def test_missing_key_rejects_address(self):
"""
Test if server rejects to send unencrypted when 'encrypted_only' is
True.
"""
# remove key from key manager
pubkey = yield self._km.get_key(ADDRESS, openpgp.OpenPGPKey)
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.GPG_BINARY_PATH)
yield pgp.delete_key(pubkey)
# mock the key fetching
self._km._fetch_keys_from_server = Mock(
return_value=fail(errors.KeyNotFound()))
# prepare the SMTP factory
proto = SMTPFactory(u'*****@*****.**',
self._km,
self._config['encrypted_only'],
outgoing_mail=Mock()).buildProtocol(
('127.0.0.1', 0))
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
yield self.getReply(self.EMAIL_DATA[0] + '\r\n', proto, transport)
yield self.getReply(self.EMAIL_DATA[1] + '\r\n', proto, transport)
reply = yield self.getReply(self.EMAIL_DATA[2] + '\r\n', proto,
transport)
# ensure the address was rejected
self.assertEqual(
'550 Cannot receive for specified address\r\n', reply,
'Address should have been rejecetd with appropriate message.')
proto.setTimeout(None)
def test_missing_key_accepts_address(self):
"""
Test if server accepts to send unencrypted when 'encrypted_only' is
False.
"""
# remove key from key manager
pubkey = self._km.get_key(ADDRESS, openpgp.OpenPGPKey)
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.GPG_BINARY_PATH)
pgp.delete_key(pubkey)
# mock the key fetching
self._km.fetch_keys_from_server = Mock(return_value=[])
# prepare the SMTP factory with encrypted only equal to false
proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['host'], self._config['port'],
self._config['cert'], self._config['key'],
False).buildProtocol(('127.0.0.1', 0))
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
proto.lineReceived(self.EMAIL_DATA[0] + '\r\n')
proto.lineReceived(self.EMAIL_DATA[1] + '\r\n')
proto.lineReceived(self.EMAIL_DATA[2] + '\r\n')
# ensure the address was accepted
lines = transport.value().rstrip().split('\n')
self.assertEqual(
'250 Recipient address accepted', lines[-1],
'Address should have been accepted with appropriate message.')
def test_openpgp_encrypt_decrypt(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
# encrypt
yield pgp.put_ascii_key(PUBLIC_KEY, ADDRESS)
pubkey = yield pgp.get_key(ADDRESS, private=False)
cyphertext = pgp.encrypt(data, pubkey)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != data)
self.assertTrue(pgp.is_encrypted(cyphertext))
self.assertTrue(pgp.is_encrypted(cyphertext))
# decrypt
yield self._assert_key_not_found(pgp, ADDRESS, private=True)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
decrypted, _ = pgp.decrypt(cyphertext, privkey)
self.assertEqual(decrypted, data)
yield pgp.delete_key(pubkey)
yield pgp.delete_key(privkey)
yield self._assert_key_not_found(pgp, ADDRESS, private=False)
yield self._assert_key_not_found(pgp, ADDRESS, private=True)
def test_openpgp_put_delete_key(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, ADDRESS)
yield pgp.put_ascii_key(PUBLIC_KEY, ADDRESS)
key = yield pgp.get_key(ADDRESS, private=False)
yield pgp.delete_key(key)
yield self._assert_key_not_found(pgp, ADDRESS)
def test_verify_with_private_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
signed = pgp.sign(data, privkey)
self.assertRaises(AssertionError, pgp.verify, signed, privkey)
def _test_openpgp_gen_key(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, '*****@*****.**')
key = yield pgp.gen_key('*****@*****.**')
self.assertIsInstance(key, openpgp.OpenPGPKey)
self.assertEqual(['*****@*****.**'], key.address,
'Wrong address bound to key.')
self.assertEqual(4096, key.length, 'Wrong key length.')
def test_sign_verify_detached_sig(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
signature = yield pgp.sign(data, privkey, detach=True)
pubkey = yield pgp.get_key(ADDRESS, private=False)
validsign = pgp.verify(data, pubkey, detached_sig=signature)
self.assertTrue(validsign)
def test_verify_with_wrong_key_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
signed = pgp.sign(data, privkey)
yield pgp.put_ascii_key(PUBLIC_KEY_2, ADDRESS_2)
wrongkey = yield pgp.get_key(ADDRESS_2)
self.assertFalse(pgp.verify(signed, wrongkey))
def test_openpgp_put_ascii_key(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, ADDRESS)
yield pgp.put_ascii_key(PUBLIC_KEY, ADDRESS)
key = yield pgp.get_key(ADDRESS, private=False)
self.assertIsInstance(key, openpgp.OpenPGPKey)
self.assertTrue(ADDRESS in key.address, 'Wrong address bound to key.')
self.assertEqual(4096, key.length, 'Wrong key length.')
yield pgp.delete_key(key)
yield self._assert_key_not_found(pgp, ADDRESS)
def test_get_public_key(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield self._assert_key_not_found(pgp, ADDRESS)
yield pgp.put_ascii_key(PUBLIC_KEY, ADDRESS)
yield self._assert_key_not_found(pgp, ADDRESS, private=True)
key = yield pgp.get_key(ADDRESS, private=False)
self.assertTrue(ADDRESS in key.address)
self.assertFalse(key.private)
self.assertEqual(KEY_FINGERPRINT, key.fingerprint)
yield pgp.delete_key(key)
yield self._assert_key_not_found(pgp, ADDRESS)
def test_encrypt_sign_with_public_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
pubkey = yield pgp.get_key(ADDRESS, private=False)
self.assertRaises(AssertionError,
pgp.encrypt,
data,
privkey,
sign=pubkey)
def test_decrypt_verify_with_private_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
pubkey = yield pgp.get_key(ADDRESS, private=False)
encrypted_and_signed = pgp.encrypt(data, pubkey, sign=privkey)
self.assertRaises(AssertionError,
pgp.decrypt,
encrypted_and_signed,
privkey,
verify=privkey)
def test_decrypt_verify_with_wrong_key(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
privkey = yield pgp.get_key(ADDRESS, private=True)
pubkey = yield pgp.get_key(ADDRESS, private=False)
encrypted_and_signed = pgp.encrypt(data, pubkey, sign=privkey)
yield pgp.put_ascii_key(PUBLIC_KEY_2, ADDRESS_2)
wrongkey = yield pgp.get_key(ADDRESS_2)
decrypted, validsign = pgp.decrypt(encrypted_and_signed,
privkey,
verify=wrongkey)
self.assertEqual(decrypted, data)
self.assertFalse(validsign)
def test_encrypt_sign_decrypt_verify(self):
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PRIVATE_KEY, ADDRESS)
pubkey = yield pgp.get_key(ADDRESS, private=False)
privkey = yield pgp.get_key(ADDRESS, private=True)
yield pgp.put_ascii_key(PRIVATE_KEY_2, ADDRESS_2)
pubkey2 = yield pgp.get_key(ADDRESS_2, private=False)
privkey2 = yield pgp.get_key(ADDRESS_2, private=True)
data = 'data'
encrypted_and_signed = pgp.encrypt(data, pubkey2, sign=privkey)
res, validsign = pgp.decrypt(encrypted_and_signed,
privkey2,
verify=pubkey)
self.assertEqual(data, res)
self.assertTrue(validsign)
def _keymanager_instance(self, address):
"""
Return a Key Manager instance for tests.
"""
self._config = {
'host': 'http://provider/',
'port': 25,
'username': address,
'password': '******',
'encrypted_only': True,
'cert': u'src/leap/mail/smtp/tests/cert/server.crt',
'key': u'src/leap/mail/smtp/tests/cert/server.key',
}
class Response(object):
status_code = 200
headers = {'content-type': 'application/json'}
def json(self):
return {'address': ADDRESS_2, 'openpgp': PUBLIC_KEY_2}
def raise_for_status(self):
pass
nickserver_url = '' # the url of the nickserver
km = KeyManager(address,
nickserver_url,
self._soledad,
ca_cert_path='',
gpgbinary=self.GPG_BINARY_PATH)
km._fetcher.put = Mock()
km._fetcher.get = Mock(return_value=Response())
# insert test keys in key manager.
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.GPG_BINARY_PATH)
pgp.put_ascii_key(PRIVATE_KEY)
pgp.put_ascii_key(PRIVATE_KEY_2)
return km
def test_sign_with_public_raises(self):
data = 'data'
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.gpg_binary_path)
yield pgp.put_ascii_key(PUBLIC_KEY, ADDRESS)
self.assertRaises(AssertionError, pgp.sign, data, ADDRESS, OpenPGPKey)