2024-06-10 15:22:41 +02:00
use std ::ffi ::OsStr ;
use std ::path ::Path ;
2024-08-20 15:06:49 +02:00
use super ::common ::{ Sq , STANDARD_POLICY } ;
2024-06-10 15:22:41 +02:00
use sequoia_openpgp as openpgp ;
2024-08-20 15:06:49 +02:00
use openpgp ::{
Cert ,
Result ,
cert ::amalgamation ::ValidateAmalgamation ,
} ;
2024-06-10 15:22:41 +02:00
#[ test ]
2024-08-20 15:06:49 +02:00
fn update_files ( ) -> Result < ( ) > {
2024-06-10 15:22:41 +02:00
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std ::time ::SystemTime ::now ( )
- std ::time ::Duration ::new ( 60 * 60 , 0 ) ;
let sq = Sq ::at ( now ) ;
let alice_userid = " <alice@example.org> " ;
let ( alice , alice_pgp , _alice_rev )
= sq . key_generate ( & [ ] , & [ " <alice@example.org> " ] ) ;
let ( _bob , bob_pgp , _bob_rev )
= sq . key_generate ( & [ ] , & [ " <bob@example.org> " ] ) ;
// Attest the certifications.
//
// public is first merged into private.
let attest = | sq : & Sq , public : & Path | {
let priv_file = sq . scratch_file (
& * format! ( " {} -priv " ,
public . file_name ( )
. unwrap_or ( OsStr ::new ( " " ) )
. to_str ( ) . unwrap_or ( " " ) ) ) ;
sq . toolbox_keyring_merge (
vec! [ public , & alice_pgp ] , None ,
& * priv_file ) ;
let attestation_file = sq . scratch_file (
& * format! ( " {} -attestation " , public . display ( ) ) ) ;
2024-08-12 15:48:22 +02:00
let attestation = sq . key_approvals_update (
2024-08-20 15:06:49 +02:00
& priv_file , & [ " --add-all " ] , & * attestation_file ) ;
2024-06-10 15:22:41 +02:00
eprintln! ( " {} " , sq . inspect ( & attestation_file ) ) ;
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 1 ) ;
} ;
// Attest nothing.
attest ( & sq , & alice_pgp ) ;
// Have Bob certify Alice.
let alice2_pub_pgp = sq . scratch_file ( " alice2_pub " ) ;
let alice2 = sq . pki_certify ( & [ ] ,
& bob_pgp ,
& alice_pgp ,
2024-10-14 10:52:49 +02:00
& [ alice_userid ] ,
2024-06-10 15:22:41 +02:00
& * alice2_pub_pgp ) ;
assert_eq! ( alice2 . fingerprint ( ) , alice . fingerprint ( ) ) ;
// Attest Bob's certification.
attest ( & sq , & alice2_pub_pgp ) ;
2024-06-10 17:04:46 +02:00
Ok ( ( ) )
}
2024-08-20 15:06:49 +02:00
const ALICE_USERID : & str = " <alice@example.org> " ;
const BOB_USERID : & str = " <bob@example.org> " ;
fn make_keys ( sq : & Sq ) -> Result < ( Cert , Cert ) > {
let ( alice , alice_pgp , _alice_rev )
= sq . key_generate ( & [ ] , & [ ALICE_USERID ] ) ;
let ( bob , bob_pgp , _bob_rev )
= sq . key_generate ( & [ ] , & [ BOB_USERID ] ) ;
sq . key_import ( alice_pgp ) ;
sq . key_import ( bob_pgp ) ;
Ok ( ( alice , bob ) )
}
2024-06-10 17:04:46 +02:00
#[ test ]
2024-08-20 15:06:49 +02:00
fn update_all ( ) -> Result < ( ) > {
2024-06-10 17:04:46 +02:00
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std ::time ::SystemTime ::now ( )
- std ::time ::Duration ::new ( 60 * 60 , 0 ) ;
let sq = Sq ::at ( now ) ;
2024-08-20 15:06:49 +02:00
let ( alice , bob ) = make_keys ( & sq ) ? ;
2024-06-10 17:04:46 +02:00
2024-08-20 15:06:49 +02:00
// Attest the zero certifications.
let attestation = sq . key_approvals_update (
alice . key_handle ( ) , & [ " --add-all " ] , None ) ;
2024-06-10 17:04:46 +02:00
2024-08-20 15:06:49 +02:00
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 1 ) ;
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 0 ) ;
// Have Bob certify Alice.
let alice2 = sq . pki_certify ( & [ ] ,
bob . key_handle ( ) ,
alice . key_handle ( ) ,
2024-10-14 10:52:49 +02:00
& [ ALICE_USERID ] ,
2024-08-20 15:06:49 +02:00
None ) ;
assert_eq! ( alice2 . fingerprint ( ) , alice . fingerprint ( ) ) ;
// Attest Bob's certification.
let attestation = sq . key_approvals_update (
& alice . key_handle ( ) , & [ " --add-all " ] , None ) ;
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 2 ) ;
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 1 ) ;
// Drop the approval of Bob's certification.
let attestation = sq . key_approvals_update (
& alice . key_handle ( ) , & [ " --remove-all " ] , None ) ;
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 3 ) ;
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 0 ) ;
Ok ( ( ) )
}
#[ test ]
fn update_by ( ) -> Result < ( ) > {
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std ::time ::SystemTime ::now ( )
- std ::time ::Duration ::new ( 60 * 60 , 0 ) ;
let sq = Sq ::at ( now ) ;
let ( alice , bob ) = make_keys ( & sq ) ? ;
let bob_fp = bob . fingerprint ( ) . to_string ( ) ;
2024-06-10 17:04:46 +02:00
// Attest the zero certifications.
2024-08-12 15:48:22 +02:00
let attestation = sq . key_approvals_update (
2024-08-20 15:06:49 +02:00
alice . key_handle ( ) , & [ " --add-by " , & bob_fp ] , None ) ;
2024-06-10 17:04:46 +02:00
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 1 ) ;
2024-08-20 15:06:49 +02:00
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 0 ) ;
2024-06-10 17:04:46 +02:00
// Have Bob certify Alice.
let alice2 = sq . pki_certify ( & [ ] ,
bob . key_handle ( ) ,
alice . key_handle ( ) ,
2024-10-14 10:52:49 +02:00
& [ ALICE_USERID ] ,
2024-06-10 17:04:46 +02:00
None ) ;
assert_eq! ( alice2 . fingerprint ( ) , alice . fingerprint ( ) ) ;
// Attest Bob's certification.
2024-08-12 15:48:22 +02:00
let attestation = sq . key_approvals_update (
2024-08-20 15:06:49 +02:00
& alice . key_handle ( ) , & [ " --add-by " , & bob_fp ] , None ) ;
2024-06-10 17:04:46 +02:00
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 2 ) ;
2024-08-20 15:06:49 +02:00
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 1 ) ;
// Drop the approval of Bob's certification.
let attestation = sq . key_approvals_update (
& alice . key_handle ( ) , & [ " --remove-by " , & bob_fp ] , None ) ;
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 3 ) ;
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 0 ) ;
Ok ( ( ) )
}
#[ test ]
fn update_authenticated ( ) -> Result < ( ) > {
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std ::time ::SystemTime ::now ( )
- std ::time ::Duration ::new ( 60 * 60 , 0 ) ;
let sq = Sq ::at ( now ) ;
let ( alice , bob ) = make_keys ( & sq ) ? ;
let bob_fp = bob . fingerprint ( ) . to_string ( ) ;
// Have Bob certify Alice.
let alice2 = sq . pki_certify ( & [ ] ,
bob . key_handle ( ) ,
alice . key_handle ( ) ,
2024-10-14 10:52:49 +02:00
& [ ALICE_USERID ] ,
2024-08-20 15:06:49 +02:00
None ) ;
assert_eq! ( alice2 . fingerprint ( ) , alice . fingerprint ( ) ) ;
// Attest the zero certifications.
let attestation = sq . key_approvals_update (
alice . key_handle ( ) , & [ " --add-authenticated " ] , None ) ;
2024-06-10 17:04:46 +02:00
2024-08-20 15:06:49 +02:00
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 1 ) ;
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 0 ) ;
// Link Bob's cert to his user ID.
let mut link = sq . command ( ) ;
2024-10-15 13:17:57 +02:00
link . args ( & [ " pki " , " link " , " add " , " --cert " , & bob_fp , BOB_USERID ] ) ;
2024-08-20 15:06:49 +02:00
sq . run ( link , true ) ;
// Attest Bob's certification.
let attestation = sq . key_approvals_update (
& alice . key_handle ( ) , & [ " --add-authenticated " ] , None ) ;
assert_eq! ( attestation . bad_signatures ( ) . count ( ) , 0 ) ;
let attestation_ua = attestation . userids ( ) . next ( ) . unwrap ( ) ;
assert_eq! ( attestation_ua . attestations ( ) . count ( ) , 2 ) ;
assert_eq! ( attestation_ua . with_policy ( STANDARD_POLICY , None ) . unwrap ( )
. attested_certifications ( ) . count ( ) , 1 ) ;
2024-06-10 17:04:46 +02:00
2024-06-10 15:22:41 +02:00
Ok ( ( ) )
}
