def test_parse_git_tag_unknown_pubkey(self):
import os
from unittest.mock import patch
import git
repo = git.Repo(my_repo)
tagref = repo.tag('refs/tags/test_tag')
tag = tagref.tag
self.assertEqual(tag.hexsha, '0abf209dbf4c30370c1e2c7625f75a2aa0f0c9db')
self.assertEqual(tagref.commit.hexsha, '76b8bf7312770a488eaeab4424d080dea3272435')
bytes_sink = io.BytesIO()
tag.stream_data(bytes_sink)
tag_bytes = bytes_sink.getvalue()
tag_csig = crypto.pgp_split_sig(tag_bytes)
env = os.environ.copy()
env.pop('GNUPGHOME', None)
with patch.dict('os.environ', # @UndefinedVariable
env, clear=True): # Exclude any test-user's keys.
gpg_spec = crypto.GpgSpec(config=self.cfg)
ver = gpg_spec.verify_detached(tag_csig['sigarmor'], tag_csig['msg'])
verdict = vars(ver)
pp(verdict)
self.assertDictContainsSubset(
{
'valid': False,
'status': 'no public key',
'key_id': 'FFBEC4A18C008403',
'key_status': None,
'timestamp': '1485272444',
},
verdict)
def test_clearsign_verify(self):
msg = 'Hi there'
gpg_spec = crypto.GpgSpec(config=self.cfg)
signed = gpg_spec.clearsign_text(msg)
self.assertIsInstance(signed, str)
verified = gpg_spec.verify_clearsigned(signed)
print('\n'.join('%s = %s' % (k, v) for k, v in vars(verified).items()))
self.assertTrue(verified.valid)
import time
time.sleep(1) # Timestamp is the only differene.
signed2 = gpg_spec.clearsign_text(msg)
self.assertIsInstance(signed2, str)
self.assertNotEqual(signed, signed2)
verified2 = gpg_spec.verify_clearsigned(signed2)
print('\n'.join('%s = %s' % (k, v) for k, v in vars(verified2).items()))
self.assertEqual(verified.fingerprint, verified2.fingerprint)
self.assertNotEqual(verified.signature_id, verified2.signature_id)
## Check parsing.
#
csig = crypto.pgp_split_clearsigned(signed2)
self.assertIsInstance(csig, dict)
self.assertEqual(csig['msg'], msg)
self.assertIsNotNone(csig['sigarmor'])
def cryptos(traitcfg):
crypto.GpgSpec(config=traitcfg)
## Clean memories from past tests
#
crypto.StamperAuthSpec.clear_instance() # @UndefinedVariable
crypto.GitAuthSpec.clear_instance() # @UndefinedVariable
crypto.VaultSpec.clear_instance() # @UndefinedVariable
def test_GPG_EXECUTABLE(self):
from unittest.mock import patch
with patch.dict('os.environ', # @UndefinedVariable
{'GNUPGEXE': '/bad_path'}):
with self.assertRaisesRegex(
OSError,
r"Unable to run gpg \(/bad_path\) - it may not be available."):
crypto.GpgSpec().GPG
cfg = trtc.Config()
cfg.GpgSpec.gnupgexe = 'gpg'
with self.assertRaisesRegex(
OSError,
"Unable to run gpg \(/bad_path\) - it may not be available."):
crypto.GpgSpec(config=cfg).GPG
crypto.GpgSpec().GPG # Ok.
def setUpClass(cls):
cls.cfg = c = trtc.Config()
c.GpgSpec.gnupghome = tempfile.mkdtemp(prefix='gpghome-')
c.GpgSpec.keys_to_import = test_pgp_keys
c.GpgSpec.trust_to_import = test_pgp_trust
c.GpgSpec.master_key = test_pgp_fingerprint
c.GpgSpec.allow_test_key = True
crypto.GpgSpec(config=c)
## Clean memories from past tests
#
crypto.StamperAuthSpec.clear_instance() # @UndefinedVariable
crypto.GitAuthSpec.clear_instance() # @UndefinedVariable
crypto.VaultSpec.clear_instance() # @UndefinedVariable
def setUpClass(cls):
cls.cfg = cfg = trtc.Config()
cfg.GpgSpec.gnupghome = tempfile.mkdtemp(prefix='gpghome-')
cfg.GpgSpec.keys_to_import = [test_pgp_key]
cfg.GpgSpec.trust_to_import = test_pgp_trust
gpg_spec = crypto.GpgSpec(config=cfg)
## Clean memories from past tests
#
crypto.StamperAuthSpec.clear_instance() # @UndefinedVariable
crypto.GitAuthSpec.clear_instance() # @UndefinedVariable
crypto.VaultSpec.clear_instance() # @UndefinedVariable
key = gpg_gen_key(
gpg_spec.GPG,
key_length=1024,
name_real='test user',
name_email='*****@*****.**')
cfg.GpgSpec.master_key = key.fingerprint
def setUpClass(cls):
cls.cfg = c = trtc.get_config()
c.GpgSpec.gnupghome = tempfile.mkdtemp(prefix='gpghome-')
c.GpgSpec.keys_to_import = test_pgp_keys
c.GpgSpec.trust_to_import = test_pgp_trust
c.GpgSpec.master_key = test_pgp_fingerprint
c.GpgSpec.allow_test_key = True
c.DiceSpec.user_name = "Test Vase"
c.DiceSpec.user_email = "*****@*****.**"
crypto.GpgSpec(config=c)
## Clean memories from past tests
#
crypto.StamperAuthSpec.clear_instance() # @UndefinedVariable
crypto.GitAuthSpec.clear_instance() # @UndefinedVariable
crypto.VaultSpec.clear_instance() # @UndefinedVariable
cls._project_repo = tempfile.TemporaryDirectory()
log.debug('Temp-repo: %s', cls._project_repo)
def test_parse_git_tag_ok(self):
import git
repo = git.Repo(my_repo)
tagref = repo.tag('refs/tags/tests/signed_by_CBBB52FF')
tag = tagref.tag
self.assertEqual(tag.hexsha, '1e28f8ffc717f407ff38d93d4cbad4e7a280d063')
self.assertEqual(tagref.commit.hexsha, '3334bcde283480883f2fb209efcf84ae24da8335')
bytes_sink = io.BytesIO()
tag.stream_data(bytes_sink)
tag_bytes = bytes_sink.getvalue()
self.assertEqual(tag_bytes, _signed_tag)
csig = crypto.pgp_split_sig(tag_bytes)
self.assertEqual(csig['msg'], _splitted_signed_tag[0])
self.assertEqual(csig['sigarmor'], _splitted_signed_tag[1])
gpg_spec = crypto.GpgSpec(config=self.cfg)
ver = gpg_spec.verify_detached(csig['sigarmor'], csig['msg'])
pp(vars(ver))
self.assertTrue(ver)
def test_GPGHOME(self):
from unittest.mock import patch
env_val = 'env_path'
cfg_val = 'cfg_path'
cfg = trtc.Config()
cfg.GpgSpec.gnupghome = cfg_val
with patch.dict('os.environ', # @UndefinedVariable
{'GNUPGHOME': env_val}):
self.assertEqual(crypto.GpgSpec().gnupghome, env_val)
self.assertEqual(crypto.GpgSpec().gnupghome_resolved, env_val)
cfg.GpgSpec.gnupghome = cfg_val
self.assertEqual(crypto.GpgSpec(config=cfg).gnupghome,
env_val)
self.assertEqual(crypto.GpgSpec(config=cfg).gnupghome_resolved,
env_val)
with patch.dict('os.environ', # @UndefinedVariable
clear=True):
self.assertEqual(crypto.GpgSpec(config=cfg).gnupghome, cfg_val)
self.assertEqual(crypto.GpgSpec(config=cfg).gnupghome_resolved, cfg_val)
def tearDownClass(cls):
gpg_spec = crypto.GpgSpec(config=cls.cfg)
assert gpg_spec.gnupghome
shutil.rmtree(gpg_spec.gnupghome)