7 #include "zypp/base/Logger.h"
8 #include "zypp/base/Exception.h"
9 #include "zypp/KeyRing.h"
10 #include "zypp/PublicKey.h"
11 #include "zypp/TmpPath.h"
13 #include <boost/test/auto_unit_test.hpp>
15 #include "KeyRingTestReceiver.h"
17 using boost::unit_test::test_suite;
18 using boost::unit_test::test_case;
22 using namespace zypp::filesystem;
24 #define DATADIR (Pathname(TESTS_SRC_DIR) + "/zypp/data/KeyRing")
26 BOOST_AUTO_TEST_CASE(keyring_test)
28 PublicKey key( Pathname(DATADIR) + "public.asc" );
32 * import a not trusted key
33 * ask for accept, answer yes 'temporarily'
36 KeyRingTestReceiver keyring_callbacks;
37 KeyRingTestSignalReceiver receiver;
38 // base sandbox for playing
40 KeyRing keyring( tmp_dir.path() );
42 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
43 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
45 keyring.importKey( key, false );
47 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 1 );
48 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
50 BOOST_CHECK_MESSAGE( keyring.isKeyKnown( key.id() ), "Imported untrusted key should be known");
51 BOOST_CHECK_MESSAGE( ! keyring.isKeyTrusted( key.id() ), "Imported untrusted key should be untrusted");
53 keyring_callbacks.answerAcceptKey(KeyRingReport::KEY_TRUST_TEMPORARILY);
54 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", DATADIR + "repomd.xml.asc");
56 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
57 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust and/or import");
58 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "The signature validates");
59 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
61 BOOST_CHECK_MESSAGE( to_continue, "We did not import, but we trusted and signature validates.");
66 * import a not trusted key
67 * ask to accept, answer yes 'temporarily'
68 * vorrupt the file and check
71 KeyRingTestReceiver keyring_callbacks;
72 KeyRingTestSignalReceiver receiver;
73 // base sandbox for playing
75 KeyRing keyring( tmp_dir.path() );
77 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
78 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
80 keyring.importKey( key, false );
82 keyring_callbacks.answerAcceptKey(KeyRingReport::KEY_TRUST_TEMPORARILY);
84 // now we will recheck with a corrupted file
85 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml.corrupted", "Blah Blah", DATADIR + "repomd.xml.asc");
87 // check wether the user got the right questions
88 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
89 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust and/or import");
90 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptVerFailed(), "The signature does not validates");
91 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
93 BOOST_CHECK_MESSAGE( ! to_continue, "We did not continue with a corrupted file");
98 * import a not trusted key
99 * ask for trust, answer yes
100 * ask for import, answer no
101 * check without signature
104 KeyRingTestReceiver keyring_callbacks;
105 KeyRingTestSignalReceiver receiver;
106 // base sandbox for playing
108 KeyRing keyring( tmp_dir.path() );
110 keyring.importKey( key, false );
112 keyring_callbacks.answerAcceptKey(KeyRingReport::KEY_TRUST_TEMPORARILY);
113 // now we will recheck with a unsigned file
114 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", Pathname() );
116 // check wether the user got the right questions
117 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
118 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptKey(), "No signature, no key to trust");
119 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptUnsignedFile(), "Ask the user wether to accept an unsigned file");
120 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "There is no signature to verify");
122 BOOST_CHECK_MESSAGE( ! to_continue, "We did not continue with a unsigned file");
127 * should ask for unknown key
131 KeyRingTestReceiver keyring_callbacks;
132 KeyRingTestSignalReceiver receiver;
133 // base sandbox for playing
135 KeyRing keyring( tmp_dir.path() );
137 BOOST_CHECK_MESSAGE( ! keyring.isKeyKnown( key.id() ), "empty keyring has not known keys");
139 //keyring_callbacks.answerAcceptUnknownKey(true);
140 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", DATADIR + "repomd.xml.asc");
141 BOOST_CHECK_MESSAGE(keyring_callbacks.askedAcceptUnknownKey(), "Should ask to accept unknown key, empty keyring");
142 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptKey(), "Unknown key cant be trusted");
143 BOOST_CHECK_MESSAGE( ! to_continue, "We answered no to accept unknown key");
152 KeyRingTestReceiver keyring_callbacks;
153 KeyRingTestSignalReceiver receiver;
154 // base sandbox for playing
156 KeyRing keyring( tmp_dir.path() );
158 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
159 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
161 keyring.importKey( key, true );
163 BOOST_CHECK_EQUAL( receiver._trusted_key_added_called, true );
165 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
166 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 1 );
168 BOOST_CHECK_MESSAGE( keyring.isKeyKnown( key.id() ), "Imported trusted key should be known");
169 BOOST_CHECK_MESSAGE( keyring.isKeyTrusted( key.id() ), "Imported trusted key should be trusted");
171 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", DATADIR + "repomd.xml.asc");
173 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
174 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust and/or import");
175 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "The signature validates");
176 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
178 BOOST_CHECK_MESSAGE( to_continue, "We did not import, but we trusted and signature validates.");
180 //keyring.importKey( key, true );
181 //BOOST_CHECK_EQUAL( receiver._trusted_key_added_called, true );
182 //BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), 1 );
184 /* check signature id can be extracted */
188 BOOST_AUTO_TEST_CASE(signature_test)
190 PublicKey key( DATADIR + "public.asc" );
193 KeyRingTestReceiver keyring_callbacks;
194 KeyRingTestSignalReceiver receiver;
195 // base sandbox for playing
197 KeyRing keyring( tmp_dir.path() );
199 BOOST_CHECK_EQUAL( keyring.readSignatureKeyId( DATADIR + "repomd.xml.asc" ), "BD61D89BD98821BE" );
200 BOOST_CHECK_THROW( keyring.readSignatureKeyId(Pathname()), Exception );
202 BOOST_CHECK_EQUAL( keyring.readSignatureKeyId(tmp.path()), "" );
204 keyring.importKey(key);
206 BOOST_CHECK(keyring.verifyFileSignature( DATADIR + "repomd.xml", DATADIR + "repomd.xml.asc"));
207 BOOST_CHECK( ! keyring.verifyFileSignature( DATADIR + "repomd.xml.corrupted", DATADIR + "repomd.xml.asc"));
211 BOOST_AUTO_TEST_CASE(keyring_import)
213 // base sandbox for playing
215 KeyRing keyring( tmp_dir.path() );
216 struct Receiver: public callback::ReceiveReport<KeyRingSignals>
221 virtual void trustedKeyAdded( const PublicKey & key_r )
224 virtual void trustedKeyRemoved( const PublicKey & key_r )
230 ///////////////////////////////////////////////////////////////////
231 // Make sure we get a proper callback notification if multiple
232 // keys are imported at once.
233 ///////////////////////////////////////////////////////////////////
234 PublicKey key( DATADIR + "installkey.gpg" );
235 BOOST_CHECK_EQUAL( key.hiddenKeys().size(), 2 );
236 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), 0 );
237 keyring.importKey( key, true );
238 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), 3 );
239 BOOST_CHECK_EQUAL( receiver._cbcnt, keyring.trustedPublicKeys().size() );
242 BOOST_AUTO_TEST_CASE(keyring_delete)
244 PublicKey key( Pathname(DATADIR) + "public.asc" );
246 * import and delete untrusted key
249 // base sandbox for playing
251 KeyRing keyring( tmp_dir.path() );
253 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
254 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
256 keyring.importKey( key, false );
258 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 1 );
259 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
261 keyring.deleteKey( key.id(), false);
263 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
264 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
268 * import and delete trusted key
271 // base sandbox for playing
273 KeyRing keyring( tmp_dir.path() );
275 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
276 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
278 keyring.importKey( key, true );
280 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
281 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 1 );
283 //try to delete from untrusted keyring
284 keyring.deleteKey( key.id(), false);
286 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
287 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 1 );
289 keyring.deleteKey( key.id(), true);
291 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
292 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );