← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/tests/test_gpg.py

  • Committer: Canonical.com Patch Queue Manager
  • Date: 2011-06-30 18:28:17 UTC
  • mfrom: (5967.10.2 test-cat)
  • Revision ID: pqm@pqm.ubuntu.com-20110630182817-83a5q9r9rxfkdn8r
(mbp) don't use subprocesses for testing cat (Martin Pool)

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/tests/test_gpg.py
20
20
# import system imports here
21
21
import sys
22
22
 
23
 
from bzrlib import (
24
 
    config,
25
 
    errors,
26
 
    gpg,
27
 
    tests,
28
 
    trace,
29
 
    ui,
30
 
    )
31
 
from bzrlib.tests import (
32
 
    TestCase,
33
 
    features,
34
 
    )
35
 
 
36
 
 
37
 
class FakeConfig(config.MemoryStack):
38
 
 
39
 
    def __init__(self, content=None):
40
 
        if content is None:
41
 
            content = '''
42
 
gpg_signing_key=amy@example.com
43
 
gpg_signing_command=false'''
44
 
        super(FakeConfig, self).__init__(content)
45
 
 
46
 
 
47
 
class TestCommandLine(tests.TestCase):
48
 
 
49
 
    def setUp(self):
50
 
        super(TestCommandLine, self).setUp()
51
 
        self.my_gpg = gpg.GPGStrategy(FakeConfig())
 
23
from bzrlib import errors, ui
 
24
import bzrlib.gpg as gpg
 
25
from bzrlib.tests import TestCase
 
26
from bzrlib.tests import features
 
27
 
 
28
class FakeConfig(object):
 
29
 
 
30
    def gpg_signing_command(self):
 
31
        return "false"
 
32
 
 
33
    def acceptable_keys(self):
 
34
        return None
 
35
 
 
36
 
 
37
class TestCommandLine(TestCase):
52
38
 
53
39
    def test_signing_command_line(self):
54
 
        self.assertEqual(['false',  '--clearsign', '-u', 'amy@example.com'],
55
 
                         self.my_gpg._command_line())
56
 
 
57
 
    def test_signing_command_line_from_default(self):
58
 
        # Using 'default' for gpg_signing_key will use the mail part of 'email'
59
 
        my_gpg = gpg.GPGStrategy(FakeConfig('''
60
 
email=Amy <amy@example.com>
61
 
gpg_signing_key=default
62
 
gpg_signing_command=false'''))
63
 
        self.assertEqual(['false',  '--clearsign', '-u', 'amy@example.com'],
64
 
                         my_gpg._command_line())
65
 
 
66
 
    def test_signing_command_line_from_email(self):
67
 
        # Not setting gpg_signing_key will use the mail part of 'email'
68
 
        my_gpg = gpg.GPGStrategy(FakeConfig('''
69
 
email=Amy <amy@example.com>
70
 
gpg_signing_command=false'''))
71
 
        self.assertEqual(['false',  '--clearsign', '-u', 'amy@example.com'],
 
40
        my_gpg = gpg.GPGStrategy(FakeConfig())
 
41
        self.assertEqual(['false',  '--clearsign'],
72
42
                         my_gpg._command_line())
73
43
 
74
44
    def test_checks_return_code(self):
75
45
        # This test needs a unix like platform - one with 'false' to run.
76
46
        # if you have one, please make this work :)
77
 
        self.assertRaises(errors.SigningFailed, self.my_gpg.sign, 'content')
 
47
        my_gpg = gpg.GPGStrategy(FakeConfig())
 
48
        self.assertRaises(errors.SigningFailed, my_gpg.sign, 'content')
78
49
 
79
50
    def assertProduces(self, content):
80
51
        # This needs a 'cat' command or similar to work.
 
52
        my_gpg = gpg.GPGStrategy(FakeConfig())
81
53
        if sys.platform == 'win32':
82
54
            # Windows doesn't come with cat, and we don't require it
83
55
            # so lets try using python instead.
84
56
            # But stupid windows and line-ending conversions.
85
57
            # It is too much work to make sys.stdout be in binary mode.
86
58
            # http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/65443
87
 
            self.my_gpg._command_line = lambda:[sys.executable, '-c',
 
59
            my_gpg._command_line = lambda:[sys.executable, '-c',
88
60
                    'import sys; sys.stdout.write(sys.stdin.read())']
89
61
            new_content = content.replace('\n', '\r\n')
90
62
 
91
 
            self.assertEqual(new_content, self.my_gpg.sign(content))
 
63
            self.assertEqual(new_content, my_gpg.sign(content))
92
64
        else:
93
 
            self.my_gpg._command_line = lambda:['cat', '-']
94
 
            self.assertEqual(content, self.my_gpg.sign(content))
 
65
            my_gpg._command_line = lambda:['cat', '-']
 
66
            self.assertEqual(content, my_gpg.sign(content))
95
67
 
96
68
    def test_returns_output(self):
97
69
        content = "some content\nwith newlines\n"
116
88
        self.assertRaises(errors.BzrBadParameterUnicode,
117
89
                          self.assertProduces, u'foo')
118
90
 
119
 
 
120
 
class TestVerify(TestCase):
121
 
 
122
91
    def import_keys(self):
123
92
        from StringIO import StringIO
124
93
        import gpgme
215
184
-----END PGP PRIVATE KEY BLOCK-----
216
185
""")
217
186
 
218
 
        revoked_key = StringIO("""-----BEGIN PGP PUBLIC KEY BLOCK-----
219
 
Version: GnuPG v1.4.11 (GNU/Linux)
220
 
 
221
 
mI0ETjlW5gEEAOb/6P+TVM59E897wRtatxys2BhsHCXM4T7xjIiANfDwejDdifqh
222
 
tluTfSJLLxPembtrrEjux1C0AJgc+f0MIfsc3Pr3eFJzKB2ot/1IVG1/1KnA0zt3
223
 
W2xPT3lRib27WJ9Fag+dMtQaIzgJ7/n2DFxsFZ33FD2kxrEXB2exGg6FABEBAAGI
224
 
pgQgAQIAEAUCTjlXkAkdAHJldm9rZWQACgkQjs6dvEpb0cQPHAP/Wi9rbx0e+1Sf
225
 
ziGgyVdr3m3A6uvze5oXKVgFRbGRUYSH4/I8GW0W9x4TcRg9h+YaQ8NUdADr9kNE
226
 
tKAljLqYA5qdqSfYuaij1M++Xj+KUZ359R74sHuQqwnRy1XXQNfRs/QpXA7vLdds
227
 
rjg+pbWuXO92TZJUdnqtWW+VEyZBsPy0G3Rlc3Qga2V5IDx0ZXN0QGV4YW1wbGUu
228
 
Y29tPoi4BBMBAgAiBQJOOVbmAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
229
 
CRCOzp28SlvRxNWzA/42WVmI0b+6mF/imEOlY1TiyvrcpK250rkSDsCtL4lOwy7G
230
 
antZhpgNfnXRd/ySfsS3EB6dpOWgOSxGRvWQhA+vxBT9BYNk49qd3JIrSaSWpR12
231
 
rET8qO1rEQQFWsw03CxTGujxGlmEO+a1yguRXp2UWaY7FngcQmD+8q7BUIVm7riN
232
 
BE45VuYBBADTEH2jHTjNCc5CMOhea6EJTrkx3upcEqB2oyhWeSWJiBGOxlcddsjo
233
 
3J3/EmBB8kK1hM9TidD3SG64x1N287lg8ELJBlKv+pQVyxohGJ1u/THgpTDMMQcL
234
 
luG5rAHQGSfyzKTiOnaTyBYg3M/nzgUOU9dKEFB0EA3tjUXFOT+r3wARAQABiJ8E
235
 
GAECAAkFAk45VuYCGwwACgkQjs6dvEpb0cRSLQP/fzCWX2lXwlwWiVF8BOPF7o9z
236
 
icHErc7/X17RGb4qj1kVf+UkRdUWJrbEVh4h6MncBIuA70WsYogiw+Kz/0LCtQAR
237
 
YUJsPy/EL++OKPH1aFasOdTxwkTka85+RdYqhP1+z/aYLFMWq6mRFI+o6x2k5mGi
238
 
7dMv2kKTJPoXUpiXJbg=
239
 
=hLYO
240
 
-----END PGP PUBLIC KEY BLOCK-----
241
 
""")
242
 
 
243
 
        expired_key = StringIO("""-----BEGIN PGP PUBLIC KEY BLOCK-----
244
 
Version: GnuPG v1.4.11 (GNU/Linux)
245
 
 
246
 
mI0ETjZ6PAEEALkR4GcFQidCCxV7pgQwQd5MZua0YO2l92fVqHX+PhnZ6egCLKdD
247
 
2bWlMUd6MLPF3FlRL7BBAxvW/DazkBOp7ljsnpMpptEzY49Uem1irYLYiVb9zK96
248
 
0sQZzFxFkfEYetQEXC68mIck8tbySOX5NAOw++3jFm3J7dsU1R3XtYzRABEBAAG0
249
 
G3Rlc3Qga2V5IDx0ZXN0QGV4YW1wbGUuY29tPoi+BBMBAgAoBQJONno8AhsDBQkA
250
 
AVGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAc4m97T40VEz+DA/9PBphG
251
 
Yp9cHVaHSfTUKGTGgIbvRe60sFNpDCYZeAGDrygOMuI8MNzbVpwefRBFHVPx7jWd
252
 
rrYMsLkcsNUS9D0baU+0D/qp7JVg7ZSQtG0O6IG4eTZhibteY1fu0+unlXmg9NHx
253
 
5VvhwzBiJDYji00M2p/CZEMiYFUuy76CsxUpN7iNBE42ejwBBACkv2/mX7IPQg0C
254
 
A3KSrJsJv+sdvKm4b4xuI4OwagwTIVz4KlTqV4IBrVjSBfwyMXucXz0bTW85qjgA
255
 
+n67td8vyjYYZUEz1uY9lSquQQDnAN0txL3cLHZXWiWOkmzZVddQtlflK2a/J9o0
256
 
QkHPVUm+hc4l64dIzStrNl2S66fAvQARAQABiKUEGAECAA8FAk42ejwCGwwFCQAB
257
 
UYAACgkQHOJve0+NFROEYQP/epg+o8iBs31hkSERyZjrRR66LpywezWj30Rn/3mX
258
 
Fzi9HkF4xLemWOzdNt9C5PYrOep85PQg8haEjknxVjZFS0ikT1h3OWk/TF1ZrLVm
259
 
WzyX8DaHQEjKpLJJjXcAbTiZBNMk0QaVC9RvIeHpCf3n3DC49DdjsPJRMKOn8KDi
260
 
kRk=
261
 
=p0gt
262
 
-----END PGP PUBLIC KEY BLOCK-----
263
 
""")
264
187
        context.import_(key)
265
188
        context.import_(secret_key)
266
 
        context.import_(revoked_key)
267
 
        context.import_(expired_key)
268
189
 
269
 
    def test_verify_untrusted_but_accepted(self):
270
 
        #untrusted by gpg but listed as acceptable_keys by user
 
190
    def test_verify_valid(self):
271
191
        self.requireFeature(features.gpgme)
272
192
        self.import_keys()
273
 
 
 
193
            
274
194
        content = """-----BEGIN PGP SIGNED MESSAGE-----
275
195
Hash: SHA1
276
196
 
298
218
        self.assertEqual((gpg.SIGNATURE_VALID, None), my_gpg.verify(content,
299
219
                            plain))
300
220
 
301
 
    def test_verify_unacceptable_key(self):
302
 
        self.requireFeature(features.gpgme)
303
 
        self.import_keys()
304
 
 
305
 
        content = """-----BEGIN PGP SIGNED MESSAGE-----
306
 
Hash: SHA1
307
 
 
308
 
bazaar-ng testament short form 1
309
 
revision-id: amy@example.com-20110527185938-hluafawphszb8dl1
310
 
sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4
311
 
-----BEGIN PGP SIGNATURE-----
312
 
Version: GnuPG v1.4.11 (GNU/Linux)
313
 
 
314
 
iQEcBAEBAgAGBQJN+ekFAAoJEIdoGx7jCA5FGtEH/i+XxJRvqU6wdBtLVrGBMAGk
315
 
FZ5VP+KyXYtymSbgSstj/vM12NeMIeFs3xGnNnYuX1MIcY6We5TKtCH0epY6ym5+
316
 
6g2Q2QpQ5/sT2d0mWzR0K4uVngmxVQaXTdk5PdZ40O7ULeDLW6CxzxMHyUL1rsIx
317
 
7UBUTBh1O/1n3ZfD99hUkm3hVcnsN90uTKH59zV9NWwArU0cug60+5eDKJhSJDbG
318
 
rIwlqbFAjDZ7L/48e+IaYIJwBZFzMBpJKdCxzALLtauMf+KK8hGiL2hrRbWm7ty6
319
 
NgxfkMYOB4rDPdSstT35N+5uBG3n/UzjxHssi0svMfVETYYX40y57dm2eZQXFp8=
320
 
=iwsn
321
 
-----END PGP SIGNATURE-----
322
 
"""
323
 
        plain = """bazaar-ng testament short form 1
324
 
revision-id: amy@example.com-20110527185938-hluafawphszb8dl1
325
 
sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4
326
 
"""
327
 
        my_gpg = gpg.GPGStrategy(FakeConfig())
328
 
        my_gpg.set_acceptable_keys("foo@example.com")
329
 
        self.assertEqual((gpg.SIGNATURE_KEY_MISSING, u'E3080E45'),
330
 
                         my_gpg.verify(content, plain))
331
 
 
332
 
    def test_verify_valid_but_untrusted(self):
333
 
        self.requireFeature(features.gpgme)
334
 
        self.import_keys()
335
 
 
336
 
        content = """-----BEGIN PGP SIGNED MESSAGE-----
337
 
Hash: SHA1
338
 
 
339
 
bazaar-ng testament short form 1
340
 
revision-id: amy@example.com-20110527185938-hluafawphszb8dl1
341
 
sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4
342
 
-----BEGIN PGP SIGNATURE-----
343
 
Version: GnuPG v1.4.11 (GNU/Linux)
344
 
 
345
 
iQEcBAEBAgAGBQJN+ekFAAoJEIdoGx7jCA5FGtEH/i+XxJRvqU6wdBtLVrGBMAGk
346
 
FZ5VP+KyXYtymSbgSstj/vM12NeMIeFs3xGnNnYuX1MIcY6We5TKtCH0epY6ym5+
347
 
6g2Q2QpQ5/sT2d0mWzR0K4uVngmxVQaXTdk5PdZ40O7ULeDLW6CxzxMHyUL1rsIx
348
 
7UBUTBh1O/1n3ZfD99hUkm3hVcnsN90uTKH59zV9NWwArU0cug60+5eDKJhSJDbG
349
 
rIwlqbFAjDZ7L/48e+IaYIJwBZFzMBpJKdCxzALLtauMf+KK8hGiL2hrRbWm7ty6
350
 
NgxfkMYOB4rDPdSstT35N+5uBG3n/UzjxHssi0svMfVETYYX40y57dm2eZQXFp8=
351
 
=iwsn
352
 
-----END PGP SIGNATURE-----
353
 
"""
354
 
        plain = """bazaar-ng testament short form 1
355
 
revision-id: amy@example.com-20110527185938-hluafawphszb8dl1
356
 
sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4
357
 
"""
358
 
        my_gpg = gpg.GPGStrategy(FakeConfig())
359
 
        self.assertEqual((gpg.SIGNATURE_NOT_VALID, None), my_gpg.verify(content,
360
 
                            plain))
361
 
 
362
221
    def test_verify_bad_testament(self):
363
222
        self.requireFeature(features.gpgme)
364
223
        self.import_keys()
365
 
 
 
224
            
366
225
        content = """-----BEGIN PGP SIGNED MESSAGE-----
367
226
Hash: SHA1
368
227
 
390
249
        self.assertEqual((gpg.SIGNATURE_NOT_VALID, None), my_gpg.verify(content,
391
250
                            plain))
392
251
 
393
 
 
394
 
    def test_verify_revoked_signature(self):
395
 
        self.requireFeature(features.gpgme)
396
 
        self.import_keys()
397
 
 
398
 
        content = """-----BEGIN PGP SIGNED MESSAGE-----
399
 
Hash: SHA1
400
 
 
401
 
asdf
402
 
-----BEGIN PGP SIGNATURE-----
403
 
Version: GnuPG v1.4.11 (GNU/Linux)
404
 
 
405
 
iJwEAQECAAYFAk45V18ACgkQjs6dvEpb0cSIZQP/eOGTXGPlrNwvDkcX2d8O///I
406
 
ecB4sUIUEpv1XAk1MkNu58lsjjK72lRaLusEGqd7HwrFmpxVeVs0oWLg23PNPCFs
407
 
yJBID9ma+VxFVPtkEFnrc1R72sBJLfBcTxMkwVTC8eeznjdtn+cg+aLkxbPdrGnr
408
 
JFA6kUIJU2w9LU/b88Y=
409
 
=UuRX
410
 
-----END PGP SIGNATURE-----
411
 
"""
412
 
        plain = """asdf\n"""
413
 
        my_gpg = gpg.GPGStrategy(FakeConfig())
414
 
        my_gpg.set_acceptable_keys("test@example.com")
415
 
        self.assertEqual((gpg.SIGNATURE_NOT_VALID, None), my_gpg.verify(content,
416
 
                            plain))
417
 
 
418
252
    def test_verify_invalid(self):
419
253
        self.requireFeature(features.gpgme)
420
 
        self.import_keys()
421
254
        content = """-----BEGIN PGP SIGNED MESSAGE-----
422
255
Hash: SHA1
423
256
 
440
273
        self.assertEqual((gpg.SIGNATURE_NOT_VALID, None),
441
274
                            my_gpg.verify(content, plain))
442
275
 
443
 
    def test_verify_expired_but_valid(self):
444
 
        self.requireFeature(features.gpgme)
445
 
        self.import_keys()
446
 
        content = """-----BEGIN PGP SIGNED MESSAGE-----
447
 
Hash: SHA1
448
 
 
449
 
bazaar-ng testament short form 1
450
 
revision-id: test@example.com-20110801100657-f1dr1nompeex723z
451
 
sha1: 59ab434be4c2d5d646dee84f514aa09e1b72feeb
452
 
-----BEGIN PGP SIGNATURE-----
453
 
Version: GnuPG v1.4.10 (GNU/Linux)
454
 
 
455
 
iJwEAQECAAYFAk42esUACgkQHOJve0+NFRPc5wP7BoZkzBU8JaHMLv/LmqLr0sUz
456
 
zuE51ofZZ19L7KVtQWsOi4jFy0fi4A5TFwO8u9SOfoREGvkw292Uty9subSouK5/
457
 
mFmDOYPQ+O83zWgYZsBmMJWYDZ+X9I6XXZSbPtV/7XyTjaxtl5uRnDVJjg+AzKvD
458
 
dTp8VatVVrwuvzOPDVc=
459
 
=uHen
460
 
-----END PGP SIGNATURE-----
461
 
"""
462
 
        plain = """bazaar-ng testament short form 1
463
 
revision-id: test@example.com-20110801100657-f1dr1nompeex723z
464
 
sha1: 59ab434be4c2d5d646dee84f514aa09e1b72feeb
465
 
"""
466
 
        my_gpg = gpg.GPGStrategy(FakeConfig())
467
 
        self.assertEqual((gpg.SIGNATURE_EXPIRED, u'4F8D1513'),
468
 
                            my_gpg.verify(content, plain))
469
 
 
470
 
    def test_verify_unknown_key(self):
471
 
        self.requireFeature(features.gpgme)
472
 
        self.import_keys()
473
 
        content = """-----BEGIN PGP SIGNED MESSAGE-----
474
 
Hash: SHA1
475
 
 
476
 
asdf
477
 
-----BEGIN PGP SIGNATURE-----
478
 
Version: GnuPG v1.4.11 (GNU/Linux)
479
 
 
480
 
iQEcBAEBAgAGBQJOORKwAAoJENf6AkFdUeVvJDYH/1Cz+AJn1Jvy5n64o+0fZ5Ow
481
 
Y7UQb4QQTIOV7jI7n4hv/yBzuHrtImFzYvQl/o2Ezzi8B8L5gZtQy+xCUF+Q8iWs
482
 
gytZ5JUtSze7hDZo1NUl4etjoRGYqRfrUcvE2LkVH2dFbDGyyQfVmoeSHa5akuuP
483
 
QZmyg2F983rACVIpGvsqTH6RcBdvE9vx68lugeKQA8ArDn39/74FBFipFzrXSPij
484
 
eKFpl+yZmIb3g6HkPIC8o4j/tMvc37xF1OG5sBu8FT0+FC+VgY7vAblneDftAbyP
485
 
sIODx4WcfJtjLG/qkRYqJ4gDHo0eMpTJSk2CWebajdm4b+JBrM1F9mgKuZFLruE=
486
 
=RNR5
487
 
-----END PGP SIGNATURE-----
488
 
"""
489
 
        plain = "asdf\n"
490
 
        my_gpg = gpg.GPGStrategy(FakeConfig())
491
 
        self.assertEqual((gpg.SIGNATURE_KEY_MISSING, u'5D51E56F'),
492
 
                            my_gpg.verify(content, plain))
493
 
 
494
276
    def test_set_acceptable_keys(self):
495
277
        self.requireFeature(features.gpgme)
496
278
        self.import_keys()
499
281
        self.assertEqual(my_gpg.acceptable_keys,
500
282
                         [u'B5DEED5FCB15DAE6ECEF919587681B1EE3080E45'])
501
283
 
502
 
    def test_set_acceptable_keys_from_config(self):
503
 
        self.requireFeature(features.gpgme)
504
 
        self.import_keys()
505
 
        my_gpg = gpg.GPGStrategy(FakeConfig(
506
 
                'acceptable_keys=bazaar@example.com'))
507
 
        my_gpg.set_acceptable_keys(None)
508
 
        self.assertEqual(my_gpg.acceptable_keys,
509
 
                         [u'B5DEED5FCB15DAE6ECEF919587681B1EE3080E45'])
510
 
 
511
284
    def test_set_acceptable_keys_unknown(self):
512
285
        self.requireFeature(features.gpgme)
513
286
        my_gpg = gpg.GPGStrategy(FakeConfig())
514
 
        self.notes = []
515
 
        def note(*args):
516
 
            self.notes.append(args[0] % args[1:])
517
 
        self.overrideAttr(trace, 'note', note)
518
287
        my_gpg.set_acceptable_keys("unknown")
519
288
        self.assertEqual(my_gpg.acceptable_keys, [])
520
 
        self.assertEqual(self.notes,
521
 
            ['No GnuPG key results for pattern: unknown'])
522
289
 
523
290
 
524
291
class TestDisabled(TestCase):