Skip to content

Commit

Permalink
tests/test_CLI.py: fixup gpg tests
Browse files Browse the repository at this point in the history 
 - detached and clear-signed data was swapped
 - instead of duplicating gnupghome and uids, use a global dictionary
 - export the keyring for each key in preparation for --keyring
 - store the fingerprint in the fpr attribute of a global dictionary
 - key name "imposter" is a misnomer, better is "unknown"
 - fix function name uknown -> unknown
 - export the "correct" GNUPGHOME as an environment variable
  • Loading branch information
@josch
josch committed Jan 19, 2025
1 parent 56d62dc commit 8403297
Showing 1 changed file with 54 additions and 38 deletions.
92 changes: 54 additions & 38 deletions tests/test_CLI.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,20 @@
import tempfile
import tests.helpers
import shutil
from dataclasses import dataclass


@dataclass
class Key:
gnupghome: str
uid: str
fpr: str = None


testkeys = {
"correct": Key("tests/test-data/gnupg", "correct <foo@bar.org>"),
"unknown": Key("tests/test-data/gnupg2", "unknown <blub@bla.net>"),
}


class TestCLI(unittest.TestCase):
Expand All @@ -33,7 +47,7 @@ def test_valid_signature(self):
"--bmap",
"tests/test-data/test.image.bmap.v2.0",
"--bmap-sig",
"tests/test-data/signatures/test.image.bmap.v2.0correct.asc",
"tests/test-data/signatures/test.image.bmap.v2.0correct.det.asc",
"tests/test-data/test.image.gz",
self.tmpfile,
],
Expand All @@ -55,7 +69,7 @@ def test_unknown_signer(self):
"--bmap",
"tests/test-data/test.image.bmap.v2.0",
"--bmap-sig",
"tests/test-data/signatures/test.image.bmap.v2.0imposter.asc",
"tests/test-data/signatures/test.image.bmap.v2.0unknown.det.asc",
"tests/test-data/test.image.gz",
self.tmpfile,
],
Expand All @@ -75,7 +89,7 @@ def test_wrong_signature(self):
"--bmap",
"tests/test-data/test.image.bmap.v1.4",
"--bmap-sig",
"tests/test-data/signatures/test.image.bmap.v2.0correct.asc",
"tests/test-data/signatures/test.image.bmap.v2.0correct.det.asc",
"tests/test-data/test.image.gz",
self.tmpfile,
],
Expand All @@ -87,15 +101,15 @@ def test_wrong_signature(self):
self.assertEqual(completed_process.stdout, b"")
self.assertIn(b"discovered a BAD GPG signature", completed_process.stderr)

def test_wrong_signature_uknown_signer(self):
def test_wrong_signature_unknown_signer(self):
completed_process = subprocess.run(
[
"bmaptool",
"copy",
"--bmap",
"tests/test-data/test.image.bmap.v1.4",
"--bmap-sig",
"tests/test-data/signatures/test.image.bmap.v2.0imposter.asc",
"tests/test-data/signatures/test.image.bmap.v2.0unknown.det.asc",
"tests/test-data/test.image.gz",
self.tmpfile,
],
Expand All @@ -113,7 +127,7 @@ def test_clearsign(self):
"bmaptool",
"copy",
"--bmap",
"tests/test-data/signatures/test.image.bmap.v2.0correct.det.asc",
"tests/test-data/signatures/test.image.bmap.v2.0correct.asc",
"tests/test-data/test.image.gz",
self.tmpfile,
],
Expand All @@ -134,56 +148,58 @@ def setUp(self):
self.skipTest("python module 'gpg' missing")

os.makedirs("tests/test-data/signatures", exist_ok=True)
for gnupghome, userid in [
("tests/test-data/gnupg/", "correct <foo@bar.org>"),
("tests/test-data/gnupg2/", "imposter <blub@bla.net>"),
]:
if os.path.exists(gnupghome):
shutil.rmtree(gnupghome)
os.makedirs(gnupghome)
context = gpg.Context(home_dir=gnupghome, armor=True)
for key in testkeys.values():
if os.path.exists(key.gnupghome):
shutil.rmtree(key.gnupghome)
os.makedirs(key.gnupghome)
context = gpg.Context(home_dir=key.gnupghome)
dmkey = context.create_key(
userid,
key.uid,
algorithm="rsa3072",
expires_in=31536000,
sign=True,
certify=True,
)
key.fpr = dmkey.fpr
with open(f"{key.gnupghome}.keyring", "wb") as f:
f.write(context.key_export_minimal())
for bmapv in ["2.0", "1.4"]:
testp = "tests/test-data"
imbn = "test.image.bmap.v"
with open(f"{testp}/{imbn}{bmapv}", "rb") as bmapf, open(
f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.asc",
"wb",
) as sigf, open(
f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.det.asc",
"wb",
) as detsigf:
with open(f"{testp}/{imbn}{bmapv}", "rb") as bmapf:
bmapcontent = bmapf.read()
signed_data, result = context.sign(
bmapcontent, mode=gpg.constants.sig.mode.DETACH
)
sigf.write(signed_data)
signed_data, result = context.sign(
bmapcontent, mode=gpg.constants.sig.mode.CLEAR
)
detsigf.write(signed_data)
os.environ["GNUPGHOME"] = "tests/test-data/gnupg/"
with open(
f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.asc",
"wb",
) as sigf:
signed_data, result = context.sign(
bmapcontent, mode=gpg.constants.sig.mode.CLEAR
)
sigf.write(signed_data)
plaintext, sigs = context.verify(signed_data, None)
with open(
f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.det.asc",
"wb",
) as detsigf:
signed_data, result = context.sign(
bmapcontent, mode=gpg.constants.sig.mode.DETACH
)
detsigf.write(signed_data)

self.tmpfile = tempfile.mkstemp(prefix="testfile_", dir=".")[1]
os.environ["GNUPGHOME"] = testkeys["correct"].gnupghome

def tearDown(self):
os.unlink(self.tmpfile)
for gnupghome, userid in [
("tests/test-data/gnupg/", "correct <foo@bar.org>"),
("tests/test-data/gnupg2/", "imposter <blub@bla.net>"),
]:
shutil.rmtree(gnupghome)
for key in testkeys.values():
shutil.rmtree(key.gnupghome)
os.unlink(f"{key.gnupghome}.keyring")
for bmapv in ["2.0", "1.4"]:
testp = "tests/test-data"
imbn = "test.image.bmap.v"
os.unlink(f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.asc")
os.unlink(f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.asc")
os.unlink(
f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.det.asc"
f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.det.asc"
)
os.rmdir("tests/test-data/signatures")

Expand Down

0 comments on commit 8403297

Please sign in to comment.