def test_sign_key_failure(context, mocker, expect_status, exc_bool):
    def child(*args, **kwargs):
        return PexpectChild(expect_status=expect_status, exc=exc_bool)

    mocker.patch.object(pexpect, 'spawn', new=child)
    mocker.patch.object(pexpect, 'spawn', new=child)
    with pytest.raises(ScriptWorkerGPGException):
        sgpg.sign_key(context, "foo")
def test_sign_key_twice(context):
    gpg = sgpg.GPG(context)
    for suffix in (".sec", ".pub"):
        with open("{}{}".format(KEYS_AND_FINGERPRINTS[0][2], suffix),
                  "r") as fh:
            contents = fh.read()
        fingerprint = sgpg.import_key(gpg, contents)[0]
    # keys already sign themselves, so this is a second signature that should
    # be noop.
    sgpg.sign_key(context, fingerprint, signing_key=fingerprint)
def test_sign_key_exportable(context, exportable):
    gpg_home2 = os.path.join(context.config['gpg_home'], "two")
    context.config['gpg_home'] = os.path.join(context.config['gpg_home'],
                                              "one")
    gpg = sgpg.GPG(context)
    gpg2 = sgpg.GPG(context, gpg_home=gpg_home2)
    my_fingerprint = KEYS_AND_FINGERPRINTS[0][1]
    my_keyid = KEYS_AND_FINGERPRINTS[0][0]
    # import my keys
    for suffix in (".sec", ".pub"):
        with open("{}{}".format(KEYS_AND_FINGERPRINTS[0][2], suffix),
                  "r") as fh:
            contents = fh.read()
            sgpg.import_key(gpg, contents)
    # create gpg.conf's
    sgpg.create_gpg_conf(context.config['gpg_home'],
                         my_fingerprint=my_fingerprint)
    sgpg.create_gpg_conf(gpg_home2, my_fingerprint=my_fingerprint)
    sgpg.check_ownertrust(context)
    sgpg.check_ownertrust(context, gpg_home=gpg_home2)
    # generate a new key
    fingerprint = sgpg.generate_key(gpg,
                                    "one",
                                    "one",
                                    "one",
                                    key_length=GENERATE_KEY_SMALLER_KEY_SIZE)
    # sign it, exportable signature is `exportable`
    sgpg.sign_key(context,
                  fingerprint,
                  signing_key=my_fingerprint,
                  exportable=exportable)
    # export my privkey and import it in gpg_home2
    priv_key = sgpg.export_key(gpg, my_fingerprint, private=True)
    sgpg.import_key(gpg2, priv_key)
    # export both pubkeys and import in gpg_home2
    for fp in (my_fingerprint, fingerprint):
        pub_key = sgpg.export_key(gpg, fp)
        sgpg.import_key(gpg2, pub_key)
    # check sigs on `fingerprint` key.  If exportable, we're good.  If not exportable,
    # it'll throw
    expected = {'sig_keyids': [my_keyid]}
    if exportable:
        sgpg.get_list_sigs_output(context,
                                  fingerprint,
                                  gpg_home=gpg_home2,
                                  expected=expected)
    else:
        with pytest.raises(ScriptWorkerGPGException):
            sgpg.get_list_sigs_output(context,
                                      fingerprint,
                                      gpg_home=gpg_home2,
                                      expected=expected)
def test_sign_key(context):
    """This test calls get_list_sigs_output in several different ways.  Each
    is valid; the main thing is more code coverage.

tru:o:1:1472876459:1:3:1:5
pub:u:4096:1:EA608995918B2DF9:1472876455:::u:::escaESCA:
fpr:::::::::A9F598A3179551CC664C15DEEA608995918B2DF9:
uid:u::::1472876455::6477C0BAC30FB3E244C8F1907D78C6B243AFD516::two (two) <two>:
sig:::1:EA608995918B2DF9:1472876455::::two (two) <two>:13x:::::8:
sig:::1:9633F5F38B9BD3C5:1472876459::::one (one) <one>:10l:::::8:


tru::1:1472876460:0:3:1:5
pub:u:4096:1:BC76BF8F77D1B3F5:1472876457:::u:::escaESCA:
fpr:::::::::7CFAD9E699D8559F1D3A50CCBC76BF8F77D1B3F5:
uid:u::::1472876457::91AC286E48FDA7378B86F63FA6DDC2A46B54808F::three (three) <three>:
sig:::1:BC76BF8F77D1B3F5:1472876457::::three (three) <three>:13x:::::8:
    """
    gpg = sgpg.GPG(context)
    # create my key, get fingerprint + keyid
    my_fingerprint = sgpg.generate_key(
        gpg, "one", "one", "one", key_length=GENERATE_KEY_SMALLER_KEY_SIZE)
    my_keyid = sgpg.fingerprint_to_keyid(gpg, my_fingerprint)
    # create signed key, get fingerprint + keyid
    signed_fingerprint = sgpg.generate_key(
        gpg, "two", "two", "two", key_length=GENERATE_KEY_SMALLER_KEY_SIZE)
    signed_keyid = sgpg.fingerprint_to_keyid(gpg, signed_fingerprint)
    # create unsigned key, get fingerprint + keyid
    unsigned_fingerprint = sgpg.generate_key(
        gpg,
        "three",
        "three",
        "three",
        key_length=GENERATE_KEY_SMALLER_KEY_SIZE)
    unsigned_keyid = sgpg.fingerprint_to_keyid(gpg, unsigned_fingerprint)
    # update gpg configs, sign signed key
    sgpg.create_gpg_conf(context.config['gpg_home'],
                         my_fingerprint=my_fingerprint)
    sgpg.check_ownertrust(context)
    sgpg.sign_key(context, signed_fingerprint)
    # signed key get_list_sigs_output
    signed_output = sgpg.get_list_sigs_output(context, signed_fingerprint)
    # unsigned key get_list_sigs_output
    # Call get_list_sigs_output with validate=False, then parse it, for more code coverage
    unsigned_output1 = sgpg.get_list_sigs_output(context,
                                                 unsigned_fingerprint,
                                                 validate=False)
    unsigned_output = sgpg.parse_list_sigs_output(unsigned_output1, "unsigned")
    # signed key has my signature + self-signed
    assert sorted([signed_keyid,
                   my_keyid]) == sorted(signed_output['sig_keyids'])
    assert ["one (one) <one>",
            "two (two) <two>"] == sorted(signed_output['sig_uids'])
    # unsigned key is only self-signed
    assert [unsigned_keyid] == unsigned_output['sig_keyids']
    assert ["three (three) <three>"] == unsigned_output['sig_uids']
    # sign the unsigned key and test
    sgpg.sign_key(context,
                  unsigned_fingerprint,
                  signing_key=signed_fingerprint)
    # Call get_list_sigs_output with expected, for more code coverage
    new_output = sgpg.get_list_sigs_output(
        context,
        unsigned_fingerprint,
        expected={
            "keyid": unsigned_keyid,
            "fingerprint": unsigned_fingerprint,
            "uid": "three (three) <three>",
            "sig_keyids": [signed_keyid, unsigned_keyid],
            "sig_uids": ["three (three) <three>", "two (two) <two>"]
        })
    # sig_uids goes unchecked; sig_keyids only checks that it's a subset.
    # let's do another check.
    assert ["three (three) <three>",
            "two (two) <two>"] == sorted(new_output['sig_uids'])