def test_message_sign(self):
"""
Test if message is signed with sender key.
"""
# mock the key fetching
self.km._fetch_keys_from_server = Mock(
return_value=fail(errors.KeyNotFound()))
recipient = User('*****@*****.**',
'gateway.leap.se', self.proto, ADDRESS)
self.outgoing_mail = OutgoingMail(
self.fromAddr, self.km, self.opts.cert, self.opts.key,
self.opts.hostname, self.opts.port)
def check_signed(res):
message, _ = res
self.assertTrue('Content-Type' in message)
self.assertEqual('multipart/signed', message.get_content_type())
self.assertEqual('application/pgp-signature',
message.get_param('protocol'))
self.assertEqual('pgp-sha512', message.get_param('micalg'))
# assert content of message
body = (message.get_payload(0)
.get_payload(0)
.get_payload(decode=True))
self.assertEqual(self.expected_body,
body)
# assert content of signature
self.assertTrue(
message.get_payload(1).get_payload().startswith(
'-----BEGIN PGP SIGNATURE-----\n'),
'Message does not start with signature header.')
self.assertTrue(
message.get_payload(1).get_payload().endswith(
'-----END PGP SIGNATURE-----\n'),
'Message does not end with signature footer.')
return message
def verify(message):
# replace EOL before verifying (according to rfc3156)
fp = StringIO()
g = RFC3156CompliantGenerator(
fp, mangle_from_=False, maxheaderlen=76)
g.flatten(message.get_payload(0))
signed_text = re.sub('\r?\n', '\r\n',
fp.getvalue())
def assert_verify(key):
self.assertTrue(ADDRESS_2 in key.address,
'Signature could not be verified.')
d = self.km.verify(
signed_text, ADDRESS_2,
detached_sig=message.get_payload(1).get_payload())
d.addCallback(assert_verify)
return d
d = self.outgoing_mail._maybe_encrypt_and_sign(self.raw, recipient)
d.addCallback(check_signed)
d.addCallback(verify)
return d
def test_message_sign(self):
"""
Test if message is signed with sender key.
"""
# mock the key fetching
self._km.fetch_keys_from_server = Mock(return_value=[])
proto = SMTPFactory(
self._km, self._config).buildProtocol(('127.0.0.1', 0))
user = User('*****@*****.**', 'relay.leap.se', proto, ADDRESS)
fromAddr = Address(ADDRESS_2)
m = EncryptedMessage(fromAddr, user, self._km, self._config)
for line in self.EMAIL_DATA[4:12]:
m.lineReceived(line)
# trigger signing
m.eomReceived()
# assert content of message
self.assertTrue(
m._message.get_payload().startswith(
'-----BEGIN PGP SIGNED MESSAGE-----\n' +
'Hash: SHA1\n\n' +
('\r\n'.join(self.EMAIL_DATA[9:12]) + '\r\n' +
'-----BEGIN PGP SIGNATURE-----\n')),
'Message does not start with signature header.')
self.assertTrue(
m._message.get_payload().endswith(
'-----END PGP SIGNATURE-----\n'),
'Message does not end with signature footer.')
# assert signature is valid
pubkey = self._km.get_key(ADDRESS_2, openpgp.OpenPGPKey)
self.assertTrue(
openpgp.verify(m._message.get_payload(), pubkey),
'Signature could not be verified.')
def test_message_sign(self):
"""
Test if message is signed with sender key.
"""
# mock the key fetching
self._km.fetch_keys_from_server = Mock(return_value=[])
proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['host'], self._config['port'],
self._config['cert'], self._config['key'],
self._config['encrypted_only']).buildProtocol(
('127.0.0.1', 0))
user = User('*****@*****.**', 'gateway.leap.se', proto,
ADDRESS)
fromAddr = Address(ADDRESS_2)
m = EncryptedMessage(fromAddr, user, self._km, self._config['host'],
self._config['port'], self._config['cert'],
self._config['key'])
for line in self.EMAIL_DATA[4:12]:
m.lineReceived(line)
# trigger signing
#m.eomReceived() # this includes a defer, so we avoid calling it here
m.lines.append('') # add a trailing newline
# we need to call the following explicitelly because it was deferred
# inside the previous method
m._maybe_encrypt_and_sign()
# assert structure of signed message
self.assertTrue('Content-Type' in m._msg)
self.assertEqual('multipart/signed', m._msg.get_content_type())
self.assertEqual('application/pgp-signature',
m._msg.get_param('protocol'))
self.assertEqual('pgp-sha512', m._msg.get_param('micalg'))
# assert content of message
self.assertEqual(
'\r\n'.join(self.EMAIL_DATA[9:13]) + '\r\n--\r\n' +
'I prefer encrypted email - https://leap.se/key/anotheruser\r\n',
m._msg.get_payload(0).get_payload(decode=True))
# assert content of signature
self.assertTrue(
m._msg.get_payload(1).get_payload().startswith(
'-----BEGIN PGP SIGNATURE-----\n'),
'Message does not start with signature header.')
self.assertTrue(
m._msg.get_payload(1).get_payload().endswith(
'-----END PGP SIGNATURE-----\n'),
'Message does not end with signature footer.')
# assert signature is valid
pubkey = self._km.get_key(ADDRESS_2, openpgp.OpenPGPKey)
# replace EOL before verifying (according to rfc3156)
signed_text = re.sub('\r?\n', '\r\n',
m._msg.get_payload(0).as_string())
self.assertTrue(
self._km.verify(signed_text,
pubkey,
detached_sig=m._msg.get_payload(1).get_payload()),
'Signature could not be verified.')
def init_outgoing_and_proto(_):
self.outgoing_mail = OutgoingMail(self.fromAddr, self._km,
self._config['cert'],
self._config['key'],
self._config['host'],
self._config['port'])
self.proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['encrypted_only'],
self.outgoing_mail).buildProtocol(
('127.0.0.1', 0))
self.dest = User(ADDRESS, 'gateway.leap.se', self.proto, ADDRESS_2)
def init_outgoing_and_proto(_):
self.outgoing_mail = OutgoingMail(
self.fromAddr, self.km, opts.cert,
opts.key, opts.hostname, opts.port)
user = TEST_USER
# TODO -- this shouldn't need SMTP to be tested!? or does it?
self.proto = getSMTPFactory(
{user: None}, {user: self.km}, {user: None})
self.dest = User(ADDRESS, 'gateway.leap.se', self.proto, ADDRESS_2)
def test_attach_key_not_known(self):
address = "*****@*****.**"
lines = self.lines
lines[1] = "To: <%s>" % (address, )
raw = '\r\n'.join(lines)
dest = User(address, 'gateway.leap.se', self.proto, ADDRESS_2)
d = self.outgoing_mail._maybe_encrypt_and_sign(raw, dest)
d.addCallback(lambda
(message, _): self._check_headers(message, lines[:4]))
d.addCallback(self._check_key_attachment)
return d
def _createUser(self, username, domain, ipaddress):
"""Create a ``twisted.mail.smtp.User`` for testing.
:param str username: The local part of the client's email address.
:param str domain: The host part of the client's email address.
:param str ipaddress: The IP address of the client's mail server.
"""
self.helo = (domain, ipaddress)
self._createProtocolWithHost(domain)
self.origin = Address(b'@'.join((
username,
domain,
)))
self.user = User(username, self.helo, self.proto, self.origin)
def test_attach_key_not_known(self):
unknown_address = "*****@*****.**"
lines = deepcopy(self.lines)
lines[1] = "To: <%s>" % (unknown_address, )
raw = '\r\n'.join(lines)
dest = User(unknown_address, 'gateway.leap.se', self.proto, ADDRESS_2)
d = self.outgoing._maybe_encrypt_and_sign(raw,
dest,
fetch_remote=False)
d.addCallback(lambda
(message, _): self._check_headers(message, lines[:4]))
d.addCallback(self._check_key_attachment)
d.addErrback(log.err)
return d
def test_message_encrypt_sign(self):
"""
Test if message gets encrypted to destination email and signed with
sender key.
"""
proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['host'], self._config['port'],
self._config['cert'], self._config['key'],
self._config['encrypted_only']).buildProtocol(
('127.0.0.1', 0))
user = User(ADDRESS, 'gateway.leap.se', proto, ADDRESS)
fromAddr = Address(ADDRESS_2)
m = EncryptedMessage(fromAddr, user, self._km, self._config['host'],
self._config['port'], self._config['cert'],
self._config['key'])
for line in self.EMAIL_DATA[4:12]:
m.lineReceived(line)
# trigger encryption and signing
#m.eomReceived() # this includes a defer, so we avoid calling it here
m.lines.append('') # add a trailing newline
# we need to call the following explicitelly because it was deferred
# inside the previous method
m._maybe_encrypt_and_sign()
# assert structure of encrypted message
self.assertTrue('Content-Type' in m._msg)
self.assertEqual('multipart/encrypted', m._msg.get_content_type())
self.assertEqual('application/pgp-encrypted',
m._msg.get_param('protocol'))
self.assertEqual(2, len(m._msg.get_payload()))
self.assertEqual('application/pgp-encrypted',
m._msg.get_payload(0).get_content_type())
self.assertEqual('application/octet-stream',
m._msg.get_payload(1).get_content_type())
# decrypt and verify
privkey = self._km.get_key(ADDRESS, openpgp.OpenPGPKey, private=True)
pubkey = self._km.get_key(ADDRESS_2, openpgp.OpenPGPKey)
decrypted = self._km.decrypt(m._msg.get_payload(1).get_payload(),
privkey,
verify=pubkey)
self.assertEqual(
'\n' + '\r\n'.join(self.EMAIL_DATA[9:12]) + '\r\n\r\n--\r\n' +
'I prefer encrypted email - https://leap.se/key/anotheruser\r\n',
decrypted, 'Decrypted text differs from plaintext.')
def test_message_encrypt(self):
"""
Test if message gets encrypted to destination email.
"""
proto = SMTPFactory(
self._km, self._config).buildProtocol(('127.0.0.1', 0))
fromAddr = Address(ADDRESS_2)
dest = User(ADDRESS, 'relay.leap.se', proto, ADDRESS)
m = EncryptedMessage(fromAddr, dest, self._km, self._config)
for line in self.EMAIL_DATA[4:12]:
m.lineReceived(line)
m.eomReceived()
privkey = self._km.get_key(
ADDRESS, openpgp.OpenPGPKey, private=True)
decrypted = openpgp.decrypt_asym(m._message.get_payload(), privkey)
self.assertEqual(
'\r\n'.join(self.EMAIL_DATA[9:12]) + '\r\n',
decrypted,
'Decrypted text differs from plaintext.')
def test_message_encrypt_sign(self):
"""
Test if message gets encrypted to destination email and signed with
sender key.
"""
proto = SMTPFactory(
self._km, self._config).buildProtocol(('127.0.0.1', 0))
user = User(ADDRESS, 'relay.leap.se', proto, ADDRESS)
fromAddr = Address(ADDRESS_2)
m = EncryptedMessage(fromAddr, user, self._km, self._config)
for line in self.EMAIL_DATA[4:12]:
m.lineReceived(line)
# trigger encryption and signing
m.eomReceived()
# decrypt and verify
privkey = self._km.get_key(
ADDRESS, openpgp.OpenPGPKey, private=True)
pubkey = self._km.get_key(ADDRESS_2, openpgp.OpenPGPKey)
decrypted = openpgp.decrypt_asym(
m._message.get_payload(), privkey, verify=pubkey)
self.assertEqual(
'\r\n'.join(self.EMAIL_DATA[9:12]) + '\r\n',
decrypted,
'Decrypted text differs from plaintext.')
def _create_twisted_smtp_recipient(self, recipient):
# TODO: Better is fix Twisted instead
recipient = self._remove_canonical_recipient(recipient)
return User(str(recipient), NOT_NEEDED, NOT_NEEDED, NOT_NEEDED)
def _create_twisted_smtp_recipient(self, recipient):
# TODO: Better is fix Twisted instead
return User(str(recipient), NOT_NEEDED, NOT_NEEDED, NOT_NEEDED)
def _create_twisted_smtp_recipient(self, recipient):
return User(str(recipient), NOT_NEEDED, NOT_NEEDED, NOT_NEEDED)
