def test_key_inequality():
"public key and secret key are not equal"
ks = jce.KeyStore("tests/files/store")
key_from_store = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99")
key_from_store2 = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99",
"secret")
assert not key_from_store == key_from_store2
def test_add_and_revoke_userid():
"""Verifies that we can add uid to a cert"""
tempdir = tempfile.TemporaryDirectory()
ks = jce.KeyStore(tempdir.name)
key = ks.import_cert("tests/files/store/secret.asc")
# check that there is only one userid
assert len(key.uids) == 1
# now add a new userid
key2 = ks.add_userid(key, "Off Spinner <*****@*****.**>", "redhat")
assert key2.fingerprint == key.fingerprint
assert len(key2.uids) == 2
assert key2.keytype == jce.KeyType.SECRET
# because at first all user ids are valid
for uid in key2.uids:
assert uid["revoked"] == False
# now let us reove the new user id
key3 = ks.revoke_userid(key2, "Off Spinner <*****@*****.**>", "redhat")
# verify the values
assert key3.fingerprint == key.fingerprint
assert len(key3.uids) == 2
assert key3.keytype == jce.KeyType.SECRET
for uid in key3.uids:
if uid["value"] == "Off Spinner <*****@*****.**>":
assert uid["revoked"] == True
else:
assert uid["revoked"] == False
def test_keystore_lifecycle():
ks = jce.KeyStore(tmpdirname.name)
newkey = ks.create_newkey("redhat", "test key1 <*****@*****.**>",
jce.Cipher.RSA4k)
# the default key must be of secret
assert newkey.keytype == jce.KeyType.SECRET
ks.import_cert("tests/files/store/public.asc")
ks.import_cert("tests/files/store/pgp_keys.asc")
ks.import_cert("tests/files/store/hellopublic.asc")
ks.import_cert("tests/files/store/secret.asc")
# Now check the numbers of keys in the store
assert (2, 2) == ks.details()
ks.delete_key("F4F388BBB194925AE301F844C52B42177857DD79")
assert (2, 1) == ks.details()
# Now verify email cache
key_via_fingerprint = ks.get_key(
"A85FF376759C994A8A1168D8D8219C8C43F6C5E1")
keys_via_emails = ks.get_keys(qvalue="*****@*****.**", qtype="email")
assert len(keys_via_emails) == 1
assert key_via_fingerprint == keys_via_emails[0]
# Now verify name cache
key_via_fingerprint = ks.get_key(
"F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
keys_via_names = ks.get_keys(qvalue="Test User2 <*****@*****.**>",
qtype="value")
assert len(keys_via_names) == 1
assert key_via_fingerprint == keys_via_names[0]
def insert(resource_name: str):
"take password from the user"
password = getpass.getpass()
password1 = getpass.getpass()
if password != password1:
print("Both the passwords are not same. Enter the correct password.")
return
dirname = os.path.expanduser("~/.sinduk")
# encrypting the password
ks = jce.KeyStore(dirname)
key = ks.get_all_keys()[0]
enc = ks.encrypt(key, password)
filename = os.path.join(dirname, resource_name)
# checking if the resource_name has `/` in it
if resource_name.find("/"):
dirname = os.path.join(dirname, os.path.dirname(resource_name))
# https://docs.python.org/3/library/os.html#os.makedirs
# if the directory exists do not throw any error
os.makedirs(dirname, 0o700, True)
with open(filename, "wb") as fobj:
fobj.write(enc)
print(f"Password successfully saved under {resource_name}.")
def test_ks_creation_expiration_time():
"""
Tests via Kushal's key and a new key
"""
# These two are known values from kushal
etime = datetime.datetime(2020, 10, 16, 20, 53, 47)
ctime = datetime.datetime(2017, 10, 17, 20, 53, 47)
tmpdir = tempfile.TemporaryDirectory()
# First let us check from the file
keypath = "tests/files/store/pgp_keys.asc"
ks = jce.KeyStore(tmpdir.name)
k = ks.import_cert(keypath)
assert etime.date() == k.expirationtime.date()
assert ctime.date() == k.creationtime.date()
# now with a new key and creation time
ctime = datetime.datetime(2010, 10, 10, 20, 53, 47)
newk = ks.create_newkey("redhat",
"Another test key",
ciphersuite=jce.Cipher.Cv25519,
creation=ctime)
assert ctime.date() == newk.creationtime.date()
assert not newk.expirationtime
# Now both creation and expirationtime
ctime = datetime.datetime(2008, 10, 10, 20, 53, 47)
etime = datetime.datetime(2025, 12, 15, 20, 53, 47)
newk = ks.create_newkey("redhat",
"Another test key",
creation=ctime,
expiration=etime)
assert ctime.date() == newk.creationtime.date()
assert etime.date() == newk.expirationtime.date()
# Now both creation and expirationtime for subkeys
ctime = datetime.datetime(2008, 10, 10, 20, 53, 47)
etime = datetime.datetime(2029, 12, 15, 20, 53, 47)
newk = ks.create_newkey(
"redhat",
"Test key with subkey expiration",
creation=ctime,
expiration=etime,
subkeys_expiration=True,
)
assert ctime.date() == newk.creationtime.date()
for skeyid, subkey in newk.othervalues["subkeys"].items():
assert subkey[1].date() == etime.date()
# Now only providing expirationtime for subkeys
etime = datetime.datetime(2030, 6, 5, 20, 53, 47)
newk = ks.create_newkey(
"redhat",
"Test key with subkey expiration",
expiration=etime,
subkeys_expiration=True,
)
assert datetime.datetime.now().date() == newk.creationtime.date()
for skeyid, subkey in newk.othervalues["subkeys"].items():
assert subkey[1].date() == etime.date()
def test_get_encrypted_for():
ks = jce.KeyStore("tests/files/store/")
keyids = rjce.file_encrypted_for("tests/files/double_recipient.asc")
assert keyids == ["1CF980B8E69E112A", "5A7A1560D46ED4F6"]
with open("tests/files/double_recipient.asc", "rb") as fobj:
data = fobj.read()
keyids = rjce.bytes_encrypted_for(data)
assert keyids == ["1CF980B8E69E112A", "5A7A1560D46ED4F6"]
def test_fetch_key_by_email():
tempdir = tempfile.TemporaryDirectory()
ks = jce.KeyStore(tempdir.name)
key = ks.fetch_key_by_email("*****@*****.**")
assert len(key.uids) == 2
uid = key.uids[0]
assert uid["name"] == "Anwesha Das"
assert key.fingerprint == "2871635BE3B4E5C04F02B848C353BFE051D06C33"
def test_ks_upgrade_failure():
"tests db upgrade failure from an old db because of existing file"
tempdir = tempfile.TemporaryDirectory()
shutil.copy("tests/files/store/oldjce.db",
os.path.join(tempdir.name, "jce.db"))
shutil.copy("tests/files/store/oldjce.db",
os.path.join(tempdir.name, "jce_upgrade.db"))
with pytest.raises(RuntimeError):
ks = jce.KeyStore(tempdir.name)
def test_fetch_key_by_fingerprint():
tempdir = tempfile.TemporaryDirectory()
ks = jce.KeyStore(tempdir.name)
key = ks.fetch_key_by_fingerprint(
"EF6E286DDA85EA2A4BA7DE684E2C6E8793298290")
assert len(key.uids) == 1
uid = key.uids[0]
assert uid["email"] == "*****@*****.**"
assert uid["name"] == "Tor Browser Developers"
def test_key_equality():
ks = jce.KeyStore("tests/files/store")
key_from_store = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99")
key_from_disk = jce.Key(
"./tests/files/store/hellopublic.asc",
"6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99",
"public",
)
assert key_from_store == key_from_disk
def test_ks_sign_verify_file():
inputfile = "tests/files/text.txt"
tempdir = tempfile.TemporaryDirectory()
shutil.copy(inputfile, tempdir.name)
ks = jce.KeyStore("tests/files/store")
key = "F51C310E02DC1B7771E176D8A1C5C364EB5B9A20"
file_to_be_signed = os.path.join(tempdir.name, "text.txt")
signed = ks.sign_file(key, file_to_be_signed, "redhat", write=True)
assert signed.startswith("-----BEGIN PGP SIGNATURE-----\n")
assert ks.verify_file(key, file_to_be_signed, file_to_be_signed + ".asc")
def test_ks_encrypt_decrypt_bytes():
"Encrypts and decrypt some bytes"
ks = jce.KeyStore("tests/files/store")
public_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
encrypted = ks.encrypt(public_key, DATA)
assert encrypted.startswith(b"-----BEGIN PGP MESSAGE-----\n")
secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
decrypted_text = ks.decrypt(secret_key, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
def test_ks_sign_verify_file():
inputfile = "tests/files/text.txt"
tempdir = tempfile.TemporaryDirectory()
shutil.copy(inputfile, tempdir.name)
ks = jce.KeyStore("tests/files/store")
key = "6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99"
file_to_be_signed = os.path.join(tempdir.name, "text.txt")
signed = ks.sign_file(key, file_to_be_signed, "redhat", write=True)
assert signed.startswith("-----BEGIN PGP SIGNATURE-----\n")
assert ks.verify_file(key, file_to_be_signed, file_to_be_signed + ".asc")
def init(keyfile: str):
"initials the sinduk project for the user"
if not os.path.exists(keyfile):
print("The OpenPGP keyfile does not exist.")
return
dirname = os.path.expanduser("~/.sinduk")
if not os.path.exists(dirname):
os.mkdir(dirname)
ks = jce.KeyStore(dirname)
ks.import_cert(keyfile)
def test_ks_encrypt_decrypt_bytes():
"Encrypts and decrypt some bytes"
ks = jce.KeyStore("tests/files/store")
public_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99")
encrypted = ks.encrypt(public_key, DATA)
assert encrypted.startswith(b"-----BEGIN PGP MESSAGE-----\n")
secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99",
"secret")
decrypted_text = ks.decrypt(secret_key, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
def test_get_pub_key():
"""Verifies that we export only the public key part from any key"""
ks = jce.KeyStore("./tests/files/store")
fingerprint = "F51C310E02DC1B7771E176D8A1C5C364EB5B9A20"
key = ks.get_key(fingerprint)
# verify that the key is a secret
key.keytype == 1
# now get the public key
pub_key = key.get_pub_key()
assert pub_key.startswith("-----BEGIN PGP PUBLIC KEY BLOCK-----")
def test_key_with_multiple_uids():
tempdir = tempfile.TemporaryDirectory()
ks = jce.KeyStore(tempdir.name)
uids = [
"Kushal Das <*****@*****.**>",
"*****@*****.**",
"This is also Kushal",
]
k = ks.create_newkey("redhat", uids)
uids, fp, secret, et, ct, othervalues = jce.parse_cert_bytes(k.keyvalue)
assert len(uids) == 3
def test_add_userid_fails_for_public():
"""Verifies that adding uid to a public key fails"""
tempdir = tempfile.TemporaryDirectory()
ks = jce.KeyStore(tempdir.name)
key = ks.import_cert("tests/files/store/public.asc")
# verify that the key is a secret
assert len(key.uids) == 1
# now add a new userid
with pytest.raises(ValueError):
key2 = ks.add_userid(key, "Off Spinner <*****@*****.**>", "redhat")
def test_ks_encrypt_decrypt_file(encrypt_decrypt_file):
"Encrypts and decrypt some bytes"
inputfile = "tests/files/text.txt"
output = "/tmp/text-encrypted.pgp"
decrypted_output = "/tmp/text.txt"
ks = jce.KeyStore("tests/files/store")
public_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
assert ks.encrypt_file(public_key, inputfile, output)
secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
ks.decrypt_file(secret_key, output, decrypted_output, password="******")
verify_files(inputfile, decrypted_output)
def test_ks_encrypt_decrypt_bytes_to_file():
"Encrypts and decrypt some bytes"
outputfile = os.path.join(tmpdirname.name, "encrypted.asc")
ks = jce.KeyStore("tests/files/store")
secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
assert ks.encrypt(secret_key, DATA, outputfile=outputfile)
with open(outputfile, "rb") as fobj:
encrypted = fobj.read()
secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
decrypted_text = ks.decrypt(secret_key, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
def test_ks_encrypt_decrypt_file(encrypt_decrypt_file):
"Encrypts and decrypt some bytes"
inputfile = "tests/files/text.txt"
output = "/tmp/text-encrypted.pgp"
decrypted_output = "/tmp/text.txt"
ks = jce.KeyStore("tests/files/store")
public_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99")
assert ks.encrypt_file(public_key, inputfile, output)
secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99",
"secret")
ks.decrypt_file(secret_key, output, decrypted_output, password="******")
verify_files(inputfile, decrypted_output)
def test_ks_encrypt_decrypt_bytes_to_file():
"Encrypts and decrypt some bytes"
outputfile = os.path.join(tmpdirname.name, "encrypted.asc")
ks = jce.KeyStore("tests/files/store")
secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99")
assert ks.encrypt(secret_key, DATA, outputfile=outputfile)
with open(outputfile, "rb") as fobj:
encrypted = fobj.read()
secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99",
"secret")
decrypted_text = ks.decrypt(secret_key, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
def test_ks_encrypt_decrypt_bytes_to_file_multiple_recipients():
"Encrypts and decrypt some bytes"
outputfile = os.path.join(tmpdirname.name, "encrypted.asc")
ks = jce.KeyStore("tests/files/store")
key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79")
assert ks.encrypt([key1, key2], DATA, outputfile=outputfile)
with open(outputfile, "rb") as fobj:
encrypted = fobj.read()
secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
decrypted_text = ks.decrypt(secret_key, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
def test_keystore_contains_key():
"verifies __contains__ method for keystore"
ks = jce.KeyStore(tmpdirname.name)
keypath = "tests/files/store/secret.asc"
ks.import_cert(keypath)
_, fingerprint, keytype = jce.parse_cert_file(keypath)
k = jce.Key(keypath, fingerprint, keytype)
# First only the fingerprint
assert fingerprint in ks
# Next the Key object
assert k in ks
# This should be false
assert not "1111111" in ks
def test_add_userid():
"""Verifies that we can add uid to a cert"""
tempdir = tempfile.TemporaryDirectory()
ks = jce.KeyStore(tempdir.name)
key = ks.import_cert("tests/files/store/secret.asc")
# check that there is only one userid
assert len(key.uids) == 1
# now add a new userid
key2 = ks.add_userid(key, "Off Spinner <*****@*****.**>", "redhat")
assert key2.fingerprint == key.fingerprint
assert len(key2.uids) == 2
assert key2.keytype == jce.KeyType.SECRET
def test_ks_encrypt_decrypt_bytes_to_file_multiple_recipients():
"Encrypts and decrypt some bytes"
outputfile = os.path.join(tmpdirname.name, "encrypted.asc")
ks = jce.KeyStore("tests/files/store")
key1 = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99")
key2 = ks.get_key("BB2D3F20233286371C3123D5209940B9669ED621")
assert ks.encrypt([key1, key2], DATA, outputfile=outputfile)
with open(outputfile, "rb") as fobj:
encrypted = fobj.read()
secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99",
"secret")
decrypted_text = ks.decrypt(secret_key, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
def test_ks_upgrade():
"tests db upgrade from an old db"
tempdir = tempfile.TemporaryDirectory()
shutil.copy("tests/files/store/oldjce.db",
os.path.join(tempdir.name, "jce.db"))
ks = jce.KeyStore(tempdir.name)
con = sqlite3.connect(ks.dbpath)
con.row_factory = sqlite3.Row
# First we will check if this db schema is old or not
with con:
cursor = con.cursor()
sql = "SELECT * from dbupgrade"
cursor.execute(sql)
fromdb = cursor.fetchone()
assert fromdb["upgradedate"] == jce.DB_UPGRADE_DATE
def test_ks_encrypt_decrypt_bytes_multiple_recipients():
"Encrypts and decrypt some bytes"
ks = jce.KeyStore("tests/files/store")
key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79")
encrypted = ks.encrypt([key1, key2], DATA)
assert encrypted.startswith(b"-----BEGIN PGP MESSAGE-----\n")
secret_key1 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79")
decrypted_text = ks.decrypt(secret_key1, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
secret_key2 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
decrypted_text = ks.decrypt(secret_key2, encrypted,
password="******").decode("utf-8")
assert DATA == decrypted_text
def test_update_subkey_expiry_time():
"Updates the expirytime for a given subkey"
ks = jce.KeyStore("tests/files/store")
key = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79")
fps = [
"102EBD23BD5D2D340FBBDE0ADFD1C55926648D2F",
]
newkeyvalue = rjce.update_subkeys_expiry_in_cert(key.keyvalue, fps,
60 * 60 * 24, "redhat")
_, _, _, _, _, othervalues = rjce.parse_cert_bytes(newkeyvalue)
tomorrow = datetime.date.today() + datetime.timedelta(days=1)
for skey in othervalues["subkeys"]:
if skey[1] == "102EBD23BD5D2D340FBBDE0ADFD1C55926648D2F":
date = skey[3]
assert date.date() == tomorrow
def test_ks_encrypt_decrypt_file_multiple_recipients(encrypt_decrypt_file):
"Encrypts and decrypt some bytes"
inputfile = "tests/files/text.txt"
output = "/tmp/text-encrypted.pgp"
decrypted_output = "/tmp/text.txt"
ks = jce.KeyStore("tests/files/store")
key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79")
encrypted = ks.encrypt_file([key1, key2], inputfile, output)
secret_key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20")
ks.decrypt_file(secret_key1, output, decrypted_output, password="******")
verify_files(inputfile, decrypted_output)
secret_key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79")
ks.decrypt_file(secret_key2, output, decrypted_output, password="******")
verify_files(inputfile, decrypted_output)
