Add test for expiring keys in detached sign

keybase · Oct 6, 2017 · da2113d · da2113d
1 parent 2162d83
commit da2113d
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 2 deletions.
diff --git a/test/data/detached.iced b/test/data/detached.iced
@@ -319,6 +319,43 @@ fDLzl9HW17ueqUMQPQIQufzj8G/rP6f/2Q==
   }
 }
 
+exports.expiring_data = {
+  sig : """
+-----BEGIN PGP MESSAGE-----
+
+owFlkz1oFEEUxzfxxFMRBMmhhfBEJBLkrKwMxHAQopWIRAJazM28ux2yO7OZmb3c
+WmijoKISsBLSaSWIrY2NH4gWdiIE1MbWSmwuKZw3e5/YLLNv3nv/3/u/3c1De6Jq
+7c9M93z85MHm1MvpXrMqmGN113Wr377vaxhkTqo2MCWgg0a2Cnqzsq2Yyw1ayK1/
+uBghy5uJ5GczIzvMIaxhkTFpQCpfCzpD4xtpBUK2WmhQOWgZnQIqboos3JCEwMFr
+HRZHMiAtcEJB4QWJICiOpEC3Qogq0NThav88rA7scqKca+MHyLQSFCnxqVcdlrQB
+7LI0S/AMLPowwobOEypGiNGA3lAT6k77udrSsSQpgm7ISvy1dWDzZiqtpRF9Hilf
+0rlRLCHoi0qbNlNeuRGjT3OmKOmZtZpLEkAhnQeKvT8JkVLrsZ4jskA6a8dGIUEe
+I18bmlMa4sPlMn2cufJy1FEqgd4pzlIsl1RaQPsJ6dJ5GAFKO2giKki1KL311vI+
+BlhasXS0Rq6VxfUc6dKPXG6g79f4pyTtsL8/0ocieZ644C6qPmuhc0iZ8Dj/t+gD
+hLzSFul3WFCNmdgX4Qd0rtPMTygtivq9vBLVqtHx2onKpzvv/t6+dmrn0cLjt4Of
+Y+80/RDRgf2HB5EvC1PR86Xs9dbWx6+NWzfmfl7g7+efreDukd/Ld3dPb7/qPI2j
+3vTyj88r1XPzR4+tFpfnrjzcTt5cr/ya2bn5ojf74eT9g/8A
+=YebB
+-----END PGP MESSAGE-----
+"""
+  data : """
+Q3JlYXRpbmcgYW5kIHZlcmlmeWluZyBzaWduYXR1cmVzIHVzZXMgdGhlIHB1YmxpYy9wcml2YXRl
+IGtleXBhaXIgaW4gYW4gb3BlcmF0aW9uIGRpZmZlcmVudCBmcm9tIGVuY3J5cHRpb24gYW5kIGRl
+Y3J5cHRpb24uIEEgc2lnbmF0dXJlIGlzIGNyZWF0ZWQgdXNpbmcgdGhlIHByaXZhdGUga2V5IG9m
+IHRoZSBzaWduZXIuIFRoZSBzaWduYXR1cmUgaXMgdmVyaWZpZWQgdXNpbmcgdGhlIGNvcnJlc3Bv
+bmRpbmcgcHVibGljIGtleS4gRm9yIGV4YW1wbGUsIEFsaWNlIHdvdWxkIHVzZSBoZXIgb3duIHBy
+aXZhdGUga2V5IHRvIGRpZ2l0YWxseSBzaWduIGhlciBsYXRlc3Qgc3VibWlzc2lvbiB0byB0aGUg
+Sm91cm5hbCBvZiBJbm9yZ2FuaWMgQ2hlbWlzdHJ5LiBUaGUgYXNzb2NpYXRlIGVkaXRvciBoYW5k
+bGluZyBoZXIgc3VibWlzc2lvbiB3b3VsZCB1c2UgQWxpY2UncyBwdWJsaWMga2V5IHRvIGNoZWNr
+IHRoZSBzaWduYXR1cmUgdG8gdmVyaWZ5IHRoYXQgdGhlIHN1Ym1pc3Npb24gaW5kZWVkIGNhbWUg
+ZnJvbSBBbGljZSBhbmQgdGhhdCBpdCBoYWQgbm90IGJlZW4gbW9kaWZpZWQgc2luY2UgQWxpY2Ug
+c2VudCBpdC4gQSBjb25zZXF1ZW5jZSBvZiB1c2luZyBkaWdpdGFsIHNpZ25hdHVyZXMgaXMgdGhh
+dCBpdCBpcyBkaWZmaWN1bHQgdG8gZGVueSB0aGF0IHlvdSBtYWRlIGEgZGlnaXRhbCBzaWduYXR1
+cmUgc2luY2UgdGhhdCB3b3VsZCBpbXBseSB5b3VyIHByaXZhdGUga2V5IGhhZCBiZWVuIGNvbXBy
+b21pc2VkLg==
+"""
+}
+
 exports.keys = {
   private : """
 -----BEGIN PGP PRIVATE KEY BLOCK-----
@@ -413,4 +450,20 @@ ziHP5qAViYGhiXdjtbjnoAjuXocEoO9xa0siJOzBQO4vLA==
 =0ruW
 -----END PGP PUBLIC KEY BLOCK-----
 """
-}
+
+  public_expiring : """
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEWdfcehYJKwYBBAHaRw8BAQdAmp1hnkG28ObtpKDY9IVcYo4hJqdPUygdCRBD
+W0TQAye0E0V4cGlyaW5nIFBHUCBUZXN0ZXKIlQQTFggAPRYhBMmEw/V/VyX7jT+O
+wvMVeDtok4qQBQJZ19x6AhsDBQkB4TOABQsJCAcCBhUICQoLAgMWAgECHgECF4AA
+CgkQ8xV4O2iTipAR1AEA5dZUD1NVuU3JFevMsk8GRYDq3LkrQmIq9XWXDPx1wtMA
+/jYJMs4LRRKecQbG2XldE0GezvXm2Hgd0U8VaqqZaosNuDgEWdfcehIKKwYBBAGX
+VQEFAQEHQEsakfoAKM1MWfoV8EUbvufeS8Bqo9qhqTB+PzOsyIgHAwEIB4h+BBgW
+CAAmFiEEyYTD9X9XJfuNP47C8xV4O2iTipAFAlnX3HoCGwwFCQHhM4AACgkQ8xV4
+O2iTipAThQD/eW9MkBmc+R8HBGgI+EIT2KHJsNk9iqh6E5BaPE2CUwwBAJWMahbF
+Ud2XR/OA3G3VVO4NNLP01M4Pvhf6fYQUuGMH
+=+75T
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+}
diff --git a/test/files/verify_detached_sigs.iced b/test/files/verify_detached_sigs.iced
@@ -1,7 +1,7 @@
 {PgpKeyRing} = require '../../lib/keyring'
 {KeyManager} = require '../../'
 {do_message} = require '../../lib/openpgp/processor'
-{keys,data}  = require '../data/detached.iced'
+{keys,data,expiring_data}  = require '../data/detached.iced'
 {WordArray}  = require 'triplesec'
 {MRF}        = require '../../lib/rand'
 
@@ -129,3 +129,26 @@ exports.nix_bad_sigs_streaming = (T,cb) ->
   cb()
 
 #==========================================
+
+exports.verify_expired_detached = (T, cb) ->
+  now = Math.floor(new Date(2017, 10, 7)/1000)
+  await KeyManager.import_from_armored_pgp { raw : keys.public_expiring, opts: { now } }, defer err, tmpkm
+  T.no_error err
+  cleartext = new Buffer strip(expiring_data.data), 'base64'
+  await do_message { keyfetch : tmpkm, armored : expiring_data.sig, data, now }, defer err, literals
+  T.no_error err, "sig worked"
+  T.waypoint "Sig checked out"
+  T.assert literals[0].get_data_signer(), "a data signer came back"
+  km2 = literals[0].get_data_signer()?.get_key_manager()
+  T.assert km2?, "A key manager was there"
+  fp1 = tmpkm.get_pgp_fingerprint().toString('hex')
+  fp2 = literals[0].get_data_signer()?.get_key_manager()?.get_pgp_fingerprint()?.toString("hex")
+  T.equal fp1, fp2, "the right fingerprint signed"
+
+  now = Math.floor(new Date(2099, 7, 10)/1000)
+  await do_message { keyfetch : tmpkm, armored : expiring_data.sig, data, now }, defer err, literals
+  T.assert err?, "Errored out"
+  T.assert err.message.indexOf('expired at') isnt -1, "expecting expired error message"
+  T.waypoint "Right error message beamed back from 2099: #{err.message}"
+
+  cb null