def test_missing_key_rejects_address(self): """ Test if server rejects to send unencrypted when 'encrypted_only' is True. """ # remove key from key manager pubkey = yield self.km.get_key(ADDRESS) pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.delete_key(pubkey) # mock the key fetching self.km._fetch_keys_from_server = Mock( return_value=fail(errors.KeyNotFound())) user = TEST_USER proto = getSMTPFactory({user: None}, {user: self.km}, {user: None}, encrypted_only=True) transport = proto_helpers.StringTransport() proto.makeConnection(transport) yield self.getReply(self.EMAIL_DATA[0] + '\r\n', proto, transport) yield self.getReply(self.EMAIL_DATA[1] + '\r\n', proto, transport) reply = yield self.getReply(self.EMAIL_DATA[2] + '\r\n', proto, transport) # ensure the address was rejected self.assertEqual( '550 Cannot receive for specified address\r\n', reply, 'Address should have been rejected with appropriate message.') proto.setTimeout(None)
def test_openpgp_encrypt_decrypt(self): data = 'data' pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) # encrypt yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) pubkey = yield pgp.get_key(ADDRESS, private=False) cyphertext = yield pgp.encrypt(data, pubkey) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != data) self.assertTrue(pgp.is_encrypted(cyphertext)) self.assertTrue(pgp.is_encrypted(cyphertext)) # decrypt yield self._assert_key_not_found(pgp, ADDRESS, private=True) yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) privkey = yield pgp.get_key(ADDRESS, private=True) decrypted, _ = yield pgp.decrypt(cyphertext, privkey) self.assertEqual(decrypted, data) yield pgp.delete_key(pubkey) yield pgp.delete_key(privkey) yield self._assert_key_not_found(pgp, ADDRESS, private=False) yield self._assert_key_not_found(pgp, ADDRESS, private=True)
def test_self_repair_six_active_docs(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) k1 = OpenPGPKey(ADDRESS, fingerprint="1", refreshed_at=datetime(2005, 1, 1)) k2 = OpenPGPKey(ADDRESS, fingerprint="2", refreshed_at=datetime(2007, 1, 1)) k3 = OpenPGPKey(ADDRESS, fingerprint="3", refreshed_at=datetime(2007, 1, 1), encr_used=True, sign_used=True) k4 = OpenPGPKey(ADDRESS, fingerprint="4", refreshed_at=datetime(2007, 1, 1), sign_used=True) k5 = OpenPGPKey(ADDRESS, fingerprint="5", refreshed_at=datetime(2007, 1, 1), encr_used=True) k6 = OpenPGPKey(ADDRESS, fingerprint="6", refreshed_at=datetime(2006, 1, 1), encr_used=True, sign_used=True) keys = (k1, k2, k3, k4, k5, k6) for key in keys: yield self._soledad.create_doc_from_json(key.get_json()) yield self._soledad.create_doc_from_json(key.get_active_json()) delete_doc = self._mock_delete_doc() key = yield pgp.get_key(ADDRESS, private=False) self._soledad.delete_doc = delete_doc self.assertEqual(self.count, 5) self.assertEqual(key.fingerprint, "3")
def test_missing_key_accepts_address(self): """ Test if server accepts to send unencrypted when 'encrypted_only' is False. """ # remove key from key manager pubkey = yield self.km.get_key(ADDRESS) pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.delete_key(pubkey) # mock the key fetching self.km._fetch_keys_from_server_and_store_local = Mock( return_value=fail(errors.KeyNotFound())) user = TEST_USER proto = getSMTPFactory({user: OutgoingMail(user, self.km)}, {user: None}) transport = proto_helpers.StringTransport() proto.makeConnection(transport) yield self.getReply(self.EMAIL_DATA[0] + '\r\n', proto, transport) yield self.getReply(self.EMAIL_DATA[1] + '\r\n', proto, transport) reply = yield self.getReply(self.EMAIL_DATA[2] + '\r\n', proto, transport) # ensure the address was accepted self.assertEqual( '250 Recipient address accepted\r\n', reply, 'Address should have been accepted with appropriate message.') proto.setTimeout(None)
def test_self_repair_no_keys(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) get_from_index = self._soledad.get_from_index delete_doc = self._soledad.delete_doc def my_get_from_index(*args): if (args[0] == TYPE_FINGERPRINT_PRIVATE_INDEX and args[2] == KEY_FINGERPRINT): return succeed([]) return get_from_index(*args) self._soledad.get_from_index = my_get_from_index self._soledad.delete_doc = Mock(return_value=succeed(None)) try: yield self.assertFailure(pgp.get_key(ADDRESS, private=False), KeyNotFound) # it should have deleted the index self.assertEqual(self._soledad.delete_doc.call_count, 1) finally: self._soledad.get_from_index = get_from_index self._soledad.delete_doc = delete_doc
def test_sign_with_public_raises(self): data = 'data' pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) self.assertRaises( AssertionError, pgp.sign, data, ADDRESS, OpenPGPKey)
def test_do_not_throw_error_for_empty_key_dict(self): pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) rf = RandomRefreshPublicKey(pgp, self._key_manager()) pgp.get_all_keys = Mock(return_value=defer.succeed([])) random_address = yield rf._get_random_key() self.assertTrue(random_address is None)
def test_openpgp_put_delete_key(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield self._assert_key_not_found(pgp, ADDRESS) yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) key = yield pgp.get_key(ADDRESS, private=False) yield pgp.delete_key(key) yield self._assert_key_not_found(pgp, ADDRESS)
def test_key_is_signed_by(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) old_pubkey, old_privkey = pgp.parse_key( OLD_PUB_KEY, OLD_AND_NEW_KEY_ADDRESS) new_pubkey, new_privkey = pgp.parse_key( NEW_PUB_KEY, OLD_AND_NEW_KEY_ADDRESS) self.assertTrue(new_pubkey.is_signed_by(old_pubkey))
def test_start_refreshing(self): pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) with patch.object(Logger, 'debug') as mock_logger_start: rf = RandomRefreshPublicKey(pgp, self._key_manager()) rf.start() mock_logger_start.assert_called_with(DEBUG_START_REFRESH) rf.stop() mock_logger_start.assert_called_with(DEBUG_STOP_REFRESH)
def test_verify_with_private_raises(self): data = 'data' pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) privkey = yield pgp.get_key(ADDRESS, private=True) signed = pgp.sign(data, privkey) self.assertRaises( AssertionError, pgp.verify, signed, privkey)
def test_verify_with_wrong_key_raises(self): data = 'data' pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) privkey = yield pgp.get_key(ADDRESS, private=True) signed = pgp.sign(data, privkey) yield pgp.put_raw_key(PUBLIC_KEY_2, ADDRESS_2) wrongkey = yield pgp.get_key(ADDRESS_2) self.assertFalse(pgp.verify(signed, wrongkey))
def test_sign_verify_detached_sig(self): data = 'data' pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) privkey = yield pgp.get_key(ADDRESS, private=True) signature = yield pgp.sign(data, privkey, detach=True) pubkey = yield pgp.get_key(ADDRESS, private=False) validsign = pgp.verify(data, pubkey, detached_sig=signature) self.assertTrue(validsign)
def _test_openpgp_gen_key(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield self._assert_key_not_found(pgp, '*****@*****.**') key = yield pgp.gen_key('*****@*****.**') self.assertIsInstance(key, OpenPGPKey) self.assertEqual( '*****@*****.**', key.address, 'Wrong address bound to key.') self.assertEqual( 4096, key.length, 'Wrong key length.')
def test_encrypt_sign_with_public_raises(self): data = 'data' pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) privkey = yield pgp.get_key(ADDRESS, private=True) pubkey = yield pgp.get_key(ADDRESS, private=False) self.failureResultOf( pgp.encrypt(data, privkey, sign=pubkey), AssertionError)
def test_self_repair_put_keys(self): self._insert_key_docs([datetime(2005, 1, 1), datetime(2007, 1, 1), datetime(2001, 1, 1)]) delete_doc = self._mock_delete_doc() pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) self._soledad.delete_doc = delete_doc self.assertEqual(self.count, 2)
def test_get_public_key(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield self._assert_key_not_found(pgp, ADDRESS) yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) yield self._assert_key_not_found(pgp, ADDRESS, private=True) key = yield pgp.get_key(ADDRESS, private=False) self.assertTrue(ADDRESS in key.address) self.assertFalse(key.private) self.assertEqual(KEY_FINGERPRINT, key.fingerprint) yield pgp.delete_key(key) yield self._assert_key_not_found(pgp, ADDRESS)
def test_get_random_address(self): pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) rf = RandomRefreshPublicKey(pgp, self._key_manager()) key = OpenPGPKey(address='*****@*****.**') key_another = OpenPGPKey(address='*****@*****.**') pgp.get_all_keys = Mock(return_value=defer.succeed([key, key_another])) random_key = yield rf._get_random_key() self.assertTrue(random_key.address == key.address or random_key.address == key_another.address)
def test_openpgp_put_ascii_key(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield self._assert_key_not_found(pgp, ADDRESS) yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) key = yield pgp.get_key(ADDRESS, private=False) self.assertIsInstance(key, OpenPGPKey) self.assertTrue( ADDRESS in key.address, 'Wrong address bound to key.') self.assertEqual( 4096, key.length, 'Wrong key length.') yield pgp.delete_key(key) yield self._assert_key_not_found(pgp, ADDRESS)
def test_self_repair_three_keys(self): refreshed_keep = datetime(2007, 1, 1) self._insert_key_docs([datetime(2005, 1, 1), refreshed_keep, datetime(2001, 1, 1)]) delete_doc = self._mock_delete_doc() pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) key = yield pgp.get_key(ADDRESS, private=False) self.assertEqual(key.refreshed_at, refreshed_keep) self.assertEqual(self.count, 2) self._soledad.delete_doc = delete_doc
def test_key_expired_will_be_deactivatet(self): pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) km = self._key_manager() rf = RandomRefreshPublicKey(pgp, km) key = OpenPGPKey(address='*****@*****.**', expiry_date=datetime.now()) self.assertTrue(key.address is '*****@*****.**') pgp.unactivate_key = Mock(return_value=defer.succeed(None)) yield rf._maybe_unactivate_key(key) self.assertTrue(key.address is None) self.assertFalse(key.is_active())
def test_put_new_key_in_local_storage(self): pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) km = self._key_manager() rf = RandomRefreshPublicKey(pgp, km) rf._get_random_key = Mock( return_value=defer.succeed(OpenPGPKey( fingerprint=KEY_FINGERPRINT))) km._nicknym.fetch_key_with_fingerprint = Mock( return_value=defer.succeed(PUBLIC_KEY_2)) yield rf.maybe_refresh_key()
def test_decrypt_verify_with_wrong_key(self): data = 'data' pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) privkey = yield pgp.get_key(ADDRESS, private=True) pubkey = yield pgp.get_key(ADDRESS, private=False) encrypted_and_signed = yield pgp.encrypt(data, pubkey, sign=privkey) yield pgp.put_raw_key(PUBLIC_KEY_2, ADDRESS_2) wrongkey = yield pgp.get_key(ADDRESS_2) decrypted, validsign = yield pgp.decrypt(encrypted_and_signed, privkey, verify=wrongkey) self.assertEqual(decrypted, data) self.assertFalse(validsign)
def test_log_error_if_fetch_by_fingerprint_returns_wrong_key(self): pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) km = self._key_manager() with patch.object(Logger, 'error') as mock_logger_error: rf = RandomRefreshPublicKey(pgp, km) rf._get_random_key = \ Mock(return_value=defer.succeed(OpenPGPKey( fingerprint=KEY_FINGERPRINT))) km._nicknym.fetch_key_with_fingerprint = \ Mock(return_value=defer.succeed(PUBLIC_KEY_2)) yield rf.maybe_refresh_key() mock_logger_error.assert_called_with( ERROR_UNEQUAL_FINGERPRINTS % (KEY_FINGERPRINT, KEY_FINGERPRINT_2))
def test_encrypt_sign_decrypt_verify(self): pgp = openpgp.OpenPGPScheme( self._soledad, gpgbinary=self.gpg_binary_path) yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) pubkey = yield pgp.get_key(ADDRESS, private=False) privkey = yield pgp.get_key(ADDRESS, private=True) yield pgp.put_raw_key(PRIVATE_KEY_2, ADDRESS_2) pubkey2 = yield pgp.get_key(ADDRESS_2, private=False) privkey2 = yield pgp.get_key(ADDRESS_2, private=True) data = 'data' encrypted_and_signed = yield pgp.encrypt( data, pubkey2, sign=privkey) res, validsign = yield pgp.decrypt( encrypted_and_signed, privkey2, verify=pubkey) self.assertEqual(data, res) self.assertTrue(validsign)
def test_random_interval_is_set_properly(self): pgp = openpgp.OpenPGPScheme(self._soledad, gpgbinary=self.gpg_binary_path) rf = RandomRefreshPublicKey(pgp, self._key_manager()) self.assertTrue(rf._loop.interval >= MIN_RANDOM_INTERVAL_RANGE)