tests: Extend OpenPGP un-expiration tests

Signed-off-by: Michał Górny <mgorny@gentoo.org>

2 files changed, 22 insertions, 27 deletions

diff --git a/tests/keydata.py b/tests/keydata.py
index 2f2ce3f..1056e3d 100644
--- a/tests/keydata.py
+++ b/tests/keydata.py
@@ -46,11 +46,6 @@ UID = base64.b64decode(b'''
 tCRnZW1hdG8gdGVzdCBrZXkgPGdlbWF0b0BleGFtcGxlLmNvbT4=
 ''')
 
-# TODO: why do we have a different UID here?
-EXPIRED_KEY_UID = base64.b64decode(b'''
-tA9nZW1hdG8gdGVzdCBrZXk=
-''')
-
 PUBLIC_KEY_SIG = base64.b64decode(b'''
 iQFOBBMBCAA4FiEEgeEsFr2NzWC+GAhFE2iA5yp7E4QFAltY2CkCGwMFCwkIBwIGFQoJCAsC
 BBYCAwECHgECF4AACgkQE2iA5yp7E4Tgvwf+LO6xyMFvlS8rs0GhpbqeOsj39555QNEviRIL
@@ -75,13 +70,13 @@ xQA+ptoUSGE=
 ''')
 
 EXPIRED_KEY_SIG = base64.b64decode(b'''
-iQFMBBMBCgA2AhsDBQsJCg0EAxUKCAIeAQIXgBYhBIHhLBa9jc1gvhgIRRNogOcqexOEBQJZ
-8QlkBQkAAf5RAAoJEBNogOcqexOElMkH/2dcbW+AQFcenwmyCRuawABbNxKx2a5EVyvYUjco
-NgnQbuuYGmKsm4BoZtZL/b7cGZAZWU5/vtGN4LoK0j8MfhRPDeFwjsVgmtF0gtX6ncdOQuE+
-zl82PEfxtPIq2EQTykzSBDd+5nGxo2e/VdtKl/Q/53/LTp6G8YJVjIR7gwc9Xp/piAKs/54+
-pC8yoSm+VKLNkT8egWgrLsiTi7Z8M4flFGYig0u/yPWA4rCnn5Kdyy5dV1C5xjuN0VZKAQI4
-AYhG/MFsYOr37pxwJAeI47Odxolap4Ie5O82P1Z+jK8pcz6GlBR1JpNRGDPhr3aG0gak43nA
-3ujfZW4nPadZdLg=
+iQFUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEgeEsFr2NzWC+GAhFE2iA
+5yp7E4QFAl9HeI4FCQVXJ48ACgkQE2iA5yp7E4QshQf/QsPfHYBth3BMx7MGKHmrqegTze6y
+lIhT9u7zxLLSHfq0y6roWo6FkexH72HiVKnsS2jhNeYA8pTOwOQlU80hbBgrQpEFXa0Klsxh
+tHVaAvmRokzFVCmTZc29wiWEqtZgYhi/xYyVoHDVMr8d7UAwXnnbjed1Ndfdf1rxqNg6uw+C
+9wzi2zABEBcD22cPKY+wS3oJ5MDiJgbNSiMN4P53+c69skdDe6Z/E/DXlHCEIp3viP91ASkj
+LKmuqr6fiMmlC4WjULT4Cy/GD3S/1ZmuKPcE8Of2gvCuUqkCDOYJjxkzbVTrIpkcvoVW4d9j
+Hz68LP0g/oXuRzmcQG6GMZ4CQg==
 ''')
 
 REVOCATION_SIG = base64.b64decode(b'''
@@ -117,11 +112,11 @@ idKDxfLtKvHnpiX/9mfMxre1zA==
 ''')
 
 UNEXPIRE_SIG = base64.b64decode(b'''
-iQFGBBMBCgAwAhsDBQsJCg0EAxUKCAIeAQIXgBYhBIHhLBa9jc1gvhgIRRNogOcqexOEBQJf
-RRIHAAoJEBNogOcqexOEYF8H/1bWu+pt162UiL72g256UM4zFz2vPQB0tgJFqw+JyuytYSNQ
-yYHeW5rNpXQaPpmjgvOSrYDimL/JdCTkfTQPGT54nsZ7lGLzzduA3jNQXVA5IXcwQkcgu5sW
-eOvPLyYKCGTigOAE6gQPqMylKfDJzFVprl9EzVLu86uASXYTm9IXQ/WoibN4IfMfREnldh36
-p0suV+XZ/dnijx8udGPk0+KCqc4O26krIvErwK4v8GlvuSO7pGGO4Jnh3P0+wxbXqRKXD2T3
-z5VTRbf81GeUTQBAlhBFH+8EAWKtvvJARj10vFYy93EsAQqFvSRgsn0+pQyo1roX4qNMyf7q
-O1Og9RI=
+iQFOBBMBCAA4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEgeEsFr2NzWC+GAhFE2iA
+5yp7E4QFAl9Hj+wACgkQE2iA5yp7E4Rwcwf+On5SUfpLVZXrDkE9ETSUsGJSvfQxUVbO+qql
+Zm/MPSTWnadQbgcF2/3xRq0NoQJeK74d6yxqVRWIOPxLB+S9dplxgxZ3IdrxepomNKtX7e9o
+osz/Xrbsz042rfFmthW9gFsrxdWZTi/Iny1mp11JL0RCQdG7qDSffgdRtqla40CXp72GLwX/
+Yp/6PW+SlL5drIOi45vfRbRvGMiirQVolbb4FzUL5fYROrp6Rt/UCBTpK1xnoTbOtzyTLSq2
+Wq7iapS3DqitGoDRtKyPXeSFDpWsgcAYzghFMI265fqeBebTeKtz7mtYUw4DrBlYXSBPpRte
+T1oNst52zSr1Wzuc9w==
 ''')
diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py
index dbcb02d..aec3a7b 100644
--- a/tests/test_openpgp.py
+++ b/tests/test_openpgp.py
@@ -27,8 +27,7 @@ from gemato.openpgp import OpenPGPEnvironment
 from gemato.recursiveloader import ManifestRecursiveLoader
 
 from tests.keydata import (
-    PUBLIC_KEY, SECRET_KEY, PUBLIC_SUBKEY,
-    UID, EXPIRED_KEY_UID,
+    PUBLIC_KEY, SECRET_KEY, PUBLIC_SUBKEY, UID,
     PUBLIC_KEY_SIG, PUBLIC_SUBKEY_SIG, EXPIRED_KEY_SIG, REVOCATION_SIG,
     OTHER_PUBLIC_KEY, OTHER_PUBLIC_KEY_UID, OTHER_PUBLIC_KEY_SIG,
     UNEXPIRE_SIG,
@@ -41,9 +40,10 @@ hkp_server = hkp_server
 
 
 VALID_PUBLIC_KEY = PUBLIC_KEY + UID + PUBLIC_KEY_SIG
-EXPIRED_PUBLIC_KEY = PUBLIC_KEY + EXPIRED_KEY_UID + EXPIRED_KEY_SIG
+EXPIRED_PUBLIC_KEY = PUBLIC_KEY + UID + EXPIRED_KEY_SIG
 REVOKED_PUBLIC_KEY = PUBLIC_KEY + REVOCATION_SIG + UID + PUBLIC_KEY_SIG
-UNEXPIRE_PUBLIC_KEY = PUBLIC_KEY + EXPIRED_KEY_UID + UNEXPIRE_SIG
+OLD_UNEXPIRE_PUBLIC_KEY = PUBLIC_KEY + UID + PUBLIC_KEY_SIG
+UNEXPIRE_PUBLIC_KEY = PUBLIC_KEY + UID + UNEXPIRE_SIG
 
 PRIVATE_KEY = SECRET_KEY + UID + PUBLIC_KEY_SIG
 PRIVATE_KEY_ID = b'0x136880E72A7B1384'
@@ -220,7 +220,7 @@ def break_sig(sig):
 FORGED_PUBLIC_KEY = PUBLIC_KEY + UID + break_sig(PUBLIC_KEY_SIG)
 FORGED_SUBKEY = (PUBLIC_KEY + UID + PUBLIC_KEY_SIG + PUBLIC_SUBKEY +
                  break_sig(PUBLIC_SUBKEY_SIG))
-FORGED_UNEXPIRE_KEY = (PUBLIC_KEY + EXPIRED_KEY_UID + EXPIRED_KEY_SIG +
+FORGED_UNEXPIRE_KEY = (PUBLIC_KEY + UID + EXPIRED_KEY_SIG +
                        break_sig(UNEXPIRE_SIG))
 
 UNSIGNED_PUBLIC_KEY = PUBLIC_KEY + UID
@@ -635,6 +635,9 @@ REFRESH_VARIANTS = [
     # unexpiration should be possible
     ('SIGNED_MANIFEST', 'EXPIRED_PUBLIC_KEY', KEY_FINGERPRINT,
      'UNEXPIRE_PUBLIC_KEY', None),
+    # ...but only with a new signature
+    ('SIGNED_MANIFEST', 'EXPIRED_PUBLIC_KEY', KEY_FINGERPRINT,
+     'OLD_UNEXPIRE_PUBLIC_KEY', OpenPGPExpiredKeyFailure),
     # make sure server can't malicously inject or replace key
     ('SIGNED_MANIFEST', 'OTHER_VALID_PUBLIC_KEY', OTHER_KEY_FINGERPRINT,
      'VALID_PUBLIC_KEY', OpenPGPKeyRefreshError),
@@ -685,9 +688,6 @@ def test_refresh_hkp(openpgp_env, hkp_server, manifest_var, key_var,
 def test_refresh_wkd(openpgp_env, manifest_var, key_var, server_key_fpr,
                      server_key_var, expected):
     """Test refreshing against WKD"""
-    if key_var == 'EXPIRED_PUBLIC_KEY':
-        pytest.skip('TODO: expired public key lacks UID with email')
-
     with pytest.importorskip('responses').RequestsMock() as responses:
         try:
             if key_var is not None: