diff options
author | NavaL <ayoyo@thoughtworks.com> | 2016-11-25 20:51:45 +0100 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2017-12-03 20:43:31 +0100 |
commit | bf9fa332e270ce0775e62517da457c8fc54f77ba (patch) | |
tree | 1311b80a089f26a70befc0b761f0a994b502e062 /tests/integration/keymanager/test_keymanager.py | |
parent | 95f8a39c2185d9cc3af4e6ed600aea98c13d1949 (diff) |
[feat] decryption interoperability, when the current key pair
is renewed
- there is only one private inactive key that is the key
expiring last among all inactive keys
- if there is an inactive key, decryption with it, is tried
if it fails with the current active key.
Diffstat (limited to 'tests/integration/keymanager/test_keymanager.py')
-rw-r--r-- | tests/integration/keymanager/test_keymanager.py | 63 |
1 files changed, 61 insertions, 2 deletions
diff --git a/tests/integration/keymanager/test_keymanager.py b/tests/integration/keymanager/test_keymanager.py index e11e19b8..7bacd050 100644 --- a/tests/integration/keymanager/test_keymanager.py +++ b/tests/integration/keymanager/test_keymanager.py @@ -52,8 +52,8 @@ from common import ( KEY_EXPIRING_CREATION_DATE, PRIVATE_EXPIRING_KEY, NEW_PUB_KEY, - OLD_AND_NEW_KEY_ADDRESS -) + OLD_AND_NEW_KEY_ADDRESS, + DIFFERENT_PRIVATE_KEY, DIFFERENT_KEY_FPR) NICKSERVER_URI = "http://leap.se/" REMOTE_KEY_URL = "http://site.domain/key" @@ -195,6 +195,25 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): self.assertTrue(key.private) @defer.inlineCallbacks + def test_create_and_get_two_private_keys_sets_first_key_inactive(self): + km = self._key_manager() + yield km._openpgp.put_raw_key(PRIVATE_KEY, ADDRESS) + yield km._openpgp.put_raw_key(DIFFERENT_PRIVATE_KEY, ADDRESS) + # get the key + inactive_key = yield km.get_key(ADDRESS, private=True, + active=False, fetch_remote=False) + active_key = yield km.get_key(ADDRESS, private=True, + active=True, fetch_remote=False) + self.assertEqual( + inactive_key.fingerprint.lower(), KEY_FINGERPRINT.lower()) + self.assertEqual( + active_key.fingerprint.lower(), DIFFERENT_KEY_FPR.lower()) + self.assertTrue(inactive_key.private) + self.assertTrue(active_key.private) + self.assertFalse(inactive_key.is_active()) + self.assertTrue(active_key.is_active()) + + @defer.inlineCallbacks def test_send_key(self): """ Test that request is well formed when sending keys to server. @@ -577,6 +596,25 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures) @defer.inlineCallbacks + def test_key_regenerate_deactivate_the_old_private_key(self): + km = self._key_manager(user=ADDRESS_EXPIRING) + + yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) + old_key = yield km.get_key(ADDRESS_EXPIRING) + + new_key = yield km.regenerate_key() + retrieved_old_key = yield km.get_key(ADDRESS_EXPIRING, + private=True, active=False) + renewed_public_key = yield km.get_key(ADDRESS_EXPIRING, private=False) + + self.assertEqual(old_key.fingerprint, + retrieved_old_key.fingerprint) + self.assertNotEqual(old_key.fingerprint, + new_key.fingerprint) + self.assertEqual(new_key.fingerprint, renewed_public_key.fingerprint) + self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures) + + @defer.inlineCallbacks def test_key_regenerate_resets_all_public_key_sign_used(self): km = self._key_manager(user=ADDRESS_EXPIRING) @@ -630,6 +668,27 @@ class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase): self.assertEqual(signingkey.fingerprint, key.fingerprint) @defer.inlineCallbacks + def test_keymanager_openpgp_decryption_tries_inactive_valid_key(self): + km = self._key_manager() + # put raw private key + yield km._openpgp.put_raw_key(PRIVATE_KEY, ADDRESS) + yield km._openpgp.put_raw_key(PRIVATE_KEY_2, ADDRESS_2) + # encrypt + encdata = yield km.encrypt(self.RAW_DATA, ADDRESS, sign=ADDRESS_2, + fetch_remote=False) + self.assertNotEqual(self.RAW_DATA, encdata) + + # renew key + new_key = yield km.regenerate_key() + + # decrypt + rawdata, signingkey = yield km.decrypt( + encdata, ADDRESS, verify=ADDRESS_2, fetch_remote=False) + self.assertEqual(self.RAW_DATA, rawdata) + key = yield km.get_key(ADDRESS_2, private=False, fetch_remote=False) + self.assertEqual(signingkey.fingerprint, key.fingerprint) + + @defer.inlineCallbacks def test_keymanager_openpgp_encrypt_decrypt_wrong_sign(self): km = self._key_manager() # put raw keys |