def test_parse_pubkey_bundle_errors(self):
"""Test parse_pubkey_bundle errors with manually crafted data partially
based on real gpg key data (see self.raw_key_bundle). """
# Extract sample (legitimate) user ID packet and pass as first packet to
# raise first packet must be primary key error
user_id_packet = list(self.raw_key_bundle[PACKET_TYPE_USER_ID].keys())[0]
# Extract sample (legitimate) primary key packet and pass as first two
# packets to raise unexpected second primary key error
primary_key_packet = self.raw_key_bundle[PACKET_TYPE_PRIMARY_KEY]["packet"]
# Create incomplete packet to re-raise header parsing IndexError as
# PacketParsingError
incomplete_packet = bytearray([0b01111111])
# passed data | expected error message
test_data = [
(None, "empty gpg data"),
(user_id_packet, "must be a primary key"),
(primary_key_packet + primary_key_packet, "Unexpected primary key"),
(incomplete_packet, "index out of range")
]
for data, error_str in test_data:
with self.assertRaises(PacketParsingError) as ctx:
parse_pubkey_bundle(data)
self.assertTrue(error_str in str(ctx.exception))
# Create empty packet of unsupported type 66 (bit 0-5) and length 0 and
# pass as second packet to provoke skipping of unsupported packet
unsupported_packet = bytearray([0b01111111, 0])
with patch("securesystemslib.gpg.common.log") as mock_log:
parse_pubkey_bundle(primary_key_packet + unsupported_packet)
self.assertTrue("Ignoring gpg key packet '63'" in
mock_log.info.call_args[0][0])
def setUpClass(self):
gpg_keyring_path = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "gpg_keyrings", "rsa")
homearg = "--homedir {}".format(gpg_keyring_path).replace("\\", "/")
# Load test raw public key bundle from rsa keyring, used to construct
# erroneous gpg data in tests below.
keyid = "F557D0FF451DEF45372591429EA70BD13D883381"
cmd = GPG_EXPORT_PUBKEY_COMMAND.format(keyid=keyid, homearg=homearg)
proc = process.run(cmd, stdout=process.PIPE, stderr=process.PIPE)
self.raw_key_data = proc.stdout
self.raw_key_bundle = parse_pubkey_bundle(self.raw_key_data)
# Export pubkey bundle with expired key for key expiration tests
keyid = "E8AC80C924116DABB51D4B987CB07D6D2C199C7C"
cmd = GPG_EXPORT_PUBKEY_COMMAND.format(keyid=keyid, homearg=homearg)
proc = process.run(cmd, stdout=process.PIPE, stderr=process.PIPE)
self.raw_expired_key_bundle = parse_pubkey_bundle(proc.stdout)