moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2025-02-17 07:30:14 -05:00
Code Issues Releases Wiki Activity

tests: stronger subkey revocation test including re-certification

Browse Source
This commit is contained in:
Vincent Breitmoser 2014-07-11 16:17:17 +02:00
parent 20b28b5207
commit f18e4d109f
1 changed files with 69 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpKeyOperationTest.java
View File

@ -16,7 +16,6 @@ import org.spongycastle.bcpg.SecretSubkeyPacket;
import org.spongycastle.bcpg.SignaturePacket; import org.spongycastle.bcpg.SignaturePacket;
import org.spongycastle.bcpg.UserIDPacket; import org.spongycastle.bcpg.UserIDPacket;
import org.spongycastle.bcpg.sig.KeyFlags; import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSignature; import org.spongycastle.openpgp.PGPSignature;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.Constants.choice.algorithm; import org.sufficientlysecure.keychain.Constants.choice.algorithm;
@ -68,6 +67,9 @@ public class PgpKeyOperationTest {
OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog(); OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
staticRing = op.createSecretKeyRing(parcel, log, 0); staticRing = op.createSecretKeyRing(parcel, log, 0);
// we sleep here for a second, to make sure all new certificates have different timestamps
Thread.sleep(1000);
} }
@Before public void setUp() throws Exception { @Before public void setUp() throws Exception {
@ -294,30 +296,82 @@ public class PgpKeyOperationTest {
@Test @Test
public void testSubkeyRevoke() throws Exception { public void testSubkeyRevoke() throws Exception {
long keyId;
{ {
Iterator<UncachedPublicKey> it = ring.getPublicKeys(); Iterator<UncachedPublicKey> it = ring.getPublicKeys();
it.next(); it.next();
parcel.mRevokeSubKeys.add(it.next().getKeyId()); keyId = it.next().getKeyId();
} }
applyModificationWithChecks(parcel, ring, onlyA, onlyB); int flags = ring.getPublicKey(keyId).getKeyUsage();
Assert.assertEquals("no extra packets in original", 0, onlyA.size()); UncachedKeyRing modified;
Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
Packet p; { // revoked second subkey
p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket(); parcel.mRevokeSubKeys.add(keyId);
Assert.assertTrue("first new packet must be secret subkey", p instanceof SignaturePacket);
Assert.assertEquals("signature type must be subkey binding certificate",
PGPSignature.SUBKEY_REVOCATION, ((SignaturePacket) p).getSignatureType());
Assert.assertEquals("signature must have been created by master key",
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
Assert.assertEquals("no extra packets in original", 0, onlyA.size());
Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
Packet p;
p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
Assert.assertTrue("first new packet must be secret subkey", p instanceof SignaturePacket);
Assert.assertEquals("signature type must be subkey binding certificate",
PGPSignature.SUBKEY_REVOCATION, ((SignaturePacket) p).getSignatureType());
Assert.assertEquals("signature must have been created by master key",
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
Assert.assertTrue("subkey must actually be revoked",
modified.getPublicKey(keyId).isRevoked());
}
{ // re-add second subkey
parcel.reset();
parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, null));
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
Assert.assertEquals("exactly two outdated packets in original", 2, onlyA.size());
Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
Packet p;
p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(0).buf)).readPacket();
Assert.assertTrue("first outdated packet must be signature", p instanceof SignaturePacket);
Assert.assertEquals("first outdated signature type must be subkey binding certification",
PGPSignature.SUBKEY_BINDING, ((SignaturePacket) p).getSignatureType());
Assert.assertEquals("first outdated signature must have been created by master key",
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(1).buf)).readPacket();
Assert.assertTrue("second outdated packet must be signature", p instanceof SignaturePacket);
Assert.assertEquals("second outdated signature type must be subkey revocation",
PGPSignature.SUBKEY_REVOCATION, ((SignaturePacket) p).getSignatureType());
Assert.assertEquals("second outdated signature must have been created by master key",
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
Assert.assertTrue("new packet must be signature ", p instanceof SignaturePacket);
Assert.assertEquals("new signature type must be subkey binding certification",
PGPSignature.SUBKEY_BINDING, ((SignaturePacket) p).getSignatureType());
Assert.assertEquals("signature must have been created by master key",
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
Assert.assertFalse("subkey must no longer be revoked",
modified.getPublicKey(keyId).isRevoked());
Assert.assertEquals("subkey must have the same usage flags as before",
flags, modified.getPublicKey(keyId).getKeyUsage());
}
} }
@Test @Test
public void testUserIdRevokeRead() throws Exception { public void testUserIdRevoke() throws Exception {
UncachedKeyRing modified; UncachedKeyRing modified;
String uid = ring.getPublicKey().getUnorderedUserIds().get(1); String uid = ring.getPublicKey().getUnorderedUserIds().get(1);
@ -343,11 +397,11 @@ public class PgpKeyOperationTest {
} }
{ // re-add second user id { // re-add second user id
// new parcel
parcel.reset(); parcel.reset();
parcel.mAddUserIds.add(uid); parcel.mAddUserIds.add(uid);
applyModificationWithChecks(parcel, modified, onlyA, onlyB, true, false); applyModificationWithChecks(parcel, modified, onlyA, onlyB);
Assert.assertEquals("exactly two outdated packets in original", 2, onlyA.size()); Assert.assertEquals("exactly two outdated packets in original", 2, onlyA.size());
Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size()); Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
@ -402,7 +456,6 @@ public class PgpKeyOperationTest {
"rainbow", ((UserIDPacket) p).getID()); "rainbow", ((UserIDPacket) p).getID());
p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(1).buf)).readPacket(); p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(1).buf)).readPacket();
System.out.println(p.getClass().getName());
Assert.assertTrue("second new packet must be signature", p instanceof SignaturePacket); Assert.assertTrue("second new packet must be signature", p instanceof SignaturePacket);
Assert.assertEquals("signature type must be positive certification", Assert.assertEquals("signature type must be positive certification",
PGPSignature.POSITIVE_CERTIFICATION, ((SignaturePacket) p).getSignatureType()); PGPSignature.POSITIVE_CERTIFICATION, ((SignaturePacket) p).getSignatureType());