diff options
| author | J08nY | 2017-08-03 00:50:03 +0200 |
|---|---|---|
| committer | J08nY | 2017-08-03 00:50:03 +0200 |
| commit | 5a79bd6c406816ff36e8bdbdb8e516c8e7d8f371 (patch) | |
| tree | 9e219b9f018cc4095cb80fd1301eec415da13a95 | |
| parent | e3816b52f093bbb26a379b25f27cde50bb371398 (diff) | |
| download | mailman-pgp-5a79bd6c406816ff36e8bdbdb8e516c8e7d8f371.tar.gz mailman-pgp-5a79bd6c406816ff36e8bdbdb8e516c8e7d8f371.tar.zst mailman-pgp-5a79bd6c406816ff36e8bdbdb8e516c8e7d8f371.zip | |
| -rw-r--r-- | src/mailman_pgp/commands/eml_key.py | 20 | ||||
| -rw-r--r-- | src/mailman_pgp/commands/tests/test_key.py | 66 | ||||
| -rw-r--r-- | src/mailman_pgp/utils/tests/test_pgp.py | 10 |
3 files changed, 85 insertions, 11 deletions
diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py index e38e96d..9a64fc7 100644 --- a/src/mailman_pgp/commands/eml_key.py +++ b/src/mailman_pgp/commands/eml_key.py @@ -290,34 +290,42 @@ def _cmd_revoke(pgp_list, mlist, msg, msgdata, arguments, results): key_copy = copy.copy(key) revocs = list(wrapped.revocs()) + matches = 0 for revoc in revocs: + old_matches = matches try: verified = key_copy.verify(key_copy, revoc) if verified: key_copy |= revoc + matches += 1 continue except PGPError: pass for subkey in key_copy.subkeys.values(): try: - verified = subkey.verify(subkey, revoc) + verified = key_copy.verify(subkey, revoc) if verified: subkey |= revoc + matches += 1 + break except PGPError: pass # No match? - print('Revocation found for not-found key.', file=results) + if matches == old_matches: + print('Revocation found for not-found key.', file=results) if not key_usable(key_copy, {KeyFlags.EncryptCommunications, KeyFlags.Sign}): - pass # Start reset process. + # TODO: finish this. + print('Key needs to be reset.', file=results) else: # Just update key. - with transaction(): - pgp_address.key = key_copy - print('Key succesfully updated.', file=results) + if matches > 0: + with transaction(): + pgp_address.key = key_copy + print('Key succesfully updated.', file=results) return ContinueProcessing.yes diff --git a/src/mailman_pgp/commands/tests/test_key.py b/src/mailman_pgp/commands/tests/test_key.py index ec535ec..d89c43d 100644 --- a/src/mailman_pgp/commands/tests/test_key.py +++ b/src/mailman_pgp/commands/tests/test_key.py @@ -872,6 +872,72 @@ class TestAfterSubscription(unittest.TestCase): 'Need a key which can be used to encrypt communications.', results_msg.get_payload()) + def test_revoke_resets(self): + bart = getUtility(IUserManager).create_address('bart@example.com', + 'Bart Person') + with transaction() as t: + pgp_address = PGPAddress(bart) + pgp_address.key = self.bart_key.pubkey + pgp_address.key_confirmed = True + t.add(pgp_address) + + revoc = self.bart_key.revoke(self.bart_key) + + message = _create_mixed('bart@example.com', 'test@example.com', + 'key revoke') + wrapped_message = MIMEWrapper(message) + message = wrapped_message.attach_revocs(revoc) + + mm_config.switchboards['command'].enqueue(message, + listid='test.example.com') + make_testable_runner(CommandRunner, 'command').run() + items = get_queue_messages('virgin', expected_count=1) + results_msg = items[0].msg + + self.assertIn('Key needs to be reset.', results_msg.get_payload()) + + def test_revoke_updates(self): + bart = getUtility(IUserManager).create_address('bart@example.com', + 'Bart Person') + + test_key = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 1024) + uid = PGPUID.new('Some Name', email='anne@example.org') + test_key.add_uid(uid, + usage={KeyFlags.Certify, + KeyFlags.EncryptCommunications, + KeyFlags.Sign}, + hashes=[HashAlgorithm.SHA256, + HashAlgorithm.SHA512], + ciphers=[SymmetricKeyAlgorithm.AES256], + compression=[CompressionAlgorithm.ZLIB]) + sub = PGPKey.new(PubKeyAlgorithm.ECDH, EllipticCurveOID.SECP256K1) + test_key.add_subkey(sub, usage={KeyFlags.EncryptCommunications}) + + with transaction() as t: + pgp_address = PGPAddress(bart) + pgp_address.key = test_key.pubkey + pgp_address.key_confirmed = True + t.add(pgp_address) + + revoc = test_key.revoke(sub.pubkey) + + message = _create_mixed('bart@example.com', 'test@example.com', + 'key revoke') + wrapped_message = MIMEWrapper(message) + message = wrapped_message.attach_revocs(revoc) + + mm_config.switchboards['command'].enqueue(message, + listid='test.example.com') + make_testable_runner(CommandRunner, 'command').run() + items = get_queue_messages('virgin', expected_count=1) + results_msg = items[0].msg + + self.assertIn('Key succesfully updated.', results_msg.get_payload()) + sub = next(iter(pgp_address.key.subkeys.values())) + revocs = list(sub.revocation_signatures) + self.assertEqual(len(revocs), 1) + self.assertEqual(revoc.hash2, revocs[0].hash2) + class TestGeneral(unittest.TestCase): layer = PGPConfigLayer diff --git a/src/mailman_pgp/utils/tests/test_pgp.py b/src/mailman_pgp/utils/tests/test_pgp.py index 493a0ca..b6433d4 100644 --- a/src/mailman_pgp/utils/tests/test_pgp.py +++ b/src/mailman_pgp/utils/tests/test_pgp.py @@ -22,13 +22,13 @@ from unittest import TestCase from parameterized import parameterized from pgpy import PGPKey, PGPUID -from pgpy.constants import (PubKeyAlgorithm, EllipticCurveOID, KeyFlags, - HashAlgorithm, SymmetricKeyAlgorithm, - CompressionAlgorithm) +from pgpy.constants import ( + CompressionAlgorithm, EllipticCurveOID, HashAlgorithm, KeyFlags, + PubKeyAlgorithm, SymmetricKeyAlgorithm) from mailman_pgp.testing.layers import PGPLayer -from mailman_pgp.testing.pgp import load_key, load_blob -from mailman_pgp.utils.pgp import revoc_from_blob, key_usable +from mailman_pgp.testing.pgp import load_blob, load_key +from mailman_pgp.utils.pgp import key_usable, revoc_from_blob class TestPGPUtils(TestCase): |