Signing Manager QA Testing Guide

Test Client Setup

1. Run an MDS workflow so that the macOS installation is clean.

2. Create non-admin user named standard with the password twocanoes.

3. Log out and sign in as the standard user.

4. Download the test app and package from:

   https://tcs-signing-manager.s3.us-west-2.amazonaws.com/SigningManagerTestFiles.zip

5. Unzip the folder on the Desktop. You should now have a folder called SigningManagerResources.

6. Install the file Twocanoes-CA.cer from the SigningManagerResources > Test Root Certiificate (trust in Root Keychain on signing mac) by double-clicking on it and adding it to the login keychain. This certificate is required for package signing to work.

7. In Keychain, mark Twocanoes-CA.cer as trusted by double-clicking it, then clicking the Trust disclosure triangle, and When Using Certificate, Always Trust. Close the window and enter your password when prompted.

8. Install the target version of Signing Manager.

Test Client

1. Launch Signing Manager. When prompted, enter these values:

   Signing Server

   https://signing-service.twocanoes.com
   

   API Key

   <get API key from Signing Service>
   

   Client Name

   <enter any value to identify the current test machine>
   

2. Refresh the Signing Manager certificate list by clicking the Refresh button.

3. Verify that server shows several signing certificates including one with a name that includes Twocanoes Test Code Signing and one with a name that includes Package Signing.

Signing

1. Make a copy of the folder Test App and Package. Use a new copy of each file for each test of signing operations described below.

2. Drag TestApp onto the Code Signing certificate in Signing Manager and confirm it shows a success message. Drag TestPackageonto the `Package Signing certificate in Signing Manager, choose a name and location to save the signed package file, and confirm a success message is shown.

3. Sign a file by right-clicking on Twocanoes Test Code Signing and selecting Copy "codesign" command. Then open Terminal and paste in the command you copied. Then drag the TestApp file into Terminal to add its location to the command. The complete command should look something like:

   codesign -fs "LOTSOFNUMBERS" ~/Desktop/SigningManagerTestFiles/TestApp.app

   Press return.

4. Verify signature by copying codesign -dvvv into Terminal, then dragging TestApp into Terminal. The complete command should look something like:

   codesign -dvvv ~/Desktop/SigningManagerTestFiles/TestApp.app

   Press return.

   A successful result will show this line in the output:

   Authority=Twocanoes Test Code Signing

5. Sign a package by right-clicking on Twocanoes Test Package Certificate and selecting Copy "productsign" command.

6. Open Terminal and paste in the command you copied. Delete source.pkg destination.pkg from the end of this, then drag the TestPackage file into Terminal, then in Terminal copy this to the end of the command as the destination:

   ~/Desktop/Signed-TestPackage.pkg

   The complete command should look something like:

   productsign --sign "LOTSOFNUMBERS" ~/Desktop/SigningManagerTestFiles/TestPackage.pkg ~/Desktop/Signed-TestPackage.pkg

   Press return.

7. Verify that Terminal shows output like the following with no error messages.

   productsign: signing product with identity <Name of certificate used> productsign: adding certificate "Twocanoes-CA" productsign: Wrote signed product archive to </path/specified/for/output>

8. Delete all copies of test files used in signing operations.

DO NOT TEST: Test Command Line

1. Reboot Mac and log in as the normal user.

2. Open Terminal and refresh certificates by running:

   "/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -r

The details of the list of signing certificates should be returned.

1. Find the section for Twocanoes Test Code Signing in the output and copy the SHA1 Hash.

2. Run the following command by inserting the SHA1 Hash in place of "SHA1 Hash" below:

   codesign -fs "SHA1 Hash" ~/Desktop/SigningManagerTestFiles/TestApp.app

3. Verify signature:

   codesign -dvvv ~/Desktop/SigningManagerTestFiles/TestApp.app

   A successful result will show this line in the output:

   Authority=Twocanoes Test Code Signing

4. In the previous output that listed signing certificate details, find the section for Package Signing and copy the value for SHA1 Hash.

5. Run the following command by inserting the SHA1 Hash in place of "SHA1 Hash" below:

   productsign --sign "SHA1 Hash" ~/Desktop/SigningManagerTestFiles/TestPackage.pkg ~/Desktop/SigningManagerTestFiles/TestPackage-signed.pkg

6. Verify that Terminal shows output like the following with no error messages.

   productsign: signing product with identity <Name of certificate used> productsign: adding certificate "Twocanoes-CA" productsign: Wrote signed product archive to </path/specified/for/output>

DO NOT TEST: Test Set Settings on the Command Line

1. Print settings on the command line:

   "/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -p

2. Compare these settings with the preferences shown in the Signing Manager app.

3. Modify the settings in the app:

   Signing Server: https://signing-service.twocanoes.com

   API Key: <get API key from Signing Service>

   Deselect the Trust Self-Signed Certificates checkbox.

4. Print the settings on the command line and verify they changed:

   "/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -p

5. Click Refresh in the Signing Manager app and verify it fails to load certificates.

6. Reset settings back to good settings on the command line:

   "/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -s -i https://signing-server.twocanoes.com -a '<REPLACE-WITH-API-KEY>' -u

7. Print the settings on the command line and verify they changed:

   "/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -p

8. Click Refresh in the Signing Manager app and verify it now successfully loads certificates.