def test_mail(mails, bilateral): import email.mime.text from kryptomime import create_mail, protect_mail from kryptomime.pgp import find_gnupg_key server, imapsend, imaprecv = mails id1, id2 = bilateral['id1'], bilateral['id2'] key1 = find_gnupg_key(bilateral['gpg1'], sender) key2 = find_gnupg_key(bilateral['gpg2'], receiver) assert not len(imapsend) and not len(imaprecv) attachment = email.mime.text.MIMEText('some\nattachment') msg = create_mail(sender, receiver, 'subject', 'body\nmessage', attach=[attachment]) #msg = protect_mail(msg,linesep='\r\n') enc, _ = id1.encrypt(msg, sign=True, inline=False) assert enc and id2.analyze(enc) == (True, None) assert server.send(enc) assert not len(imapsend) and len(imaprecv) == 1 for mail, flags in imaprecv: mail, verified, result = id2.decrypt(mail) assert mail and verified and result assert result['encrypted'] and result['signed'] and result[ 'fingerprints'] == [key1] compare_mail(msg, mail) assert not len(imapsend) and not len(imaprecv) msg = create_mail(receiver, sender, 'subject', 'body\nmessage', attach=[attachment]) msg = protect_mail(msg, linesep='\r\n') sgn, _ = id2.sign(msg, inline=True, verify=True) assert sgn and id1.analyze(sgn) == (False, True) dec, verified, result = id1.decrypt(sgn, strict=True) assert dec and verified and result assert not result['encrypted'] and result['signed'] and result[ 'fingerprints'] == [key2] compare_mail(msg, dec) assert server.send(sgn) assert len(imapsend) == 1 and not len(imaprecv) for mail, flags in imapsend: mail = protect_mail(mail, linesep='\r\n') dec, verified, result = id1.decrypt(mail, strict=True) assert dec and verified and result assert not result['encrypted'] and result['signed'] and result[ 'fingerprints'] == [key2] compare_mail(msg, dec) assert not len(imapsend) and not len(imaprecv)
def keys(request): import os, gnupg, logging from kryptomime.pgp import GPGMIME, find_gnupg_key from ekklesia.data import tmpfname #generate = verbose = False generate = request.config.getoption('generate',False) verbose = request.config.getoption('gpglog',False) if verbose: gnupg._logger.create_logger(10) else: log = logging.getLogger('gnupg') log.setLevel(logging.CRITICAL) if generate: # pragma: no cover keyrings = [tmpfname() for i in range(3)] secrings = [tmpfname() for i in range(3)] else: home = os.path.dirname(os.path.abspath(__file__)) keyrings = [os.path.join(home,'keyring%i.gpg'%i) for i in range(3)] secrings = [os.path.join(home,'secring%i.gpg'%i) for i in range(3)] pubring = os.path.join(home,'pubring.gpg') keygen = generate if not keygen: for fname in keyrings+secrings: if os.path.exists(fname): continue keygen = True break if keygen: # pragma: no cover for fname in keyrings+secrings: if os.path.exists(fname): os.unlink(fname) gpg1 = gnupg.GPG(keyring=keyrings[0],secring=secrings[0],verbose=verbose) gpg2 = gnupg.GPG(keyring=keyrings[1],secring=secrings[1],verbose=verbose) gpg3 = gnupg.GPG(keyring=keyrings[2],secring=secrings[2],verbose=verbose) if keygen: # pragma: no cover key1 = gpg1.gen_key(gpg1.gen_key_input(name_email=sender,key_length=1024, passphrase=passphrase,expire_date='2030-01-01')).fingerprint key2 = gpg2.gen_key(gpg2.gen_key_input(name_email=receiver,key_length=1024, expire_date='2030-01-01')).fingerprint key3 = gpg3.gen_key(gpg3.gen_key_input(name_email=third,key_length=1024, expire_date='2030-01-01')).fingerprint else: key1 = find_gnupg_key(gpg1,sender) key2 = find_gnupg_key(gpg2,receiver) key3 = find_gnupg_key(gpg3,third) pubkey1= gpg1.export_keys(key1) pubkey2= gpg2.export_keys(key2) pubkey3= gpg3.export_keys(key3) if not generate and not os.path.exists(pubring): # pragma: no cover gpg = gnupg.GPG(keyring=pubring,verbose=verbose) gpg.import_keys(pubkey1) gpg.import_keys(pubkey2) gpg.import_keys(pubkey2) def fin(): for tmp in keyrings+secrings: os.unlink(tmp) if generate: request.addfinalizer(fin) return {'gpg1':gpg1, 'gpg2':gpg2, 'gpg3':gpg3, 'pubkey1':pubkey1, 'pubkey2':pubkey2, 'pubkey3':pubkey3, 'secrings':secrings, 'fingerprints':[key1,key2,key3]}
def keys(request): import os generate = request.config.getoption('generate') verbose = request.config.getoption('gpglog') if verbose: gnupg._logger.create_logger(10) keyrings = [tmpfname() for i in range(2)] secrings = [tmpfname() for i in range(2)] home = os.path.dirname(os.path.abspath(__file__)) fpubkey = [os.path.join(home,'pubkey%i.asc'%(i+1)) for i in range(2)] fseckey = [os.path.join(home,'seckey%i.asc'%(i+1)) for i in range(2)] keygen = generate if not keygen: for fname in fpubkey+fseckey: if os.path.exists(fname): continue keygen = True break if keygen: for fname in fpubkey+fseckey: if os.path.exists(fname): os.unlink(fname) gpg1 = gnupg.GPG(keyring=keyrings[0],secring=secrings[0],verbose=verbose,use_agent=False) gpg2 = gnupg.GPG(keyring=keyrings[1],secring=secrings[1],verbose=verbose,use_agent=False) if keygen: print ('generating keys') key1 = gpg1.gen_key(gpg1.gen_key_input(name_email=sender,key_length=1024, passphrase=passphrase,expire_date='0')) key2 = gpg2.gen_key(gpg2.gen_key_input(name_email=receiver,key_length=1024, expire_date='0')) assert key1 and key2 key1, key2 = key1.fingerprint, key2.fingerprint pubkey1= gpg1.export_keys(key1) pubkey2= gpg2.export_keys(key2) open(fpubkey[0],'wt').write(pubkey1) open(fpubkey[1],'wt').write(pubkey2) seckey1= gpg1.export_keys(key1,secret=True) seckey2= gpg2.export_keys(key2,secret=True) open(fseckey[0],'wt').write(seckey1) open(fseckey[1],'wt').write(seckey2) else: pubkey1 = open(fpubkey[0],'rt').read() pubkey2 = open(fpubkey[1],'rt').read() gpg1.import_keys(pubkey1) gpg2.import_keys(pubkey2) seckey1 = open(fseckey[0],'rt').read() seckey2 = open(fseckey[1],'rt').read() gpg1.import_keys(seckey1) gpg2.import_keys(seckey2) key1 = find_gnupg_key(gpg1,sender) key2 = find_gnupg_key(gpg2,receiver) assert key1 and key2 def fin(): for tmp in keyrings+secrings: os.unlink(tmp) if generate: request.addfinalizer(fin) return {'gpg1':gpg1, 'gpg2':gpg2, 'pubkey1':pubkey1, 'pubkey2':pubkey2, 'secrings':secrings}
def test_send(request, empty_db, havesmtp, bilateral): "unsent/retry -> sent/failed" from ekklesia.mail import VirtualMailServer from kryptomime.pgp import find_gnupg_key import tempfile, shutil db = empty_db db.gpg = bilateral['id1'] id2 = bilateral['id2'] key1 = find_gnupg_key(bilateral['gpg1'], sender) input = remove_email(inv_pre) if db.member_class else inv_pre db.import_invitations(input, allfields=True, format='json') tmpdir = tempfile.mkdtemp() server = VirtualMailServer(tmpdir) def fin(): server.finish() shutil.rmtree(tmpdir, ignore_errors=True) request.addfinalizer(fin) accounts = {} if havesmtp: for i in range(1, 12): accounts['uid%02i' % i] = server.add_account("inv%i@localhost" % i, keep=False) db.send_invitations(debug_smtp=server) changed = ['uid04', 'uid05', 'uid07', 'uid08'] post = {} db.export_invitations(post, allfields=True, format='json') field_uuid = post['fields'].index('uuid') field_sent = post['fields'].index('sent') ofield_sent = input['fields'].index('sent') field_lchange = post['fields'].index('lastchange') field_senttime = post['fields'].index('senttime') for i, inv in enumerate(post['data']): orig = input['data'][i] mod = list(orig) assert inv[field_lchange] inv[field_lchange] = None # delete lastchange assert inv[field_sent] == 'unsent' or inv[field_senttime] if inv[field_sent] != 'unsent': inv[field_senttime] = None if mod[ ofield_sent] == 'unsent' else some_time if not inv[field_uuid] in changed: assert inv == orig, "unexpected change" continue mod[ofield_sent] = 'sent' if havesmtp else 'failed' assert inv == mod, "invalid change" if not havesmtp: continue imap = accounts[inv[field_uuid]] assert len(imap) == 1 for mail, flags in imap: mail, verified, result = id2.decrypt(mail, strict=False) assert mail and result assert not result['encrypted'] and result['signed'] and result[ 'fingerprints'] == [key1]
def test_send(request, empty_db, havesmtp, bilateral): "unsent/retry -> sent/failed" from ekklesia.mail import VirtualMailServer from kryptomime.pgp import find_gnupg_key import tempfile, shutil db = empty_db db.gpg = bilateral['id1'] id2 = bilateral['id2'] key1 = find_gnupg_key(bilateral['gpg1'],sender) input = remove_email(inv_pre) if db.member_class else inv_pre db.import_invitations(input,allfields=True,format='json') tmpdir = tempfile.mkdtemp() server = VirtualMailServer(tmpdir) def fin(): server.finish() shutil.rmtree(tmpdir,ignore_errors=True) request.addfinalizer(fin) accounts = {} if havesmtp: for i in range(1,12): accounts['uid%02i'%i] = server.add_account("inv%i@localhost" % i,keep=False) db.send_invitations(debug_smtp=server) changed = ['uid04','uid05','uid07','uid08'] post = {} db.export_invitations(post,allfields=True,format='json') field_uuid = post['fields'].index('uuid') field_sent = post['fields'].index('sent') ofield_sent = input['fields'].index('sent') field_lchange = post['fields'].index('lastchange') field_senttime = post['fields'].index('senttime') for i,inv in enumerate(post['data']): orig = input['data'][i] mod = list(orig) assert inv[field_lchange] inv[field_lchange] = None # delete lastchange assert inv[field_sent] == 'unsent' or inv[field_senttime] if inv[field_sent] != 'unsent': inv[field_senttime] = None if mod[ofield_sent] == 'unsent' else some_time if not inv[field_uuid] in changed: assert inv == orig, "unexpected change" continue mod[ofield_sent] = 'sent' if havesmtp else 'failed' assert inv == mod, "invalid change" if not havesmtp: continue imap = accounts[inv[field_uuid]] assert len(imap)==1 for mail, flags in imap: mail, verified, result = id2.decrypt(mail,strict=False) assert mail and result assert not result['encrypted'] and result['signed'] and result['fingerprints']==[key1]
def keys(request): import os generate = request.config.getoption('generate') verbose = request.config.getoption('gpglog') if verbose: gnupg._logger.create_logger(10) keyrings = [tmpfname() for i in range(2)] secrings = [tmpfname() for i in range(2)] home = os.path.dirname(os.path.abspath(__file__)) fpubkey = [os.path.join(home, 'pubkey%i.asc' % (i + 1)) for i in range(2)] fseckey = [os.path.join(home, 'seckey%i.asc' % (i + 1)) for i in range(2)] keygen = generate if not keygen: for fname in fpubkey + fseckey: if os.path.exists(fname): continue keygen = True break if keygen: for fname in fpubkey + fseckey: if os.path.exists(fname): os.unlink(fname) gpg1 = gnupg.GPG(keyring=keyrings[0], secring=secrings[0], verbose=verbose, use_agent=False) gpg2 = gnupg.GPG(keyring=keyrings[1], secring=secrings[1], verbose=verbose, use_agent=False) if keygen: print('generating keys') key1 = gpg1.gen_key( gpg1.gen_key_input(name_email=sender, key_length=1024, passphrase=passphrase, expire_date='0')) key2 = gpg2.gen_key( gpg2.gen_key_input(name_email=receiver, key_length=1024, expire_date='0')) assert key1 and key2 key1, key2 = key1.fingerprint, key2.fingerprint pubkey1 = gpg1.export_keys(key1) pubkey2 = gpg2.export_keys(key2) open(fpubkey[0], 'wt').write(pubkey1) open(fpubkey[1], 'wt').write(pubkey2) seckey1 = gpg1.export_keys(key1, secret=True) seckey2 = gpg2.export_keys(key2, secret=True) open(fseckey[0], 'wt').write(seckey1) open(fseckey[1], 'wt').write(seckey2) else: pubkey1 = open(fpubkey[0], 'rt').read() pubkey2 = open(fpubkey[1], 'rt').read() gpg1.import_keys(pubkey1) gpg2.import_keys(pubkey2) seckey1 = open(fseckey[0], 'rt').read() seckey2 = open(fseckey[1], 'rt').read() gpg1.import_keys(seckey1) gpg2.import_keys(seckey2) key1 = find_gnupg_key(gpg1, sender) key2 = find_gnupg_key(gpg2, receiver) assert key1 and key2 def fin(): for tmp in keyrings + secrings: os.unlink(tmp) if generate: request.addfinalizer(fin) return { 'gpg1': gpg1, 'gpg2': gpg2, 'pubkey1': pubkey1, 'pubkey2': pubkey2, 'secrings': secrings }
def test_registerkey(request,accounts,mails,bilateral,defect): from accounts.models import Account from idapi.models import Message, PublicKey from idapi.mails import gnupg_init, get_mails, send_mails, update_keyrings, process_register import email.mime.text from kryptomime import create_mail from kryptomime.pgp import find_gnupg_key import tempfile home = tempfile.mkdtemp() gpg = gnupg_init(home) update_keyrings(debug_gpg=gpg,debug_import=bilateral['gpg1']) user = accounts['member1'] id1, id2 = bilateral['id1'], bilateral['id2'] key1 = find_gnupg_key(bilateral['gpg1'],sender) key2 = find_gnupg_key(bilateral['gpg2'],receiver) server, imapsend, imaprecv = mails # id1=register, id2=member1 if defect=='unknown': # unknown sender, should be rejected unknown = 'unknown@localhost' imapbad = server.add_account(unknown,keep=False) msg = create_mail(unknown,sender,'register','register') elif defect=='nokey': # known sender, but forget key/signing msg = create_mail(receiver,sender,'register','register') else: # known sender, return confirmation request attach = id2.pubkey_attachment(key2) msg = create_mail(receiver,sender,'register','register',attach=[attach]) assert server.send(msg) assert len(imapsend)==1 get_mails(joint=True,debug=server,debug_gpg=gpg,keep=False) process_register(debug_gpg=gpg) send_mails(joint=True,debug=server,debug_gpg=gpg) if defect=='unknown': assert len(imapbad)==1 for mail, flags in imapbad: mail, verified, result = id2.decrypt(mail,strict=False) assert mail and result assert not result['encrypted'] and result['signed'] and result['fingerprints']==[key1] #print mail # assert key1 attached return return #FIXME assert len(imaprecv)==1 msg = None for mail, flags in imaprecv: mail, verified, result = id2.decrypt(mail,strict=False) assert mail and result assert result['signed'] and result['fingerprints']==[key1] assert bool(result['encrypted']) == (defect!='nokey') #print mail msg = mail # assert key1 attached if defect=='nokey': return if defect=='badcode': reply = create_mail(receiver,sender,'confirmation','bad code') else: body = msg.get_payload() reply = '> '+'> '.join(body.splitlines(True)) reply = create_mail(receiver,sender,'Re: '+mail['subject'],reply) reply = id2.encrypt(reply,sign=True) assert server.send(reply) assert len(imapsend)==1 get_mails(joint=True,debug=server,debug_gpg=gpg,keep=False) process_register(debug_gpg=gpg) send_mails(joint=True,debug=server,debug_gpg=gpg) assert len(imaprecv)==1 for mail, flags in imaprecv: mail, verified, result = id2.decrypt(mail,strict=False) assert mail and result assert result['encrypted'] and result['signed'] and result['fingerprints']==[key1] #print mail msg = mail # assert key1 attached if defect=='badcode': return if defect!='unverified': key = user.publickeys.get(active=True) key.trust=PublicKey.TRUSTED key.save() msg = create_mail(receiver,sender,'test','test') msg = id2.encrypt(msg,sign=True) assert server.send(reply) assert len(imapsend)==1 get_mails(joint=True,debug=server,debug_gpg=gpg,keep=False) # check verified = CONFIRMED/TRUST/... # verifiyed key, receive return
def test_receive(request, accounts, tokens, mails, bilateral, client, defect): from accounts.models import Account from idapi.models import Message, PublicKey from idapi.mails import get_mails, update_keyrings import email.mime.text, six from kryptomime import create_mail, protect_mail from kryptomime.pgp import find_gnupg_key user = accounts['member1'] token = tokens['member1'] #update_keyrings() id1, id2 = bilateral['id1'], bilateral['id2'] key1 = find_gnupg_key(bilateral['gpg1'], sender) key2 = find_gnupg_key(bilateral['gpg2'], receiver) livemail = request.config.getoption('livemail') if livemail: server = mails else: server, imapsend, imaprecv = mails if not livemail: assert not len(imapsend) and not len(imaprecv) user.publickeys.create(active=True, keytype=PublicKey.PGP, trust=PublicKey.TRUSTED) key1 = find_gnupg_key(bilateral['gpg1'], sender) key2 = find_gnupg_key(bilateral['gpg2'], receiver) attachment = email.mime.text.MIMEText('some\nattachment') msg = create_mail(receiver, sender, 'subject', 'body\nmessage', attach=[attachment]) msg = protect_mail(msg, linesep='\r\n') assert server.send(msg) if not livemail: assert len(imapsend) == 1 and not len(imaprecv) sgn, _ = id2.sign(msg, inline=True, verify=True) assert sgn and id1.analyze(sgn) == (False, True) assert server.send(sgn) if not livemail: assert len(imapsend) == 2 and not len(imaprecv) enc, _ = id2.encrypt(msg, sign=True, inline=False) assert enc and id1.analyze(enc) == (True, None) assert server.send(enc) if not livemail: assert len(imapsend) == 3 and not len(imaprecv) """ for mail, flags in imapsend: mtype = id1.analyze(mail) if mtype != (False,False): if mtype == (False,True): verified, result = id1.verify(mail) mail = id1.strip_signature(mail)[0] mail = protect_mail(mail,linesep='\r\n') else: #if mtype == (True,None): mail, verified, result = id1.decrypt(mail) assert mail and verified and result assert result['signed'] and result['fingerprints']==[key2] assert result['encrypted']==(mtype != (False,True)) else: mail = protect_mail(mail,linesep='\r\n') compare_mail(msg,mail) assert not len(imapsend) and not len(imaprecv) """ get_mails(joint=True, debug=None if livemail else server, debug_gpg=bilateral['gpg1'], keep=False) if not livemail: assert not len(imapsend) and not len(imaprecv) response, out = api(client, 'user/mails/', token=token) assert response.status_code == 200 todo = [(False, False), (True, False), (True, True)] for mid in out['items']: response, out = api(client, 'user/mails/%i/' % mid, token=token) assert response.status_code == 200 parts = out['parts'] assert out['subject'] == 'subject' and len(parts) == 2 signed, encrypted = out['signed'], out['encrypted'] contents = ['body\r\nmessage', 'some\r\nattachment'] assert parts[0] == { 'content': contents[0], 'content-charset': 'us-ascii', 'content-type': 'text/plain', 'content-encoding': '7bit' } assert parts[1] == { 'content': contents[1], 'content-charset': 'us-ascii', 'content-type': 'text/plain', 'content-encoding': '7bit' } todo.remove((signed, encrypted)) if signed: assert out['verified'] == 'trusted' #print out assert not todo if livemail: server.close()
def test_send(request, accounts, tokens, mails, bilateral, client, defect): from accounts.models import Account from idapi.models import Message, PublicKey from idapi.mails import send_mails, update_keyrings from kryptomime.pgp import find_gnupg_key user = accounts['member1'] token = tokens['member1'] #update_keyrings() id1, id2 = bilateral['id1'], bilateral['id2'] key1 = find_gnupg_key(bilateral['gpg1'], sender) key2 = find_gnupg_key(bilateral['gpg2'], receiver) livemail = request.config.getoption('livemail') if livemail: server = None else: server, imapsend, imaprecv = mails user.publickeys.create(active=True, keytype=PublicKey.PGP, trust=PublicKey.TRUSTED) data = { 'identity': 'portal', 'content': { 'subject': 'hallo1', 'body': 'foƶ' } } response, out = api(client, 'user/mails/', 'post', data, token=token) assert response.status_code == 200 data = { 'identity': 'portal', 'content': { 'subject': 'hallo2', 'body': 'foo' }, 'sign': True } response, out = api(client, 'user/mails/', 'post', data, token=token) assert response.status_code == 200 data = { 'identity': 'portal', 'content': { 'subject': 'hallo3', 'body': 'foo' }, 'sign': True, 'encrypt': True } response, out = api(client, 'user/mails/', 'post', data, token=token) assert response.status_code == 200 send_mails(joint=True, debug=server, debug_gpg=bilateral['gpg1']) if livemail: server.close() return assert not len(imapsend) and len(imaprecv) == 3 for mail, flags in imaprecv: mail, verified, result = id2.decrypt(mail) assert mail and result subj = mail.get('subject') if subj == 'hallo1': assert not result['encrypted'] and not result['signed'] else: assert result['encrypted'] == ( subj == 'hallo3' ) and result['signed'] and result['fingerprints'] == [key1]