diff options
| author | Heiko <heiko@schaefer.name> | 2021-05-10 15:11:42 +0200 |
|---|---|---|
| committer | Heiko <heiko@schaefer.name> | 2021-05-10 15:11:42 +0200 |
| commit | 7f04ac9599d61f12c8df8d45fb2e8ca3cea15b38 (patch) | |
| tree | f8cc07d56350afdd3b7d98b28f359000ff479cd8 | |
| parent | c686f22a9af66fc06dd7d93dd14e86782b81f841 (diff) | |
| download | openpgp-ca-7f04ac9599d61f12c8df8d45fb2e8ca3cea15b38.tar.gz | |
Turn functions into methods of the Ctx class.
| -rw-r--r-- | gnupg-test-wrapper/src/lib.rs | 478 | ||||
| -rw-r--r-- | openpgp-ca-lib/tests/test_gpg.rs | 110 | ||||
| -rw-r--r-- | openpgp-ca-lib/tests/test_oca.rs | 124 |
3 files changed, 358 insertions, 354 deletions
diff --git a/gnupg-test-wrapper/src/lib.rs b/gnupg-test-wrapper/src/lib.rs index 78544fe..ce1be6c 100644 --- a/gnupg-test-wrapper/src/lib.rs +++ b/gnupg-test-wrapper/src/lib.rs @@ -19,7 +19,7 @@ use std::process::Stdio; use anyhow::{Context, Result}; use csv::StringRecord; -// FIXME: `LC_ALL=C` to make calls locale-independent +// FIXME: `LC_ALL=C` to make calls locale-independent (rexpect calls) pub fn make_context() -> Result<Ctx> { let ctx = Ctx::ephemeral().context( @@ -271,6 +271,245 @@ impl Ctx { pub fn stop_all(&self) -> Result<()> { self.stop("all") } + + pub fn import(&self, what: &[u8]) { + let mut gpg = Command::new("gpg") + .env("LC_ALL", "C") + .stdin(Stdio::piped()) + .arg("--homedir") + .arg(self.directory("homedir").unwrap()) + .arg("--import") + .spawn() + .expect("failed to start gpg"); + gpg.stdin.as_mut().unwrap().write_all(what).unwrap(); + let status = gpg.wait().unwrap(); + assert!(status.success()); + } + + pub fn export(&self, search: &str) -> String { + let mut out = String::new(); + + let mut gpg = Command::new("gpg") + .env("LC_ALL", "C") + .stdout(Stdio::piped()) + .arg("--homedir") + .arg(self.directory("homedir").unwrap()) + .arg("--armor") + .arg("--export") + .arg(search) + .spawn() + .expect("failed to start gpg"); + let status = gpg.wait().unwrap(); + gpg.stdout + .as_mut() + .unwrap() + .read_to_string(&mut out) + .unwrap(); + assert!(status.success()); + + out + } + + pub fn export_secret(&self, search: &str) -> String { + let mut out = String::new(); + + let mut gpg = Command::new("gpg") + .env("LC_ALL", "C") + .stdout(Stdio::piped()) + .arg("--homedir") + .arg(self.directory("homedir").unwrap()) + .arg("--armor") + .arg("--export-secret-keys") + .arg(search) + .spawn() + .expect("failed to start gpg"); + let status = gpg.wait().unwrap(); + gpg.stdout + .as_mut() + .unwrap() + .read_to_string(&mut out) + .unwrap(); + assert!(status.success()); + + out + } + + pub fn list_keys(&self) -> Result<HashMap<String, String>> { + let res = self.list_keys_raw(); + + // filter: keep only the "uid" lines + let uids = res + .iter() + .filter(|&line| line.get(0) == Some("uid")) + .cloned() + .collect::<Vec<_>>(); + + // map: uid -> trust + Ok(uids + .iter() + .map(|u| { + (u.get(9).unwrap().to_owned(), u.get(1).unwrap().to_owned()) + }) + .collect()) + } + + fn list_keys_raw(&self) -> Vec<StringRecord> { + let gpg = Command::new("gpg") + .env("LC_ALL", "C") + .stdin(Stdio::piped()) + .arg("--homedir") + .arg(self.directory("homedir").unwrap()) + .arg("--list-keys") + .arg("--with-colons") + .output() + .expect("failed to start gpg"); + + let mut rdr = csv::ReaderBuilder::new() + .has_headers(false) + .delimiter(b':') + .flexible(true) + .from_reader(gpg.stdout.as_slice()); + + let status = gpg.status; + assert!(status.success()); + + rdr.records().map(|rec| rec.unwrap()).collect() + } + + pub fn edit_trust(&self, user_id: &str, trust: u8) -> Result<()> { + let homedir = + String::from(self.directory("homedir").unwrap().to_str().unwrap()); + + let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); + + let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("trust").unwrap(); + p.exp_string("Your decision?").unwrap(); + p.send_line(&format!("{}", trust)).unwrap(); + p.exp_string( + "Do you really want to set this key to ultimate trust? (y/N)", + ) + .unwrap(); + p.send_line("y").unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("quit").unwrap(); + p.exp_eof().unwrap(); + + Ok(()) + } + + pub fn make_revocation( + &self, + user_id: &str, + filename: &str, + reason: u8, + ) -> Result<()> { + let homedir = + String::from(self.directory("homedir").unwrap().to_str().unwrap()); + + let cmd = format!( + "gpg --homedir {} --output {} --gen-revoke {}", + homedir, filename, user_id + ); + + let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); + p.exp_string("Create a revocation certificate for this key? (y/N)") + .unwrap(); + p.send_line("y").unwrap(); + p.exp_string("Your decision?").unwrap(); + p.send_line(&format!("{}", reason)).unwrap(); + p.exp_string(">").unwrap(); + p.send_line("").unwrap(); + p.exp_string("Is this okay? (y/N)").unwrap(); + p.send_line("y").unwrap(); + p.exp_eof().unwrap(); + + Ok(()) + } + + pub fn edit_expire(&self, user_id: &str, expires: &str) -> Result<()> { + let homedir = + String::from(self.directory("homedir").unwrap().to_str().unwrap()); + + let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); + + let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("expire").unwrap(); + p.exp_string("Key is valid for? (0)").unwrap(); + p.send_line(expires).unwrap(); + p.exp_string("Is this correct? (y/N)").unwrap(); + p.send_line("y").unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("quit").unwrap(); + p.exp_string("Save changes? (y/N)").unwrap(); + p.send_line("y").unwrap(); + p.exp_eof().unwrap(); + + Ok(()) + } + + pub fn create_user(&self, user_id: &str) { + let mut gpg = Command::new("gpg") + .env("LC_ALL", "C") + .stdin(Stdio::piped()) + .arg("--homedir") + .arg(self.directory("homedir").unwrap()) + .arg("--quick-generate-key") + .arg("--batch") + .arg("--passphrase") + .arg("") + .arg(user_id.to_string()) + .spawn() + .expect("failed to start gpg"); + let status = gpg.wait().unwrap(); + assert!(status.success()); + } + + pub fn sign(&self, user_id: &str) -> Result<()> { + let homedir = + String::from(self.directory("homedir").unwrap().to_str().unwrap()); + + let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); + + let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("sign").unwrap(); + p.exp_string("Really sign? (y/N)").unwrap(); + p.send_line("y").unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("save").unwrap(); + p.exp_eof().unwrap(); + + Ok(()) + } + + pub fn tsign(&self, user_id: &str, level: u8, trust: u8) -> Result<()> { + let homedir = + String::from(self.directory("homedir").unwrap().to_str().unwrap()); + + let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); + + let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("tsign").unwrap(); + p.exp_string("Your selection?").unwrap(); + p.send_line(&format!("{}", trust)).unwrap(); + p.exp_string("Your selection?").unwrap(); + p.send_line(&format!("{}", level)).unwrap(); + p.exp_string("Your selection?").unwrap(); + p.send_line("").unwrap(); // domain + p.exp_string("Really sign? (y/N)").unwrap(); + p.send_line("y").unwrap(); + p.exp_string("gpg>").unwrap(); + p.send_line("quit").unwrap(); + p.exp_string("Save changes? (y/N)").unwrap(); + p.send_line("y").unwrap(); + p.exp_eof().unwrap(); + + Ok(()) + } } impl Drop for Ctx { @@ -310,240 +549,3 @@ pub enum GnupgError { /// The remote party violated the protocol. ProtocolError(String), } - -pub fn import(ctx: &Ctx, what: &[u8]) { - let mut gpg = Command::new("gpg") - .env("LC_ALL", "C") - .stdin(Stdio::piped()) - .arg("--homedir") - .arg(ctx.directory("homedir").unwrap()) - .arg("--import") - .spawn() - .expect("failed to start gpg"); - gpg.stdin.as_mut().unwrap().write_all(what).unwrap(); - let status = gpg.wait().unwrap(); - assert!(status.success()); -} - -pub fn export(ctx: &Ctx, search: &str) -> String { - let mut out = String::new(); - - let mut gpg = Command::new("gpg") - .env("LC_ALL", "C") - .stdout(Stdio::piped()) - .arg("--homedir") - .arg(ctx.directory("homedir").unwrap()) - .arg("--armor") - .arg("--export") - .arg(search) - .spawn() - .expect("failed to start gpg"); - let status = gpg.wait().unwrap(); - gpg.stdout - .as_mut() - .unwrap() - .read_to_string(&mut out) - .unwrap(); - assert!(status.success()); - - out -} - -pub fn export_secret(ctx: &Ctx, search: &str) -> String { - let mut out = String::new(); - - let mut gpg = Command::new("gpg") - .env("LC_ALL", "C") - .stdout(Stdio::piped()) - .arg("--homedir") - .arg(ctx.directory("homedir").unwrap()) - .arg("--armor") - .arg("--export-secret-keys") - .arg(search) - .spawn() - .expect("failed to start gpg"); - let status = gpg.wait().unwrap(); - gpg.stdout - .as_mut() - .unwrap() - .read_to_string(&mut out) - .unwrap(); - assert!(status.success()); - - out -} - -pub fn list_keys(ctx: &Ctx) -> Result<HashMap<String, String>> { - let res = list_keys_raw(&ctx); - - // filter: keep only the "uid" lines - let uids = res - .iter() - .filter(|&line| line.get(0) == Some("uid")) - .cloned() - .collect::<Vec<_>>(); - - // map: uid -> trust - Ok(uids - .iter() - .map(|u| (u.get(9).unwrap().to_owned(), u.get(1).unwrap().to_owned())) - .collect()) -} - -fn list_keys_raw(ctx: &Ctx) -> Vec<StringRecord> { - let gpg = Command::new("gpg") - .env("LC_ALL", "C") - .stdin(Stdio::piped()) - .arg("--homedir") - .arg(ctx.directory("homedir").unwrap()) - .arg("--list-keys") - .arg("--with-colons") - .output() - .expect("failed to start gpg"); - - let mut rdr = csv::ReaderBuilder::new() - .has_headers(false) - .delimiter(b':') - .flexible(true) - .from_reader(gpg.stdout.as_slice()); - - let status = gpg.status; - assert!(status.success()); - - rdr.records().map(|rec| rec.unwrap()).collect() -} - -pub fn edit_trust(ctx: &Ctx, user_id: &str, trust: u8) -> Result<()> { - let homedir = - String::from(ctx.directory("homedir").unwrap().to_str().unwrap()); - - let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); - - let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("trust").unwrap(); - p.exp_string("Your decision?").unwrap(); - p.send_line(&format!("{}", trust)).unwrap(); - p.exp_string( - "Do you really want to set this key to ultimate trust? (y/N)", - ) - .unwrap(); - p.send_line("y").unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("quit").unwrap(); - p.exp_eof().unwrap(); - - Ok(()) -} - -pub fn make_revocation( - ctx: &Ctx, - user_id: &str, - filename: &str, - reason: u8, -) -> Result<()> { - let homedir = - String::from(ctx.directory("homedir").unwrap().to_str().unwrap()); - - let cmd = format!( - "gpg --homedir {} --output {} --gen-revoke {}", - homedir, filename, user_id - ); - - let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); - p.exp_string("Create a revocation certificate for this key? (y/N)") - .unwrap(); - p.send_line("y").unwrap(); - p.exp_string("Your decision?").unwrap(); - p.send_line(&format!("{}", reason)).unwrap(); - p.exp_string(">").unwrap(); - p.send_line("").unwrap(); - p.exp_string("Is this okay? (y/N)").unwrap(); - p.send_line("y").unwrap(); - p.exp_eof().unwrap(); - - Ok(()) -} - -pub fn edit_expire(ctx: &Ctx, user_id: &str, expires: &str) -> Result<()> { - let homedir = - String::from(ctx.directory("homedir").unwrap().to_str().unwrap()); - - let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); - - let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("expire").unwrap(); - p.exp_string("Key is valid for? (0)").unwrap(); - p.send_line(expires).unwrap(); - p.exp_string("Is this correct? (y/N)").unwrap(); - p.send_line("y").unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("quit").unwrap(); - p.exp_string("Save changes? (y/N)").unwrap(); - p.send_line("y").unwrap(); - p.exp_eof().unwrap(); - - Ok(()) -} - -pub fn create_user(ctx: &Ctx, user_id: &str) { - let mut gpg = Command::new("gpg") - .env("LC_ALL", "C") - .stdin(Stdio::piped()) - .arg("--homedir") - .arg(ctx.directory("homedir").unwrap()) - .arg("--quick-generate-key") - .arg("--batch") - .arg("--passphrase") - .arg("") - .arg(user_id.to_string()) - .spawn() - .expect("failed to start gpg"); - let status = gpg.wait().unwrap(); - assert!(status.success()); -} - -pub fn sign(ctx: &Ctx, user_id: &str) -> Result<()> { - let homedir = - String::from(ctx.directory("homedir").unwrap().to_str().unwrap()); - - let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); - - let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("sign").unwrap(); - p.exp_string("Really sign? (y/N)").unwrap(); - p.send_line("y").unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("save").unwrap(); - p.exp_eof().unwrap(); - - Ok(()) -} - -pub fn tsign(ctx: &Ctx, user_id: &str, level: u8, trust: u8) -> Result<()> { - let homedir = - String::from(ctx.directory("homedir").unwrap().to_str().unwrap()); - - let cmd = format!("gpg --homedir {} --edit-key {}", homedir, user_id); - - let mut p = rexpect::spawn(&cmd, Some(10_000)).unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("tsign").unwrap(); - p.exp_string("Your selection?").unwrap(); - p.send_line(&format!("{}", trust)).unwrap(); - p.exp_string("Your selection?").unwrap(); - p.send_line(&format!("{}", level)).unwrap(); - p.exp_string("Your selection?").unwrap(); - p.send_line("").unwrap(); // domain - p.exp_string("Really sign? (y/N)").unwrap(); - p.send_line("y").unwrap(); - p.exp_string("gpg>").unwrap(); - p.send_line("quit").unwrap(); - p.exp_string("Save changes? (y/N)").unwrap(); - p.send_line("y").unwrap(); - p.exp_eof().unwrap(); - - Ok(()) -} diff --git a/openpgp-ca-lib/tests/test_gpg.rs b/openpgp-ca-lib/tests/test_gpg.rs index fb67328..e3b79ed 100644 --- a/openpgp-ca-lib/tests/test_gpg.rs +++ b/openpgp-ca-lib/tests/test_gpg.rs @@ -25,9 +25,9 @@ use gnupg_test_wrapper as gnupg; /// /// Check that gnupg considers Bob and the CA admin as "full"ly trusted. fn test_alice_authenticates_bob_centralized() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); // ---- use OpenPGP CA to make a set of keys ---- @@ -49,7 +49,7 @@ fn test_alice_authenticates_bob_centralized() -> Result<()> { // import CA key into GnuPG let mut buf = Vec::new(); ca_cert.as_tsk().serialize(&mut buf)?; - gnupg::import(&ctx, &buf); + gpg.import(&buf); // import CA users into GnuPG let certs = ca.user_certs_get_all()?; @@ -57,14 +57,14 @@ fn test_alice_authenticates_bob_centralized() -> Result<()> { assert_eq!(certs.len(), 2); for cert in certs { - gnupg::import(&ctx, cert.pub_cert.as_bytes()); + gpg.import(cert.pub_cert.as_bytes()); } // ---- set "ultimate" ownertrust for alice ---- - gnupg::edit_trust(&ctx, "alice", 5)?; + gpg.edit_trust("alice", 5)?; // ---- read calculated "trust" per uid from GnuPG ---- - let gpg_trust = gnupg::list_keys(&ctx)?; + let gpg_trust = gpg.list_keys()?; assert_eq!(gpg_trust.len(), 3); @@ -82,7 +82,7 @@ fn test_alice_authenticates_bob_centralized() -> Result<()> { ); // don't delete home dir (for manual inspection) - // ctx.leak_tempdir(); + // gpg.leak_tempdir(); Ok(()) } @@ -103,12 +103,12 @@ fn test_alice_authenticates_bob_centralized() -> Result<()> { /// Expect gnupg in Alice's instance to consider both the CA Admin key and /// Bob and "full"ly trusted. fn test_alice_authenticates_bob_decentralized() -> Result<()> { - let ctx_alice = gnupg::make_context()?; - let ctx_bob = gnupg::make_context()?; + let gpg_alice = gnupg::make_context()?; + let gpg_bob = gnupg::make_context()?; - let ctx_ca = gnupg::make_context()?; + let gpg_ca = gnupg::make_context()?; - let home_path_ca = String::from(ctx_ca.get_homedir().to_str().unwrap()); + let home_path_ca = String::from(gpg_ca.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path_ca); // ---- init OpenPGP CA key ---- @@ -120,8 +120,8 @@ fn test_alice_authenticates_bob_decentralized() -> Result<()> { let ca_key = ca.ca_get_pubkey_armored()?; // ---- import CA key from OpenPGP CA into GnuPG instances ---- - gnupg::import(&ctx_alice, ca_key.as_bytes()); - gnupg::import(&ctx_bob, ca_key.as_bytes()); + gpg_alice.import(ca_key.as_bytes()); + gpg_bob.import(ca_key.as_bytes()); // get Cert for CA let ca_cert = ca.ca_get_priv_key()?; @@ -129,16 +129,18 @@ fn test_alice_authenticates_bob_decentralized() -> Result<()> { let ca_keyid = format!("{:X}", ca_cert.keyid()); // create users in their respective GnuPG contexts - gnupg::create_user(&ctx_alice, "Alice <alice@example.org>"); - gnupg::create_user(&ctx_bob, "Bob <bob@example.org>"); + gpg_alice.create_user("Alice <alice@example.org>"); + gpg_bob.create_user("Bob <bob@example.org>"); // create tsig for ca key in user GnuPG contexts - gnupg::tsign(&ctx_alice, &ca_keyid, 1, 2).expect("tsign alice failed"); - gnupg::tsign(&ctx_bob, &ca_keyid, 1, 2).expect("tsign bob failed"); + gpg_alice + .tsign(&ca_keyid, 1, 2) + .expect("tsign alice failed"); + gpg_bob.tsign(&ca_keyid, 1, 2).expect("tsign bob failed"); // export CA key from both contexts, import to CA - let alice_ca_key = gnupg::export(&ctx_alice, &"openpgp-ca@example.org"); - let bob_ca_key = gnupg::export(&ctx_bob, &"openpgp-ca@example.org"); + let alice_ca_key = gpg_alice.export(&"openpgp-ca@example.org"); + let bob_ca_key = gpg_bob.export(&"openpgp-ca@example.org"); ca.ca_import_tsig(&alice_ca_key) .context("import CA tsig from Alice failed")?; @@ -146,8 +148,8 @@ fn test_alice_authenticates_bob_decentralized() -> Result<()> { .context("import CA tsig from Bob failed")?; // get public keys for alice and bob from their gnupg contexts - let alice_key = gnupg::export(&ctx_alice, &"alice@example.org"); - let bob_key = gnupg::export(&ctx_bob, &"bob@example.org"); + let alice_key = gpg_alice.export(&"alice@example.org"); + let bob_key = gpg_bob.export(&"bob@example.org"); // import public keys for alice and bob into CA ca.cert_import_new( @@ -174,14 +176,14 @@ fn test_alice_authenticates_bob_decentralized() -> Result<()> { let bob = certs.first().unwrap(); // import bob+CA key into alice's GnuPG context - gnupg::import(&ctx_alice, ca_key.as_bytes()); - gnupg::import(&ctx_alice, bob.pub_cert.as_bytes()); + gpg_alice.import(ca_key.as_bytes()); + gpg_alice.import(bob.pub_cert.as_bytes()); // ---- set "ultimate" ownertrust for alice ---- - gnupg::edit_trust(&ctx_alice, "alice", 5)?; + gpg_alice.edit_trust("alice", 5)?; // ---- read calculated "trust" per uid from GnuPG ---- - let gpg_trust = gnupg::list_keys(&ctx_alice)?; + let gpg_trust = gpg_alice.list_keys()?; assert_eq!(gpg_trust.len(), 3); @@ -217,12 +219,12 @@ fn test_alice_authenticates_bob_decentralized() -> Result<()> { /// However, users of CA1 will not, because their trust of keys that CA2 /// signed is scoped to the main domain of CA2's organization. fn test_bridge() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; // don't delete home dir (for manual inspection) - // ctx.leak_tempdir(); + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db1 = format!("{}/ca1.sqlite", home_path); let db2 = format!("{}/ca2.sqlite", home_path); @@ -283,8 +285,8 @@ fn test_bridge() -> Result<()> { let ca2_cert = ca1.db().cert_by_id(bridges1[0].cert_id)?.unwrap().pub_cert; // import CA keys into GnuPG - gnupg::import(&ctx, ca1_cert.as_bytes()); - gnupg::import(&ctx, ca2_cert.as_bytes()); + gpg.import(ca1_cert.as_bytes()); + gpg.import(ca2_cert.as_bytes()); // import CA1 users into GnuPG let certs1 = ca1.user_certs_get_all()?; @@ -292,7 +294,7 @@ fn test_bridge() -> Result<()> { assert_eq!(certs1.len(), 1); for cert in certs1 { - gnupg::import(&ctx, cert.pub_cert.as_bytes()); + gpg.import(cert.pub_cert.as_bytes()); } // import CA2 users into GnuPG @@ -301,14 +303,14 @@ fn test_bridge() -> Result<()> { assert_eq!(certs2.len(), 2); for cert in certs2 { - gnupg::import(&ctx, cert.pub_cert.as_bytes()); + gpg.import(cert.pub_cert.as_bytes()); } // ---- set "ultimate" ownertrust for alice ---- - gnupg::edit_trust(&ctx, "alice", 5)?; + gpg.edit_trust("alice", 5)?; // ---- read calculated "trust" per uid from GnuPG ---- - let gpg_trust = gnupg::list_keys(&ctx)?; + let gpg_trust = gpg.list_keys()?; assert_eq!(gpg_trust.len(), 5); @@ -352,12 +354,12 @@ fn test_bridge() -> Result<()> { /// expected outcome: alice has "full" trust for openpgp-ca@alpha.org and openpgp-ca@beta.org, /// but no trust for openpgp-ca@gamma.org and carol@gamma.org fn test_multi_bridge() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; // don't delete home dir (for manual inspection) - // ctx.leak_tempdir(); + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db1 = format!("{}/ca1.sqlite", home_path); let db2 = format!("{}/ca2.sqlite", home_path); @@ -412,29 +414,29 @@ fn test_multi_bridge() -> Result<()> { let ca3_cert = ca2.db().cert_by_id(bridges2[0].cert_id)?.unwrap().pub_cert; // import CA certs into GnuPG - gnupg::import(&ctx, ca1_cert.as_bytes()); - gnupg::import(&ctx, ca2_cert.as_bytes()); - gnupg::import(&ctx, ca3_cert.as_bytes()); + gpg.import(ca1_cert.as_bytes()); + gpg.import(ca2_cert.as_bytes()); + gpg.import(ca3_cert.as_bytes()); // import CA1 users into GnuPG let certs1 = ca1.user_certs_get_all()?; assert_eq!(certs1.len(), 1); certs1 .iter() - .for_each(|c| gnupg::import(&ctx, c.pub_cert.as_bytes())); + .for_each(|c| gpg.import(c.pub_cert.as_bytes())); // import CA3 users into GnuPG let certs3 = ca3.user_certs_get_all()?; assert_eq!(certs3.len(), 2); certs3 .iter() - .for_each(|c| gnupg::import(&ctx, c.pub_cert.as_bytes())); + .for_each(|c| gpg.import(c.pub_cert.as_bytes())); // ---- set "ultimate" ownertrust for alice ---- - gnupg::edit_trust(&ctx, "alice", 5)?; + gpg.edit_trust("alice", 5)?; // ---- read calculated "trust" per uid from GnuPG ---- - let gpg_trust = gnupg::list_keys(&ctx)?; + let gpg_trust = gpg.list_keys()?; assert_eq!(gpg_trust.len(), 6); @@ -478,12 +480,12 @@ fn test_multi_bridge() -> Result<()> { /// ---tsign---> openpgp-ca@other.org /// ---sign--> bob@beta.org fn test_scoping() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; // don't delete home dir (for manual inspection) - // ctx.leak_tempdir(); + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db1 = format!("{}/ca1.sqlite", home_path); let db2 = format!("{}/ca2.sqlite", home_path); @@ -527,29 +529,29 @@ fn test_scoping() -> Result<()> { let ca2_cert = ca1.db().cert_by_id(bridges1[0].cert_id)?.unwrap().pub_cert; // import CA certs into GnuPG - gnupg::import(&ctx, Pgp::cert_to_armored(&ca1_cert)?.as_bytes()); - gnupg::import(&ctx, ca2_cert.as_bytes()); - gnupg::import(&ctx, Pgp::cert_to_armored(&tsigned_ca3)?.as_bytes()); + gpg.import(Pgp::cert_to_armored(&ca1_cert)?.as_bytes()); + gpg.import(ca2_cert.as_bytes()); + gpg.import(Pgp::cert_to_armored(&tsigned_ca3)?.as_bytes()); // import CA1 users into GnuPG let certs1 = ca1.user_certs_get_all()?; assert_eq!(certs1.len(), 1); certs1 .iter() - .for_each(|c| gnupg::import(&ctx, c.pub_cert.as_bytes())); + .for_each(|c| gpg.import(c.pub_cert.as_bytes())); // import CA3 users into GnuPG let certs3 = ca3.user_certs_get_all()?; assert_eq!(certs3.len(), 1); certs3 .iter() - .for_each(|c| gnupg::import(&ctx, c.pub_cert.as_bytes())); + .for_each(|c| gpg.import(c.pub_cert.as_bytes())); // ---- set "ultimate" ownertrust for alice ---- - gnupg::edit_trust(&ctx, "alice", 5)?; + gpg.edit_trust("alice", 5)?; // ---- read calculated "trust" per uid from GnuPG ---- - let gpg_trust = gnupg::list_keys(&ctx)?; + let gpg_trust = gpg.list_keys()?; assert_eq!(gpg_trust.len(), 5); diff --git a/openpgp-ca-lib/tests/test_oca.rs b/openpgp-ca-lib/tests/test_oca.rs index a269490..5aa1404 100644 --- a/openpgp-ca-lib/tests/test_oca.rs +++ b/openpgp-ca-lib/tests/test_oca.rs @@ -33,9 +33,9 @@ use gnupg_test_wrapper as gnupg; /// Checks that CA (with custom name) and one user (with one revocation) are /// visible via CA API. fn test_ca() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -81,9 +81,9 @@ fn test_ca() -> Result<()> { /// /// Checks that the certification indeed has a limited validity. fn test_expiring_certification() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -160,10 +160,10 @@ fn test_update_cert_key() -> Result<()> { now.checked_add(Duration::from_secs(3600 * 24 * 365 * 6)); // update key with new version, but same fingerprint - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -172,8 +172,8 @@ fn test_update_cert_key() -> Result<()> { ca.ca_init("example.org", None)?; // import key as new user - gnupg::create_user(&ctx, "alice@example.org"); - let alice1_key = gnupg::export(&ctx, &"alice@example.org"); + gpg.create_user("alice@example.org"); + let alice1_key = gpg.export(&"alice@example.org"); ca.cert_import_new( &alice1_key, @@ -205,8 +205,8 @@ fn test_update_cert_key() -> Result<()> { assert_eq!(exp3.len(), 1); // edit key with gpg, then import new version into CA - gnupg::edit_expire(&ctx, "alice@example.org", "5y")?; - let alice2_key = gnupg::export(&ctx, &"alice@example.org"); + gpg.edit_expire("alice@example.org", "5y")?; + let alice2_key = gpg.export(&"alice@example.org"); // get cert for alice let certs = ca.certs_by_email("alice@example.org")?; @@ -240,10 +240,10 @@ fn test_update_cert_key() -> Result<()> { #[test] fn test_ca_import() -> Result<()> { // update key with new version, but same fingerprint - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -252,8 +252,8 @@ fn test_ca_import() -> Result<()> { ca.ca_init("example.org", None)?; // import key as new user - gnupg::create_user(&ctx, "alice@example.org"); - let alice1_key = gnupg::export(&ctx, &"alice@example.org"); + gpg.create_user("alice@example.org"); + let alice1_key = gpg.export(&"alice@example.org"); ca.cert_import_new( &alice1_key, @@ -282,8 +282,8 @@ fn test_ca_import() -> Result<()> { // the fingerprint stays the same // make a new key - gnupg::create_user(&ctx, "bob@example.org"); - let bob_key = gnupg::export(&ctx, &"bob@example.org"); + gpg.create_user("bob@example.org"); + let bob_key = gpg.export(&"bob@example.org"); // call "cert_import_update" with a new key @@ -303,9 +303,9 @@ fn test_ca_insert_duplicate_email() -> Result<()> { // two certs with the same email are considered distinct certs // (e.g. "normal cert" vs "code signing cert") - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -341,10 +341,10 @@ fn test_ca_insert_duplicate_email() -> Result<()> { /// Expected outcome: the WKD contains three keys (CA + 2x user). /// Check that the expected filenames exist in the WKD data. fn test_ca_export_wkd() -> Result<()> { - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -405,10 +405,10 @@ fn test_ca_export_wkd() -> Result<()> { /// Get sequoia-pgp.org keys for Justus and Neal from Hagrid. /// Import into a fresh CA instance, then export as WKD. fn test_ca_export_wkd_sequoia() -> Result<()> { - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); // -- get keys from hagrid @@ -472,9 +472,9 @@ fn test_ca_export_wkd_sequoia() -> Result<()> { fn test_ca_multiple_revocations() -> Result<()> { // create two different revocation certificates for one key and import them - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -483,9 +483,9 @@ fn test_ca_multiple_revocations() -> Result<()> { ca.ca_init("example.org", None)?; // gpg: make key for Alice - gnupg::create_user(&ctx, "Alice <alice@example.org>"); + gpg.create_user("Alice <alice@example.org>"); - let alice_key = gnupg::export(&ctx, &"alice@example.org"); + let alice_key = gpg.export(&"alice@example.org"); ca.cert_import_new( &alice_key, @@ -497,10 +497,10 @@ fn test_ca_multiple_revocations() -> Result<()> { // make two different revocation certificates and import them into the CA let revoc_file1 = format!("{}/alice.revoc1", home_path); - gnupg::make_revocation(&ctx, "alice@example.org", &revoc_file1, 1)?; + gpg.make_revocation("alice@example.org", &revoc_file1, 1)?; let revoc_file3 = format!("{}/alice.revoc3", home_path); - gnupg::make_revocation(&ctx, "alice@example.org", &revoc_file3, 3)?; + gpg.make_revocation("alice@example.org", &revoc_file3, 3)?; ca.revocation_add_from_file(&PathBuf::from(revoc_file1))?; ca.revocation_add_from_file(&PathBuf::from(revoc_file3))?; @@ -541,17 +541,17 @@ fn test_ca_multiple_revocations() -> Result<()> { /// - Bob is not signed and hasn't tsigned the CA, /// - Carol is signed and has tsigned the CA. fn test_ca_signatures() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; ca.ca_init("example.org", None)?; // create/import alice, CA signs alice's key - gnupg::create_user(&ctx, "alice@example.org"); - let alice_key = gnupg::export(&ctx, &"alice@example.org"); + gpg.create_user("alice@example.org"); + let alice_key = gpg.export(&"alice@example.org"); ca.cert_import_new( &alice_key, @@ -563,8 +563,8 @@ fn test_ca_signatures() -> Result<()> { .context("import Alice to CA failed")?; // create/import bob - gnupg::create_user(&ctx, "bob@example.org"); - let bob_key = gnupg::export(&ctx, &"bob@example.org"); + gpg.create_user("bob@example.org"); + let bob_key = gpg.export(&"bob@example.org"); // CA does not signs bob's key because the "email" parameter is empty. // Only userids that are supplied in `email` are signed by the CA. @@ -610,10 +610,10 @@ fn test_ca_signatures() -> Result<()> { /// /// Check that the revocation has been published to the user's cert. fn test_apply_revocation() -> Result<()> { - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -648,10 +648,10 @@ fn test_apply_revocation() -> Result<()> { fn test_import_signed_cert() -> Result<()> { let policy = StandardPolicy::new(); - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -661,14 +661,14 @@ fn test_import_signed_cert() -> Result<()> { let ca_cert = ca.ca_get_priv_key()?; let mut buf = Vec::new(); ca_cert.as_tsk().serialize(&mut buf)?; - gnupg::import(&ctx, &buf); + gpg.import(&buf); // set up, sign Alice key with gnupg - gnupg::create_user(&ctx, "Alice <alice@example.org>"); - gnupg::sign(&ctx, "alice@example.org").expect("signing alice failed"); + gpg.create_user("Alice <alice@example.org>"); + gpg.sign("alice@example.org").expect("signing alice failed"); // import alice into OpenPGP CA - let alice_key = gnupg::export(&ctx, &"alice@example.org"); + let alice_key = gpg.export(&"alice@example.org"); ca.cert_import_new( &alice_key, vec![], @@ -728,9 +728,9 @@ fn test_import_signed_cert() -> Result<()> { fn test_revocation_no_fingerprint() -> Result<()> { // create two different revocation certificates for one key and import them - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -742,13 +742,13 @@ fn test_revocation_no_fingerprint() -> Result<()> { ca.user_new(Some(&"Alice"), &["alice@example.org"], None, false, false)?; // gpg: make key for Bob - gnupg::create_user(&ctx, "Bob <bob@example.org>"); - let bob_key = gnupg::export(&ctx, &"bob@example.org"); + gpg.create_user("Bob <bob@example.org>"); + let bob_key = gpg.export(&"bob@example.org"); ca.cert_import_new(&bob_key, vec![], None, &[], None)?; // make a revocation certificate for bob ... let revoc_file = format!("{}/bob.revoc", home_path); - gnupg::make_revocation(&ctx, "bob@example.org", &revoc_file, 1)?; + gpg.make_revocation("bob@example.org", &revoc_file, 1)?; // ... remove the issuer fingerprint ... let p = openpgp::Packet::from_file(&revoc_file) @@ -756,7 +756,7 @@ fn test_revocation_no_fingerprint() -> Result<()> { let armored = if let openpgp::Packet::Signature(s) = p { // use Bob as a Signer - let bob_sec = gnupg::export_secret(&ctx, &"bob@example.org"); + let bob_sec = gpg.export_secret(&"bob@example.org"); let bob_cert = Cert::from_bytes(&bob_sec)?; let mut keypair = bob_cert .primary_key() @@ -857,10 +857,10 @@ fn test_revocation_no_fingerprint() -> Result<()> { /// Check that the CA admin key is signed by the user (even with password /// encrypted user key) fn test_create_user_with_pw() -> Result<()> { - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -887,10 +887,10 @@ fn test_create_user_with_pw() -> Result<()> { /// /// Run a refresh and check if the results are as expected fn test_refresh() -> Result<()> { - let ctx = gnupg::make_context()?; - // ctx.leak_tempdir(); + let gpg = gnupg::make_context()?; + // gpg.leak_tempdir(); - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; @@ -975,9 +975,9 @@ fn test_refresh() -> Result<()> { /// Create a CA and two users. "delist" one user. /// Export to WKD. Check that only the other user has been exported. fn test_wkd_delist() -> Result<()> { - let ctx = gnupg::make_context()?; + let gpg = gnupg::make_context()?; - let home_path = String::from(ctx.get_homedir().to_str().unwrap()); + let home_path = String::from(gpg.get_homedir().to_str().unwrap()); let db = format!("{}/ca.sqlite", home_path); let ca = OpenpgpCa::new(Some(&db))?; |