diff options
| -rw-r--r-- | src/mailman_pgp/commands/eml_key.py | 17 | ||||
| -rw-r--r-- | src/mailman_pgp/commands/tests/test_key.py | 72 |
2 files changed, 89 insertions, 0 deletions
diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py index be0af44..1f39888 100644 --- a/src/mailman_pgp/commands/eml_key.py +++ b/src/mailman_pgp/commands/eml_key.py @@ -23,6 +23,7 @@ from mailman.interfaces.command import ContinueProcessing, IEmailCommand from mailman.interfaces.pending import IPendings from mailman.interfaces.subscriptions import ISubscriptionManager from mailman.interfaces.usermanager import IUserManager +from pgpy.constants import KeyFlags from public import public from zope.component import getUtility from zope.interface import implementer @@ -74,6 +75,14 @@ def _cmd_set(pgp_list, mlist, msg, msgdata, arguments, results): file=results) return ContinueProcessing.no + usage_flags = key.usage_flags() + for subkey in key.subkeys.values(): + usage_flags |= subkey.usage_flags() + if KeyFlags.EncryptCommunications not in usage_flags: + print('Need a key which can be used to encrypt communications.', + file=results) + return ContinueProcessing.no + email = get_email(msg) if not email: print('No email to subscribe with.', file=results) @@ -219,6 +228,14 @@ def _cmd_change(pgp_list, mlist, msg, msgdata, arguments, results): file=results) return ContinueProcessing.no + usage_flags = key.usage_flags() + for subkey in key.subkeys.values(): + usage_flags |= subkey.usage_flags() + if KeyFlags.EncryptCommunications not in usage_flags: + print('Need a key which can be used to encrypt communications.', + file=results) + return ContinueProcessing.no + workflow = KeyChangeWorkflow(mlist, pgp_address, key) list(workflow) print('Key change request received.', file=results) diff --git a/src/mailman_pgp/commands/tests/test_key.py b/src/mailman_pgp/commands/tests/test_key.py index a9d021b..cfda3e8 100644 --- a/src/mailman_pgp/commands/tests/test_key.py +++ b/src/mailman_pgp/commands/tests/test_key.py @@ -26,6 +26,10 @@ from mailman.interfaces.usermanager import IUserManager from mailman.runners.command import CommandRunner from mailman.testing.helpers import get_queue_messages, make_testable_runner from mailman.utilities.datetime import now +from pgpy import PGPKey, PGPUID +from pgpy.constants import (PubKeyAlgorithm, KeyFlags, EllipticCurveOID, + HashAlgorithm, SymmetricKeyAlgorithm, + CompressionAlgorithm) from zope.component import getUtility from mailman_pgp.config import mm_config @@ -114,6 +118,20 @@ class TestPreSubscription(unittest.TestCase): self.bart_key = load_key('rsa_1024.priv.asc') self.anne_key = load_key('ecc_p256.priv.asc') + self.unusable_key = PGPKey.new(PubKeyAlgorithm.ECDSA, + EllipticCurveOID.SECP256K1) + uid = PGPUID.new('Bart Person', email='bart@example.com') + self.unusable_key.add_uid(uid, + usage={KeyFlags.Certify, + KeyFlags.Authentication, + KeyFlags.Sign}, + hashes=[HashAlgorithm.SHA256, + HashAlgorithm.SHA512], + ciphers=[SymmetricKeyAlgorithm.AES256], + compression=[CompressionAlgorithm.ZLIB, + CompressionAlgorithm.Uncompressed] + ) + def test_set(self): self.mlist.subscription_policy = OpenSubscriptionPolicy bart = getUtility(IUserManager).create_address('bart@example.com', @@ -256,6 +274,22 @@ class TestPreSubscription(unittest.TestCase): self.assertIn('You probably wanted to send your public key only.', results_msg.get_payload()) + def test_set_no_encrypt_key(self): + set_message = _create_mixed('bart@example.com', 'test@example.com', + 'Re: key set token') + wrapped_set_message = MIMEWrapper(set_message) + set_message = wrapped_set_message.attach_key(self.unusable_key.pubkey) + + mm_config.switchboards['command'].enqueue(set_message, + listid='test.example.com') + make_testable_runner(CommandRunner, 'command').run() + items = get_queue_messages('virgin', expected_count=1) + results_msg = items[0].msg + + self.assertIn( + 'Need a key which can be used to encrypt communications.', + results_msg.get_payload()) + def test_set_no_email(self): message = _create_mixed('', 'test@example.com', 'key set token') wrapped_message = MIMEWrapper(message) @@ -567,6 +601,20 @@ class TestAfterSubscription(unittest.TestCase): self.bart_key = load_key('rsa_1024.priv.asc') self.bart_new_key = load_key('ecc_p256.priv.asc') + self.unusable_key = PGPKey.new(PubKeyAlgorithm.ECDSA, + EllipticCurveOID.SECP256K1) + uid = PGPUID.new('Bart Person', email='bart@example.com') + self.unusable_key.add_uid(uid, + usage={KeyFlags.Certify, + KeyFlags.Authentication, + KeyFlags.Sign}, + hashes=[HashAlgorithm.SHA256, + HashAlgorithm.SHA512], + ciphers=[SymmetricKeyAlgorithm.AES256], + compression=[CompressionAlgorithm.ZLIB, + CompressionAlgorithm.Uncompressed] + ) + def test_change(self): bart = getUtility(IUserManager).create_address('bart@example.com', 'Bart Person') @@ -798,6 +846,30 @@ class TestAfterSubscription(unittest.TestCase): self.assertIn('You probably wanted to send your public key only.', results_msg.get_payload()) + def test_change_no_encrypt_key(self): + bart = getUtility(IUserManager).create_address('bart@example.com', + 'Bart Person') + with transaction() as t: + pgp_address = PGPAddress(bart) + pgp_address.key = self.bart_key.pubkey + pgp_address.key_confirmed = True + t.add(pgp_address) + + message = _create_mixed('bart@example.com', 'test@example.com', + 'key change') + wrapped_message = MIMEWrapper(message) + message = wrapped_message.attach_key(self.unusable_key.pubkey) + + mm_config.switchboards['command'].enqueue(message, + listid='test.example.com') + make_testable_runner(CommandRunner, 'command').run() + items = get_queue_messages('virgin', expected_count=1) + results_msg = items[0].msg + + self.assertIn( + 'Need a key which can be used to encrypt communications.', + results_msg.get_payload()) + class TestGeneral(unittest.TestCase): layer = PGPConfigLayer |