-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unittest #38
Unittest #38
Conversation
WIP solution for M2Crypto substitution by PyCA cryptography. So far only singing works with following keys: tests/smime/cert.pem tests/smime/key.pem
Encryption itself is not yet solved. In case of signing and encrypting message, signature has to be detached, before the message is encrypted and attached after, so this is the status of the app for now.
For single x509 certificate. This feature have to be extended to support multiple certificates and find solution for encryption only without signing.
This commit solves the logic when user wants to encrypt the message without using a x509 certificate or any signature. Logic should be simplified, there is a lot of encoding/decoding back and forth.
Updated expected values in unittests to correct ones. This resulted in passing test_smime_sign. Repaired the case in which we need to sign with passphrase protected cert, which was not loaded correctly due to explicitly setting the password=None in load function. test_smime_key_cert_together_passphrase still fails, but not not because of the error, rather because the expected value. That could be potentionally right, but I was not able to assure that is the case.
Library has build-in method for encryption, this has been added to the if encrypt case. This howerer does not satisfy the tests in previous form, current standard headers don't use `application/x-pkcs7...`, the "x-" part is deprecated. Other test values were updated to check for different lines, but all changes were tested manualy if can be decrypted and/or verified. Which they did.
Updated tests to check for values following current standards. All changes were manually tested if the messages can still be decrypted or verified. Value in tests smime_key_cert_together* could most likely also be modified, but I was not able to come up with the command to verify the decryption. |
Flow is split into 3 cases signed not encrypted signed and encrypted not signed encrypted Generated emails are decrypted/verified using openssl cli, but tests fail. This is work in progress
PyCA cryptography does not have a direct way for decrypting smime envelopes, so tests are done with the use of M2Crypto. This applies to test_multiple_recipients and test_smime_decrypt_attachments. These two test were rewritten to assert the values in decrypted message.
All tests are now success. Two tests were rewritten to use M2Crypto for decrypting, since PyCA cryptography does not support decrypting SMIME envelope directly. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rebase the pull request to a single (or more) commit (get rid of the WIP commits) (if not, I'll squash it myself later to a single commit). Close other PRs.
@@ -2,3 +2,4 @@ | |||
dist | |||
envelope.egg-info | |||
__pycache__ | |||
.vscode |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please put this into your .git/info/exclude file, I've been told once this is the right way of handling the files that does not relate.
@@ -1617,4 +1732,4 @@ def smtp_quit(self=None): | |||
if self is None: | |||
SMTPHandler.quit_all() | |||
else: | |||
self._smtp.quit() | |||
self._smtp.quit() # |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
trailing #
@@ -94,7 +94,7 @@ def check_lines(self, o, lines: Union[str, Tuple[str, ...]] = (), longer: Union[ | |||
|
|||
cmd = "python3", "-m", "envelope" | |||
|
|||
def bash(self, *cmd, file: Path = None, piped=None, envelope=True, env=None, debug=False, decode=True): | |||
def bash(self, *cmd, file: Path = None, piped=None, envelope=True, env=None, debug=True, decode=True): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why changing debug to true? :)
from M2Crypto import SMIME | ||
import re |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
put the import to the module start
# XX verify signature | ||
e=Envelope.load(path="tests/eml/smime_key_cert_together.eml", key=self.key_cert_together) | ||
self.assertEqual(MESSAGE, e.message()) | ||
# def test_smime_key_cert_together(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why commented? is there an alternative somewhere?
Fixed an issue with loading password protected cert and updated some expected values in unittests to correct ones. Some minor differences in the signatures could be because of the switch from M2Crypto to PyCA cryptography library and each generate slightly different first line. Signatures were verified with openssl in terminal and every signature was valid.