sequoia-sq/tests/sq-key-expire.rs
Neal H. Walfield 38221a3d7d
tests: Dry out the test framework.
- Replace uses of `sq_key_generate` with `Sq::key_generate`, and
    remove `sq_key_generate`.
2024-08-13 10:08:04 +02:00

122 lines
3.8 KiB
Rust

use std::time::Duration;
use openpgp::parse::Parse;
use openpgp::Cert;
use openpgp::Result;
use sequoia_openpgp as openpgp;
mod common;
use common::STANDARD_POLICY;
use common::Sq;
use common::time_as_string;
#[test]
fn sq_key_expire() -> Result<()> {
for keystore in [false, true] {
let mut sq = Sq::new();
let (cert, cert_path, _rev_path)
= sq.key_generate(&[], &["alice <alice@example.org>"]);
let fpr = cert.fingerprint().to_string();
// Two days go by.
sq.tick(2 * 24 * 60 * 60);
let updated_path = sq.scratch_file("updated.pgp");
let updated2_path = sq.scratch_file("updated2.pgp");
if keystore {
sq.key_import(&cert_path);
}
// Change the key to expire in one day.
let mut cmd = sq.command();
cmd.args(["key", "expire", "1d"]);
if keystore {
cmd.args(["--cert", &fpr ]);
} else {
cmd
.arg("--force")
.arg("--cert-file").arg(&cert_path)
.arg("--output").arg(&updated_path);
}
sq.run(cmd, true);
let updated = if keystore {
eprintln!("Updated certificate to expire in one day:\n{}",
sq.inspect(cert.key_handle()));
sq.cert_export(cert.key_handle())
} else {
eprintln!("Updated certificate to expire in one day:\n{}",
sq.inspect(&updated_path));
Cert::from_file(&updated_path).expect("valid cert")
};
// It should be alive now.
let vc = updated.with_policy(STANDARD_POLICY, sq.now()).expect("valid");
assert!(matches!(vc.alive(), Ok(())));
// It should be alive in 1 day minus 1 second.
let t = sq.now() + Duration::new(24 * 60 * 60 - 1, 0);
eprintln!("Checking expiration status at {}", time_as_string(t.into()));
let vc = updated.with_policy(STANDARD_POLICY, t).expect("valid");
assert!(matches!(vc.alive(), Ok(())));
// But in exactly one day, it should be expired.
let t = sq.now() + Duration::new(24 * 60 * 60, 0);
eprintln!("Checking expiration status at {}", time_as_string(t.into()));
let vc = updated.with_policy(STANDARD_POLICY, t).expect("valid");
assert!(matches!(vc.alive(), Err(_)));
// 12 hours go by. Clear the expiration time.
sq.tick(12 * 60 * 60);
let mut cmd = sq.command();
cmd.args([ "key", "expire", "never" ]);
if keystore {
cmd.args([ "--cert", &fpr ]);
} else {
cmd.args([
"--cert-file", &updated_path.to_string_lossy(),
"--output", &updated2_path.to_string_lossy(),
]);
}
sq.run(cmd, true);
let updated = if keystore {
eprintln!("Updated certificate to expire in one day:\n{}",
sq.inspect(cert.key_handle()));
sq.cert_export(cert.key_handle())
} else {
eprintln!("Updated certificate to expire in one day:\n{}",
sq.inspect(&updated2_path));
Cert::from_file(&updated2_path).expect("valid cert")
};
// It should be alive now.
let vc = updated.with_policy(STANDARD_POLICY, None)
.expect("valid");
assert!(matches!(vc.alive(), Ok(())));
// It should be alive in 1 day minus 1 second.
let vc = updated.with_policy(
STANDARD_POLICY,
sq.now() + Duration::new(24 * 60 * 60 - 1, 0))
.expect("valid");
assert!(matches!(vc.alive(), Ok(())));
// And in exactly one day...
let vc = updated.with_policy(
STANDARD_POLICY,
sq.now() + Duration::new(24 * 60 * 60, 0))
.expect("valid");
assert!(matches!(vc.alive(), Ok(())));
}
Ok(())
}