|
Packit |
d7e8d0 |
#!/usr/bin/env python
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Copyright (C) 2017 g10 Code GmbH
|
|
Packit |
d7e8d0 |
#
|
|
Packit |
d7e8d0 |
# This file is part of GPGME.
|
|
Packit |
d7e8d0 |
#
|
|
Packit |
d7e8d0 |
# GPGME is free software; you can redistribute it and/or modify it
|
|
Packit |
d7e8d0 |
# under the terms of the GNU General Public License as published by
|
|
Packit |
d7e8d0 |
# the Free Software Foundation; either version 2 of the License, or
|
|
Packit |
d7e8d0 |
# (at your option) any later version.
|
|
Packit |
d7e8d0 |
#
|
|
Packit |
d7e8d0 |
# GPGME is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit |
d7e8d0 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
Packit |
d7e8d0 |
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
|
|
Packit |
d7e8d0 |
# Public License for more details.
|
|
Packit |
d7e8d0 |
#
|
|
Packit |
d7e8d0 |
# You should have received a copy of the GNU Lesser General Public
|
|
Packit Service |
30b792 |
# License along with this program; if not, see <https://www.gnu.org/licenses/>.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
from __future__ import absolute_import, print_function, unicode_literals
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
import gpg
|
|
Packit |
d7e8d0 |
import itertools
|
|
Packit |
d7e8d0 |
import time
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
import support
|
|
Packit |
d7e8d0 |
support.assert_gpg_version((2, 1, 2))
|
|
Packit |
d7e8d0 |
|
|
Packit Service |
30b792 |
del absolute_import, print_function, unicode_literals
|
|
Packit Service |
30b792 |
|
|
Packit |
d7e8d0 |
alpha = "Alpha <alpha@invalid.example.net>"
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
with support.EphemeralContext() as ctx:
|
|
Packit |
d7e8d0 |
res = ctx.create_key(alpha)
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
keys = list(ctx.keylist())
|
|
Packit |
d7e8d0 |
assert len(keys) == 1, "Weird number of keys created"
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
key = keys[0]
|
|
Packit |
d7e8d0 |
assert key.fpr == res.fpr
|
|
Packit |
d7e8d0 |
assert len(key.subkeys) == 2, "Expected one primary key and one subkey"
|
|
Packit |
d7e8d0 |
assert key.subkeys[0].expires > 0, "Expected primary key to expire"
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Try to create a key with the same UID
|
|
Packit |
d7e8d0 |
try:
|
|
Packit |
d7e8d0 |
ctx.create_key(alpha)
|
|
Packit |
d7e8d0 |
assert False, "Expected an error but got none"
|
|
Packit |
d7e8d0 |
except gpg.errors.GpgError as e:
|
|
Packit |
d7e8d0 |
pass
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Try to create a key with the same UID, now with force!
|
|
Packit |
d7e8d0 |
res2 = ctx.create_key(alpha, force=True)
|
|
Packit |
d7e8d0 |
assert res.fpr != res2.fpr
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# From here on, we use one context, and create unique UIDs
|
|
Packit |
d7e8d0 |
uid_counter = 0
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
|
|
Packit |
d7e8d0 |
def make_uid():
|
|
Packit |
d7e8d0 |
global uid_counter
|
|
Packit |
d7e8d0 |
uid_counter += 1
|
|
Packit |
d7e8d0 |
return "user{0}@invalid.example.org".format(uid_counter)
|
|
Packit |
d7e8d0 |
|
|
Packit Service |
30b792 |
|
|
Packit |
d7e8d0 |
with support.EphemeralContext() as ctx:
|
|
Packit |
d7e8d0 |
# Check gpg.constants.create.NOEXPIRE...
|
|
Packit |
d7e8d0 |
res = ctx.create_key(make_uid(), expires=False)
|
|
Packit |
d7e8d0 |
key = ctx.get_key(res.fpr, secret=True)
|
|
Packit |
d7e8d0 |
assert key.fpr == res.fpr
|
|
Packit |
d7e8d0 |
assert len(key.subkeys) == 2, "Expected one primary key and one subkey"
|
|
Packit |
d7e8d0 |
assert key.subkeys[0].expires == 0, "Expected primary key not to expire"
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
t = 2 * 24 * 60 * 60
|
|
Packit |
d7e8d0 |
slack = 5 * 60
|
|
Packit |
d7e8d0 |
res = ctx.create_key(make_uid(), expires_in=t)
|
|
Packit |
d7e8d0 |
key = ctx.get_key(res.fpr, secret=True)
|
|
Packit |
d7e8d0 |
assert key.fpr == res.fpr
|
|
Packit |
d7e8d0 |
assert len(key.subkeys) == 2, "Expected one primary key and one subkey"
|
|
Packit |
d7e8d0 |
assert abs(time.time() + t - key.subkeys[0].expires) < slack, \
|
|
Packit |
d7e8d0 |
"Primary keys expiration time is off"
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Check capabilities
|
|
Packit Service |
30b792 |
for sign, encrypt, certify, authenticate \
|
|
Packit Service |
30b792 |
in itertools.product([False, True],
|
|
Packit Service |
30b792 |
[False, True],
|
|
Packit Service |
30b792 |
[False, True],
|
|
Packit Service |
30b792 |
[False, True]):
|
|
Packit |
d7e8d0 |
# Filter some out
|
|
Packit |
d7e8d0 |
if not (sign or encrypt or certify or authenticate):
|
|
Packit |
d7e8d0 |
# This triggers the default capabilities tested before.
|
|
Packit |
d7e8d0 |
continue
|
|
Packit |
d7e8d0 |
if (sign or encrypt or authenticate) and not certify:
|
|
Packit |
d7e8d0 |
# The primary key always certifies.
|
|
Packit |
d7e8d0 |
continue
|
|
Packit |
d7e8d0 |
|
|
Packit Service |
30b792 |
res = ctx.create_key(
|
|
Packit Service |
30b792 |
make_uid(),
|
|
Packit Service |
30b792 |
algorithm="rsa",
|
|
Packit Service |
30b792 |
sign=sign,
|
|
Packit Service |
30b792 |
encrypt=encrypt,
|
|
Packit Service |
30b792 |
certify=certify,
|
|
Packit Service |
30b792 |
authenticate=authenticate)
|
|
Packit |
d7e8d0 |
key = ctx.get_key(res.fpr, secret=True)
|
|
Packit |
d7e8d0 |
assert key.fpr == res.fpr
|
|
Packit |
d7e8d0 |
assert len(key.subkeys) == 1, \
|
|
Packit |
d7e8d0 |
"Expected no subkey for non-default capabilities"
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
p = key.subkeys[0]
|
|
Packit |
d7e8d0 |
assert sign == p.can_sign
|
|
Packit |
d7e8d0 |
assert encrypt == p.can_encrypt
|
|
Packit |
d7e8d0 |
assert certify == p.can_certify
|
|
Packit |
d7e8d0 |
assert authenticate == p.can_authenticate
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Check algorithm
|
|
Packit |
d7e8d0 |
res = ctx.create_key(make_uid(), algorithm="rsa")
|
|
Packit |
d7e8d0 |
key = ctx.get_key(res.fpr, secret=True)
|
|
Packit |
d7e8d0 |
assert key.fpr == res.fpr
|
|
Packit |
d7e8d0 |
for k in key.subkeys:
|
|
Packit |
d7e8d0 |
assert k.pubkey_algo == 1
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Check algorithm with size
|
|
Packit |
d7e8d0 |
res = ctx.create_key(make_uid(), algorithm="rsa1024")
|
|
Packit |
d7e8d0 |
key = ctx.get_key(res.fpr, secret=True)
|
|
Packit |
d7e8d0 |
assert key.fpr == res.fpr
|
|
Packit |
d7e8d0 |
for k in key.subkeys:
|
|
Packit |
d7e8d0 |
assert k.pubkey_algo == 1
|
|
Packit |
d7e8d0 |
assert k.length == 1024
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Check algorithm future-default
|
|
Packit |
d7e8d0 |
ctx.create_key(make_uid(), algorithm="future-default")
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
# Check passphrase protection
|
|
Packit |
d7e8d0 |
recipient = make_uid()
|
|
Packit |
d7e8d0 |
passphrase = "streng geheim"
|
|
Packit |
d7e8d0 |
res = ctx.create_key(recipient, passphrase=passphrase)
|
|
Packit Service |
30b792 |
ciphertext, _, _ = ctx.encrypt(
|
|
Packit Service |
30b792 |
b"hello there", recipients=[ctx.get_key(res.fpr)])
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
cb_called = False
|
|
Packit Service |
30b792 |
|
|
Packit |
d7e8d0 |
def cb(*args):
|
|
Packit |
d7e8d0 |
global cb_called
|
|
Packit |
d7e8d0 |
cb_called = True
|
|
Packit |
d7e8d0 |
return passphrase
|
|
Packit Service |
30b792 |
|
|
Packit |
d7e8d0 |
ctx.pinentry_mode = gpg.constants.PINENTRY_MODE_LOOPBACK
|
|
Packit |
d7e8d0 |
ctx.set_passphrase_cb(cb)
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
plaintext, _, _ = ctx.decrypt(ciphertext)
|
|
Packit |
d7e8d0 |
assert plaintext == b"hello there"
|
|
Packit |
d7e8d0 |
assert cb_called
|