diff options
Diffstat (limited to 'src/mailman_pgp/rules/tests/test_signature.py')
| -rw-r--r-- | src/mailman_pgp/rules/tests/test_signature.py | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/src/mailman_pgp/rules/tests/test_signature.py b/src/mailman_pgp/rules/tests/test_signature.py index f5c5dc3..d8d0537 100644 --- a/src/mailman_pgp/rules/tests/test_signature.py +++ b/src/mailman_pgp/rules/tests/test_signature.py @@ -28,9 +28,12 @@ from mailman_pgp.config import mm_config from mailman_pgp.database import mm_transaction, transaction from mailman_pgp.model.address import PGPAddress from mailman_pgp.model.list import PGPMailingList +from mailman_pgp.model.sighash import PGPSigHash from mailman_pgp.pgp.tests.base import load_key, load_message +from mailman_pgp.pgp.wrapper import PGPWrapper from mailman_pgp.rules.signature import Signature from mailman_pgp.testing.layers import PGPConfigLayer +from mailman_pgp.utils.pgp import hashes class TestSignatureRule(TestCase): @@ -49,10 +52,11 @@ class TestSignatureRule(TestCase): self.pgp_list = PGPMailingList.for_list(self.mlist) - sender_key = load_key('rsa_1024.pub.asc') + self.sender_key = load_key('rsa_1024.priv.asc') with transaction() as t: self.pgp_sender = PGPAddress(self.sender.preferred_address) - self.pgp_sender.key = sender_key + self.pgp_sender.key = self.sender_key.pubkey + self.pgp_sender.key_confirmed = True t.add(self.pgp_sender) self.msg_clear = load_message('clear.eml') @@ -98,7 +102,7 @@ To: test@example.com self.assertTrue(matches) self.assertAction(msgdata, Action.reject, [ 'No key set for address {}.'.format( - self.pgp_sender.address.original_email)]) + self.pgp_sender.address.original_email)]) def assertAction(self, msgdata, action, reasons): self.assertEqual(msgdata['moderation_action'], action.name) @@ -111,6 +115,7 @@ To: test@example.com self.pgp_list.expired_sig_action = Action.defer self.pgp_list.invalid_sig_action = Action.defer self.pgp_list.revoked_sig_action = Action.defer + self.pgp_list.duplicate_sig_action = Action.defer msgdata = {} matches = self.rule.check(self.mlist, self.msg_clear, msgdata) @@ -130,6 +135,7 @@ To: test@example.com self.pgp_list.expired_sig_action = Action.defer self.pgp_list.invalid_sig_action = Action.defer self.pgp_list.revoked_sig_action = Action.defer + self.pgp_list.duplicate_sig_action = Action.defer msgdata = {} matches = self.rule.check(self.mlist, self.msg_inline_signed, msgdata) @@ -146,6 +152,7 @@ To: test@example.com self.pgp_list.expired_sig_action = Action.defer self.pgp_list.invalid_sig_action = Action.hold self.pgp_list.revoked_sig_action = Action.defer + self.pgp_list.duplicate_sig_action = Action.defer msgdata = {} matches = self.rule.check(self.mlist, self.msg_inline_signed_invalid, @@ -158,3 +165,32 @@ To: test@example.com msgdata) self.assertTrue(matches) self.assertAction(msgdata, Action.hold, ['Signature did not verify.']) + + def test_duplicate_sig_action(self): + with transaction() as t: + self.pgp_list.unsigned_msg_action = Action.defer + self.pgp_list.inline_pgp_action = Action.defer + self.pgp_list.expired_sig_action = Action.defer + self.pgp_list.invalid_sig_action = Action.defer + self.pgp_list.revoked_sig_action = Action.defer + self.pgp_list.duplicate_sig_action = Action.hold + + wrapped = PGPWrapper(self.msg_mime_signed) + sig_hashes = set(hashes(wrapped.verify(self.sender_key.pubkey))) + wrapped = PGPWrapper(self.msg_inline_signed) + sig_hashes |= set(hashes(wrapped.verify(self.sender_key.pubkey))) + for hash in sig_hashes: + sig_hash = PGPSigHash() + sig_hash.hash = hash + sig_hash.fingerprint = self.sender_key.pubkey.fingerprint + t.add(sig_hash) + + msgdata = {} + matches = self.rule.check(self.mlist, self.msg_mime_signed, msgdata) + self.assertTrue(matches) + self.assertAction(msgdata, Action.hold, ['Signature duplicate.']) + + msgdata = {} + matches = self.rule.check(self.mlist, self.msg_inline_signed, msgdata) + self.assertTrue(matches) + self.assertAction(msgdata, Action.hold, ['Signature duplicate.']) |