def test_simple(): data = """ -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.6 (GNU/Linux) hQIOA/JiGU+GKWbNEAf+Mj23UceAZbB0F1aiM7/3JJdoEqKqof1L/zdPU3YF1STX dcGVrERNgLgxk8hheLQUSrTOZ9THhQuFmkWkBkB6NKOn5pElxAOWmB04496Q+F*x xXiNA/CHdlgRzrYj22WErmuUgbv8mIMBDrEcIhj775d2aXiBr864AN+LpP6l/3XR t0jbIdf6JbswN0e/Vwgw6i1JWSl62vYHpuD9fOzoVrCdiwNAVBAun1bYmZAYAA/F 1fGIwfNaD4z3AXzapkYcctu3KBn9sd2NewRicDTdHTEXBrN3HNfkjU0HAHaP8vGI hNNnFGwEcbm/CWfU8Q6wXozZQty/6jhYcop0yZJzcgf/dtmQ9fAdnfVraSggbM1v yEwZq6OHGgBHHWrET6YQ/QG7MgZOEHQSBemaD6qvB4QLc/8nxhZrZG6GOXDz5QbO 1HFDEcmlwN3gWPypMCJlJ+rHdWkaU9Bap8JuULGUZZ+VUeQI0MBWYwaeweIL5/5+ xT8XPa+Ez74EInxbNwEGzLNpjy6m8zaLFaWHu52cS7sRaYrhv1Nj1oW6XcVNhYAY d/yMrNLqUfpKF0pqb4WVV1b1tqi4igNP9Cl9GWs2QBSbiabFsJZjwoFT7IhXlZJl 79R+zV37OUM5RhR0KuHvfvqKka3hyiOyi/pNOPnUeZ+0WxDILWIZHEF3LS4a7+sN 8oUCDgPwUTneWoUOhRAH/3O5H0+Pby76M6I/i0OdmGmrSHbUl++M/+XCLX8qVfDe AKf9n8tzsWb1tO7uVs1NivsGmWSToZ9o45fQd9k5pwwr/tE3oyCbtFgkmtKLlPrP 6dMXUjlF8sRk3KCGUPAOa69/Y0USSQ5M6HVj9TFeS9lrUOnyy570wX6nuwM1lKuB 4t8zg/LnZgUSfHXdUmJJGUjAP0ppsmrWKnqTtdtIMbUhwKhKGWXBHXvpII/u97ED BJ3hFEDs0gjeSk1OU79pzQ8fz2/ZXifm8IYYyNQ3a0eA0EjRNaGF3Xgr9jI+Pwku cTQZV1cw0YTajXgXHxA/N6ddi035psLjaqTrfq2Sk2UH+gNpfJdvI8YTwCWsf01b ACoWxNf7GyNrLUjjo6P2kSG27H1IvyBdkL48ghFw2vR3/k6B059I27CLbKDn20as e6BgJnMea8aqIhbLbPQtfW2OnlfWCyOx2HTUa2F+zGpqWADX9r6J8hnQVjsBD1FG 0TGmCHIqe+BCsBXERdFU3fJh1JjZg5rvdo+gpZ4CAuOupBfrH0f5h7pcQb8oKhLP wxgYpMGYsElS2ioyam/EqO45fMh1p+tJ/kGPb5sL20ORJc63knW1olI04VEzjY87 esl3/iBHiZ+YKKasJum3KD4gfkglW955Igj+9pUNI73hvoN83yXuhIbOPicZg3Hh zHTSPwHRiwIVoo8ULFoRdUxgdL9zUdVz/+7R+pyaIQ4RVvQz0QFXH3rjDBow0N1n QXbPbHR4+golsi6vouzOp7VIrQ== =0e7b -----END PGP MESSAGE----- """ tmp = maketemp() path = os.path.join(tmp, 'message') with file(path, 'w') as f: f.write(data) g = extract_recipients.extract_recipients(path=path) eq(g.next(), 'F262194F862966CD') eq(g.next(), 'F05139DE5A850E85') assert_raises(StopIteration, g.next)
def verify(cfg, path): """ Generates a list of problems, each item a `VerifyResult`; empty list means everything is good. """ for relpath, path in walk.walk(cfg=cfg, path=path): log.debug('Verifying file: %s', relpath) ok = True result = VerifyResult( path=relpath, extra=set(), missing=set(), unknown_keys=set(), unknown_fingerprints=set(), ) want = decide_recipients.decide_recipients( cfg=cfg, path=relpath, ) want = set(want) log.debug('Expecting recipients: %s', ' '.join(sorted(want))) keyids = extract_recipients.extract_recipients(path) keyids = set(keyids) log.debug('Got recipient keyids: %s', ' '.join(keyids)) # Keyids can collide; that means a message may (to us) # look like it's encrypted to Bob, but in reality it's # encrypted to Mallory. This attack requires tricking the # person encrypting it to choosing the wrong key; if you # use "sekrit set", the recipient will be chosen by # fingerprint, and thus this attack is most likely # infeasible. Hence, we will just assume the keyids # extracted above map simply to our known # fingerprints/users. fprs = set() for keyid in keyids: fpr = keyid_to_fingerprint.keyid_to_fingerprint(keyid) if fpr is None: log.critical( '%s: Unexpected recipient keyid: %r', relpath, keyid, ) result.unknown_keys.add(keyid) ok = False else: fprs.add(fpr) log.debug('Got recipient fingerprints: %s', ' '.join(fprs)) got_users = set() for fpr in fprs: user = map_fpr_to_user.map_fpr_to_user(cfg, fpr) if user is None: log.critical( '%s: Unknown recipient fingerprint: %r', relpath, fpr, ) result.unknown_fingerprints.add(fpr) ok = False else: got_users.add(user) log.debug('Got recipients: %s', ' '.join(sorted(got_users))) extra = got_users - want if extra: log.critical( '%s: Unexpected recipients: %s', relpath, ' '.join(sorted(extra)), ) result.extra.update(extra) ok = False missing = want - got_users if missing: log.error( '%s: Missing recipients: %s', relpath, ' '.join(sorted(missing)), ) result.missing.update(missing) ok = False if ok: log.info('%s: ok: %s', relpath, ' '.join(sorted(got_users))) else: log.error('%s: bad', relpath) yield result