def test_sign_key_exportable(context, exportable): gpg_home2 = os.path.join(context.config['gpg_home'], "two") context.config['gpg_home'] = os.path.join(context.config['gpg_home'], "one") gpg = sgpg.GPG(context) gpg2 = sgpg.GPG(context, gpg_home=gpg_home2) my_fingerprint = KEYS_AND_FINGERPRINTS[0][1] my_keyid = KEYS_AND_FINGERPRINTS[0][0] # import my keys for suffix in (".sec", ".pub"): with open("{}{}".format(KEYS_AND_FINGERPRINTS[0][2], suffix), "r") as fh: contents = fh.read() sgpg.import_key(gpg, contents) # create gpg.conf's sgpg.create_gpg_conf(context.config['gpg_home'], my_fingerprint=my_fingerprint) sgpg.create_gpg_conf(gpg_home2, my_fingerprint=my_fingerprint) sgpg.check_ownertrust(context) sgpg.check_ownertrust(context, gpg_home=gpg_home2) # generate a new key fingerprint = sgpg.generate_key(gpg, "one", "one", "one", key_length=GENERATE_KEY_SMALLER_KEY_SIZE) # sign it, exportable signature is `exportable` sgpg.sign_key(context, fingerprint, signing_key=my_fingerprint, exportable=exportable) # export my privkey and import it in gpg_home2 priv_key = sgpg.export_key(gpg, my_fingerprint, private=True) sgpg.import_key(gpg2, priv_key) # export both pubkeys and import in gpg_home2 for fp in (my_fingerprint, fingerprint): pub_key = sgpg.export_key(gpg, fp) sgpg.import_key(gpg2, pub_key) # check sigs on `fingerprint` key. If exportable, we're good. If not exportable, # it'll throw expected = {'sig_keyids': [my_keyid]} if exportable: sgpg.get_list_sigs_output(context, fingerprint, gpg_home=gpg_home2, expected=expected) else: with pytest.raises(ScriptWorkerGPGException): sgpg.get_list_sigs_output(context, fingerprint, gpg_home=gpg_home2, expected=expected)
def test_sign_key(context): """This test calls get_list_sigs_output in several different ways. Each is valid; the main thing is more code coverage. tru:o:1:1472876459:1:3:1:5 pub:u:4096:1:EA608995918B2DF9:1472876455:::u:::escaESCA: fpr:::::::::A9F598A3179551CC664C15DEEA608995918B2DF9: uid:u::::1472876455::6477C0BAC30FB3E244C8F1907D78C6B243AFD516::two (two) <two>: sig:::1:EA608995918B2DF9:1472876455::::two (two) <two>:13x:::::8: sig:::1:9633F5F38B9BD3C5:1472876459::::one (one) <one>:10l:::::8: tru::1:1472876460:0:3:1:5 pub:u:4096:1:BC76BF8F77D1B3F5:1472876457:::u:::escaESCA: fpr:::::::::7CFAD9E699D8559F1D3A50CCBC76BF8F77D1B3F5: uid:u::::1472876457::91AC286E48FDA7378B86F63FA6DDC2A46B54808F::three (three) <three>: sig:::1:BC76BF8F77D1B3F5:1472876457::::three (three) <three>:13x:::::8: """ gpg = sgpg.GPG(context) # create my key, get fingerprint + keyid my_fingerprint = sgpg.generate_key( gpg, "one", "one", "one", key_length=GENERATE_KEY_SMALLER_KEY_SIZE) my_keyid = sgpg.fingerprint_to_keyid(gpg, my_fingerprint) # create signed key, get fingerprint + keyid signed_fingerprint = sgpg.generate_key( gpg, "two", "two", "two", key_length=GENERATE_KEY_SMALLER_KEY_SIZE) signed_keyid = sgpg.fingerprint_to_keyid(gpg, signed_fingerprint) # create unsigned key, get fingerprint + keyid unsigned_fingerprint = sgpg.generate_key( gpg, "three", "three", "three", key_length=GENERATE_KEY_SMALLER_KEY_SIZE) unsigned_keyid = sgpg.fingerprint_to_keyid(gpg, unsigned_fingerprint) # update gpg configs, sign signed key sgpg.create_gpg_conf(context.config['gpg_home'], my_fingerprint=my_fingerprint) sgpg.check_ownertrust(context) sgpg.sign_key(context, signed_fingerprint) # signed key get_list_sigs_output signed_output = sgpg.get_list_sigs_output(context, signed_fingerprint) # unsigned key get_list_sigs_output # Call get_list_sigs_output with validate=False, then parse it, for more code coverage unsigned_output1 = sgpg.get_list_sigs_output(context, unsigned_fingerprint, validate=False) unsigned_output = sgpg.parse_list_sigs_output(unsigned_output1, "unsigned") # signed key has my signature + self-signed assert sorted([signed_keyid, my_keyid]) == sorted(signed_output['sig_keyids']) assert ["one (one) <one>", "two (two) <two>"] == sorted(signed_output['sig_uids']) # unsigned key is only self-signed assert [unsigned_keyid] == unsigned_output['sig_keyids'] assert ["three (three) <three>"] == unsigned_output['sig_uids'] # sign the unsigned key and test sgpg.sign_key(context, unsigned_fingerprint, signing_key=signed_fingerprint) # Call get_list_sigs_output with expected, for more code coverage new_output = sgpg.get_list_sigs_output( context, unsigned_fingerprint, expected={ "keyid": unsigned_keyid, "fingerprint": unsigned_fingerprint, "uid": "three (three) <three>", "sig_keyids": [signed_keyid, unsigned_keyid], "sig_uids": ["three (three) <three>", "two (two) <two>"] }) # sig_uids goes unchecked; sig_keyids only checks that it's a subset. # let's do another check. assert ["three (three) <three>", "two (two) <two>"] == sorted(new_output['sig_uids'])