From 8403297803201c76b8f87a15f36ab6327cdbc2db Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Fri, 17 Jan 2025 23:18:57 +0100 Subject: [PATCH] tests/test_CLI.py: fixup gpg tests - detached and clear-signed data was swapped - instead of duplicating gnupghome and uids, use a global dictionary - export the keyring for each key in preparation for --keyring - store the fingerprint in the fpr attribute of a global dictionary - key name "imposter" is a misnomer, better is "unknown" - fix function name uknown -> unknown - export the "correct" GNUPGHOME as an environment variable --- tests/test_CLI.py | 92 +++++++++++++++++++++++++++-------------------- 1 file changed, 54 insertions(+), 38 deletions(-) diff --git a/tests/test_CLI.py b/tests/test_CLI.py index c4c00a4..20aa020 100644 --- a/tests/test_CLI.py +++ b/tests/test_CLI.py @@ -22,6 +22,20 @@ import tempfile import tests.helpers import shutil +from dataclasses import dataclass + + +@dataclass +class Key: + gnupghome: str + uid: str + fpr: str = None + + +testkeys = { + "correct": Key("tests/test-data/gnupg", "correct "), + "unknown": Key("tests/test-data/gnupg2", "unknown "), +} class TestCLI(unittest.TestCase): @@ -33,7 +47,7 @@ def test_valid_signature(self): "--bmap", "tests/test-data/test.image.bmap.v2.0", "--bmap-sig", - "tests/test-data/signatures/test.image.bmap.v2.0correct.asc", + "tests/test-data/signatures/test.image.bmap.v2.0correct.det.asc", "tests/test-data/test.image.gz", self.tmpfile, ], @@ -55,7 +69,7 @@ def test_unknown_signer(self): "--bmap", "tests/test-data/test.image.bmap.v2.0", "--bmap-sig", - "tests/test-data/signatures/test.image.bmap.v2.0imposter.asc", + "tests/test-data/signatures/test.image.bmap.v2.0unknown.det.asc", "tests/test-data/test.image.gz", self.tmpfile, ], @@ -75,7 +89,7 @@ def test_wrong_signature(self): "--bmap", "tests/test-data/test.image.bmap.v1.4", "--bmap-sig", - "tests/test-data/signatures/test.image.bmap.v2.0correct.asc", + "tests/test-data/signatures/test.image.bmap.v2.0correct.det.asc", "tests/test-data/test.image.gz", self.tmpfile, ], @@ -87,7 +101,7 @@ def test_wrong_signature(self): self.assertEqual(completed_process.stdout, b"") self.assertIn(b"discovered a BAD GPG signature", completed_process.stderr) - def test_wrong_signature_uknown_signer(self): + def test_wrong_signature_unknown_signer(self): completed_process = subprocess.run( [ "bmaptool", @@ -95,7 +109,7 @@ def test_wrong_signature_uknown_signer(self): "--bmap", "tests/test-data/test.image.bmap.v1.4", "--bmap-sig", - "tests/test-data/signatures/test.image.bmap.v2.0imposter.asc", + "tests/test-data/signatures/test.image.bmap.v2.0unknown.det.asc", "tests/test-data/test.image.gz", self.tmpfile, ], @@ -113,7 +127,7 @@ def test_clearsign(self): "bmaptool", "copy", "--bmap", - "tests/test-data/signatures/test.image.bmap.v2.0correct.det.asc", + "tests/test-data/signatures/test.image.bmap.v2.0correct.asc", "tests/test-data/test.image.gz", self.tmpfile, ], @@ -134,56 +148,58 @@ def setUp(self): self.skipTest("python module 'gpg' missing") os.makedirs("tests/test-data/signatures", exist_ok=True) - for gnupghome, userid in [ - ("tests/test-data/gnupg/", "correct "), - ("tests/test-data/gnupg2/", "imposter "), - ]: - if os.path.exists(gnupghome): - shutil.rmtree(gnupghome) - os.makedirs(gnupghome) - context = gpg.Context(home_dir=gnupghome, armor=True) + for key in testkeys.values(): + if os.path.exists(key.gnupghome): + shutil.rmtree(key.gnupghome) + os.makedirs(key.gnupghome) + context = gpg.Context(home_dir=key.gnupghome) dmkey = context.create_key( - userid, + key.uid, algorithm="rsa3072", expires_in=31536000, sign=True, certify=True, ) + key.fpr = dmkey.fpr + with open(f"{key.gnupghome}.keyring", "wb") as f: + f.write(context.key_export_minimal()) for bmapv in ["2.0", "1.4"]: testp = "tests/test-data" imbn = "test.image.bmap.v" - with open(f"{testp}/{imbn}{bmapv}", "rb") as bmapf, open( - f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.asc", - "wb", - ) as sigf, open( - f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.det.asc", - "wb", - ) as detsigf: + with open(f"{testp}/{imbn}{bmapv}", "rb") as bmapf: bmapcontent = bmapf.read() - signed_data, result = context.sign( - bmapcontent, mode=gpg.constants.sig.mode.DETACH - ) - sigf.write(signed_data) - signed_data, result = context.sign( - bmapcontent, mode=gpg.constants.sig.mode.CLEAR - ) - detsigf.write(signed_data) - os.environ["GNUPGHOME"] = "tests/test-data/gnupg/" + with open( + f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.asc", + "wb", + ) as sigf: + signed_data, result = context.sign( + bmapcontent, mode=gpg.constants.sig.mode.CLEAR + ) + sigf.write(signed_data) + plaintext, sigs = context.verify(signed_data, None) + with open( + f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.det.asc", + "wb", + ) as detsigf: + signed_data, result = context.sign( + bmapcontent, mode=gpg.constants.sig.mode.DETACH + ) + detsigf.write(signed_data) + self.tmpfile = tempfile.mkstemp(prefix="testfile_", dir=".")[1] + os.environ["GNUPGHOME"] = testkeys["correct"].gnupghome def tearDown(self): os.unlink(self.tmpfile) - for gnupghome, userid in [ - ("tests/test-data/gnupg/", "correct "), - ("tests/test-data/gnupg2/", "imposter "), - ]: - shutil.rmtree(gnupghome) + for key in testkeys.values(): + shutil.rmtree(key.gnupghome) + os.unlink(f"{key.gnupghome}.keyring") for bmapv in ["2.0", "1.4"]: testp = "tests/test-data" imbn = "test.image.bmap.v" - os.unlink(f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.asc") + os.unlink(f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.asc") os.unlink( - f"{testp}/signatures/{imbn}{bmapv}{userid.split()[0]}.det.asc" + f"{testp}/signatures/{imbn}{bmapv}{key.uid.split()[0]}.det.asc" ) os.rmdir("tests/test-data/signatures")