gpgme/lang/qt/tests/t-revokekey.cpp

335 lines
13 KiB
C++
Raw Normal View History

/* t-revokekey.cpp
This file is part of qgpgme, the Qt API binding for gpgme
Copyright (c) 2022 g10 Code GmbH
Software engineering by Ingo Klöcker <dev@ingo-kloecker.de>
QGpgME is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
QGpgME is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
In addition, as a special exception, the copyright holders give
permission to link the code of this program with any edition of
the Qt library by Trolltech AS, Norway (or with modified versions
of Qt that use the same license as Qt), and distribute linked
combinations including the two. You must obey the GNU General
Public License in all respects for all of the code used other than
Qt. If you modify this file, you may extend this exception to
your version of the file, but you are not obligated to do so. If
you do not wish to do so, delete this exception statement from
your version.
*/
#include "t-support.h"
#include <protocol.h>
#include <revokekeyjob.h>
#include <QDebug>
#include <QProcess>
#include <QRegularExpression>
#include <QSignalSpy>
#include <QTest>
qt: Always include C++ binding headers with gpgme++/ prefix * lang/qt/src/Makefile.am, lang/qt/tests/Makefile.am (AM_CPPFLAGS): Add builddir instead of srcdir of C++ bindings as include path. * lang/qt/src/changeexpiryjob.cpp, lang/qt/src/changeexpiryjob.h, lang/qt/src/changeownertrustjob.h, lang/qt/src/dataprovider.cpp, lang/qt/src/dataprovider.h, lang/qt/src/debug.cpp, lang/qt/src/decryptverifyarchivejob.cpp, lang/qt/src/decryptverifyarchivejob.h, lang/qt/src/encryptarchivejob.cpp, lang/qt/src/encryptarchivejob.h, lang/qt/src/encryptjob.h, lang/qt/src/encryptjob_p.h, lang/qt/src/filelistdataprovider.cpp, lang/qt/src/filelistdataprovider.h, lang/qt/src/hierarchicalkeylistjob.h, lang/qt/src/importjob.cpp, lang/qt/src/importjob.h, lang/qt/src/importjob_p.h, lang/qt/src/job.h, lang/qt/src/keyformailboxjob.h, lang/qt/src/keylistjob.h, lang/qt/src/listallkeysjob.h, lang/qt/src/multideletejob.cpp, lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp, lang/qt/src/qgpgmeadduseridjob.cpp, lang/qt/src/qgpgmebackend.cpp, lang/qt/src/qgpgmechangeexpiryjob.cpp, lang/qt/src/qgpgmechangeownertrustjob.cpp, lang/qt/src/qgpgmechangepasswdjob.cpp, lang/qt/src/qgpgmedecryptjob.cpp, lang/qt/src/qgpgmedecryptjob.h, lang/qt/src/qgpgmedecryptverifyarchivejob.cpp, lang/qt/src/qgpgmedecryptverifyarchivejob.h, lang/qt/src/qgpgmedecryptverifyjob.cpp, lang/qt/src/qgpgmedecryptverifyjob.h, lang/qt/src/qgpgmedeletejob.cpp, lang/qt/src/qgpgmedownloadjob.cpp, lang/qt/src/qgpgmeencryptarchivejob.cpp, lang/qt/src/qgpgmeencryptarchivejob.h, lang/qt/src/qgpgmeencryptjob.cpp, lang/qt/src/qgpgmeencryptjob.h, lang/qt/src/qgpgmeexportjob.cpp, lang/qt/src/qgpgmeimportfromkeyserverjob.cpp, lang/qt/src/qgpgmeimportfromkeyserverjob.h, lang/qt/src/qgpgmeimportjob.cpp, lang/qt/src/qgpgmeimportjob.h, lang/qt/src/qgpgmekeyformailboxjob.h, lang/qt/src/qgpgmekeygenerationjob.cpp, lang/qt/src/qgpgmekeygenerationjob.h, lang/qt/src/qgpgmekeylistjob.cpp, lang/qt/src/qgpgmekeylistjob.h, lang/qt/src/qgpgmelistallkeysjob.cpp, lang/qt/src/qgpgmelistallkeysjob.h, lang/qt/src/qgpgmenewcryptoconfig.cpp, lang/qt/src/qgpgmenewcryptoconfig.h, lang/qt/src/qgpgmequickjob.cpp, lang/qt/src/qgpgmereceivekeysjob.h, lang/qt/src/qgpgmerefreshsmimekeysjob.cpp, lang/qt/src/qgpgmerefreshsmimekeysjob.h, lang/qt/src/qgpgmerevokekeyjob.cpp, lang/qt/src/qgpgmesetprimaryuseridjob.cpp, lang/qt/src/qgpgmesignarchivejob.cpp, lang/qt/src/qgpgmesignarchivejob.h, lang/qt/src/qgpgmesignencryptarchivejob.cpp, lang/qt/src/qgpgmesignencryptarchivejob.h, lang/qt/src/qgpgmesignencryptjob.cpp, lang/qt/src/qgpgmesignencryptjob.h, lang/qt/src/qgpgmesignjob.cpp, lang/qt/src/qgpgmesignjob.h, lang/qt/src/qgpgmesignkeyjob.cpp, lang/qt/src/qgpgmetofupolicyjob.cpp, lang/qt/src/qgpgmeverifydetachedjob.cpp, lang/qt/src/qgpgmeverifydetachedjob.h, lang/qt/src/qgpgmeverifyopaquejob.cpp, lang/qt/src/qgpgmeverifyopaquejob.h, lang/qt/src/qgpgmewkdlookupjob.cpp, lang/qt/src/qgpgmewkdrefreshjob.cpp, lang/qt/src/qgpgmewkdrefreshjob.h, lang/qt/src/qgpgmewkspublishjob.cpp, lang/qt/src/quickjob.h, lang/qt/src/signarchivejob.cpp, lang/qt/src/signarchivejob.h, lang/qt/src/signencryptarchivejob.cpp, lang/qt/src/signencryptarchivejob.h, lang/qt/src/signencryptjob.h, lang/qt/src/signencryptjob_p.h, lang/qt/src/signjob.h, lang/qt/src/signjob_p.h, lang/qt/src/threadedjobmixin.cpp, lang/qt/src/threadedjobmixin.h, lang/qt/src/tofupolicyjob.h, lang/qt/src/util.cpp, lang/qt/src/wkdlookupresult.cpp, lang/qt/src/wkdlookupresult.h, lang/qt/src/wkdrefreshjob_p.h, lang/qt/tests/run-decryptverifyarchivejob.cpp, lang/qt/tests/run-decryptverifyjob.cpp, lang/qt/tests/run-encryptarchivejob.cpp, lang/qt/tests/run-encryptjob.cpp, lang/qt/tests/run-exportjob.cpp, lang/qt/tests/run-importjob.cpp, lang/qt/tests/run-keyformailboxjob.cpp, lang/qt/tests/run-receivekeysjob.cpp, lang/qt/tests/run-refreshkeysjob.cpp, lang/qt/tests/run-signarchivejob.cpp, lang/qt/tests/run-signjob.cpp, lang/qt/tests/run-verifydetachedjob.cpp, lang/qt/tests/run-verifyopaquejob.cpp, lang/qt/tests/run-wkdrefreshjob.cpp, lang/qt/tests/t-addexistingsubkey.cpp, lang/qt/tests/t-changeexpiryjob.cpp, lang/qt/tests/t-config.cpp, lang/qt/tests/t-decryptverify.cpp, lang/qt/tests/t-encrypt.cpp, lang/qt/tests/t-import.cpp, lang/qt/tests/t-keylist.cpp, lang/qt/tests/t-keylocate.cpp, lang/qt/tests/t-ownertrust.cpp, lang/qt/tests/t-remarks.cpp, lang/qt/tests/t-revokekey.cpp, lang/qt/tests/t-setprimaryuserid.cpp, lang/qt/tests/t-support.cpp, lang/qt/tests/t-support.h, lang/qt/tests/t-tofuinfo.cpp, lang/qt/tests/t-trustsignatures.cpp, lang/qt/tests/t-various.cpp, lang/qt/tests/t-verify.cpp, lang/qt/tests/t-wkdlookup.cpp, lang/qt/tests/t-wkspublish.cpp: Include GpgME++ headers with gpgme++/ prefix. -- This prepares the Qt bindings for building them separately from the C++ bindings. GnuPG-bug-id: 7110
2024-05-24 09:39:42 +00:00
#include <gpgme++/context.h>
#include <gpgme++/data.h>
#include <algorithm>
using namespace QGpgME;
using namespace GpgME;
/* Test keys
sec ed25519 2022-03-29 [SC]
604122B94C86BE846EAFE637FC2BCFB1B19A1CF4
uid [ultimate] revoke-me@example.net
ssb cv25519 2022-03-29 [E]
* generated with
export GNUPGHOME=$(mktemp -d)
gpg -K
gpg --batch --pinentry-mode loopback --passphrase abc --quick-gen-key revoke-me@example.net default default never
gpg -K
gpg --export-secret-keys --armor --batch --pinentry-mode loopback --passphrase abc --comment revoke-me@example.net revoke-me@example.net | sed 's/\(.*\)/ "\1\\n"/'
#rm -rf ${GNUPGHOME}
unset GNUPGHOME
*/
static const char *testKeyData =
"-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
"Comment: revoke-me@example.net\n"
"\n"
"lIYEYkLSGhYJKwYBBAHaRw8BAQdAWKBjYOZIW33CjwlHKKGIgqXDOGhmbPCStkj1\n"
"+2/cVFL+BwMCXJpRHkD8EcT8DMWdVo84Lx4w7RNDCQx5xnm6rO5kvtmh+PjgM3qt\n"
"CQVGy8H7Dq35yzi0Hihm5zvHxVGYdAu96ShAI2ZqqVL7is0CdAmAibQVcmV2b2tl\n"
"LW1lQGV4YW1wbGUubmV0iJQEExYKADwWIQRgQSK5TIa+hG6v5jf8K8+xsZoc9AUC\n"
"YkLSGgIbAwULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQ/CvPsbGaHPSH\n"
"LAD/RNFgm1Bp6ltDXLS6oS0S5Bgjjg3CBpbdxWTvLjPpaagBAIU2pTLrsGNDKIZq\n"
"EAY7hY50tdcvOfT4OSAySJACJzMFnIsEYkLSGhIKKwYBBAGXVQEFAQEHQIOTbPEz\n"
"hUtL72BHfetUWESlEbh2IF/NEUWASUtQJDghAwEIB/4HAwJGE5naBnwwcfyPC+Nq\n"
"DwY5FO28hQVAzgNu9KAncmPtpST1J8sEPAtJGhtq/9fki9eSvBMbAa64VVpFHKHK\n"
"ravZxr2uCrK6J/u4rTvnR8HgiHgEGBYKACAWIQRgQSK5TIa+hG6v5jf8K8+xsZoc\n"
"9AUCYkLSGgIbDAAKCRD8K8+xsZoc9ANAAP9rX/xanm7YvcGFIxPclmy4h33lLaG8\n"
"dE5RA6zeSg7DqQD8Dae82iKaqKfTpe2+2vIEyxBVy8+WttoElUoXiwr0AQg=\n"
"=/5re\n"
"-----END PGP PRIVATE KEY BLOCK-----\n";
class RevokeKeyJobTest : public QGpgMETest
{
Q_OBJECT
private Q_SLOTS:
void initTestCase()
{
QGpgMETest::initTestCase();
// set up the test fixture for this test
qputenv("GNUPGHOME", mGnupgHomeTestFixture.path().toUtf8());
QVERIFY(importSecretKeys(testKeyData, 1));
}
void init()
{
// set up a copy of the test fixture for each test function
mGnupgHomeTestCopy.reset(new QTemporaryDir{});
QVERIFY(copyKeyrings(mGnupgHomeTestFixture.path(), mGnupgHomeTestCopy->path()));
qputenv("GNUPGHOME", mGnupgHomeTestCopy->path().toUtf8());
}
void testAsync()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
hookUpPassphraseProvider(job.get());
Error result;
connect(job.get(), &RevokeKeyJob::result,
job.get(), [this, &result](const Error &result_) {
result = result_;
Q_EMIT asyncDone();
});
QVERIFY(!job->start(key, RevocationReason::NoLongerUsed,
{"This key is not used anymore."}));
job.release(); // after the job has been started it's on its own
QSignalSpy spy (this, SIGNAL(asyncDone()));
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
QVERIFY(result.code() == GPG_ERR_NO_ERROR);
key.update();
QVERIFY(key.isRevoked());
verifyReason(key, RevocationReason::NoLongerUsed,
{"This key is not used anymore."});
}
void testSync_noReasonDescription()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
hookUpPassphraseProvider(job.get());
const auto result = job->exec(key);
QVERIFY(result.code() == GPG_ERR_NO_ERROR);
key.update();
QVERIFY(key.isRevoked());
verifyReason(key, RevocationReason::Unspecified, {});
}
void testSync_oneLineReasonDescription()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
hookUpPassphraseProvider(job.get());
const auto result = job->exec(key, RevocationReason::Compromised,
{"The secret key was stolen."});
QVERIFY(result.code() == GPG_ERR_NO_ERROR);
key.update();
QVERIFY(key.isRevoked());
verifyReason(key, RevocationReason::Compromised,
{"The secret key was stolen."});
}
void testSync_twoLinesReasonDescription()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
hookUpPassphraseProvider(job.get());
const auto result = job->exec(key, RevocationReason::Superseded,
{"This key has been superseded by key",
"0000 1111 2222 3333 4444 5555 6666 7777 8888 9999."});
QVERIFY(result.code() == GPG_ERR_NO_ERROR);
key.update();
QVERIFY(key.isRevoked());
verifyReason(key, RevocationReason::Superseded,
{"This key has been superseded by key",
"0000 1111 2222 3333 4444 5555 6666 7777 8888 9999."});
}
void testErrorHandling_nullKey()
{
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Key is null key");
const auto result = job->exec(Key{});
QVERIFY(result.code() == GPG_ERR_INV_ARG);
}
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Key is null key");
const auto result = job->start(Key{});
QVERIFY(result.code() == GPG_ERR_INV_ARG);
}
}
void testErrorHandling_invalidReason()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, QRegularExpression{"^Error: Invalid revocation reason"});
const auto result = job->exec(key, static_cast<RevocationReason>(-1));
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, QRegularExpression{"^Error: Invalid revocation reason"});
const auto result = job->start(key, static_cast<RevocationReason>(4));
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
}
void testErrorHandling_invalidDescription()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Revocation description contains empty lines or lines with endline characters");
const auto result = job->exec(key, RevocationReason::Unspecified,
{"line1", "", "line3"});
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Revocation description contains empty lines or lines with endline characters");
const auto result = job->start(key, RevocationReason::Unspecified,
{"line1\nline2"});
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
}
private:
Key getTestKey(const char *pattern)
{
auto ctx = Context::create(OpenPGP);
VERIFY_OR_OBJECT(ctx);
Error err;
auto key = ctx->key(pattern, err, /*secret=*/true);
VERIFY_OR_OBJECT(!err);
VERIFY_OR_OBJECT(!key.isNull());
return key;
}
bool verifyReason(const Key &key, RevocationReason reason, const QStringList &description)
{
static const auto startTimeout = std::chrono::milliseconds{1000};
static const auto finishTimeout = std::chrono::milliseconds{2000};
static const QStringList hexCodeForReason = {
QStringLiteral("00"), /* no particular reason */
QStringLiteral("02"), /* key has been compromised */
QStringLiteral("01"), /* key is superseded */
QStringLiteral("03") /* key is no longer used */
};
QProcess p;
p.setProgram(dirInfo("gpg-name"));
p.setArguments({QStringLiteral("-K"),
QStringLiteral("--with-colon"),
QStringLiteral("--with-sig-list"),
QLatin1String{key.primaryFingerprint()}
});
p.start();
if (!p.waitForStarted(startTimeout.count())) {
qWarning() << "Timeout while waiting for start of" << p.program() << p.arguments().join(u' ');
return false;
}
if (!p.waitForFinished(finishTimeout.count())) {
qWarning() << "Timeout while waiting for completion of" << p.program() << p.arguments().join(u' ');
return false;
}
if (p.exitStatus() != QProcess::NormalExit) {
qWarning() << p.program() << "terminated abnormally with exit status" << p.exitStatus();
return false;
}
const auto lines = QString::fromUtf8(p.readAllStandardOutput()).split(u'\n');
for (const auto &l : lines) {
const auto fields = l.split(u':');
if (fields[0] == QLatin1String{"rev"}) {
// or "rev" the signature class may be followed by a comma
// and a 2 digit hexnumber with the revocation reason
const auto sigClass = fields.value(10);
const auto revReason = sigClass.split(u',').value(1);
COMPARE_OR_FALSE(revReason, hexCodeForReason.value(static_cast<int>(reason)));
// decode the \n in the C-style quoted comment field
const auto comment = fields.value(20).replace(QStringLiteral("\\n"), QStringLiteral("\n"));
COMPARE_OR_FALSE(comment, description.join(u'\n'));
return true;
}
if (fields[0] == QLatin1String{"uid"}) {
qWarning() << "Found uid before rev in key listing:\n" << stdout;
return false;
}
}
return false;
}
private:
QTemporaryDir mGnupgHomeTestFixture;
std::unique_ptr<QTemporaryDir> mGnupgHomeTestCopy;
};
QTEST_MAIN(RevokeKeyJobTest)
#include "t-revokekey.moc"