406 lines
11 KiB
Go
406 lines
11 KiB
Go
package gpgme
|
|
|
|
import (
|
|
"bytes"
|
|
"flag"
|
|
"io"
|
|
"io/ioutil"
|
|
"os"
|
|
"os/exec"
|
|
"runtime"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
const (
|
|
testGPGHome = "./testdata/gpghome"
|
|
testData = "data\n"
|
|
testCipherText = `-----BEGIN PGP MESSAGE-----
|
|
Version: GnuPG v1
|
|
|
|
hQEMAw4698hF4WUhAQf/SdkbF/zUE6YjBxscDurrUZunSnt87kipLXypSxTDIdgj
|
|
O9huAaQwBz4uAJf2DuEN/7iAFGhi/v45NTujrG+7ocfjM3m/A2T80g4RVF5kKXBr
|
|
pFFgH7bMRY6VdZt1GKI9izSO/uFkoKXG8M31tCX3hWntQUJ9p+n1avGpu3wo4Ru3
|
|
CJhpL+ChDzXuZv4IK81ahrixEz4fJH0vd0TbsHpTXx4WPkTGXelM0R9PwiY7TovZ
|
|
onGZUIplrfA1HUUbQfzExyFw3oAo1/almzD5CBIfq5EnU8Siy5BNulDXm0/44h8A
|
|
lOUy6xqx7ITnWMYYf4a1cFoW80Yk+x6SYQqbcqHFQdJIAVr00V4pPV4ppFcXgdw/
|
|
BxKERzDupyqS0tcfVFCYLRmvtQp7ceOS6jRW3geXPPIz1U/VYBvKlvFu4XTMCS6z
|
|
4qY4SzZlFEsU
|
|
=IQOA
|
|
-----END PGP MESSAGE-----`
|
|
textSignedCipherText = `-----BEGIN PGP MESSAGE-----
|
|
Version: GnuPG v1
|
|
|
|
hQEMAw4698hF4WUhAQf9FaI8zSltIMcDxqGtpcTfcBtC30rcKqE/oa1bacxuZQKW
|
|
uT671N7J2TjU8tLIsAO9lDSRHCsf6DbB+O6qOJsu6eJownyMUEmJ2oBON9Z2x+Ci
|
|
aS0KeRqcRxNJYbIth9/ffa2I4sSBA0GS93yCfGKHNL4JvNo/dgVjJwOPWZ5TKu49
|
|
n9h81LMwTQ8qpLGPeo7nsgBtSKNTi5s7pC0bd9HTii7gQcLUEeeqk5U7oG5CRN48
|
|
zKPrVud8pIDvSoYuymZmjWI1MmF4xQ+6IHK7hWKMyA2RkS4CpyBPERMifc+y+K2+
|
|
LnKLt2ul9jxgqv3fd/dU7UhyqdvJdj83tUvhN4Iru9LAuQHfVsP23keH8CHpUzCj
|
|
PkuUYvpgmRdMSC+l3yBCqnaaAI51rRdyJ+HX4DrrinOFst2JfXEICiQAg5UkO4i/
|
|
YYHsfD3xfk7MKMOY/DfV25OyAU6Yeq/5SMisONhtlzcosVU7HULudbIKSG6q/tCx
|
|
jRGu+oMIBdiQ+eipnaLVetyGxSEDzxHH367NbxC9ffxK7I+Srmwh+oS/yMNuZA8r
|
|
bUp6NbykK8Si7VNgVG1+yOIULLuR0VBO5+e2PKQU8FP0wABTn7h3zE8z4rCrcaZl
|
|
43bc/TBUyTdWY79e2P1otaCbhQGAjfF8ClPbAdsFppykf5I2ZDDf8c67d0Nqui74
|
|
Yry4/fF/2sAzyoyzdP6ktBw6pCA1MbwDqTGg7aEI8Es3X+jfh3qIaLnGmZ7jIyUl
|
|
D4jgGAEpFU+mpPH8eukKuT+OJ3P6gdmSiAJH7+C96tlcEg9BNxjYNkCTil/3yygQ
|
|
EV/5zFTEpzm4CtYHHdmY5uCaEJq/4hhE8BY8
|
|
=8mxI
|
|
-----END PGP MESSAGE-----`
|
|
testSignedText = `-----BEGIN PGP MESSAGE-----
|
|
Version: GnuPG v1
|
|
|
|
owEBQwG8/pANAwACAQMn/7Ain2E2AcsTYgBW47+PVGVzdCBtZXNzYWdlCokBHAQA
|
|
AQIABgUCVuO/jwAKCRADJ/+wIp9hNh9lCACPiDkY0CqI9ss4EBcpToqnF/8NmV99
|
|
2wi6FmbQnUmY98OMM2VJXrX6PvfD/X+FsiLog0CZU4heMEAI3Dd3qELgTfaTFqNc
|
|
bbDkenzA0kO734WLsEU/z1F9iWAcfeF3crKqd3fBw5kZ1PkhuJFdcqQEOUQALvXY
|
|
8VAtQmQWzf3sn2KIQ7R1wyAJVoUZaN5Xwc9Y0F1l4Xxifax8nkFBl35X6gmHRxZ7
|
|
jlfmWMcAkXASNXl9/Yso2XGJMs85JPhZPJ3KJRuuurnhZSxAbDJMNBFJ+HbQv3y6
|
|
pupeR7ut6pWJxr6MND793yoFGoRYwKklQdfP4xzFCatYRU4RkPBp95KJ
|
|
=RMUj
|
|
-----END PGP MESSAGE-----
|
|
`
|
|
)
|
|
|
|
func TestMain(m *testing.M) {
|
|
flag.Parse()
|
|
os.Setenv("GNUPGHOME", testGPGHome)
|
|
unsetenvGPGAgentInfo()
|
|
os.Exit(m.Run())
|
|
}
|
|
|
|
func compareEngineInfo(t *testing.T, info *EngineInfo, proto Protocol, fileName, homeDir string) {
|
|
for info != nil && info.Protocol() != proto {
|
|
info = info.Next()
|
|
}
|
|
if info == nil {
|
|
t.Errorf("Expected engine info %d not found", proto)
|
|
return
|
|
}
|
|
if info.FileName() != fileName {
|
|
t.Errorf("Testing file name %s does not match %s", info.FileName(), fileName)
|
|
}
|
|
if info.HomeDir() != homeDir {
|
|
t.Errorf("Testing home directory %s does not match %s", info.HomeDir(), homeDir)
|
|
}
|
|
}
|
|
|
|
func TestEngineInfo(t *testing.T) {
|
|
testProto := ProtocolOpenPGP // Careful, this is global state!
|
|
defer func() {
|
|
SetEngineInfo(testProto, "", "") // Try to reset to defaults after we are done.
|
|
}()
|
|
|
|
testFN := "testFN"
|
|
testHomeDir := "testHomeDir"
|
|
checkError(t, SetEngineInfo(testProto, testFN, testHomeDir))
|
|
|
|
info, err := GetEngineInfo()
|
|
checkError(t, err)
|
|
compareEngineInfo(t, info, testProto, testFN, testHomeDir)
|
|
|
|
// SetEngineInfo with empty strings works, using defaults which we don't know,
|
|
// so just test that it doesn't fail.
|
|
checkError(t, SetEngineInfo(testProto, testFN, ""))
|
|
checkError(t, SetEngineInfo(testProto, "", testHomeDir))
|
|
}
|
|
|
|
func ctxWithCallback(t *testing.T) *Context {
|
|
ensureVersion(t, "1.", "can only set password callback for GPG v1.x")
|
|
|
|
ctx, err := New()
|
|
checkError(t, err)
|
|
|
|
checkError(t, ctx.SetCallback(func(uid_hint string, prev_was_bad bool, f *os.File) error {
|
|
if prev_was_bad {
|
|
t.Fatal("Bad passphrase")
|
|
}
|
|
_, err := io.WriteString(f, "password\n")
|
|
return err
|
|
}))
|
|
return ctx
|
|
}
|
|
|
|
func TestContext_Armor(t *testing.T) {
|
|
ctx, err := New()
|
|
checkError(t, err)
|
|
|
|
ctx.SetArmor(true)
|
|
if !ctx.Armor() {
|
|
t.Error("expected armor set")
|
|
}
|
|
ctx.SetArmor(false)
|
|
if ctx.Armor() {
|
|
t.Error("expected armor not set")
|
|
}
|
|
}
|
|
|
|
func TestContext_TextMode(t *testing.T) {
|
|
ctx, err := New()
|
|
checkError(t, err)
|
|
|
|
ctx.SetTextMode(true)
|
|
if !ctx.TextMode() {
|
|
t.Error("expected textmode set")
|
|
}
|
|
ctx.SetTextMode(false)
|
|
if ctx.TextMode() {
|
|
t.Error("expected textmode not set")
|
|
}
|
|
}
|
|
|
|
func TestContext_EngineInfo(t *testing.T) {
|
|
ctx, err := New()
|
|
checkError(t, err)
|
|
|
|
testProto := ProtocolOpenPGP
|
|
testFN := "testFN"
|
|
testHomeDir := "testHomeDir"
|
|
checkError(t, ctx.SetEngineInfo(testProto, testFN, testHomeDir))
|
|
|
|
info := ctx.EngineInfo()
|
|
compareEngineInfo(t, info, testProto, testFN, testHomeDir)
|
|
|
|
// SetEngineInfo with empty strings works, using defaults which we don't know,
|
|
// so just test that it doesn't fail.
|
|
checkError(t, ctx.SetEngineInfo(testProto, testFN, ""))
|
|
checkError(t, ctx.SetEngineInfo(testProto, "", testHomeDir))
|
|
}
|
|
|
|
func TestContext_Encrypt(t *testing.T) {
|
|
ctx, err := New()
|
|
checkError(t, err)
|
|
|
|
keys, err := FindKeys("test@example.com", true)
|
|
checkError(t, err)
|
|
|
|
plain, err := NewDataBytes([]byte(testData))
|
|
checkError(t, err)
|
|
|
|
var buf bytes.Buffer
|
|
cipher, err := NewDataWriter(&buf)
|
|
checkError(t, err)
|
|
|
|
checkError(t, ctx.Encrypt(keys, 0, plain, cipher))
|
|
if buf.Len() < 1 {
|
|
t.Error("Expected encrypted bytes, got empty buffer")
|
|
}
|
|
}
|
|
|
|
func TestContext_Decrypt(t *testing.T) {
|
|
ctx := ctxWithCallback(t)
|
|
|
|
cipher, err := NewDataBytes([]byte(testCipherText))
|
|
checkError(t, err)
|
|
var buf bytes.Buffer
|
|
plain, err := NewDataWriter(&buf)
|
|
checkError(t, err)
|
|
checkError(t, ctx.Decrypt(cipher, plain))
|
|
diff(t, buf.Bytes(), []byte("Test message\n"))
|
|
}
|
|
|
|
func TestContext_DecryptVerify(t *testing.T) {
|
|
ctx := ctxWithCallback(t)
|
|
|
|
cipher, err := NewDataBytes([]byte(textSignedCipherText))
|
|
checkError(t, err)
|
|
var buf bytes.Buffer
|
|
plain, err := NewDataWriter(&buf)
|
|
checkError(t, err)
|
|
checkError(t, ctx.DecryptVerify(cipher, plain))
|
|
diff(t, buf.Bytes(), []byte("Test message\n"))
|
|
}
|
|
|
|
func TestContext_Sign(t *testing.T) {
|
|
ctx := ctxWithCallback(t)
|
|
|
|
key, err := ctx.GetKey("test@example.com", true)
|
|
checkError(t, err)
|
|
|
|
plain, err := NewDataBytes([]byte(testData))
|
|
checkError(t, err)
|
|
|
|
var buf bytes.Buffer
|
|
signed, err := NewDataWriter(&buf)
|
|
checkError(t, err)
|
|
|
|
checkError(t, ctx.Sign([]*Key{key}, plain, signed, SigModeNormal))
|
|
if buf.Len() < 1 {
|
|
t.Error("Expected signed bytes, got empty buffer")
|
|
}
|
|
}
|
|
|
|
func TestContext_Verify(t *testing.T) {
|
|
ctx, err := New()
|
|
checkError(t, err)
|
|
|
|
_, err = ctx.GetKey("test@example.com", false)
|
|
checkError(t, err)
|
|
|
|
signed, err := NewDataBytes([]byte(testSignedText))
|
|
checkError(t, err)
|
|
|
|
var buf bytes.Buffer
|
|
plain, err := NewDataWriter(&buf)
|
|
checkError(t, err)
|
|
|
|
_, sigs, err := ctx.Verify(signed, nil, plain)
|
|
checkError(t, err)
|
|
|
|
if len(sigs) != 1 {
|
|
t.Error("Expected 1 signature")
|
|
}
|
|
sig := sigs[0]
|
|
// Normalize
|
|
expectedSig := Signature{
|
|
Summary: SigSumValid | SigSumGreen,
|
|
Fingerprint: "44B646DC347C31E867FF4F450327FFB0229F6136",
|
|
Status: nil,
|
|
Timestamp: sig.Timestamp, // Ignore in comparison
|
|
ExpTimestamp: sig.ExpTimestamp, // Ignore in comparison
|
|
WrongKeyUsage: false,
|
|
PKATrust: 0,
|
|
ChainModel: false,
|
|
Validity: ValidityFull,
|
|
ValidityReason: nil,
|
|
PubkeyAlgo: sig.PubkeyAlgo, // Ignore in comparison
|
|
HashAlgo: sig.HashAlgo, // Ignore in comparison
|
|
}
|
|
if sig != expectedSig {
|
|
t.Errorf("Signature verification does not match: %#v vs. %#v", sig, expectedSig)
|
|
}
|
|
|
|
diff(t, buf.Bytes(), []byte("Test message\n"))
|
|
}
|
|
|
|
func TestContext_Import(t *testing.T) {
|
|
homeDir, err := ioutil.TempDir("", "gpgme-import-test")
|
|
checkError(t, err)
|
|
defer os.RemoveAll(homeDir)
|
|
|
|
ctx, err := New()
|
|
checkError(t, err)
|
|
checkError(t, ctx.SetEngineInfo(ProtocolOpenPGP, "", homeDir))
|
|
|
|
f, err := os.Open("./testdata/pubkeys.gpg")
|
|
checkError(t, err)
|
|
defer f.Close()
|
|
dh, err := NewDataFile(f)
|
|
checkError(t, err)
|
|
defer dh.Close()
|
|
|
|
res, err := ctx.Import(dh)
|
|
checkError(t, err)
|
|
|
|
for _, v := range []struct {
|
|
Name string
|
|
Value int
|
|
Expected int
|
|
}{
|
|
{"Considered", res.Considered, 1},
|
|
{"NoUserID", res.NoUserID, 0},
|
|
{"Imported", res.Imported, 1},
|
|
// Do not test ImportedRSA, as of gnupg 2.1.11 the value is always 0.
|
|
{"Unchanged", res.Unchanged, 0},
|
|
{"NewUserIDs", res.NewUserIDs, 0},
|
|
{"NewSubKeys", res.NewSubKeys, 0},
|
|
{"NewSignatures", res.NewSignatures, 0},
|
|
{"NewRevocations", res.NewRevocations, 0},
|
|
{"SecretRead", res.SecretRead, 0},
|
|
{"SecretImported", res.SecretImported, 0},
|
|
{"SecretUnchanged", res.SecretUnchanged, 0},
|
|
{"NotImported", res.NotImported, 0},
|
|
} {
|
|
if v.Value != v.Expected {
|
|
t.Errorf("Unexpected import result field %s, value %d, expected %d", v.Name, v.Value, v.Expected)
|
|
}
|
|
}
|
|
expectedStatus := ImportStatus{
|
|
Fingerprint: "44B646DC347C31E867FF4F450327FFB0229F6136",
|
|
Result: nil,
|
|
Status: ImportNew,
|
|
}
|
|
if len(res.Imports) != 1 {
|
|
t.Errorf("Unexpected number of import status values %d", len(res.Imports))
|
|
} else if res.Imports[0] != expectedStatus {
|
|
t.Errorf("Import status does not match: %#v vs. %#v", res.Imports[0], expectedStatus)
|
|
}
|
|
}
|
|
|
|
func isVersion(t testing.TB, version string) bool {
|
|
var info *EngineInfo
|
|
info, err := GetEngineInfo()
|
|
checkError(t, err)
|
|
for info != nil {
|
|
if info.Protocol() == ProtocolOpenPGP {
|
|
if strings.Contains(info.FileName(), "gpg") && strings.HasPrefix(info.Version(), version) {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
info = info.Next()
|
|
}
|
|
return false
|
|
}
|
|
|
|
var gpgBins = []string{"gpg2", "gpg1", "gpg"}
|
|
|
|
// ensureVersion tries to setup gpgme with a specific version or skip
|
|
func ensureVersion(t testing.TB, version, msg string) {
|
|
if isVersion(t, version) {
|
|
return
|
|
}
|
|
for _, bin := range gpgBins {
|
|
path, err := exec.LookPath(bin)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
if err := SetEngineInfo(ProtocolOpenPGP, path, testGPGHome); err != nil {
|
|
continue
|
|
}
|
|
if isVersion(t, version) {
|
|
return
|
|
}
|
|
}
|
|
t.Skip(msg)
|
|
}
|
|
|
|
func diff(t *testing.T, dst, src []byte) {
|
|
line := 1
|
|
offs := 0 // line offset
|
|
for i := 0; i < len(dst) && i < len(src); i++ {
|
|
d := dst[i]
|
|
s := src[i]
|
|
if d != s {
|
|
t.Errorf("dst:%d: %s\n", line, dst[offs:i+1])
|
|
t.Errorf("src:%d: %s\n", line, src[offs:i+1])
|
|
return
|
|
}
|
|
if s == '\n' {
|
|
line++
|
|
offs = i + 1
|
|
}
|
|
}
|
|
if len(dst) != len(src) {
|
|
t.Errorf("len(dst) = %d, len(src) = %d\nsrc = %q", len(dst), len(src), src)
|
|
}
|
|
}
|
|
|
|
func checkError(t testing.TB, err error) {
|
|
if err == nil {
|
|
return
|
|
}
|
|
_, file, line, ok := runtime.Caller(1)
|
|
if ok {
|
|
// Truncate file name at last file name separator.
|
|
if index := strings.LastIndex(file, "/"); index >= 0 {
|
|
file = file[index+1:]
|
|
} else if index = strings.LastIndex(file, "\\"); index >= 0 {
|
|
file = file[index+1:]
|
|
}
|
|
} else {
|
|
file = "???"
|
|
line = 1
|
|
}
|
|
t.Fatalf("%s:%d: %s", file, line, err)
|
|
}
|