / "source.txt"
    src_file.write_text("test content")
-    return Media(key="subdir/test.txt", filename=str(src_file))
+    return Media(_key="subdir/test.txt", filename=str(src_file))


@pytest.fixture
--- a/tests/data/timestamping/digicert.tsr
+++ b/tests/data/timestamping/digicert.tsr
--- a/tests/enrichers/test_timestamping_enricher.py
+++ b/tests/enrichers/test_timestamping_enricher.py
@ -29,6 +29,12 @@ def selfsigned_response() -> TimeStampResponse:
        return decode_timestamp_response(f.read())


+@pytest.fixture
+def digicert_response() -> TimeStampResponse:
+    with open("tests/data/timestamping/digicert.tsr", "rb") as f:
+        return f.read()
+
+
@pytest.fixture
 def filehash():
    return "4b7b4e39f12b8c725e6e603e6d4422500316df94211070682ef10260ff5759ef"
@ -65,7 +71,6 @@ def test_full_enriching_selfsigned(setup_module, sample_media, mocker, selfsigne

    # set self-signed on tsp
    tsp.allow_selfsigned = True
-
    tsp.enrich(metadata)

    assert len(metadata.media)
@ -131,12 +136,15 @@ def test_full_enriching_multiple_tsa(setup_module, sample_media, mocker, timesta
        assert len(timestamp_token_media.get("cert_chain")) == 3


-@pytest.mark.download
-def test_fails_for_digicert(setup_module):
+def test_fails_for_digicert(setup_module, mocker, digicert_response):
    """
    Digicert TSRs are not compliant with RFC 3161.
    See https://github.com/trailofbits/rfc3161-client/issues/104#issuecomment-2621960840
    """
+    mocker.patch("requests.sessions.Session.post", return_value=requests.Response())
+    mocker.patch("requests.Response.raise_for_status")
+    mocker.patch("requests.Response.content", new_callable=mocker.PropertyMock, return_value=digicert_response)
+
    tsa_url = "http://timestamp.digicert.com"
    tsp: TimestampingEnricher = setup_module("timestamping_enricher")

@ -191,16 +199,10 @@ def test_order_crt_correctly(setup_module, wrong_order_timestamp_response):
    assert ordered_certs[1].subject.rfc4514_string() == "CN=TrustID Timestamping CA 3,O=IdenTrust,C=US"


-def test_invalid_tsa_404(setup_module, mocker):
-    tsp = setup_module("timestamping_enricher")
-    post_mock = mocker.patch("requests.sessions.Session.post")
-    post_mock.side_effect = Exception("error")
-    with pytest.raises(Exception, match="error"):
-        tsp.sign_data("http://bellingcat.com/", b"my-message")
-
-
-@pytest.mark.download
 def test_invalid_tsa_invalid_response(setup_module, mocker):
+    mocker.patch("requests.sessions.Session.post", return_value=requests.Response())
+    raise_for_status = mocker.patch("requests.Response.raise_for_status")
+    raise_for_status.side_effect = requests.exceptions.HTTPError("404 Client Error")
    tsp = setup_module("timestamping_enricher")

    with pytest.raises(requests.exceptions.HTTPError, match="404 Client Error"):