diff --git a/autotests/fixtures/keyresolvercoretest/.gitignore b/autotests/fixtures/keyresolvercoretest/.gitignore index 895a1a3c2..b8c2f45a1 100644 --- a/autotests/fixtures/keyresolvercoretest/.gitignore +++ b/autotests/fixtures/keyresolvercoretest/.gitignore @@ -1,3 +1,4 @@ +demoCA/*.old openpgp-revocs.d/ random_seed tofu.db diff --git a/autotests/fixtures/keyresolvercoretest/demoCA/index.txt b/autotests/fixtures/keyresolvercoretest/demoCA/index.txt new file mode 100644 index 000000000..db35668a6 --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/demoCA/index.txt @@ -0,0 +1,5 @@ +V 21210329120247Z 70CEEBA710B7FBF41184FBB6A50AC89D459E574D unknown /C=DE/O=example/CN=Sender Mixed +V 21210329134834Z 6237D5880ABA855CBF3829FF0DE1FF96BF7FDE60 unknown /C=DE/O=example/CN=Sender S/MIME +V 21210330080656Z 6C48CCE8716D1609D0D1075F4D582C8DC307D1EE unknown /C=DE/O=example/CN=Trusted S/MIME +V 21210330085240Z 4C46CCE3B1A7F1F911C49A9148FF546F9CCF11EB unknown /C=DE/O=example/CN=S/MIME w/ same validity as OpenPGP +V 21210330085312Z 53CE2C8DA0B767B450824278C15373FBD8CFF6B5 unknown /C=DE/O=example/CN=S/MIME w/ lower validity than OpenPGP diff --git a/autotests/fixtures/keyresolvercoretest/demoCA/index.txt.attr b/autotests/fixtures/keyresolvercoretest/demoCA/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/demoCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/4C46CCE3B1A7F1F911C49A9148FF546F9CCF11EB.pem b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/4C46CCE3B1A7F1F911C49A9148FF546F9CCF11EB.pem new file mode 100644 index 000000000..31b8d04cc --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/4C46CCE3B1A7F1F911C49A9148FF546F9CCF11EB.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:46:cc:e3:b1:a7:f1:f9:11:c4:9a:91:48:ff:54:6f:9c:cf:11:eb + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test CA, O=example, C=DE + Validity + Not Before: Mar 30 08:52:40 2021 GMT + Not After : Mar 30 08:52:40 2121 GMT + Subject: C=DE, O=example, CN=S/MIME w/ same validity as OpenPGP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:98:3a:0a:a8:d8:32:b7:af:d2:f6:bb:78:ae:1d: + 22:d6:4f:9e:29:20:7b:6e:d3:95:74:76:50:77:3c: + 09:8a:6b:1b:ff:33:11:59:10:33:e1:a6:51:72:59: + 59:76:df:5e:da:ed:47:c2:c1:c6:7c:04:33:25:e1: + 98:f3:90:1b:d2:da:a2:7b:c6:60:bb:5f:a8:d5:02: + 95:92:3d:83:aa:6f:ff:9a:12:8a:62:3c:cc:b5:eb: + b8:be:91:39:21:fd:85:f9:85:5d:16:52:18:38:33: + 99:ce:fc:14:18:6b:0f:d1:a2:94:8a:55:75:71:77: + 50:c0:d5:24:73:59:f0:c6:4b:a8:dc:50:5d:6b:6f: + ce:81:0c:0d:23:d1:6b:ee:b5:4d:c3:bf:4d:a1:61: + cd:f2:bb:a1:ec:86:8c:0d:bc:9a:89:06:1f:da:f3: + 2c:11:bd:df:04:6c:1e:f4:ed:1b:27:6a:62:bc:98: + e7:de:53:c8:b6:fb:20:f4:de:c8:7c:65:3b:57:07: + 66:de:f4:9d:7d:05:fc:7a:b2:b6:af:dd:cd:d6:ee: + 44:44:4a:a6:71:e7:0b:ce:61:17:c5:3a:a7:44:76: + 79:7c:1e:3a:5b:b1:5a:82:96:0c:db:d6:f0:9d:11: + eb:95:2f:81:e4:71:2b:4f:f1:61:7f:73:5c:3d:21: + b8:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + email:full-validity@example.net + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment + Signature Algorithm: sha256WithRSAEncryption + 92:52:65:13:3c:03:f7:b0:53:8c:45:a6:46:13:06:9b:b7:3a: + 13:06:cc:52:0d:20:10:ec:0a:ca:d3:85:8b:46:d0:6a:e5:50: + a8:d2:3c:61:62:9b:e2:c5:2b:d8:85:34:2a:96:2f:90:24:3a: + d9:b4:9a:3d:e5:a2:26:00:53:23:f9:b1:b2:cc:87:40:30:d6: + a6:7d:62:9e:7c:ef:ff:a4:78:84:6b:3d:fd:af:c6:7e:c7:90: + 1c:12:ea:b9:af:a7:2f:a7:44:5f:8e:6e:ba:ea:e5:e9:ba:89: + 74:5f:7a:77:ed:8e:df:0a:03:d8:67:bb:59:5b:c8:61:8f:78: + 84:9d:fc:63:3e:78:7d:6f:81:01:85:ee:b2:64:9d:21:a4:1a: + 84:11:04:bb:47:0f:83:54:e7:44:b0:bc:97:a5:85:7b:70:08: + 9b:d1:31:01:6e:3b:cb:42:11:7d:50:13:a0:ff:6f:af:4a:30: + 6f:c0:9b:17:74:71:b4:38:6b:1e:45:4c:f1:ab:99:47:51:a4: + e1:74:28:fa:ae:bd:98:5e:8a:a0:45:2a:d8:40:42:1f:29:45: + 6b:73:7d:cc:07:37:a0:87:23:dd:24:bc:3c:e6:5c:a8:17:ba: + 50:ab:64:78:35:03:d5:e1:ac:86:98:a4:b3:8d:c9:3b:da:37: + 41:d9:ce:29 +-----BEGIN CERTIFICATE----- +MIIDRTCCAi2gAwIBAgIUTEbM47Gn8fkRxJqRSP9Ub5zPEeswDQYJKoZIhvcNAQEL +BQAwMTEQMA4GA1UEAwwHVGVzdCBDQTEQMA4GA1UECgwHZXhhbXBsZTELMAkGA1UE +BhMCREUwIBcNMjEwMzMwMDg1MjQwWhgPMjEyMTAzMzAwODUyNDBaMEwxCzAJBgNV +BAYTAkRFMRAwDgYDVQQKEwdleGFtcGxlMSswKQYDVQQDEyJTL01JTUUgdy8gc2Ft +ZSB2YWxpZGl0eSBhcyBPcGVuUEdQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAmDoKqNgyt6/S9rt4rh0i1k+eKSB7btOVdHZQdzwJimsb/zMRWRAz4aZR +cllZdt9e2u1HwsHGfAQzJeGY85Ab0tqie8Zgu1+o1QKVkj2Dqm//mhKKYjzMteu4 +vpE5If2F+YVdFlIYODOZzvwUGGsP0aKUilV1cXdQwNUkc1nwxkuo3FBda2/OgQwN +I9Fr7rVNw79NoWHN8ruh7IaMDbyaiQYf2vMsEb3fBGwe9O0bJ2pivJjn3lPItvsg +9N7IfGU7Vwdm3vSdfQX8erK2r93N1u5EREqmcecLzmEXxTqnRHZ5fB46W7FagpYM +29bwnRHrlS+B5HErT/Fhf3NcPSG4GwIDAQABozgwNjAkBgNVHREEHTAbgRlmdWxs +LXZhbGlkaXR5QGV4YW1wbGUubmV0MA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0B +AQsFAAOCAQEAklJlEzwD97BTjEWmRhMGm7c6EwbMUg0gEOwKytOFi0bQauVQqNI8 +YWKb4sUr2IU0KpYvkCQ62bSaPeWiJgBTI/mxssyHQDDWpn1innzv/6R4hGs9/a/G +fseQHBLqua+nL6dEX45uuurl6bqJdF96d+2O3woD2Ge7WVvIYY94hJ38Yz54fW+B +AYXusmSdIaQahBEEu0cPg1TnRLC8l6WFe3AIm9ExAW47y0IRfVAToP9vr0owb8Cb +F3RxtDhrHkVM8auZR1Gk4XQo+q69mF6KoEUq2EBCHylFa3N9zAc3oIcj3SS8POZc +qBe6UKtkeDUD1eGshpiks43JO9o3QdnOKQ== +-----END CERTIFICATE----- diff --git a/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/53CE2C8DA0B767B450824278C15373FBD8CFF6B5.pem b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/53CE2C8DA0B767B450824278C15373FBD8CFF6B5.pem new file mode 100644 index 000000000..66236f62b --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/53CE2C8DA0B767B450824278C15373FBD8CFF6B5.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 53:ce:2c:8d:a0:b7:67:b4:50:82:42:78:c1:53:73:fb:d8:cf:f6:b5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test CA, O=example, C=DE + Validity + Not Before: Mar 30 08:53:12 2021 GMT + Not After : Mar 30 08:53:12 2121 GMT + Subject: C=DE, O=example, CN=S/MIME w/ lower validity than OpenPGP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b3:af:c4:e4:6e:89:f8:80:c4:22:0e:ae:c1:91: + 37:ee:fc:ab:30:12:fa:0d:d9:40:e6:c0:19:07:84: + 5a:6f:dd:e9:9a:35:6c:3b:45:ef:a3:99:1f:c5:aa: + fb:81:66:85:d0:6d:92:2d:f8:f7:22:eb:1f:81:a9: + 55:5b:e7:61:6e:19:6d:6b:01:37:de:21:1a:c6:8a: + 42:c0:1e:5a:a5:b9:09:ee:b3:24:3b:8d:a7:18:57: + 92:be:24:d0:a3:7b:27:c0:b6:49:95:3e:22:06:28: + 9a:64:23:6c:82:ca:b9:27:4c:da:65:d3:42:40:17: + 71:89:7f:ae:d7:a7:74:ef:64:d5:54:12:0c:2f:06: + 36:9b:fe:34:46:16:33:e7:78:59:d9:62:12:1a:2b: + 29:ba:62:41:de:e0:62:67:36:24:36:40:85:14:ca: + 32:2f:bf:3d:b9:43:3d:40:61:a7:96:bc:95:09:42: + 61:d6:bb:b3:78:b2:26:63:be:42:c5:3e:8c:9b:90: + cf:4e:d4:48:94:6c:f1:16:41:28:5a:66:96:8a:e3: + a4:0b:d2:93:b8:3a:c0:fc:8e:bb:15:74:e8:75:e5: + 8f:6b:33:eb:58:41:9e:12:5f:57:4f:7a:15:8a:f6: + bc:de:9e:42:69:eb:60:aa:5b:b1:75:d9:65:61:a8: + 39:2b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + email:prefer-openpgp@example.net + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment + Signature Algorithm: sha256WithRSAEncryption + a4:45:49:11:71:f6:be:67:7f:5a:7e:d4:93:eb:5f:db:85:78: + 03:64:97:e3:db:69:8c:03:18:dd:32:c1:b0:39:aa:db:08:43: + 2a:2f:d3:02:19:c8:af:ba:bb:86:c2:3c:fc:83:6d:84:c4:2d: + fe:e6:0d:05:3b:39:d3:49:b2:76:50:30:d0:5a:7e:b7:bc:e4: + ea:14:a3:bc:c8:65:9e:34:c2:7f:6a:f4:59:34:a7:bd:17:54: + ba:64:53:b3:28:1e:8c:1f:4d:10:4f:18:39:bc:52:46:fc:15: + f1:10:58:31:80:31:9e:6c:f0:59:01:48:f6:df:2c:8e:69:27: + 77:45:c0:ca:de:78:03:f2:7c:cf:c5:50:31:38:fd:51:39:58: + a8:13:41:dd:14:11:08:9d:7f:a0:8a:45:74:69:c2:9d:26:63: + 16:09:a4:de:63:96:c7:ec:6a:59:29:e0:02:de:ad:f8:d6:c1: + ed:15:4c:1a:3c:9d:be:b1:d4:3f:c8:bd:d4:90:e6:14:5d:da: + 41:39:12:21:0c:5b:10:7f:63:89:32:ab:e8:ac:aa:36:e6:83: + f8:48:fe:ed:74:84:34:18:41:aa:20:96:c9:bf:80:c5:9c:3e: + 85:64:5e:56:8b:22:80:d9:17:42:6f:a1:3b:24:60:50:da:b8: + 4d:e8:05:bf +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIUU84sjaC3Z7RQgkJ4wVNz+9jP9rUwDQYJKoZIhvcNAQEL +BQAwMTEQMA4GA1UEAwwHVGVzdCBDQTEQMA4GA1UECgwHZXhhbXBsZTELMAkGA1UE +BhMCREUwIBcNMjEwMzMwMDg1MzEyWhgPMjEyMTAzMzAwODUzMTJaME8xCzAJBgNV +BAYTAkRFMRAwDgYDVQQKEwdleGFtcGxlMS4wLAYDVQQDEyVTL01JTUUgdy8gbG93 +ZXIgdmFsaWRpdHkgdGhhbiBPcGVuUEdQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAs6/E5G6J+IDEIg6uwZE37vyrMBL6DdlA5sAZB4Rab93pmjVsO0Xv +o5kfxar7gWaF0G2SLfj3IusfgalVW+dhbhltawE33iEaxopCwB5apbkJ7rMkO42n +GFeSviTQo3snwLZJlT4iBiiaZCNsgsq5J0zaZdNCQBdxiX+u16d072TVVBIMLwY2 +m/40RhYz53hZ2WISGispumJB3uBiZzYkNkCFFMoyL789uUM9QGGnlryVCUJh1ruz +eLImY75CxT6Mm5DPTtRIlGzxFkEoWmaWiuOkC9KTuDrA/I67FXTodeWPazPrWEGe +El9XT3oViva83p5CaetgqluxddllYag5KwIDAQABozkwNzAlBgNVHREEHjAcgRpw +cmVmZXItb3BlbnBncEBleGFtcGxlLm5ldDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZI +hvcNAQELBQADggEBAKRFSRFx9r5nf1p+1JPrX9uFeANkl+PbaYwDGN0ywbA5qtsI +Qyov0wIZyK+6u4bCPPyDbYTELf7mDQU7OdNJsnZQMNBafre85OoUo7zIZZ40wn9q +9Fk0p70XVLpkU7MoHowfTRBPGDm8Ukb8FfEQWDGAMZ5s8FkBSPbfLI5pJ3dFwMre +eAPyfM/FUDE4/VE5WKgTQd0UEQidf6CKRXRpwp0mYxYJpN5jlsfsalkp4ALerfjW +we0VTBo8nb6x1D/IvdSQ5hRd2kE5EiEMWxB/Y4kyq+isqjbmg/hI/u10hDQYQaog +lsm/gMWcPoVkXlaLIoDZF0JvoTskYFDauE3oBb8= +-----END CERTIFICATE----- diff --git a/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/6237D5880ABA855CBF3829FF0DE1FF96BF7FDE60.pem b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/6237D5880ABA855CBF3829FF0DE1FF96BF7FDE60.pem new file mode 100644 index 000000000..8ab9c2242 --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/6237D5880ABA855CBF3829FF0DE1FF96BF7FDE60.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:37:d5:88:0a:ba:85:5c:bf:38:29:ff:0d:e1:ff:96:bf:7f:de:60 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test CA, O=example, C=DE + Validity + Not Before: Mar 29 13:48:34 2021 GMT + Not After : Mar 29 13:48:34 2121 GMT + Subject: C=DE, O=example, CN=Sender S/MIME + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d6:80:03:3a:d9:31:cb:37:de:bd:89:77:c6:c5: + c4:e0:b6:bc:7f:73:9a:7f:aa:d7:52:10:38:2b:d2: + 95:53:0d:3d:a1:c4:de:46:61:f3:6a:09:b3:29:11: + 94:9b:fa:09:c3:45:69:f9:1f:d5:5c:a5:c4:a5:bf: + a6:92:91:10:95:b7:e8:0a:4b:d2:fb:27:d9:67:d3: + fc:6f:d9:6d:71:9a:38:f5:84:93:e8:82:3b:91:46: + 9a:17:32:8a:bd:36:82:44:35:a4:df:1a:30:a5:45: + 8b:2a:49:f5:e7:c0:dc:4b:24:0c:f9:f2:e5:33:56: + 82:20:a1:a7:97:89:1e:be:15:f8:f0:b4:15:54:c4: + 16:05:31:b8:76:cf:5f:ab:05:66:20:5b:64:bd:21: + f7:a2:60:81:1a:03:20:fe:dd:ad:82:da:56:6c:f4: + d1:a4:e2:97:2c:18:fd:bc:e3:23:c9:4b:51:eb:f4: + 4c:62:5b:1d:98:29:12:f5:24:e9:02:96:91:3c:1b: + 8b:27:f0:c7:7f:9e:28:6a:b7:e5:82:ec:94:c8:9e: + 65:df:5a:76:bc:3c:30:69:66:bc:96:1f:2d:3e:35: + 6b:18:be:8a:e8:21:29:58:81:67:d9:65:4f:70:5d: + 82:56:2f:2b:5c:db:94:d1:34:01:1f:84:14:8d:e8: + 10:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + email:sender-smime@example.net + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment + Signature Algorithm: sha256WithRSAEncryption + a2:53:89:92:9a:6f:57:63:38:22:0b:03:80:1d:ba:f8:9a:dc: + 7c:d6:44:9e:1d:eb:20:fa:3b:7c:17:46:95:17:91:d9:c6:61: + c8:78:ed:1c:3e:38:6e:46:e3:45:5a:9e:e5:b6:f3:ac:65:d8: + 5d:1e:bb:71:cb:52:22:c7:51:c1:13:11:dd:09:cc:87:d7:aa: + 47:f3:92:b0:2a:5c:c4:ce:30:97:b3:66:16:ed:55:19:d8:fe: + 29:c2:7f:bf:25:dd:d4:c3:32:54:9b:fe:46:5a:75:39:93:d1: + db:d8:6d:83:e5:8f:f3:9f:2b:47:a6:24:cc:88:70:b8:7c:fd: + 70:25:28:c0:48:43:e3:be:9f:35:bf:47:54:73:18:af:82:0a: + 41:e2:16:89:a7:b0:0e:e4:fa:ef:c7:09:6e:90:03:b4:3d:fb: + 93:93:52:29:f6:16:b3:2e:86:b0:61:36:15:e1:2e:26:4f:03: + ec:af:6f:d1:33:16:a4:1f:03:03:ef:d7:ba:17:53:8a:93:fa: + ff:86:39:e0:73:fc:df:59:5b:1d:94:21:db:48:71:51:ba:f8: + e3:69:b3:43:10:b4:38:44:e9:28:16:63:d5:25:9e:87:49:34: + bd:b5:44:6b:a6:3c:13:bb:8f:18:6b:6f:27:3b:02:7f:1e:30: + 3f:21:7f:77 +-----BEGIN CERTIFICATE----- +MIIDLzCCAhegAwIBAgIUYjfViAq6hVy/OCn/DeH/lr9/3mAwDQYJKoZIhvcNAQEL +BQAwMTEQMA4GA1UEAwwHVGVzdCBDQTEQMA4GA1UECgwHZXhhbXBsZTELMAkGA1UE +BhMCREUwIBcNMjEwMzI5MTM0ODM0WhgPMjEyMTAzMjkxMzQ4MzRaMDcxCzAJBgNV +BAYTAkRFMRAwDgYDVQQKEwdleGFtcGxlMRYwFAYDVQQDEw1TZW5kZXIgUy9NSU1F +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oADOtkxyzfevYl3xsXE +4La8f3Oaf6rXUhA4K9KVUw09ocTeRmHzagmzKRGUm/oJw0Vp+R/VXKXEpb+mkpEQ +lbfoCkvS+yfZZ9P8b9ltcZo49YST6II7kUaaFzKKvTaCRDWk3xowpUWLKkn158Dc +SyQM+fLlM1aCIKGnl4kevhX48LQVVMQWBTG4ds9fqwVmIFtkvSH3omCBGgMg/t2t +gtpWbPTRpOKXLBj9vOMjyUtR6/RMYlsdmCkS9STpApaRPBuLJ/DHf54oarflguyU +yJ5l31p2vDwwaWa8lh8tPjVrGL6K6CEpWIFn2WVPcF2CVi8rXNuU0TQBH4QUjegQ +TwIDAQABozcwNTAjBgNVHREEHDAagRhzZW5kZXItc21pbWVAZXhhbXBsZS5uZXQw +DgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBCwUAA4IBAQCiU4mSmm9XYzgiCwOA +Hbr4mtx81kSeHesg+jt8F0aVF5HZxmHIeO0cPjhuRuNFWp7ltvOsZdhdHrtxy1Ii +x1HBExHdCcyH16pH85KwKlzEzjCXs2YW7VUZ2P4pwn+/Jd3UwzJUm/5GWnU5k9Hb +2G2D5Y/znytHpiTMiHC4fP1wJSjASEPjvp81v0dUcxivggpB4haJp7AO5Prvxwlu +kAO0PfuTk1Ip9hazLoawYTYV4S4mTwPsr2/RMxakHwMD79e6F1OKk/r/hjngc/zf +WVsdlCHbSHFRuvjjabNDELQ4ROkoFmPVJZ6HSTS9tURrpjwTu48Ya28nOwJ/HjA/ +IX93 +-----END CERTIFICATE----- diff --git a/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/6C48CCE8716D1609D0D1075F4D582C8DC307D1EE.pem b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/6C48CCE8716D1609D0D1075F4D582C8DC307D1EE.pem new file mode 100644 index 000000000..300bc20ce --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/6C48CCE8716D1609D0D1075F4D582C8DC307D1EE.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6c:48:cc:e8:71:6d:16:09:d0:d1:07:5f:4d:58:2c:8d:c3:07:d1:ee + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test CA, O=example, C=DE + Validity + Not Before: Mar 30 08:06:56 2021 GMT + Not After : Mar 30 08:06:56 2121 GMT + Subject: C=DE, O=example, CN=Trusted S/MIME + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bd:3b:af:ed:43:6c:4a:06:37:9d:76:41:7d:20: + c0:20:d8:25:62:5c:03:55:8c:e8:49:bd:b8:29:3b: + 90:3d:8b:8b:5d:0e:b2:d8:a0:39:ea:e7:ce:c5:e8: + 8f:c4:c8:55:a8:8f:9d:b5:4a:ba:60:ce:09:a7:ab: + 4d:3c:fd:f0:71:52:69:41:fa:e9:cc:a7:42:b3:2a: + 66:08:83:53:e0:03:58:67:ff:4f:9e:50:da:b2:57: + aa:f0:0c:9d:61:eb:0b:da:a0:0c:e0:43:11:87:4a: + 62:1a:37:ba:95:41:52:e5:9e:de:25:5a:70:4c:06: + 09:02:5a:ff:2a:3c:5c:b2:b5:b0:20:76:62:64:0e: + 16:21:9a:5d:a9:5c:79:13:5b:ee:bb:be:4f:66:e3: + 9d:62:88:28:50:d3:dc:d9:bd:29:31:6c:cd:da:7b: + d4:f6:5f:49:21:85:54:09:56:29:83:5d:e7:43:8e: + e8:7d:6e:08:f4:43:9f:d5:ed:6b:13:8b:98:1d:58: + 5c:11:b1:c6:98:33:c4:ca:4f:2b:b5:b9:54:40:d0: + ab:6b:d9:11:76:26:49:65:5a:7e:05:09:3a:bd:04: + dc:05:57:dd:c9:a3:c7:2d:8c:c4:ec:45:9b:8f:04: + c9:de:12:6d:f9:14:c7:62:6b:fd:6c:32:20:8a:ca: + e4:27 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + email:prefer-smime@example.net + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment + Signature Algorithm: sha256WithRSAEncryption + 75:2a:a7:09:d2:c4:5a:f3:51:e4:12:41:4f:9a:fd:14:39:64: + 57:3c:9c:e1:04:6c:89:56:c6:b4:b5:7f:1d:cd:a3:e8:d0:6b: + fb:29:4c:d1:37:ea:81:4e:24:a7:e7:76:17:7b:e6:0c:f1:61: + dc:19:65:f6:c4:e2:86:60:79:ae:1f:93:f9:52:78:5c:83:21: + 6c:d5:4f:62:e7:28:66:77:64:ee:2f:bd:6c:51:69:98:5c:b3: + 1e:6c:fb:dc:bd:5a:79:d4:22:7d:e1:90:8f:98:01:f7:99:bc: + 07:bc:5d:f6:00:6b:12:3c:c8:6d:20:a9:68:b3:01:f4:0d:23: + ed:d8:35:3e:49:04:98:5c:6d:14:69:60:75:fb:b9:26:d4:91: + 57:3a:c8:6f:80:b2:83:03:f9:99:58:45:59:8d:3a:82:1d:04: + 2a:db:83:da:22:f9:e9:5a:c1:0b:49:a2:21:18:53:c3:fe:f8: + fc:cb:be:ee:f6:12:10:49:9e:9a:86:f8:ca:34:2d:96:41:ed: + 51:29:12:73:3f:08:4e:4b:c1:7d:7f:29:9e:38:96:26:ef:2b: + df:ab:79:90:42:52:9c:cf:0e:04:d4:38:39:70:93:2a:cc:a5: + 8d:83:e0:2d:c5:f6:e6:0b:a4:6a:16:07:8e:fd:49:91:11:b5: + b5:b6:b5:ab +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgIUbEjM6HFtFgnQ0QdfTVgsjcMH0e4wDQYJKoZIhvcNAQEL +BQAwMTEQMA4GA1UEAwwHVGVzdCBDQTEQMA4GA1UECgwHZXhhbXBsZTELMAkGA1UE +BhMCREUwIBcNMjEwMzMwMDgwNjU2WhgPMjEyMTAzMzAwODA2NTZaMDgxCzAJBgNV +BAYTAkRFMRAwDgYDVQQKEwdleGFtcGxlMRcwFQYDVQQDEw5UcnVzdGVkIFMvTUlN +RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL07r+1DbEoGN512QX0g +wCDYJWJcA1WM6Em9uCk7kD2Li10OstigOernzsXoj8TIVaiPnbVKumDOCaerTTz9 +8HFSaUH66cynQrMqZgiDU+ADWGf/T55Q2rJXqvAMnWHrC9qgDOBDEYdKYho3upVB +UuWe3iVacEwGCQJa/yo8XLK1sCB2YmQOFiGaXalceRNb7ru+T2bjnWKIKFDT3Nm9 +KTFszdp71PZfSSGFVAlWKYNd50OO6H1uCPRDn9XtaxOLmB1YXBGxxpgzxMpPK7W5 +VEDQq2vZEXYmSWVafgUJOr0E3AVX3cmjxy2MxOxFm48Eyd4SbfkUx2Jr/WwyIIrK +5CcCAwEAAaM3MDUwIwYDVR0RBBwwGoEYcHJlZmVyLXNtaW1lQGV4YW1wbGUubmV0 +MA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAdSqnCdLEWvNR5BJB +T5r9FDlkVzyc4QRsiVbGtLV/Hc2j6NBr+ylM0TfqgU4kp+d2F3vmDPFh3Bll9sTi +hmB5rh+T+VJ4XIMhbNVPYucoZndk7i+9bFFpmFyzHmz73L1aedQifeGQj5gB95m8 +B7xd9gBrEjzIbSCpaLMB9A0j7dg1PkkEmFxtFGlgdfu5JtSRVzrIb4CygwP5mVhF +WY06gh0EKtuD2iL56VrBC0miIRhTw/74/Mu+7vYSEEmemob4yjQtlkHtUSkScz8I +TkvBfX8pnjiWJu8r36t5kEJSnM8OBNQ4OXCTKsyljYPgLcX25gukahYHjv1JkRG1 +tba1qw== +-----END CERTIFICATE----- diff --git a/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/70CEEBA710B7FBF41184FBB6A50AC89D459E574D.pem b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/70CEEBA710B7FBF41184FBB6A50AC89D459E574D.pem new file mode 100644 index 000000000..0fb11ac86 --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/demoCA/newcerts/70CEEBA710B7FBF41184FBB6A50AC89D459E574D.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 70:ce:eb:a7:10:b7:fb:f4:11:84:fb:b6:a5:0a:c8:9d:45:9e:57:4d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test CA, O=example, C=DE + Validity + Not Before: Mar 29 12:02:47 2021 GMT + Not After : Mar 29 12:02:47 2121 GMT + Subject: C=DE, O=example, CN=Sender Mixed + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b3:0f:02:88:b9:2b:0d:8a:d8:a5:84:12:e9:50: + 60:33:2f:61:db:a6:86:a7:b9:a5:00:71:de:13:65: + a3:d0:08:3a:4e:29:52:67:07:78:89:52:ca:f5:79: + ef:6e:20:93:23:87:72:06:e1:ce:e3:10:92:d1:44: + ee:de:64:27:f1:0c:10:26:47:82:aa:1f:01:b2:24: + f8:ad:95:76:0b:e2:f0:27:9b:c2:24:6b:d1:34:cc: + 9d:78:d0:a0:82:ec:97:31:e0:4d:79:f7:d9:57:56: + 59:9c:d5:f0:61:1f:bf:24:29:cd:1d:11:ac:f5:c6: + 90:ec:cc:6e:be:f8:e4:78:d6:f7:9f:db:e6:77:23: + 7b:54:e8:01:22:50:bc:a0:1d:5f:76:1c:f8:13:6b: + e5:44:10:c8:75:92:22:0e:b1:4e:79:75:c4:5e:af: + 4c:b7:89:2a:6f:f9:fb:3d:30:a0:ed:cc:97:bf:6a: + 19:6e:fe:00:e6:7e:ff:63:d0:cd:8b:02:3c:fb:ba: + 77:61:4a:60:fe:19:57:a6:b8:46:cc:b5:f9:39:ec: + 84:2f:cb:59:98:85:79:98:19:25:1a:d9:79:23:b2: + 2e:2c:84:24:c7:52:65:3d:f5:17:41:b4:4f:b1:d4: + f7:37:7b:37:a4:f6:4f:82:56:60:4c:34:a3:5a:26: + cb:05 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + email:sender-mixed@example.net + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment + Signature Algorithm: sha256WithRSAEncryption + 09:5d:c4:a9:c9:30:ea:0f:bc:80:1d:5b:a9:ee:78:02:bc:ac: + 07:c1:0c:16:25:c3:80:a2:10:bd:be:a5:32:de:c9:5f:fe:9b: + 20:91:6e:71:68:f6:b0:9a:9f:59:ed:57:a0:b0:27:1d:fd:9a: + 18:36:87:f0:02:6d:9f:c8:8b:c4:e9:37:a6:80:f2:66:9d:8f: + 55:8f:8a:7e:ba:92:c1:a1:d1:3d:f9:71:be:2a:82:e0:2f:30: + 5c:c9:2a:02:71:a6:3c:be:34:c6:ee:f2:3d:5b:19:59:06:7c: + 01:d3:f3:4a:fb:a4:6b:c2:1a:29:4e:b7:7b:51:7e:f5:86:5c: + b2:65:97:a7:fc:43:a4:6f:2e:ec:2c:a5:44:04:db:6b:57:9b: + 8e:4b:5d:da:39:09:00:08:7b:f4:2c:13:70:57:31:33:94:10: + 61:60:9b:41:d5:85:ec:05:b8:c3:fa:ac:de:ac:08:e6:a9:a3: + d9:34:2a:3a:e2:12:9c:0e:50:7b:02:60:cb:1d:f6:d0:68:c9: + e5:70:ed:53:c7:93:a9:74:5f:7d:53:8e:8a:81:be:27:f9:d6: + 2f:0a:2a:c5:0b:25:5b:c0:bb:0b:c0:6a:fd:3f:b8:5a:52:b4: + d5:21:0e:ae:85:5e:dd:d9:1d:c5:3c:ff:12:e5:6b:25:f9:7d: + 98:8b:e8:b0 +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIUcM7rpxC3+/QRhPu2pQrInUWeV00wDQYJKoZIhvcNAQEL +BQAwMTEQMA4GA1UEAwwHVGVzdCBDQTEQMA4GA1UECgwHZXhhbXBsZTELMAkGA1UE +BhMCREUwIBcNMjEwMzI5MTIwMjQ3WhgPMjEyMTAzMjkxMjAyNDdaMDYxCzAJBgNV +BAYTAkRFMRAwDgYDVQQKEwdleGFtcGxlMRUwEwYDVQQDEwxTZW5kZXIgTWl4ZWQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzDwKIuSsNitilhBLpUGAz +L2HbpoanuaUAcd4TZaPQCDpOKVJnB3iJUsr1ee9uIJMjh3IG4c7jEJLRRO7eZCfx +DBAmR4KqHwGyJPitlXYL4vAnm8Ika9E0zJ140KCC7Jcx4E1599lXVlmc1fBhH78k +Kc0dEaz1xpDszG6++OR41vef2+Z3I3tU6AEiULygHV92HPgTa+VEEMh1kiIOsU55 +dcRer0y3iSpv+fs9MKDtzJe/ahlu/gDmfv9j0M2LAjz7undhSmD+GVemuEbMtfk5 +7IQvy1mYhXmYGSUa2Xkjsi4shCTHUmU99RdBtE+x1Pc3ezek9k+CVmBMNKNaJssF +AgMBAAGjNzA1MCMGA1UdEQQcMBqBGHNlbmRlci1taXhlZEBleGFtcGxlLm5ldDAO +BgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQELBQADggEBAAldxKnJMOoPvIAdW6nu +eAK8rAfBDBYlw4CiEL2+pTLeyV/+myCRbnFo9rCan1ntV6CwJx39mhg2h/ACbZ/I +i8TpN6aA8madj1WPin66ksGh0T35cb4qguAvMFzJKgJxpjy+NMbu8j1bGVkGfAHT +80r7pGvCGilOt3tRfvWGXLJll6f8Q6RvLuwspUQE22tXm45LXdo5CQAIe/QsE3BX +MTOUEGFgm0HVhewFuMP6rN6sCOapo9k0KjriEpwOUHsCYMsd9tBoyeVw7VPHk6l0 +X31TjoqBvif51i8KKsULJVvAuwvAav0/uFpStNUhDq6FXt3ZHcU8/xLlayX5fZiL +6LA= +-----END CERTIFICATE----- diff --git a/autotests/fixtures/keyresolvercoretest/openssl.cnf b/autotests/fixtures/keyresolvercoretest/openssl.cnf new file mode 100644 index 000000000..b5819561f --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/openssl.cnf @@ -0,0 +1,34 @@ +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA # Where everything is kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = ./test-ca.cert.pem # The CA certificate +#serial = $dir/serial # The current serial number +rand_serial = yes # for random serial#'s +private_key = ./test-ca.key.pem # The private key +#RANDFILE = $dir/.rand # random number file + +default_days = 36524 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD + +policy = policy_anything +email_in_dn = no # Don't add the email into cert DN + +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options +copy_extensions = copy + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional diff --git a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/068B3A87EB6029DC958371D42A8CF22913F792BA.key b/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/068B3A87EB6029DC958371D42A8CF22913F792BA.key deleted file mode 100644 index e2f6aa6ea..000000000 --- a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/068B3A87EB6029DC958371D42A8CF22913F792BA.key +++ /dev/null @@ -1,32 +0,0 @@ -Created: 20210322T135004 -Key: (protected-private-key (rsa (n #00D93727139ED5044AEEB02BD9D2096F2C - 76BBEBFB7E64E51592C81D11A44AE96B14E6DD2F333ABA41FCD24860932859CBEFA0C5 - FA22EC3F5085CB0F7BC1D61F1C8FA1CADC04A916ADECB576250E02D6FB0FB8AA8C6347 - 08B2ABDFDB0059D634B045AADF69E20E3E97A13110CB6436CA0A1881070ED14D2EC482 - 09BEAB0DE56B6DE178236AAA0314A7474EC85314857856633BC572A864EE2571C157B8 - B944B5ECB3C85B5CEEBB4FF42928DA57DA45658D9268DED792B818F0CF83ECB5ED97AC - DB5A10F1F1E800565D70D5FE175C93EF3E4468765015DEBB768A5F53C061756F128181 - D6DA2B08ED396E7765C58659B4EF37173CE33E6CD7DD0BAD2793C4F88B75#)(e - #010001#)(protected openpgp-s2k3-ocb-aes ((sha1 "\fT5gÃÈÆ?" - "53686272")#D98B1FCB502A730F10473897#)#146BB2167B12E4703EDD7F8A7C5F63 - C68DC63536E6C98DCB8A16BC1D948F366D74F9B991C6050B79BC521B767E9A67BB095E - C117900C945DAC62EC4913DAFEC40D1E2B6C698F0028981D9E927D2BC0D84305DBA84B - 480BE98E7B438BB304A96596A21B4FDC7A2BC65E8A0428D2A48D99D3845FE4E31E5B81 - 655F89F551873526B1FF4BB3DA0DA81959F64D4730E09DBF3A20D739AF09AEF8D39E70 - 51D422A0692DF157D14879D66BF5A6463EC9CF1249B2382D954CC1C2C7944C22DC3E06 - 7E7752D1D38CAE872AF357373FA69279B392EFC3134ADA09D3DD18B38D1AFABDD434AD - E6E8C83FE4A0B7451591C785983D1FCB949B4C1070D6DF84B34241E08E75549FC4C3E6 - F983D729BC5F3577830EAD736EA8A8A05ED2E95D855C4083DC6396B252CA23C807D0AC - 66AD91EE4003D0EBF979A316663A14B3D175D5E270308C68E0E708E7813A070ECC6404 - 688E9944EC055669D7B1CC07B2A50096C515B6F8E9EB8A928DBAB0037056062D816410 - 100EF8A74B01D988D51D917D758185C51E423B49E23545A959A8E9678265ADAFFB0670 - 4C168C384280ADC4990356A7EF01DD0AC0FACADB447F57AD7CF3F71DA694A1CB23E9D1 - DF514921D0B903BEA56EC990F2B4A351B172671873D4CB375800E4E41DC5FD889B9CBC - DC868AEE0298C07BA5E1D0B88F4808014D743E138B883905634EB0A1184ACA435EFA4E - 7152C9DA0D87E1B37255AFF2B0F44E73ACB3690BD0A54469C6F27A0FAD8C8D6D36E143 - EB44742F94DC0B5974443967434CEAFF0832D922EA3CDE600459297DCE28EEBB833A66 - 1E31140A826561F9713DD3BF0E4B5A82A69A89F1A98D69F06DC9719520F714FE7D008A - F0D3307B857B39484C0AEB602B9C61D9A5844A0AD9C166C0B6E9626938F13F93A9FC87 - A8D4F0E06F919D16E0D4ABB252AB729E217619AD33D5644A7803CBFB2D29C87BB2BA5F - 12F0850DFD2BEE9FAB592A3529DDEE9E9A4D#)(protected-at - "20210322T135004"))) diff --git a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/0B767151C33FEE7708F7035860A4D2025C801000.key b/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/0B767151C33FEE7708F7035860A4D2025C801000.key deleted file mode 100644 index 39be69f7b..000000000 --- a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/0B767151C33FEE7708F7035860A4D2025C801000.key +++ /dev/null @@ -1,32 +0,0 @@ -Created: 20210322T134956 -Key: (protected-private-key (rsa (n #00D787B9940C8083BA526A58C9CB55FA34 - 9BD8267C30D1FA6D116DBEE5CDC1BD21B27D54EF5AEBE253B64A3CA518375716B2A48E - DF23A737A227251802AE43BB1839ADA0443F6EFB02040D21D0C753B1B3581F469B2BCD - 22FBBF7A7A108E56CE80ECC85D2CD8A7158903887E8AEF0D3E8BB2524752F8D5CDB285 - EFAA90EBA0E9CCB039DCFBC7AD3B618047077599E28A9424DBF20DC8212B57E7F0906A - 0AB48678462C1FEBA6E5B0B1DE9902F52C56CB46AFCF8BCACC61D4891424C59FF04514 - B0E36BD14A45E1982DF6A480649BF4FAF41759B83624909DE64CA0CF478CBEC6BB389A - 128D70DE51564BCB0F7EF2D89546E7FBB99DF66985B06BFF8DC811B67BC5#)(e - #010001#)(protected openpgp-s2k3-ocb-aes ((sha1 #1FF718CDDA024F83# - "53686272")#F8F33DD09D5D50563E0940D7#)#987A0F3D878875F6F9E1B62237DBC1 - D888212F697E9AAB7F5177B2F832086181B2571F151FB2461B13C5EFEC499707E7B1A8 - C380BD05DCFA2D899056ECCF25B2F32D167C0B79C7390CB2D94637701ACDE7B1D67C3D - AE479504319BD6844C1B2671263A676F862B5A9636FC56C0EF5DCDDB534F985A8B705E - E1D6BEC02F1CBBB197E2953666FE802918E9888323947B8677CF5E67F426D41F0C10E5 - 9699C1FE5A1D6F9A242C6D26C7AACB86BF54B163CE9189A961093E49665B9C2603BD4E - 08225A58378E88420E6EB366B15025414010D2FD235CC935A76661DEF928E8110FF07D - 9B0CC1E1133D1D7686AFD24C85487363F63C7B7816B887672F74922590B54306DE2F15 - C29F3CED3B3C64E641F30207590DD5DE1853141493115CD946E010A9E8E55E9D4B7C6B - 438B0C78835807FE7309AC8A8BF17E9951BA9707575D7CDDADA684DECD446D9DF4263E - 5803716FAF31B279FB8214209458EE055A04247C21F5298C73C6037AECA2624071F0AE - A8817979908EB4CA190D069F65B214CC6ACA88A48D0C09874644E13904C6A53948F601 - 77D9C15C450CEFA75E1AC7E851239E1374012E89B21F6FF9B038F7034E210D989F2462 - 69E914A75AE3449C6C2B95E1CE5C3F956322074AF0FB78ADDDB1FACDB7D0A6641EE436 - 5BE00472B246431A25018E5D6DAA8CBF419D7CDAE1997DA67715A8BC403EB7EFA81C7E - 0C8018FA9156B2B5BA310BF5C8AF5AFF4E0F7F3D80D25855D4F0AB571580D66297C682 - D4913E9B51F1B1CFE1E8D4CAEFB42632728EDF802C4666200E334EBE590577D9D866EC - D7B972D8DFE348C1E47C5F71D1324AC5064217709319487255E9C231A06B69F39DD107 - 47322B6926F8CEAFE16F47ECDA4177B6FB7319B1E14BDBAA8AAF349C824D9C78932EB4 - 8C2201D7698F798D1812D53FAB7F4DC967C64DF5AE582EF218BEE1BCF0C1832A5E823E - 3BA133AD82E86270320619686CCD0B915C8C#)(protected-at - "20210322T134956"))) diff --git a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/2B38646AEC0F0D6AE2EEF714963722C0E58BF95F.key b/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/2B38646AEC0F0D6AE2EEF714963722C0E58BF95F.key deleted file mode 100644 index d3d268da7..000000000 --- a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/2B38646AEC0F0D6AE2EEF714963722C0E58BF95F.key +++ /dev/null @@ -1,32 +0,0 @@ -Created: 20210322T135027 -Key: (protected-private-key (rsa (n #00CB691B6AF9496B3B30D1262C5924A5F4 - 75AB3A0BBBDED7283254DAAF66AEAA20D3B142883959E1D382D7D9480A79B6070CAF44 - E60861A0939C191302B0BBF9837821B141EBEAF8DCD17C074B13A5459D90E7BD8F3E82 - BD98F542CC76E4F8038726C1671023CF49CBCEAE937DCCA14A2CDD8C12EA1269898229 - 4108D76E6432D17AA5CB50C2D94F57ED312B1B8C352873E543867E019C93AC26EADB8F - 1047939C2C8BF7C9A5FD42F7BDAFB48ED267F729980B35D8448A64B7BAD0FD8885041A - 6728AAAF1155D328F01F11ADBE0FBC591D08723E5B0270FC703DE3B075D072FEDC420C - FE8901339C133E333A697424A8F530C4A6A79CA9B0734E066068915F4E07#)(e - #010001#)(protected openpgp-s2k3-ocb-aes ((sha1 #E5CD258D08FA0B17# - "53686272")#E359E322AE99FE55AB12C20B#)#12425AFB59FFBD153A29D61B063756 - CA14F2FA802485A108C01BECCD21DDFE2192E4B14ECDF644D229AF6427644B86493544 - D55CFFE2E992EEC419EFCCC641A0B4431D9EB3090C4034A9F9E51486E30D1892DE64F8 - EB365EC0D65C245E3030A9D9724D3F26A7DE980CF1074D1574D3B982C6C4FDEC4C20CA - 93CF315325210E00B9F6916AF4175A100D8D67A94833757470C8EACA75FDF611B81245 - 0B8F0A8E8BA6E7DFA4BA937B750C5E5F863AB28612D50A330450D6EB7534AEF23BCD5C - 7D9E74D7B71B1201921909295FC30F82512F6D610F267A5F971ABE5D156114B1A4A2E8 - 945A8E19CBA734EDCD461E4D593BEC3C01B068041079233FF3F63A919030AE8C32ED4E - 4FE58DC350D32ADE953C0A6481DAC100ECEF27FE6BB96AAF96B2D49541825A4266A85F - 6CB9E8E004E7E6C87A3980D0EB513ED06A622C8B14EEC2C1DF473EB5BF133B29DA54C9 - 22060A4369E17288D8048B5725A413548541BF4EB656843C2C9B2120CD1C49B5DAA4FB - 6892E9795F06508303539A5F345584E0E44A7B323CCEF80C6CFC0CFE3342E929344986 - 8D84B82F7CB2B005B72C1A2A85CB13ADDDFE00207F63B306464539D1CEE017C9E7F9C1 - C4DD789F98F5306975015076DC752840F71B654A6F23ED0BFA1F5D06F1F760B97E30FE - 89560A8BE3D5BFB76B3476D9B58D5BA61C7F9145395CD248905206958D4579AD1444F9 - 591CE5ADBD61330D3D5883293AD142CB8D5C01AF30B0F83AE3C90042848BF0ABF6A937 - A8D000DA8ECEA9037E31BB13090C498A148CD8E032649A96E4D9A0E23360FDC52D4E00 - CA020455B3D117B9D3DA198D34C0C9F7C445436E7CD248EE4C4B3F04B5E0A98DA0DF08 - E946494D683E0BDB25E49FAAD397B7B76BF855FED0D7ED72E1747C331ED923A2C76B11 - 77DE39C6AF783A61CD46CCD73DC529EC30176C7F3900410944240B91C492C8BAAF3CF6 - 55B7848230F5A76B7AF90E44AC825C4645B0#)(protected-at - "20210322T135027"))) diff --git a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/82E263F0451C25D17100C2BAC06F1867B9E183E1.key b/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/82E263F0451C25D17100C2BAC06F1867B9E183E1.key new file mode 100644 index 000000000..ace31b137 --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/82E263F0451C25D17100C2BAC06F1867B9E183E1.key @@ -0,0 +1,32 @@ +Created: 20210329T132221 +Key: (protected-private-key (rsa (n #00D680033AD931CB37DEBD8977C6C5C4E0 + B6BC7F739A7FAAD75210382BD295530D3DA1C4DE4661F36A09B32911949BFA09C34569 + F91FD55CA5C4A5BFA692911095B7E80A4BD2FB27D967D3FC6FD96D719A38F58493E882 + 3B91469A17328ABD36824435A4DF1A30A5458B2A49F5E7C0DC4B240CF9F2E533568220 + A1A797891EBE15F8F0B41554C4160531B876CF5FAB0566205B64BD21F7A260811A0320 + FEDDAD82DA566CF4D1A4E2972C18FDBCE323C94B51EBF44C625B1D982912F524E90296 + 913C1B8B27F0C77F9E286AB7E582EC94C89E65DF5A76BC3C306966BC961F2D3E356B18 + BE8AE82129588167D9654F705D82562F2B5CDB94D134011F84148DE8104F#)(e + #010001#)(protected openpgp-s2k3-ocb-aes ((sha1 #C9DCC503635E9D1F# + "53686272")#EA63AD9C3D5ED6129A77700B#)#2034D0EAD39198546EA8C80BD75917 + 499902298ED0683CA3E47882B6E4A1D14B615741E5C35E7C7694ED2EAAC05298796C2E + 466A48BA9717AD7DD9C29113B6B5743A01456BAD7F4F1FE9C4AC7EE904A48EA2335E22 + 508E8A04C478E88A4F2F3DD4C0696A37C5BAD654C35CE4B399D35CAB20BDFF4E3FE1E7 + D1108C42E7B66B4EFF2288D89A8EED3026B2A38463CE50E204F4EBE169D394D6DC7A61 + D85B3CE27C27C77DDC19BC0E3353A577EDF6EF8200C24559E06369270E6BFA38E5B835 + 2C797839AF2A46E3E85A2EC53321ADD50FBE1FA2CDFE2388B57A92E5788AD13C28AEC8 + F9E3AC43D0933A557F0693210AA2387675EFEB469BEFCD7B40D71B8789B61C8C2C1BE5 + 3079B61A38AB7F1767119E751E01D032B0438B32074EBD3023B1FEA9B867E5C16FBBF6 + 4CDD0219F008BC274617CC996BC2C1DBE2F73C05E7074839AE15A639B7838E2B49A4EE + E98DCF96176F13B13E62953A955C7BBDA8FD0084D1FCF847EB623D88A73902C04A15B6 + 3B56E0DEB56F648D44CFF1A62ED77ADD077ECAEE96CA4BF0ABD58BC8A5AD6D09679930 + FC25A8588CD86D9D70224256BC2CF1C73410B652903FE98A24C441AD75BE037B886FD4 + 4C59DF33A8E114F346B25191ACDB2CC67FB7DDDDF2861E4A7F6F2AE546E6E16CAF6479 + 0C6EA380E55C93912AEB88D9DEF1776F34FA17F5278A2C7ABCCE818C72CFF8118D1268 + 47034F93F236D2EACB20704C493FBB7DD9D1BA742026EEE433C3C5F79E86A739A0D22A + 2A94985AFB37223A9C613878EDEAAFC11DDC61D56EA92313B8221CE867E73EE641FED7 + BC6734775672AFED161EDE2179866DEBDC1C34E8EF82D9347DF8DE4867595F4649A403 + 9103B36A50B1D9A3F4EAC0885F11608F05E5198D12AF4D82C72A2AE1DC5E37187715AD + D402A06B099521B21BDEE1CEEDBE40C2DBF2B43EEEECFB46AACD5CC1F4DBA4B0527B05 + 331A4FFD38A407A13B691D7C798541D2686733#)(protected-at + "20210329T132221"))) diff --git a/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/878E0CC6690155A5B79124D0F79D0363B6E41E4B.key b/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/878E0CC6690155A5B79124D0F79D0363B6E41E4B.key new file mode 100644 index 000000000..60bfc1f3e --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/private-keys-v1.d/878E0CC6690155A5B79124D0F79D0363B6E41E4B.key @@ -0,0 +1,32 @@ +Created: 20210329T101929 +Key: (protected-private-key (rsa (n #00B30F0288B92B0D8AD8A58412E9506033 + 2F61DBA686A7B9A50071DE1365A3D0083A4E29526707788952CAF579EF6E2093238772 + 06E1CEE31092D144EEDE6427F10C10264782AA1F01B224F8AD95760BE2F0279BC2246B + D134CC9D78D0A082EC9731E04D79F7D95756599CD5F0611FBF2429CD1D11ACF5C690EC + CC6EBEF8E478D6F79FDBE677237B54E8012250BCA01D5F761CF8136BE54410C8759222 + 0EB14E7975C45EAF4CB7892A6FF9FB3D30A0EDCC97BF6A196EFE00E67EFF63D0CD8B02 + 3CFBBA77614A60FE1957A6B846CCB5F939EC842FCB599885799819251AD97923B22E2C + 8424C752653DF51741B44FB1D4F7377B37A4F64F8256604C34A35A26CB05#)(e + #010001#)(protected openpgp-s2k3-ocb-aes ((sha1 #24F22D89024E1897# + "53260288")#A647BCD410DA14FDE2EDDC78#)#B2B49C3D7E665F6023279764E42C8A + 2B0FE3BB25AD1AE72B04C5CCD5E28B225F45CB5CE6C2C164A94D7C3BDFB9C87E367BB4 + 8ECA2D72106C5E335F03A554B7FB5C558CD389BBE61530CFE0F8155D919DCB3E351628 + DCD0E2FE9182F08D14A3589903560B50CD29058B0DA51E89F6F77AA9A523AAB74AE448 + BA888CF34F535F9BBF2EB71193E83FD8BABC115224D961BACD48C9833A4157A20CC094 + ABC286D355BD42FB189F9B2E6AC9B866FA2457C4D8ADEDB5EE5DB68E1B7842159214A4 + 96BB2DCAC9D1AF60CE496BB3A852DB864288DF0CBDA78CDC6A5976FC24CAFF7582A49F + 0BEA7B1FB5AD5A9061642062D7916AA49AB78B0ECEA673CF7C2B523BFF0EA4E3D663A3 + C0F932123E73E97F2931C790FEC4A0404833540AFE9C1FB1642BE522AF499CB35B5566 + A229138C699B652A0126B0D3655C3E907EA31D9EEBF5E32A55FA9CD2527B3DD1C13CF9 + 4715899CC0E1FE9CBF4A5BDC9A31B69E8428B2827A4A66C0BE841B95514B46803A0998 + B6FE75758676A6B3FD96E9ADE67280AF18079B27546CFD15675C0D40B68D005FD865DB + CC1C8D5513AEC51A87911EE182274F2AB5224793309CDF10EED16D078128703F2E8886 + DDA5C2F41FAA2F3FBC73ED29ABA5A2A273984F067861A08E63194DC89D5FBD9A239924 + 62ABA890F008E909CE869C81F5B03F08D44F1D33DFDCD3A79259E21E6239D18B9A0296 + 8ECEF6DDA64D3C53DBAAC2CE842966F0FBF6798EC8CD1A0E53C32C6E45AAB86403C8CE + 374931CCA1D2C1930F44B637D4856502EA6A384C832D70EADA2ACB10728940767391F7 + 491441748F51841A36F0F5F8A6738B47304140D2A9762B659203C9A06ADC380657E9B8 + 583438B268B267328AB919326C5B2E4A8D6A0CD2E96BADDD29BA90196FEE54DE564EBE + 114F92A140C52E4189728EADB6F8CB38A4C693AE59A87254CCA8CC095879931935CAF5 + 1C45E64A412DBF61301D61BC488C0AD4CF9855#)(protected-at + "20210329T101929"))) diff --git a/autotests/fixtures/keyresolvercoretest/pubring.kbx b/autotests/fixtures/keyresolvercoretest/pubring.kbx index ee1ac71e3..56aef5e00 100644 Binary files a/autotests/fixtures/keyresolvercoretest/pubring.kbx and b/autotests/fixtures/keyresolvercoretest/pubring.kbx differ diff --git a/autotests/fixtures/keyresolvercoretest/readme.md b/autotests/fixtures/keyresolvercoretest/readme.md index 233c86c5f..4c259c4f4 100644 --- a/autotests/fixtures/keyresolvercoretest/readme.md +++ b/autotests/fixtures/keyresolvercoretest/readme.md @@ -1,118 +1,168 @@ # Fixture for KeyResolverTest ## Setup Set the `GNUPGHOME` environment variable to this folder: ``` export GNUPGHOME=$(pwd) ``` ## Generate OpenPGP test keys Note: gpg 2.3 is needed for the --no-auto-trust-new-key option. ``` # Create an ultimately trusted CA key gpg --quick-gen-key --batch --pinentry-mode loopback --passphrase "" "Ultimately trusted CA " default default never # Create a fully trusted CA key gpg --quick-gen-key --batch --pinentry-mode loopback --passphrase "" "Fully trusted CA " default default never gpg --edit-key --command-fd 0 ca-full@example.net <" default default never gpg --edit-key --command-fd 0 ca-marginal@example.net <" default default never gpg --delete-secret-keys --batch --yes $(gpg -K --batch --with-colons "Untrusted OpenPGP 1 " | grep fpr | head -1 | cut -d ':' -f 10) gpg --edit-key --command-fd 0 "Untrusted OpenPGP 1 " <" default default never gpg --delete-secret-keys --batch --yes $(gpg -K --batch --with-colons "Untrusted OpenPGP 2 " | grep fpr | head -1 | cut -d ':' -f 10) gpg --edit-key --command-fd 0 "Untrusted OpenPGP 2 " <" default default never gpg --delete-secret-keys --batch --yes $(gpg -K --batch --with-colons untrusted-mixed@example.net | grep fpr | head -1 | cut -d ':' -f 10) gpg --edit-key --command-fd 0 untrusted-mixed@example.net <" default default seconds=1 gpg --delete-secret-keys --batch --yes $(gpg -K --batch --with-colons expired@example.net | grep fpr | head -1 | cut -d ':' -f 10) ``` ## Generate S/MIME test keys +### Generate a Test CA certificate and mark it as trusted + +``` +mkdir -p demoCA/newcerts +touch demoCA/index.txt +echo test | openssl req -x509 \ + --passout stdin \ + -subj "/CN=Test CA/O=example/C=DE" \ + --addext "keyUsage = critical, Certificate Sign, CRL Sign" \ + -days 36524 \ + -newkey rsa:2048 \ + -keyout test-ca.key.pem \ + -out test-ca.cert.pem +gpgsm --import test-ca.cert.pem +gpgsm -k "Test CA" | grep 'sha1 fpr' | sed 's/\s*sha1 fpr:\s*\([0-9A-F].*\)/\1 S relax/' >>trustlist.txt ``` -gpgsm --gen-key --batch --pinentry-mode loopback --passphrase "" <sender-mixed.req.pem dummy Key-Type: RSA Key-Length: 2048 Key-Usage: sign, encrypt -Serial: random Name-DN: CN=Sender Mixed,O=example,C=DE Name-Email: sender-mixed@example.net eof -gpgsm -k sender-mixed@example.net | grep 'sha1 fpr' | sed 's/\s*sha1 fpr:\s*\([0-9A-F].*\)/\1 S relax/' >>trustlist.txt +echo test | openssl ca -config ./openssl.cnf -batch --passin stdin -keyfile test-ca.key.pem -in sender-mixed.req.pem -out sender-mixed.cert.pem +gpgsm --import sender-mixed.cert.pem -gpgsm --gen-key --batch --pinentry-mode loopback --passphrase "" <sender-smime.req.pem dummy Key-Type: RSA Key-Length: 2048 Key-Usage: sign, encrypt -Serial: random Name-DN: CN=Sender S/MIME,O=example,C=DE Name-Email: sender-smime@example.net eof -gpgsm -k sender-smime@example.net | grep 'sha1 fpr' | sed 's/\s*sha1 fpr:\s*\([0-9A-F].*\)/\1 S relax/' >>trustlist.txt +echo test | openssl ca -config ./openssl.cnf -batch --passin stdin -keyfile test-ca.key.pem -in sender-smime.req.pem -out sender-smime.cert.pem +gpgsm --import sender-smime.cert.pem -gpgsm --gen-key --batch --pinentry-mode loopback --passphrase "" <prefer-smime.req.pem dummy Key-Type: RSA Key-Length: 2048 Key-Usage: sign, encrypt -Serial: random Name-DN: CN=Trusted S/MIME,O=example,C=DE Name-Email: prefer-smime@example.net eof -gpgsm -k prefer-smime@example.net | grep 'sha1 fpr' | sed 's/\s*sha1 fpr:\s*\([0-9A-F].*\)/\1 S relax/' >>trustlist.txt +echo test | openssl ca -config ./openssl.cnf -batch --passin stdin -keyfile test-ca.key.pem -in prefer-smime.req.pem -out prefer-smime.cert.pem +gpgsm --import prefer-smime.cert.pem + +# Recipient with full validity (same as corresponding S/MIME certificate) +gpgsm --gen-key --armor --batch --pinentry-mode loopback --passphrase "" <full-validity.req.pem +dummy +Key-Type: RSA +Key-Length: 2048 +Key-Usage: sign, encrypt +Name-DN: CN=S/MIME w/ same validity as OpenPGP,O=example,C=DE +Name-Email: full-validity@example.net +eof +echo test | openssl ca -config ./openssl.cnf -batch --passin stdin -keyfile test-ca.key.pem -in full-validity.req.pem -out full-validity.cert.pem +gpgsm --import full-validity.cert.pem + +# Recipient with full validity (lower than corresponding OpenPGP key) +gpgsm --gen-key --armor --batch --pinentry-mode loopback --passphrase "" <prefer-openpgp.req.pem +dummy +Key-Type: RSA +Key-Length: 2048 +Key-Usage: sign, encrypt +Name-DN: CN=S/MIME w/ lower validity than OpenPGP,O=example,C=DE +Name-Email: prefer-openpgp@example.net +eof +echo test | openssl ca -config ./openssl.cnf -batch --passin stdin -keyfile test-ca.key.pem -in prefer-openpgp.req.pem -out prefer-openpgp.cert.pem +gpgsm --import prefer-openpgp.cert.pem ``` diff --git a/autotests/fixtures/keyresolvercoretest/test-ca.cert.pem b/autotests/fixtures/keyresolvercoretest/test-ca.cert.pem new file mode 100644 index 000000000..ca9df492c --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/test-ca.cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVTCCAj2gAwIBAgIUczUDipiMZzDmfwvNag+mLKccYJMwDQYJKoZIhvcNAQEL +BQAwMTEQMA4GA1UEAwwHVGVzdCBDQTEQMA4GA1UECgwHZXhhbXBsZTELMAkGA1UE +BhMCREUwIBcNMjEwMzI5MTEyMTAxWhgPMjEyMTAzMjkxMTIxMDFaMDExEDAOBgNV +BAMMB1Rlc3QgQ0ExEDAOBgNVBAoMB2V4YW1wbGUxCzAJBgNVBAYTAkRFMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJyOK+haUrvj3wH94L4iagIzLsMl +jWFtzKuvP3jTsYDtLocmkL5moXXSbDWUEEGPQOd/DbhQMQAGSCo3AjzoDueBL9Ow +vihOvueOb7NuZyvTN7TDBfxIjf0CkpYcNv2nYgrtc3eHQF/gTZ8FEH9bJ45Cuwcn +99FdSHahHStm83u8kntyGYlyvClamMELyO53/6n/yojynPGiQH6WVneRDZk1yvB8 +KDMIReOULqhRMGqHscDW0xTMImSaLbkzGbXd8U15psQaRDrtiYzW8JUiBrtVua5k +xI8bKAY39xf5VAeROgKE1gTmAnJetUFqDGDYWb3m83O7QSR4gPmG9o/SPwIDAQAB +o2MwYTAdBgNVHQ4EFgQUZ67yoGh/PbSRt4nV1R1VrMok8+gwHwYDVR0jBBgwFoAU +Z67yoGh/PbSRt4nV1R1VrMok8+gwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAEkb7ikFS6UxHca20bKGTVgd9t3OnQ3J +CGwlyHfqOPFXJrbbQA93FbH3kkVkHQmsdAVvIK6QlmHlTmDsLd0XtV2QE4xg2jWA +LqDbWu73xalJ1PWgvsTja7SuZSnmGcP2WTKRqNCHozEBHUXKkpTn19tBZLF41gGy +p/NS5X5baPJWEKJuZtHHga8TdU9tWibsZOJ49xIaEzYjJMvwCVxgHFh9w+rUAkt6 +ICsbC2EFNQyQ4Idd31krxdWzDtl2hkWFxW6DV0nugojIngM0l4IoWBjoyC//zNmV +o7u4K7Qxdlml92lroXvPXpw+OylHVXL2CdaLhL4SD6UTKi1bPxBO4VY= +-----END CERTIFICATE----- diff --git a/autotests/fixtures/keyresolvercoretest/test-ca.cert.srl b/autotests/fixtures/keyresolvercoretest/test-ca.cert.srl new file mode 100644 index 000000000..a319a2906 --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/test-ca.cert.srl @@ -0,0 +1 @@ +60E88D23A52E336FE62EB280A5CE3487ED1A0584 diff --git a/autotests/fixtures/keyresolvercoretest/test-ca.key.pem b/autotests/fixtures/keyresolvercoretest/test-ca.key.pem new file mode 100644 index 000000000..aadeaacd2 --- /dev/null +++ b/autotests/fixtures/keyresolvercoretest/test-ca.key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6lSuWSFyetICAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAybDJXauGYiBIIEyEi3QncuWMTF +ln/5Ntx2l1FmM0zbHqGx8GPiFtgKmlCgqFvDAjG9I/7CFhEdEDUitaFg4ZLi+Ohe +0axrVypdVVStSDi+bE6gRkayhBAVOls6U1H3IV0kAetzcB8xI7RS1LscMyq8mQcK +MlF1ZGixxmFf3jLZKFOsmY/UjXGmCPd5IE1RBJKbJ8wRDkPbavicfxZXmDEN+CDD +15VCXUh+3or7kviX4B0gLK/HELmmZZ9hKCwpWZqFxRyexFU/PyF9ODBv+wAbd0Bc +am8ESUf4UU45P8HBD9Zn47Rr7A+AbVQe/cXepIFYe0OinvSjWbc1vfkH95mjkKnI +/pKuFBkv2zxNY+OKY43+siKv/rbvWbW9n6EYp9UoA8Y4CylOtWbRHlTM3hdhO2NU +c4EGxKI0EWB5NPSa2meC6q2eKlnvj/r9IFxFI1lZxva/Titb47NevXIlJGjgUdFQ +6Imz8M69mRl6o9zFj8QiHTzAU6tWjHOH/tu+axjJrg+3NEuj1iZTlSsj0qihskBM +D2J6qNuQpvVgTd+247vAVX+NK56gcYhewqiV6QuFwBhJpaVt3QwtfQPgtMD6x+iI +uFUdFnMTG75fOsiBRz6cA3DtFjxaWEHg+7ygvDOtVoYMvTtVTtfmFVsMSAwgeQi9 +P2NYdI9NLrMiK0CVD4C9sZH5Ch9VFW/D83vS+gLT8tL/toNaf9k//eSJShmvBQmp +b84hN4T9n8VJyDOsBUw5NMODPaLXLKRF2iJefH9BMUV1PmuvCwnseVVbPpOLPIXC +wkoWh3IEL6+6tPLlp+vccxryE5ngLu36ci/WiBvSmUchAAcxkRyY2B6ks1ZMJWYD +NbJGotWb1rPhwiuOWjGd68kWYeGQJNwtrU0OtpdsbLsV8zunXPEKbluGKsaHH44l +CiAZGSWC87AkORzZ4rwJWYKbVD65HaPXVZrESmROlQs9o8dDV002q/ebWrzlXsPB +6zdh8dTXS0xWROSIj3fkivZzGOJV43X4pDjENfA7xlCBSDRnI0Jt2sMVANSgDYKn +9SBMHXgqmHOLjoVwTLXzCDwmXSbuNOu0gdLCGdpeF46Uro5l661lS4zmzakwapN8 +gubkgCwRP+6Dz32fyTR+sq13Z5cuCFpmg7GaFfZSnYHyPbgwTD5BUqrdKCAikqS3 +br+FPz+iUSzLZ0UbJ+HzD1ah8wW7MREwBKCcQ7G2s9fCsQtgMekGS0NWzkZ/erLI +1oTQz90mOoGdofLzko/m6/q8ux5qw/g5evpumL06DmpYT0mf+w/rwGB0ZqBgsUsB +thlsG/qs8S265ZLT0wJFBhB4ExMfGkEflCUOBh2qKMz7upYvvi+wmzSgp2mojyWn +KI6nqggC13ztmkVW+/6yyllzVUiv/2Gn2xL8I9IjCLuCiJrDtxsa5T/8BVZHyrM3 +F19fV+t61WsWCg16gQ0ReGUYgUtLzF0cs3rpj/yKbTkIY5Xnhk0VcBkTZDLhZeq/ +VKVT7GqbQcpHnm69hFi3ilF3TMifxD12as4zIersvlz2LkbwQ4I/I5rYgR2mbPvC +y4yVJJw5BtBgd9NTGazmuFyBv5fMMuUfu/KpsOe8MzCqA2pb0RITbpRDaEC93ZBz +EnIXia+PTQM2RrUtnO+8HQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/autotests/fixtures/keyresolvercoretest/trustdb.gpg b/autotests/fixtures/keyresolvercoretest/trustdb.gpg index 10aa26f01..225265a15 100644 Binary files a/autotests/fixtures/keyresolvercoretest/trustdb.gpg and b/autotests/fixtures/keyresolvercoretest/trustdb.gpg differ diff --git a/autotests/fixtures/keyresolvercoretest/trustlist.txt b/autotests/fixtures/keyresolvercoretest/trustlist.txt index 1e19e32d9..2e43bb57f 100644 --- a/autotests/fixtures/keyresolvercoretest/trustlist.txt +++ b/autotests/fixtures/keyresolvercoretest/trustlist.txt @@ -1,3 +1 @@ -60:E1:96:4D:9C:EA:44:8E:76:E7:66:42:47:3D:56:7F:FE:95:8E:8A S relax -06:A2:67:BE:B6:04:6A:13:DC:D2:26:56:A6:F4:9D:8B:6E:B3:7A:16 S relax -B8:26:00:8F:4F:5E:8A:86:E3:8A:CD:45:AF:FC:81:AD:01:36:BD:A0 S relax +C8:1E:8B:B6:63:99:E4:01:C5:AF:33:7A:68:D5:71:07:C6:CC:95:AC S relax diff --git a/autotests/keyresolvercoretest.cpp b/autotests/keyresolvercoretest.cpp index f23b55b94..c4d14a454 100644 --- a/autotests/keyresolvercoretest.cpp +++ b/autotests/keyresolvercoretest.cpp @@ -1,216 +1,235 @@ /* autotests/keyresolvercoretest.cpp This file is part of libkleopatra's test suite. SPDX-FileCopyrightText: 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker SPDX-License-Identifier: GPL-2.0-or-later */ #include #include #include #include #include #include using namespace Kleo; using namespace GpgME; class KeyResolverCoreTest: public QObject { Q_OBJECT private Q_SLOTS: void init() { mGnupgHome = QTest::qExtractTestData("/fixtures/keyresolvercoretest"); qputenv("GNUPGHOME", mGnupgHome->path().toLocal8Bit()); // hold a reference to the key cache to avoid rebuilding while the test is running mKeyCache = KeyCache::instance(); } void cleanup() { // verify that nobody else holds a reference to the key cache QVERIFY(mKeyCache.use_count() == 1); mKeyCache.reset(); mGnupgHome.reset(); } void test_verify_test_keys() { { const Key openpgp = testKey("sender-mixed@example.net", OpenPGP); QVERIFY(openpgp.hasSecret() && openpgp.canEncrypt() && openpgp.canSign()); QCOMPARE(openpgp.userID(0).validity(), UserID::Ultimate); const Key smime = testKey("sender-mixed@example.net", CMS); QVERIFY(smime.hasSecret() && smime.canEncrypt() && smime.canSign()); - QCOMPARE(smime.userID(0).validity(), UserID::Ultimate); + QCOMPARE(smime.userID(0).validity(), UserID::Full); } { const Key openpgp = testKey("sender-openpgp@example.net", OpenPGP); QVERIFY(openpgp.hasSecret() && openpgp.canEncrypt() && openpgp.canSign()); QCOMPARE(openpgp.userID(0).validity(), UserID::Ultimate); } + { + const Key smime = testKey("sender-smime@example.net", CMS); + QVERIFY(smime.hasSecret() && smime.canEncrypt() && smime.canSign()); + QCOMPARE(smime.userID(0).validity(), UserID::Full); + } { const Key openpgp = testKey("prefer-openpgp@example.net", OpenPGP); QVERIFY(openpgp.canEncrypt()); + QCOMPARE(openpgp.userID(0).validity(), UserID::Ultimate); + const Key smime = testKey("prefer-openpgp@example.net", CMS); + QVERIFY(smime.canEncrypt()); + QCOMPARE(smime.userID(0).validity(), UserID::Full); + } + { + const Key openpgp = testKey("full-validity@example.net", OpenPGP); + QVERIFY(openpgp.canEncrypt()); QCOMPARE(openpgp.userID(0).validity(), UserID::Full); + const Key smime = testKey("full-validity@example.net", CMS); + QVERIFY(smime.canEncrypt()); + QCOMPARE(smime.userID(0).validity(), UserID::Full); } { const Key openpgp = testKey("prefer-smime@example.net", OpenPGP); QVERIFY(openpgp.canEncrypt()); QCOMPARE(openpgp.userID(0).validity(), UserID::Marginal); const Key smime = testKey("prefer-smime@example.net", CMS); QVERIFY(smime.canEncrypt()); - QVERIFY(smime.userID(0).validity() >= UserID::Full); + QCOMPARE(smime.userID(0).validity(), UserID::Full); } } void test_openpgp_is_used_if_openpgp_only_and_smime_only_are_both_possible() { KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ true); resolver.setSender(QStringLiteral("sender-mixed@example.net")); const bool success = resolver.resolve(); QVERIFY(success); QCOMPARE(resolver.signingKeys().value(OpenPGP).size(), 1); QCOMPARE(resolver.signingKeys().value(OpenPGP)[0].primaryFingerprint(), testKey("sender-mixed@example.net", OpenPGP).primaryFingerprint()); QCOMPARE(resolver.signingKeys().value(CMS).size(), 0); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).size(), 1); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).value("sender-mixed@example.net").size(), 1); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).value("sender-mixed@example.net")[0].primaryFingerprint(), testKey("sender-mixed@example.net", OpenPGP).primaryFingerprint()); QCOMPARE(resolver.encryptionKeys().value(CMS).size(), 0); } void test_openpgp_is_used_if_openpgp_only_and_smime_only_are_both_possible_with_preference_for_openpgp() { KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ true); resolver.setPreferredProtocol(OpenPGP); resolver.setSender(QStringLiteral("sender-mixed@example.net")); const bool success = resolver.resolve(); QVERIFY(success); QCOMPARE(resolver.signingKeys().value(OpenPGP).size(), 1); QCOMPARE(resolver.signingKeys().value(OpenPGP)[0].primaryFingerprint(), testKey("sender-mixed@example.net", OpenPGP).primaryFingerprint()); QCOMPARE(resolver.signingKeys().value(CMS).size(), 0); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).size(), 1); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).value("sender-mixed@example.net").size(), 1); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).value("sender-mixed@example.net")[0].primaryFingerprint(), testKey("sender-mixed@example.net", OpenPGP).primaryFingerprint()); QCOMPARE(resolver.encryptionKeys().value(CMS).size(), 0); } void test_smime_is_used_if_openpgp_only_and_smime_only_are_both_possible_with_preference_for_smime() { KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ true); resolver.setPreferredProtocol(CMS); resolver.setSender(QStringLiteral("sender-mixed@example.net")); const bool success = resolver.resolve(); QVERIFY(success); QCOMPARE(resolver.signingKeys().value(OpenPGP).size(), 0); QCOMPARE(resolver.signingKeys().value(CMS).size(), 1); QCOMPARE(resolver.signingKeys().value(CMS)[0].primaryFingerprint(), testKey("sender-mixed@example.net", CMS).primaryFingerprint()); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).size(), 0); QCOMPARE(resolver.encryptionKeys().value(CMS).size(), 1); QCOMPARE(resolver.encryptionKeys().value(CMS).value("sender-mixed@example.net").size(), 1); QCOMPARE(resolver.encryptionKeys().value(CMS).value("sender-mixed@example.net")[0].primaryFingerprint(), testKey("sender-mixed@example.net", CMS).primaryFingerprint()); } - void test_in_mixed_mode_smime_key_with_higher_validity_is_preferred_over_openpgp_key() + void test_in_mixed_mode_keys_with_higher_validity_are_preferred() { KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ false); - resolver.setRecipients({"sender-openpgp@example.net", "sender-smime@example.net", "prefer-smime@example.net"}); + resolver.setRecipients({"sender-openpgp@example.net", "sender-smime@example.net", "prefer-openpgp@example.net", "prefer-smime@example.net"}); const bool success = resolver.resolve(); QVERIFY(success); - QCOMPARE(resolver.encryptionKeys().value(UnknownProtocol).size(), 3); + QCOMPARE(resolver.encryptionKeys().value(UnknownProtocol).size(), 4); QVERIFY(resolver.encryptionKeys().value(UnknownProtocol).contains("sender-openpgp@example.net")); QVERIFY(resolver.encryptionKeys().value(UnknownProtocol).contains("sender-smime@example.net")); + QCOMPARE(resolver.encryptionKeys().value(UnknownProtocol).value("prefer-openpgp@example.net").size(), 1); + QCOMPARE(resolver.encryptionKeys().value(UnknownProtocol).value("prefer-openpgp@example.net")[0].primaryFingerprint(), + testKey("prefer-openpgp@example.net", OpenPGP).primaryFingerprint()); QCOMPARE(resolver.encryptionKeys().value(UnknownProtocol).value("prefer-smime@example.net").size(), 1); QCOMPARE(resolver.encryptionKeys().value(UnknownProtocol).value("prefer-smime@example.net")[0].primaryFingerprint(), testKey("prefer-smime@example.net", CMS).primaryFingerprint()); } void test_encryption_keys_result_has_no_entry_for_unresolved_recipients() { KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ false); resolver.setRecipients({"prefer-smime@example.net", "unknown@example.net"}); const bool success = resolver.resolve(); QVERIFY(!success); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).size(), 1); QVERIFY(resolver.encryptionKeys().value(OpenPGP).contains("prefer-smime@example.net")); QVERIFY(!resolver.encryptionKeys().value(OpenPGP).contains("unknown@example.net")); QCOMPARE(resolver.encryptionKeys().value(CMS).size(), 1); QVERIFY(resolver.encryptionKeys().value(CMS).contains("prefer-smime@example.net")); QVERIFY(!resolver.encryptionKeys().value(CMS).contains("unknown@example.net")); } void test_overrides_openpgp() { const QString override = testKey("prefer-openpgp@example.net", OpenPGP).primaryFingerprint(); KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ true); resolver.setSender(QStringLiteral("sender-mixed@example.net")); resolver.setOverrideKeys({{OpenPGP, {{QStringLiteral("Needs to be normalized "), {override}}}}}); const bool success = resolver.resolve(); QVERIFY(success); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).size(), 1); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).value("sender-mixed@example.net").size(), 1); QCOMPARE(resolver.encryptionKeys().value(OpenPGP).value("sender-mixed@example.net")[0].primaryFingerprint(), override); } void test_overrides_smime() { const QString override = testKey("prefer-smime@example.net", CMS).primaryFingerprint(); KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ true); resolver.setPreferredProtocol(CMS); resolver.setSender(QStringLiteral("sender-mixed@example.net")); resolver.setOverrideKeys({{CMS, {{QStringLiteral("Needs to be normalized "), {override}}}}}); const bool success = resolver.resolve(); QVERIFY(success); QCOMPARE(resolver.encryptionKeys().value(CMS).size(), 1); QCOMPARE(resolver.encryptionKeys().value(CMS).value("sender-mixed@example.net").size(), 1); QCOMPARE(resolver.encryptionKeys().value(CMS).value("sender-mixed@example.net")[0].primaryFingerprint(), override); } private: Key testKey(const char *email, Protocol protocol = UnknownProtocol) { const std::vector keys = KeyCache::instance()->findByEMailAddress(email); for (const auto &key: keys) { if (protocol == UnknownProtocol || key.protocol() == protocol) { return key; } } return Key(); } private: QSharedPointer mGnupgHome; std::shared_ptr mKeyCache; }; QTEST_MAIN(KeyResolverCoreTest) #include "keyresolvercoretest.moc" diff --git a/autotests/keyresolvercoretest.qrc b/autotests/keyresolvercoretest.qrc index 8a600c6f2..89c8ef877 100644 --- a/autotests/keyresolvercoretest.qrc +++ b/autotests/keyresolvercoretest.qrc @@ -1,21 +1,20 @@ - fixtures/keyresolvercoretest/private-keys-v1.d/F769B16A6206E8F17D0AFB99EDB44BE813943A2C.key + fixtures/keyresolvercoretest/private-keys-v1.d/029551BEA335EC0F84109F1EDD23E0FA44FEB336.key fixtures/keyresolvercoretest/private-keys-v1.d/07E5EE9F946A1760EC7E3DEC3E8665415BF8E5F0.key - fixtures/keyresolvercoretest/private-keys-v1.d/A4E6D1CEBA63087E47B84863BF16D8E81F0B7629.key + fixtures/keyresolvercoretest/private-keys-v1.d/4205C2F4EC7F5C7FBD175C5025A74E374E768B17.key + fixtures/keyresolvercoretest/private-keys-v1.d/82E263F0451C25D17100C2BAC06F1867B9E183E1.key + fixtures/keyresolvercoretest/private-keys-v1.d/878E0CC6690155A5B79124D0F79D0363B6E41E4B.key + fixtures/keyresolvercoretest/private-keys-v1.d/8CD2635EB4B7766E0C174E62853FCE072795D304.key fixtures/keyresolvercoretest/private-keys-v1.d/93FBC8415935DD866AEAE179D70A58B1BEE7EA85.key - fixtures/keyresolvercoretest/private-keys-v1.d/B9E7A40AA2CE1512A3270374D05AB0A74F98E54E.key fixtures/keyresolvercoretest/private-keys-v1.d/9A54238A5B7D396D48A584255A1DE5622FBF8B99.key - fixtures/keyresolvercoretest/private-keys-v1.d/029551BEA335EC0F84109F1EDD23E0FA44FEB336.key - fixtures/keyresolvercoretest/private-keys-v1.d/4205C2F4EC7F5C7FBD175C5025A74E374E768B17.key + fixtures/keyresolvercoretest/private-keys-v1.d/A4E6D1CEBA63087E47B84863BF16D8E81F0B7629.key fixtures/keyresolvercoretest/private-keys-v1.d/B185B49FC722A9C92F8C2C30438BA225363F0A6B.key - fixtures/keyresolvercoretest/private-keys-v1.d/8CD2635EB4B7766E0C174E62853FCE072795D304.key - fixtures/keyresolvercoretest/private-keys-v1.d/0B767151C33FEE7708F7035860A4D2025C801000.key - fixtures/keyresolvercoretest/private-keys-v1.d/068B3A87EB6029DC958371D42A8CF22913F792BA.key - fixtures/keyresolvercoretest/private-keys-v1.d/2B38646AEC0F0D6AE2EEF714963722C0E58BF95F.key + fixtures/keyresolvercoretest/private-keys-v1.d/B9E7A40AA2CE1512A3270374D05AB0A74F98E54E.key + fixtures/keyresolvercoretest/private-keys-v1.d/F769B16A6206E8F17D0AFB99EDB44BE813943A2C.key fixtures/keyresolvercoretest/pubring.kbx fixtures/keyresolvercoretest/trustdb.gpg fixtures/keyresolvercoretest/trustlist.txt