7 #include "zypp/base/Logger.h"
8 #include "zypp/base/Exception.h"
9 #include "zypp/KeyRing.h"
10 #include "zypp/PublicKey.h"
11 #include "zypp/TmpPath.h"
13 #include <boost/test/unit_test.hpp>
15 #include "KeyRingTestReceiver.h"
17 using boost::unit_test::test_suite;
18 using boost::unit_test::test_case;
19 using namespace boost::unit_test::log;
23 using namespace zypp::filesystem;
25 #define DATADIR (Pathname(TESTS_SRC_DIR) + "/zypp/data/KeyRing")
27 BOOST_AUTO_TEST_CASE(keyring_test)
29 PublicKey key( Pathname(DATADIR) + "public.asc" );
33 * import a not trusted key
34 * ask for trust, answer yes
35 * ask for import, answer no
38 KeyRingTestReceiver keyring_callbacks;
39 KeyRingTestSignalReceiver receiver;
40 // base sandbox for playing
42 KeyRing keyring( tmp_dir.path() );
44 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
45 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
47 keyring.importKey( key, false );
49 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 1 );
50 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
52 BOOST_CHECK_MESSAGE( keyring.isKeyKnown( key.id() ), "Imported untrusted key should be known");
53 BOOST_CHECK_MESSAGE( ! keyring.isKeyTrusted( key.id() ), "Imported untrusted key should be untrusted");
55 keyring_callbacks.answerTrustKey(true);
56 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", DATADIR + "repomd.xml.asc");
58 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
59 BOOST_CHECK_MESSAGE( keyring_callbacks.askedTrustKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust");
60 BOOST_CHECK_MESSAGE( keyring_callbacks.askedImportKey(), "Trusting a key should ask for import");
61 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "The signature validates");
62 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
64 BOOST_CHECK_MESSAGE( to_continue, "We did not import, but we trusted and signature validates.");
69 * import a not trusted key
70 * ask for trust, answer yes
71 * ask for import, answer no
72 * vorrupt the file and check
75 KeyRingTestReceiver keyring_callbacks;
76 KeyRingTestSignalReceiver receiver;
77 // base sandbox for playing
79 KeyRing keyring( tmp_dir.path() );
81 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
82 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
84 keyring.importKey( key, false );
86 keyring_callbacks.answerTrustKey(true);
88 // now we will recheck with a corrupted file
89 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml.corrupted", "Blah Blah", DATADIR + "repomd.xml.asc");
91 // check wether the user got the right questions
92 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
93 BOOST_CHECK_MESSAGE( keyring_callbacks.askedTrustKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust");
94 BOOST_CHECK_MESSAGE( keyring_callbacks.askedImportKey(), "Trusting a key should ask for import");
95 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptVerFailed(), "The signature does not validates");
96 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
98 BOOST_CHECK_MESSAGE( ! to_continue, "We did not continue with a corrupted file");
103 * import a not trusted key
104 * ask for trust, answer yes
105 * ask for import, answer no
106 * check without signature
109 KeyRingTestReceiver keyring_callbacks;
110 KeyRingTestSignalReceiver receiver;
111 // base sandbox for playing
113 KeyRing keyring( tmp_dir.path() );
115 keyring.importKey( key, false );
117 keyring_callbacks.answerTrustKey(true);
118 // now we will recheck with a unsigned file
119 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", Pathname() );
121 // check wether the user got the right questions
122 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
123 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedTrustKey(), "No signature, no key to trust");
124 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedImportKey(), "No signature, no key to import");
125 BOOST_CHECK_MESSAGE( keyring_callbacks.askedAcceptUnsignedFile(), "Ask the user wether to accept an unsigned file");
126 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "There is no signature to verify");
128 BOOST_CHECK_MESSAGE( ! to_continue, "We did not continue with a unsigned file");
133 * should ask for unknown key
137 KeyRingTestReceiver keyring_callbacks;
138 KeyRingTestSignalReceiver receiver;
139 // base sandbox for playing
141 KeyRing keyring( tmp_dir.path() );
143 BOOST_CHECK_MESSAGE( ! keyring.isKeyKnown( key.id() ), "empty keyring has not known keys");
145 //keyring_callbacks.answerAcceptUnknownKey(true);
146 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", DATADIR + "repomd.xml.asc");
147 BOOST_CHECK_MESSAGE(keyring_callbacks.askedAcceptUnknownKey(), "Should ask to accept unknown key, empty keyring");
148 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedTrustKey(), "Unknown key cant be trusted");
149 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedImportKey(), "Unknown key cant be imported");
151 BOOST_CHECK_MESSAGE( ! to_continue, "We answered no to accept unknown key");
160 KeyRingTestReceiver keyring_callbacks;
161 KeyRingTestSignalReceiver receiver;
162 // base sandbox for playing
164 KeyRing keyring( tmp_dir.path() );
166 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
167 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 0 );
169 keyring.importKey( key, true );
171 BOOST_CHECK_EQUAL( receiver._trusted_key_added_called, true );
173 BOOST_CHECK_EQUAL( keyring.publicKeys().size(), (unsigned) 0 );
174 BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), (unsigned) 1 );
176 BOOST_CHECK_MESSAGE( keyring.isKeyKnown( key.id() ), "Imported trusted key should be known");
177 BOOST_CHECK_MESSAGE( keyring.isKeyTrusted( key.id() ), "Imported trusted key should be trusted");
179 bool to_continue = keyring.verifyFileSignatureWorkflow( DATADIR + "repomd.xml", "Blah Blah", DATADIR + "repomd.xml.asc");
181 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnknownKey(), "Should not ask for unknown key, it was known");
182 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedTrustKey(), "Verify Signature Workflow with only 1 untrusted key should ask user wether to trust");
183 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedImportKey(), "Trusting a key should ask for import");
184 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptVerFailed(), "The signature validates");
185 BOOST_CHECK_MESSAGE( ! keyring_callbacks.askedAcceptUnsignedFile(), "It is a signed file, so dont ask the opposite");
187 BOOST_CHECK_MESSAGE( to_continue, "We did not import, but we trusted and signature validates.");
189 //keyring.importKey( key, true );
190 //BOOST_CHECK_EQUAL( receiver._trusted_key_added_called, true );
191 //BOOST_CHECK_EQUAL( keyring.trustedPublicKeys().size(), 1 );
193 /* check signature id can be extracted */
197 BOOST_AUTO_TEST_CASE(signature_test)
199 PublicKey key( DATADIR + "public.asc" );
202 KeyRingTestReceiver keyring_callbacks;
203 KeyRingTestSignalReceiver receiver;
204 // base sandbox for playing
206 KeyRing keyring( tmp_dir.path() );
208 BOOST_CHECK_EQUAL( keyring.readSignatureKeyId( DATADIR + "repomd.xml.asc" ), "BD61D89BD98821BE" );
209 BOOST_CHECK_THROW( keyring.readSignatureKeyId(Pathname()), Exception );
211 BOOST_CHECK_EQUAL( keyring.readSignatureKeyId(tmp.path()), "" );
213 keyring.importKey(key);
215 BOOST_CHECK(keyring.verifyFileSignature( DATADIR + "repomd.xml", DATADIR + "repomd.xml.asc"));
216 BOOST_CHECK( ! keyring.verifyFileSignature( DATADIR + "repomd.xml.corrupted", DATADIR + "repomd.xml.asc"));