def test_rebuild_gpg_home_signed(context, trusted_email, tmpdir):
gpg = sgpg.GPG(context)
for path in glob.glob(
os.path.join(GPG_HOME, "keys", "{}.*".format(trusted_email))):
shutil.copyfile(path, os.path.join(tmpdir, os.path.basename(path)))
sgpg.rebuild_gpg_home_signed(
context,
context.config['gpg_home'],
"{}{}".format(KEYS_AND_FINGERPRINTS[0][2], ".pub"),
"{}{}".format(KEYS_AND_FINGERPRINTS[0][2], ".sec"),
tmpdir,
)
with open(os.path.join(PUBKEY_DIR, "manifest.json")) as fh:
manifest = json.load(fh)
for fingerprint, info in manifest.items():
with open(os.path.join(PUBKEY_DIR, info['signed_path'])) as fh:
sgpg.import_key(gpg, fh.read())
if info['signing_email'] == trusted_email:
sgpg.get_list_sigs_output(
context,
fingerprint,
expected={'sig_keyids': [info['signing_keyid']]})
messages = check_sigs(context,
manifest,
PUBKEY_DIR,
trusted_emails=[trusted_email])
assert messages == []
def test_sign_key_twice(context):
gpg = sgpg.GPG(context)
for suffix in (".sec", ".pub"):
with open("{}{}".format(KEYS_AND_FINGERPRINTS[0][2], suffix),
"r") as fh:
contents = fh.read()
fingerprint = sgpg.import_key(gpg, contents)[0]
# keys already sign themselves, so this is a second signature that should
# be noop.
sgpg.sign_key(context, fingerprint, signing_key=fingerprint)
def test_import_single_key(context, suffix, return_type):
gpg = sgpg.GPG(context)
with open("{}{}".format(KEYS_AND_FINGERPRINTS[0][2], suffix), "r") as fh:
contents = fh.read()
result = sgpg.import_key(gpg, contents, return_type=return_type)
if return_type == 'result':
fingerprints = []
for entry in result:
fingerprints.append(entry['fingerprint'])
else:
fingerprints = result
# the .sec fingerprints are doubled; use set() for unsorted & uniq
assert set(fingerprints) == set([KEYS_AND_FINGERPRINTS[0][1]])
def test_sign_key_exportable(context, exportable):
gpg_home2 = os.path.join(context.config['gpg_home'], "two")
context.config['gpg_home'] = os.path.join(context.config['gpg_home'],
"one")
gpg = sgpg.GPG(context)
gpg2 = sgpg.GPG(context, gpg_home=gpg_home2)
my_fingerprint = KEYS_AND_FINGERPRINTS[0][1]
my_keyid = KEYS_AND_FINGERPRINTS[0][0]
# import my keys
for suffix in (".sec", ".pub"):
with open("{}{}".format(KEYS_AND_FINGERPRINTS[0][2], suffix),
"r") as fh:
contents = fh.read()
sgpg.import_key(gpg, contents)
# create gpg.conf's
sgpg.create_gpg_conf(context.config['gpg_home'],
my_fingerprint=my_fingerprint)
sgpg.create_gpg_conf(gpg_home2, my_fingerprint=my_fingerprint)
sgpg.check_ownertrust(context)
sgpg.check_ownertrust(context, gpg_home=gpg_home2)
# generate a new key
fingerprint = sgpg.generate_key(gpg,
"one",
"one",
"one",
key_length=GENERATE_KEY_SMALLER_KEY_SIZE)
# sign it, exportable signature is `exportable`
sgpg.sign_key(context,
fingerprint,
signing_key=my_fingerprint,
exportable=exportable)
# export my privkey and import it in gpg_home2
priv_key = sgpg.export_key(gpg, my_fingerprint, private=True)
sgpg.import_key(gpg2, priv_key)
# export both pubkeys and import in gpg_home2
for fp in (my_fingerprint, fingerprint):
pub_key = sgpg.export_key(gpg, fp)
sgpg.import_key(gpg2, pub_key)
# check sigs on `fingerprint` key. If exportable, we're good. If not exportable,
# it'll throw
expected = {'sig_keyids': [my_keyid]}
if exportable:
sgpg.get_list_sigs_output(context,
fingerprint,
gpg_home=gpg_home2,
expected=expected)
else:
with pytest.raises(ScriptWorkerGPGException):
sgpg.get_list_sigs_output(context,
fingerprint,
gpg_home=gpg_home2,
expected=expected)
