diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/keydata.py | 24 | ||||
-rw-r--r-- | tests/test_openpgp.py | 54 |
2 files changed, 75 insertions, 3 deletions
diff --git a/tests/keydata.py b/tests/keydata.py index 844c912..6384c97 100644 --- a/tests/keydata.py +++ b/tests/keydata.py @@ -155,6 +155,25 @@ Wq7iapS3DqitGoDRtKyPXeSFDpWsgcAYzghFMI265fqeBebTeKtz7mtYUw4DrBlYXSBPpRte T1oNst52zSr1Wzuc9w== ''') +SECOND_SECRET_KEY = base64.b64decode(b""" +lFgEY8wUwRYJKwYBBAHaRw8BAQdAQ9Y36mOHda8FHRNM/sXEpvzGKJiC733H2OgQtvVrYNsA +AQCS5w1GsElAdtNFCbpDq5LWp8hNq2jVSH3foz3+CYo1+hCV +""") + +SECOND_PUBLIC_KEY = base64.b64decode(b""" +mDMEY8wUwRYJKwYBBAHaRw8BAQdAQ9Y36mOHda8FHRNM/sXEpvzGKJiC733H2OgQtvVrYNs= +""") + +SECOND_UID = base64.b64decode(b""" +tDBTZWNvbmQgZ2VtYXRvIHRlc3QgaWRlbnRpdHkgPHNlY29uZEBleGFtcGxlLmNvbT4= +""") + +SECOND_KEY_SIG = base64.b64decode(b""" +iJMEExYKADsWIQR1jj6cjPscaH2bJCVTcI9ps0i0zAUCY8wUwQIbAwULCQgHAgIiAgYVCgkI +CwIEFgIDAQIeBwIXgAAKCRBTcI9ps0i0zEWCAQDEpFQFHMubpdSIdtrFPztMM64Xg4Vkdk+k +30HoYvFwKwD/aNSymTkZS4R8Ld0mxEJhFml7EAPUf//LjQYEIbe83gQ= +""") + VALID_PUBLIC_KEY = PUBLIC_KEY + UID + PUBLIC_KEY_SIG EXPIRED_PUBLIC_KEY = PUBLIC_KEY + UID + EXPIRED_KEY_SIG REVOKED_PUBLIC_KEY = PUBLIC_KEY + REVOCATION_SIG + UID + PUBLIC_KEY_SIG @@ -190,6 +209,11 @@ UNSIGNED_SUBKEY = PUBLIC_KEY + UID + PUBLIC_KEY_SIG + PUBLIC_SUBKEY COMBINED_PUBLIC_KEYS = OTHER_VALID_PUBLIC_KEY + VALID_PUBLIC_KEY +SECOND_VALID_PUBLIC_KEY = SECOND_PUBLIC_KEY + SECOND_UID + SECOND_KEY_SIG +SECOND_KEY_FINGERPRINT = "758E3E9C8CFB1C687D9B242553708F69B348B4CC" + +TWO_SIGNATURE_PUBLIC_KEYS = VALID_PUBLIC_KEY + SECOND_VALID_PUBLIC_KEY + if __name__ == "__main__": import argparse diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py index a88ccd9..2b14dcf 100644 --- a/tests/test_openpgp.py +++ b/tests/test_openpgp.py @@ -3,6 +3,7 @@ # Licensed under the terms of 2-clause BSD license import contextlib +import datetime import io import logging import os @@ -33,6 +34,8 @@ from gemato.openpgp import ( IsolatedGPGEnvironment, PGPyEnvironment, get_wkd_url, + OpenPGPSignatureList, + OpenPGPSignatureData, ) from gemato.recursiveloader import ManifestRecursiveLoader @@ -43,7 +46,7 @@ from tests.keydata import ( OTHER_VALID_PUBLIC_KEY, UNSIGNED_PUBLIC_KEY, FORGED_PUBLIC_KEY, UNSIGNED_SUBKEY, FORGED_SUBKEY, SIG_TIMESTAMP, SUBKEY_FINGERPRINT, SUBKEY_SIG_TIMESTAMP, UNEXPIRE_PUBLIC_KEY, OLD_UNEXPIRE_PUBLIC_KEY, - FORGED_UNEXPIRE_KEY, + FORGED_UNEXPIRE_KEY, TWO_SIGNATURE_PUBLIC_KEYS, SECOND_KEY_FINGERPRINT, ) from tests.test_recursiveloader import INSECURE_HASH_TESTS from tests.testutil import HKPServer @@ -186,6 +189,27 @@ n4XmpdPvu+UdAHpQIGzKoNOEDJpZ5CzPLhYa5KgZiJhpYsDXgg== -----END PGP SIGNATURE----- """ +TWO_SIGNATURE_MANIFEST = f""" +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +{COMMON_MANIFEST_TEXT} +-----BEGIN PGP SIGNATURE----- + +iQFHBAABCAAxFiEEgeEsFr2NzWC+GAhFE2iA5yp7E4QFAmPMHYQTHGdlbWF0b0Bl +eGFtcGxlLmNvbQAKCRATaIDnKnsThCDWB/95B9njv423M94uRdpPqSNqTpAokNhy +V0hjnhpiqnY85iFdL1Zc/rvhuxYbZezrig3dqctLseWYcx2mINBTLZqWHk5/NKEm +rd8iCdXZU1B7yo/HCfzUYR4HX5wISCiRjKimFFgkWKOg7KYGOqqrwLjAjaYJKmL5 +L7R5joHpGbp87jix7c0ruSIMslQg5PbJ6/YAQWyOPTcZvqMFieJ8tqE/G2FabQcs +YRHEGu1x8wNY40rFzWd90ICR/hPjXZlCdCN2qk7hs+Coasb29n6pXjmt5L8/ICcL +zApRg8cetid6/SIzUSwiVqBt7i8noYWbgaazNt3HDlGq55v21dkOhmrXiIkEABYI +ADEWIQR1jj6cjPscaH2bJCVTcI9ps0i0zAUCY8wd6BMcc2Vjb25kQGV4YW1wbGUu +Y29tAAoJEFNwj2mzSLTMHKcA/0QbVl3PafYp45PFFo2e/knGKJKrm8D4bUH9wS5h +dchVAP0RSzkUQPP7Zs+2uHQItkqbXJyrBBHOqjGzeh39sWVuAw== +=wG4b +-----END PGP SIGNATURE----- +""" + def strip_openpgp(text): lines = text.lstrip().splitlines() @@ -213,6 +237,7 @@ _ = FORGED_SUBKEY _ = FORGED_UNEXPIRE_KEY _ = OLD_UNEXPIRE_PUBLIC_KEY _ = OTHER_VALID_PUBLIC_KEY +_ = TWO_SIGNATURE_PUBLIC_KEYS _ = UNEXPIRE_PUBLIC_KEY _ = UNSIGNED_PUBLIC_KEY _ = UNSIGNED_SUBKEY @@ -356,6 +381,8 @@ MANIFEST_VARIANTS = [ ('SIGNED_MANIFEST', 'COMBINED_PUBLIC_KEYS', None), ('DASH_ESCAPED_SIGNED_MANIFEST', 'VALID_PUBLIC_KEY', None), ('SUBKEY_SIGNED_MANIFEST', 'VALID_KEY_SUBKEY', None), + # == Manifest with two signatures == + ("TWO_SIGNATURE_MANIFEST", "TWO_SIGNATURE_PUBLIC_KEYS", None), # == using private key == ('SIGNED_MANIFEST', 'PRIVATE_KEY', None), # == bad manifests == @@ -383,14 +410,35 @@ MANIFEST_VARIANTS = [ ] -def assert_signature(sig, manifest_var): +def assert_signature(sig: OpenPGPSignatureList, + manifest_var: str, + ) -> None: """Make assertions about the signature""" - if manifest_var == 'SUBKEY_SIGNED_MANIFEST': + if manifest_var == "TWO_SIGNATURE_MANIFEST": + assert sorted(sig) == [ + OpenPGPSignatureData( + fingerprint=SECOND_KEY_FINGERPRINT, + timestamp=datetime.datetime(2023, 1, 21, 17, 16, 24), + primary_key_fingerprint=SECOND_KEY_FINGERPRINT, + good_sig=True, + trusted_sig=True, + ), + OpenPGPSignatureData( + fingerprint=KEY_FINGERPRINT, + timestamp=datetime.datetime(2023, 1, 21, 17, 14, 44), + primary_key_fingerprint=KEY_FINGERPRINT, + good_sig=True, + trusted_sig=True, + ), + ] + elif manifest_var == 'SUBKEY_SIGNED_MANIFEST': + assert len(sig) == 1 assert sig.fingerprint == SUBKEY_FINGERPRINT assert sig.timestamp == SUBKEY_SIG_TIMESTAMP assert sig.expire_timestamp is None assert sig.primary_key_fingerprint == KEY_FINGERPRINT else: + assert len(sig) == 1 assert sig.fingerprint == KEY_FINGERPRINT assert sig.timestamp == SIG_TIMESTAMP assert sig.expire_timestamp is None |