1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# Copyright (C) 2017 Jan Jancar
#
# This file is a part of the Mailman PGP plugin.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, see <http://www.gnu.org/licenses/>.
""""""
import datetime
import time
from unittest import TestCase
from parameterized import parameterized
from pgpy import PGPKey, PGPUID
from pgpy.constants import (PubKeyAlgorithm, EllipticCurveOID, KeyFlags,
HashAlgorithm, SymmetricKeyAlgorithm,
CompressionAlgorithm)
from mailman_pgp.testing.layers import PGPLayer
from mailman_pgp.testing.pgp import load_key, load_blob
from mailman_pgp.utils.pgp import revoc_from_blob, key_usable
class TestPGPUtils(TestCase):
layer = PGPLayer
@parameterized.expand([
(load_blob('revocs', 'rsa_1024.revoc.asc'),
load_key('rsa_1024.pub.asc')),
(load_blob('revocs', 'ecc_secp256k1.revoc.asc'),
load_key('ecc_secp256k1.pub.asc')),
(load_blob('revocs', 'ecc_p256.revoc.asc'),
load_key('ecc_p256.pub.asc'))
])
def test_revoc_from_blob_valid(self, blob, key):
revoc = revoc_from_blob(blob)
verifies = key.verify(key, revoc)
self.assertTrue(bool(verifies))
@parameterized.expand([
('Not an ASCII-Armored blob',),
(load_blob('keys', 'rsa_1024.pub.asc'),),
])
def test_revoc_from_blob_invalid(self, blob):
self.assertRaises(ValueError, revoc_from_blob, blob)
def test_key_usable_expired(self):
key = PGPKey.new(PubKeyAlgorithm.ECDSA, EllipticCurveOID.SECP256K1)
uid = PGPUID.new('Some Name', email='anne@example.org')
key.add_uid(uid, key_expiration=datetime.timedelta(seconds=1),
usage={KeyFlags.Certify,
KeyFlags.Authentication,
KeyFlags.Sign},
hashes=[HashAlgorithm.SHA256,
HashAlgorithm.SHA512],
ciphers=[SymmetricKeyAlgorithm.AES256],
compression=[CompressionAlgorithm.ZLIB])
time.sleep(2)
self.assertFalse(key_usable(key, set()))
def test_key_usable_revoked(self):
key = load_key('ecc_p256.priv.asc')
rsig = key.revoke(key)
key |= rsig
self.assertFalse(key_usable(key, set()))
def test_key_usable_subkey_revoked(self):
key = load_key('ecc_p256.priv.asc')
sub = next(iter(key.subkeys.values()))
rsig = key.revoke(sub)
sub |= rsig
self.assertFalse(key_usable(key, {KeyFlags.EncryptCommunications}))
|
