def test_missing_key_rejects_address(self):
"""
Test if server rejects to send unencrypted when 'encrypted_only' is
True.
"""
# remove key from key manager
pubkey = yield self.km.get_key(ADDRESS)
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.delete_key(pubkey)
# mock the key fetching
self.km._fetch_keys_from_server = Mock(
return_value=fail(errors.KeyNotFound()))
user = TEST_USER
proto = getSMTPFactory({user: None}, {user: self.km}, {user: None},
encrypted_only=True)
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
yield self.getReply(self.EMAIL_DATA[0] + '\r\n', proto, transport)
yield self.getReply(self.EMAIL_DATA[1] + '\r\n', proto, transport)
reply = yield self.getReply(self.EMAIL_DATA[2] + '\r\n', proto,
transport)
# ensure the address was rejected
self.assertEqual(
'550 Cannot receive for specified address\r\n', reply,
'Address should have been rejected with appropriate message.')
proto.setTimeout(None)
def test_openpgp_encrypt_decrypt(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
# encrypt
yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS)
pubkey = yield pgp.get_key(ADDRESS, private=False)
cyphertext = yield pgp.encrypt(data, pubkey)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != data)
self.assertTrue(pgp.is_encrypted(cyphertext))
self.assertTrue(pgp.is_encrypted(cyphertext))
# decrypt
yield self._assert_key_not_found(pgp, ADDRESS, private=True)
yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
decrypted, _ = yield pgp.decrypt(cyphertext, privkey)
self.assertEqual(decrypted, data)
yield pgp.delete_key(pubkey)
yield pgp.delete_key(privkey)
yield self._assert_key_not_found(pgp, ADDRESS, private=False)
yield self._assert_key_not_found(pgp, ADDRESS, private=True)
def test_self_repair_six_active_docs(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
k1 = OpenPGPKey(ADDRESS, fingerprint="1",
refreshed_at=datetime(2005, 1, 1))
k2 = OpenPGPKey(ADDRESS, fingerprint="2",
refreshed_at=datetime(2007, 1, 1))
k3 = OpenPGPKey(ADDRESS, fingerprint="3",
refreshed_at=datetime(2007, 1, 1),
encr_used=True, sign_used=True)
k4 = OpenPGPKey(ADDRESS, fingerprint="4",
refreshed_at=datetime(2007, 1, 1),
sign_used=True)
k5 = OpenPGPKey(ADDRESS, fingerprint="5",
refreshed_at=datetime(2007, 1, 1),
encr_used=True)
k6 = OpenPGPKey(ADDRESS, fingerprint="6",
refreshed_at=datetime(2006, 1, 1),
encr_used=True, sign_used=True)
keys = (k1, k2, k3, k4, k5, k6)
for key in keys:
yield self._soledad.create_doc_from_json(key.get_json())
yield self._soledad.create_doc_from_json(key.get_active_json())
delete_doc = self._mock_delete_doc()
key = yield pgp.get_key(ADDRESS, private=False)
self._soledad.delete_doc = delete_doc
self.assertEqual(self.count, 5)
self.assertEqual(key.fingerprint, "3")
def test_missing_key_accepts_address(self):
"""
Test if server accepts to send unencrypted when 'encrypted_only' is
False.
"""
# remove key from key manager
pubkey = yield self.km.get_key(ADDRESS)
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.delete_key(pubkey)
# mock the key fetching
self.km._fetch_keys_from_server_and_store_local = Mock(
return_value=fail(errors.KeyNotFound()))
user = TEST_USER
proto = getSMTPFactory({user: OutgoingMail(user, self.km)},
{user: None})
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
yield self.getReply(self.EMAIL_DATA[0] + '\r\n', proto, transport)
yield self.getReply(self.EMAIL_DATA[1] + '\r\n', proto, transport)
reply = yield self.getReply(self.EMAIL_DATA[2] + '\r\n', proto,
transport)
# ensure the address was accepted
self.assertEqual(
'250 Recipient address accepted\r\n', reply,
'Address should have been accepted with appropriate message.')
proto.setTimeout(None)
def test_self_repair_no_keys(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS)
get_from_index = self._soledad.get_from_index
delete_doc = self._soledad.delete_doc
def my_get_from_index(*args):
if (args[0] == TYPE_FINGERPRINT_PRIVATE_INDEX and
args[2] == KEY_FINGERPRINT):
return succeed([])
return get_from_index(*args)
self._soledad.get_from_index = my_get_from_index
self._soledad.delete_doc = Mock(return_value=succeed(None))
try:
yield self.assertFailure(pgp.get_key(ADDRESS, private=False),
KeyNotFound)
# it should have deleted the index
self.assertEqual(self._soledad.delete_doc.call_count, 1)
finally:
self._soledad.get_from_index = get_from_index
self._soledad.delete_doc = delete_doc
def test_sign_with_public_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS)
self.assertRaises(
AssertionError,
pgp.sign, data, ADDRESS, OpenPGPKey)
def test_do_not_throw_error_for_empty_key_dict(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
rf = RandomRefreshPublicKey(pgp, self._key_manager())
pgp.get_all_keys = Mock(return_value=defer.succeed([]))
random_address = yield rf._get_random_key()
self.assertTrue(random_address is None)
def test_openpgp_put_delete_key(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, ADDRESS)
yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS)
key = yield pgp.get_key(ADDRESS, private=False)
yield pgp.delete_key(key)
yield self._assert_key_not_found(pgp, ADDRESS)
def test_key_is_signed_by(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
old_pubkey, old_privkey = pgp.parse_key(
OLD_PUB_KEY, OLD_AND_NEW_KEY_ADDRESS)
new_pubkey, new_privkey = pgp.parse_key(
NEW_PUB_KEY, OLD_AND_NEW_KEY_ADDRESS)
self.assertTrue(new_pubkey.is_signed_by(old_pubkey))
def test_start_refreshing(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
with patch.object(Logger, 'debug') as mock_logger_start:
rf = RandomRefreshPublicKey(pgp, self._key_manager())
rf.start()
mock_logger_start.assert_called_with(DEBUG_START_REFRESH)
rf.stop()
mock_logger_start.assert_called_with(DEBUG_STOP_REFRESH)
def test_verify_with_private_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
signed = pgp.sign(data, privkey)
self.assertRaises(
AssertionError,
pgp.verify, signed, privkey)
def test_verify_with_wrong_key_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
signed = pgp.sign(data, privkey)
yield pgp.put_raw_key(PUBLIC_KEY_2, ADDRESS_2)
wrongkey = yield pgp.get_key(ADDRESS_2)
self.assertFalse(pgp.verify(signed, wrongkey))
def test_sign_verify_detached_sig(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
signature = yield pgp.sign(data, privkey, detach=True)
pubkey = yield pgp.get_key(ADDRESS, private=False)
validsign = pgp.verify(data, pubkey, detached_sig=signature)
self.assertTrue(validsign)
def _test_openpgp_gen_key(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, '*****@*****.**')
key = yield pgp.gen_key('*****@*****.**')
self.assertIsInstance(key, OpenPGPKey)
self.assertEqual(
'*****@*****.**', key.address, 'Wrong address bound to key.')
self.assertEqual(
4096, key.length, 'Wrong key length.')
def test_encrypt_sign_with_public_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
pubkey = yield pgp.get_key(ADDRESS, private=False)
self.failureResultOf(
pgp.encrypt(data, privkey, sign=pubkey),
AssertionError)
def test_self_repair_put_keys(self):
self._insert_key_docs([datetime(2005, 1, 1),
datetime(2007, 1, 1),
datetime(2001, 1, 1)])
delete_doc = self._mock_delete_doc()
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS)
self._soledad.delete_doc = delete_doc
self.assertEqual(self.count, 2)
def test_get_public_key(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, ADDRESS)
yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS)
yield self._assert_key_not_found(pgp, ADDRESS, private=True)
key = yield pgp.get_key(ADDRESS, private=False)
self.assertTrue(ADDRESS in key.address)
self.assertFalse(key.private)
self.assertEqual(KEY_FINGERPRINT, key.fingerprint)
yield pgp.delete_key(key)
yield self._assert_key_not_found(pgp, ADDRESS)
def test_get_random_address(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
rf = RandomRefreshPublicKey(pgp, self._key_manager())
key = OpenPGPKey(address='*****@*****.**')
key_another = OpenPGPKey(address='*****@*****.**')
pgp.get_all_keys = Mock(return_value=defer.succeed([key, key_another]))
random_key = yield rf._get_random_key()
self.assertTrue(random_key.address == key.address
or random_key.address == key_another.address)
def test_openpgp_put_ascii_key(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, ADDRESS)
yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS)
key = yield pgp.get_key(ADDRESS, private=False)
self.assertIsInstance(key, OpenPGPKey)
self.assertTrue(
ADDRESS in key.address, 'Wrong address bound to key.')
self.assertEqual(
4096, key.length, 'Wrong key length.')
yield pgp.delete_key(key)
yield self._assert_key_not_found(pgp, ADDRESS)
def test_self_repair_three_keys(self):
refreshed_keep = datetime(2007, 1, 1)
self._insert_key_docs([datetime(2005, 1, 1),
refreshed_keep,
datetime(2001, 1, 1)])
delete_doc = self._mock_delete_doc()
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
key = yield pgp.get_key(ADDRESS, private=False)
self.assertEqual(key.refreshed_at, refreshed_keep)
self.assertEqual(self.count, 2)
self._soledad.delete_doc = delete_doc
def test_key_expired_will_be_deactivatet(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
km = self._key_manager()
rf = RandomRefreshPublicKey(pgp, km)
key = OpenPGPKey(address='*****@*****.**', expiry_date=datetime.now())
self.assertTrue(key.address is '*****@*****.**')
pgp.unactivate_key = Mock(return_value=defer.succeed(None))
yield rf._maybe_unactivate_key(key)
self.assertTrue(key.address is None)
self.assertFalse(key.is_active())
def test_put_new_key_in_local_storage(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
km = self._key_manager()
rf = RandomRefreshPublicKey(pgp, km)
rf._get_random_key = Mock(
return_value=defer.succeed(OpenPGPKey(
fingerprint=KEY_FINGERPRINT)))
km._nicknym.fetch_key_with_fingerprint = Mock(
return_value=defer.succeed(PUBLIC_KEY_2))
yield rf.maybe_refresh_key()
def test_decrypt_verify_with_wrong_key(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
pubkey = yield pgp.get_key(ADDRESS, private=False)
encrypted_and_signed = yield pgp.encrypt(data, pubkey, sign=privkey)
yield pgp.put_raw_key(PUBLIC_KEY_2, ADDRESS_2)
wrongkey = yield pgp.get_key(ADDRESS_2)
decrypted, validsign = yield pgp.decrypt(encrypted_and_signed,
privkey,
verify=wrongkey)
self.assertEqual(decrypted, data)
self.assertFalse(validsign)
def test_log_error_if_fetch_by_fingerprint_returns_wrong_key(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
km = self._key_manager()
with patch.object(Logger, 'error') as mock_logger_error:
rf = RandomRefreshPublicKey(pgp, km)
rf._get_random_key = \
Mock(return_value=defer.succeed(OpenPGPKey(
fingerprint=KEY_FINGERPRINT)))
km._nicknym.fetch_key_with_fingerprint = \
Mock(return_value=defer.succeed(PUBLIC_KEY_2))
yield rf.maybe_refresh_key()
mock_logger_error.assert_called_with(
ERROR_UNEQUAL_FINGERPRINTS %
(KEY_FINGERPRINT, KEY_FINGERPRINT_2))
def test_encrypt_sign_decrypt_verify(self):
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.gpg_binary_path)
yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS)
pubkey = yield pgp.get_key(ADDRESS, private=False)
privkey = yield pgp.get_key(ADDRESS, private=True)
yield pgp.put_raw_key(PRIVATE_KEY_2, ADDRESS_2)
pubkey2 = yield pgp.get_key(ADDRESS_2, private=False)
privkey2 = yield pgp.get_key(ADDRESS_2, private=True)
data = 'data'
encrypted_and_signed = yield pgp.encrypt(
data, pubkey2, sign=privkey)
res, validsign = yield pgp.decrypt(
encrypted_and_signed, privkey2, verify=pubkey)
self.assertEqual(data, res)
self.assertTrue(validsign)
def test_random_interval_is_set_properly(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
rf = RandomRefreshPublicKey(pgp, self._key_manager())
self.assertTrue(rf._loop.interval >= MIN_RANDOM_INTERVAL_RANGE)
