7 #include "zypp/base/Logger.h"
8 #include "zypp/base/Exception.h"
9 #include "zypp/KeyRing.h"
10 #include "zypp/PublicKey.h"
11 #include "zypp/TmpPath.h"
13 #include <boost/test/unit_test.hpp>
14 #include <boost/test/parameterized_test.hpp>
15 #include <boost/test/unit_test_log.hpp>
17 #include "KeyRingTestReceiver.h"
19 using boost::unit_test::test_suite;
20 using boost::unit_test::test_case;
21 using namespace boost::unit_test::log;
25 using namespace zypp::filesystem;
27 void keyring_test( const string &dir )
29 PublicKey key( Pathname(dir) + "public.asc" );
35 * import a not trusted key
36 * ask for trust, answer yes
37 * ask for import, answer no
40 KeyRingTestReceiver keyring_callbacks;
41 KeyRingTestSignalReceiver receiver;
42 // base sandbox for playing
44 KeyRing keyring( tmp_dir.path() );
46 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
47 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
49 keyring.importKey( key, false );
51 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 1 );
52 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
54 BOOST_CHECK_MESSAGE( keyring.isKeyKnown( key.id() ), "Imported untrusted key should be known");
55 BOOST_CHECK_MESSAGE( ! keyring.isKeyTrusted( key.id() ), "Imported untrusted key should be untrusted");
57 keyring_callbacks.answerTrustKey(true);
58 bool to_continue = keyring.verifyFileSignatureWorkflow( Pathname(dir) + "repomd.xml", "Blah Blah", Pathname(dir) + "repomd.xml.asc");
60 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
61 BOOST_CHECK_MESSAGE( keyring_callbacks.askedTrustKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust");
62 BOOST_CHECK_MESSAGE( keyring_callbacks.askedImportKey(), "Trusting a key should ask for import");
63 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "The signature validates");
64 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
66 BOOST_CHECK_MESSAGE( to_continue, "We did not import, but we trusted and signature validates.");
71 * import a not trusted key
72 * ask for trust, answer yes
73 * ask for import, answer no
74 * vorrupt the file and check
77 KeyRingTestReceiver keyring_callbacks;
78 KeyRingTestSignalReceiver receiver;
79 // base sandbox for playing
81 KeyRing keyring( tmp_dir.path() );
83 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
84 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
86 keyring.importKey( key, false );
88 keyring_callbacks.answerTrustKey(true);
90 // now we will recheck with a corrupted file
91 bool to_continue = keyring.verifyFileSignatureWorkflow( Pathname(dir) + "repomd.xml.corrupted", "Blah Blah", Pathname(dir) + "repomd.xml.asc");
93 // check wether the user got the right questions
94 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
95 BOOST_CHECK_MESSAGE( keyring_callbacks.askedTrustKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust");
96 BOOST_CHECK_MESSAGE( keyring_callbacks.askedImportKey(), "Trusting a key should ask for import");
97 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptVerFailed(), "The signature does not validates");
98 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
100 BOOST_CHECK_MESSAGE( ! to_continue, "We did not continue with a corrupted file");
105 * import a not trusted key
106 * ask for trust, answer yes
107 * ask for import, answer no
108 * check without signature
111 KeyRingTestReceiver keyring_callbacks;
112 KeyRingTestSignalReceiver receiver;
113 // base sandbox for playing
115 KeyRing keyring( tmp_dir.path() );
117 keyring.importKey( key, false );
119 keyring_callbacks.answerTrustKey(true);
120 // now we will recheck with a unsigned file
121 bool to_continue = keyring.verifyFileSignatureWorkflow( Pathname(dir) + "repomd.xml", "Blah Blah", Pathname() );
123 // check wether the user got the right questions
124 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
125 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedTrustKey(), "No signature, no key to trust");
126 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedImportKey(), "No signature, no key to import");
127 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptUnsignedFile(), "Ask the user wether to accept an unsigned file");
128 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "There is no signature to verify");
130 BOOST_CHECK_MESSAGE( ! to_continue, "We did not continue with a unsigned file");
135 * should ask for unknown key
139 KeyRingTestReceiver keyring_callbacks;
140 KeyRingTestSignalReceiver receiver;
141 // base sandbox for playing
143 KeyRing keyring( tmp_dir.path() );
145 BOOST_CHECK_MESSAGE( ! keyring.isKeyKnown( key.id() ), "empty keyring has not known keys");
147 //keyring_callbacks.answerAcceptUnknownKey(true);
148 bool to_continue = keyring.verifyFileSignatureWorkflow( Pathname(dir) + "repomd.xml", "Blah Blah", Pathname(dir) + "repomd.xml.asc");
149 BOOST_CHECK_MESSAGE(keyring_callbacks.askedAcceptUnknownKey(), "Should ask to accept unknown key, empty keyring");
150 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedTrustKey(), "Unknown key cant be trusted");
151 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedImportKey(), "Unknown key cant be imported");
153 BOOST_CHECK_MESSAGE( ! to_continue, "We answered no to accept unknown key");
162 KeyRingTestReceiver keyring_callbacks;
163 KeyRingTestSignalReceiver receiver;
164 // base sandbox for playing
166 KeyRing keyring( tmp_dir.path() );
168 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
169 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
171 keyring.importKey( key, true );
173 BOOST_CHECK_EQUAL( receiver._trusted_key_added_called, true );
175 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
176 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 1 );
178 BOOST_CHECK_MESSAGE( keyring.isKeyKnown( key.id() ), "Imported trusted key should be known");
179 BOOST_CHECK_MESSAGE( keyring.isKeyTrusted( key.id() ), "Imported trusted key should be trusted");
181 bool to_continue = keyring.verifyFileSignatureWorkflow( Pathname(dir) + "repomd.xml", "Blah Blah", Pathname(dir) + "repomd.xml.asc");
183 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
184 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedTrustKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust");
185 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedImportKey(), "Trusting a key should ask for import");
186 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "The signature validates");
187 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
189 BOOST_CHECK_MESSAGE( to_continue, "We did not import, but we trusted and signature validates.");
191 //keyring.importKey( key, true );
192 //BOOST_CHECK_EQUAL( receiver._trusted_key_added_called, true );
193 //BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), 1 );
195 /* check signature id can be extracted */
199 void keyring_signature_test( const string &dir )
201 PublicKey key( Pathname(dir) + "public.asc" );
204 KeyRingTestReceiver keyring_callbacks;
205 KeyRingTestSignalReceiver receiver;
206 // base sandbox for playing
208 KeyRing keyring( tmp_dir.path() );
210 BOOST_CHECK_EQUAL( keyring.readSignatureKeyId( Pathname(dir) + "repomd.xml.asc" ), "BD61D89BD98821BE" );
211 BOOST_CHECK_THROW( keyring.readSignatureKeyId(Pathname()), Exception );
213 BOOST_CHECK_EQUAL( keyring.readSignatureKeyId(tmp.path()), "" );
215 keyring.importKey(key);
217 BOOST_CHECK(keyring.verifyFileSignature( Pathname(dir) + "repomd.xml", Pathname(dir) + "repomd.xml.asc"));
218 BOOST_CHECK( ! keyring.verifyFileSignature( Pathname(dir) + "repomd.xml.corrupted", Pathname(dir) + "repomd.xml.asc"));
223 init_unit_test_suite( int argc, char* argv[] )
228 datadir = TESTS_SRC_DIR;
229 datadir = (Pathname(datadir) + "/zypp/data/KeyRing").asString();
230 cout << "keyring_test:"
231 " path to directory with test data required as parameter. Using " << datadir << endl;
232 //return (test_suite *)0;
239 std::string const params[] = { datadir };
240 //set_log_stream( std::cout );
241 test_suite* test= BOOST_TEST_SUITE( "PublicKeyTest" );
242 test->add(BOOST_PARAM_TEST_CASE( &keyring_test,
243 (std::string const*)params, params+1));
244 test->add(BOOST_PARAM_TEST_CASE( &keyring_signature_test,
245 (std::string const*)params, params+1));