python: Fix skipping tests if running with GnuPG < 2.1.12.
[gpgme.git] / lang / python / tests / t-verify.py
1 #!/usr/bin/env python
2
3 # Copyright (C) 2016 g10 Code GmbH
4 #
5 # This file is part of GPGME.
6 #
7 # GPGME is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 2 of the License, or
10 # (at your option) any later version.
11 #
12 # GPGME is distributed in the hope that it will be useful, but WITHOUT
13 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General
15 # Public License for more details.
16 #
17 # You should have received a copy of the GNU Lesser General Public
18 # License along with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 from __future__ import absolute_import, print_function, unicode_literals
21 del absolute_import, print_function, unicode_literals
22
23 import sys
24 import os
25 import gpg
26 import support
27 _ = support # to appease pyflakes.
28
29 test_text1 = b"Just GNU it!\n"
30 test_text1f= b"Just GNU it?\n"
31 test_sig1 = b"""-----BEGIN PGP SIGNATURE-----
32
33 iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt
34 bGF1dGUgdW5kIGpldHp0IGVpbiBwcm96ZW50JS1aZWljaGVuNRSAAAAAAAgAJGZv
35 b2Jhci4xdGhpcyBpcyBhIG5vdGF0aW9uIGRhdGEgd2l0aCAyIGxpbmVzGhpodHRw
36 Oi8vd3d3Lmd1Lm9yZy9wb2xpY3kvAAoJEC1yfMdoaXc0JBIAoIiLlUsvpMDOyGEc
37 dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaA==
38 =nts1
39 -----END PGP SIGNATURE-----
40 """
41
42 test_sig2 = b"""-----BEGIN PGP MESSAGE-----
43
44 owGbwMvMwCSoW1RzPCOz3IRxjXQSR0lqcYleSUWJTZOvjVdpcYmCu1+oQmaJIleH
45 GwuDIBMDGysTSIqBi1MApi+nlGGuwDeHao53HBr+FoVGP3xX+kvuu9fCMJvl6IOf
46 y1kvP4y+8D5a11ang0udywsA
47 =Crq6
48 -----END PGP MESSAGE-----
49 """
50
51 # A message with a prepended but unsigned plaintext packet.
52 double_plaintext_sig = b"""-----BEGIN PGP MESSAGE-----
53
54 rDRiCmZvb2Jhci50eHRF4pxNVGhpcyBpcyBteSBzbmVha3kgcGxhaW50ZXh0IG1l
55 c3NhZ2UKowGbwMvMwCSoW1RzPCOz3IRxTWISa6JebnG666MFD1wzSzJSixQ81XMV
56 UlITUxTyixRyKxXKE0uSMxQyEosVikvyCwpSU/S4FNCArq6Ce1F+aXJGvoJvYlGF
57 erFCTmJxiUJ5flFKMVeHGwuDIBMDGysTyA4GLk4BmO036xgWzMgzt9V85jCtfDFn
58 UqVooWlGXHwNw/xg/fVzt9VNbtjtJ/fhUqYo0/LyCGEA
59 =6+AK
60 -----END PGP MESSAGE-----
61 """
62
63 def check_result(result, summary, validity, fpr, status, notation):
64     assert len(result.signatures) == 1, "Unexpected number of signatures"
65     sig = result.signatures[0]
66     assert sig.summary == summary, \
67         "Unexpected signature summary: {}, want: {}".format(sig.summary,
68                                                             summary)
69     assert sig.fpr == fpr
70     assert gpg.errors.GPGMEError(sig.status).getcode() == status
71
72     if notation:
73         expected_notations = {
74             "bar": (b"\xc3\xb6\xc3\xa4\xc3\xbc\xc3\x9f" +
75                     b" das waren Umlaute und jetzt ein prozent%-Zeichen"
76                     if sys.version_info[0] < 3 else
77                     b"\xc3\xb6\xc3\xa4\xc3\xbc\xc3\x9f".decode() +
78                     " das waren Umlaute und jetzt ein prozent%-Zeichen"),
79             "foobar.1":  "this is a notation data with 2 lines",
80             None: "http://www.gu.org/policy/",
81         }
82         assert len(sig.notations) == len(expected_notations)
83
84         for r in sig.notations:
85             assert not 'name_len' in dir(r)
86             assert not 'value_len' in dir(r)
87             assert r.name in expected_notations
88             assert r.value == expected_notations[r.name], \
89                 "Expected {!r}, got {!r}".format(expected_notations[r.name],
90                                                  r.value)
91             expected_notations.pop(r.name)
92
93         assert len(expected_notations) == 0
94
95     assert not sig.wrong_key_usage
96     assert sig.validity == validity, \
97         "Unexpected signature validity: {}, want: {}".format(
98             sig.validity, validity)
99     assert gpg.errors.GPGMEError(sig.validity_reason).getcode() == gpg.errors.NO_ERROR
100
101 c = gpg.Context()
102 c.set_armor(True)
103
104 # Checking a valid message.
105 text = gpg.Data(test_text1)
106 sig = gpg.Data(test_sig1)
107 c.op_verify(sig, text, None)
108 result = c.op_verify_result()
109 check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
110              gpg.constants.validity.FULL,
111              "A0FF4590BB6122EDEF6E3C542D727CC768697734",
112              gpg.errors.NO_ERROR, True)
113
114
115 # Checking a manipulated message.
116 text = gpg.Data(test_text1f)
117 sig.seek(0, os.SEEK_SET)
118 c.op_verify(sig, text, None)
119 result = c.op_verify_result()
120 check_result(result, gpg.constants.sigsum.RED, gpg.constants.validity.UNKNOWN,
121              "2D727CC768697734", gpg.errors.BAD_SIGNATURE, False)
122
123 # Checking a normal signature.
124 text = gpg.Data()
125 sig = gpg.Data(test_sig2)
126 c.op_verify(sig, None, text)
127 result = c.op_verify_result()
128 check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
129              gpg.constants.validity.FULL,
130              "A0FF4590BB6122EDEF6E3C542D727CC768697734",
131              gpg.errors.NO_ERROR, False)
132
133 # Checking an invalid message.
134 text = gpg.Data()
135 sig = gpg.Data(double_plaintext_sig)
136 try:
137     c.op_verify(sig, None, text)
138 except Exception as e:
139     assert type(e) == gpg.errors.GPGMEError
140     assert e.getcode() == gpg.errors.BAD_DATA
141 else:
142     assert False, "Expected an error but got none."
143
144
145 # Idiomatic interface.
146 with gpg.Context(armor=True) as c:
147     # Checking a valid message.
148     _, result = c.verify(test_text1, test_sig1)
149     check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
150                  gpg.constants.validity.FULL,
151                  "A0FF4590BB6122EDEF6E3C542D727CC768697734",
152                  gpg.errors.NO_ERROR, True)
153
154     # Checking a manipulated message.
155     try:
156         c.verify(test_text1f, test_sig1)
157     except gpg.errors.BadSignatures as e:
158         check_result(e.result, gpg.constants.sigsum.RED,
159                      gpg.constants.validity.UNKNOWN,
160                      "2D727CC768697734", gpg.errors.BAD_SIGNATURE, False)
161     else:
162         assert False, "Expected an error but got none."
163
164     # Checking a normal signature.
165     sig = gpg.Data(test_sig2)
166     data, result = c.verify(test_sig2)
167     check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
168                  gpg.constants.validity.FULL,
169                  "A0FF4590BB6122EDEF6E3C542D727CC768697734",
170                  gpg.errors.NO_ERROR, False)
171     assert data == test_text1
172
173     # Checking an invalid message.
174     try:
175         c.verify(double_plaintext_sig)
176     except gpg.errors.GPGMEError as e:
177         assert e.getcode() == gpg.errors.BAD_DATA
178     else:
179         assert False, "Expected an error but got none."
180
181     alpha = c.get_key("A0FF4590BB6122EDEF6E3C542D727CC768697734", False)
182     bob = c.get_key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", False)
183
184     # Checking a valid message.
185     c.verify(test_text1, test_sig1, verify=[alpha])
186
187     try:
188         c.verify(test_text1, test_sig1, verify=[alpha, bob])
189     except gpg.errors.MissingSignatures as e:
190         assert len(e.missing) == 1
191         assert e.missing[0] == bob
192     else:
193         assert False, "Expected an error, got none"