From 7513e71b3fe8032d842d2461221d4f58ab91b977 Mon Sep 17 00:00:00 2001
From: Levente Polyak <anthraxx@archlinux.org>
Date: Wed, 3 Nov 2021 20:38:29 +0100
Subject: [PATCH] chore(keyringctl): add key revocation trust tests

---
 tests/conftest.py   | 44 ++++++++++++++++++++++++++++++++++++++++++++
 tests/test_trust.py | 22 ++++++++++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/tests/conftest.py b/tests/conftest.py
index ed8e901..9043a0b 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -18,12 +18,15 @@ from libkeyringctl.keyring import simplify_user_id
 from libkeyringctl.sequoia import certify
 from libkeyringctl.sequoia import key_extract_certificate
 from libkeyringctl.sequoia import key_generate
+from libkeyringctl.sequoia import keyring_merge
+from libkeyringctl.sequoia import packet_join
 from libkeyringctl.types import Fingerprint
 from libkeyringctl.types import Uid
 from libkeyringctl.types import Username
 from libkeyringctl.util import cwd
 
 test_keys: Dict[Username, List[Path]] = defaultdict(list)
+test_key_revocation: Dict[Username, List[Path]] = defaultdict(list)
 test_certificates: Dict[Username, List[Path]] = defaultdict(list)
 test_keyring_certificates: Dict[Username, List[Path]] = defaultdict(list)
 test_main_fingerprints: Set[Fingerprint] = set()
@@ -32,6 +35,7 @@ test_main_fingerprints: Set[Fingerprint] = set()
 @fixture(autouse=True)
 def reset_storage() -> None:
     test_keys.clear()
+    test_key_revocation.clear()
     test_certificates.clear()
     test_keyring_certificates.clear()
     test_main_fingerprints.clear()
@@ -65,6 +69,13 @@ def create_certificate(
             key_extract_certificate(key=key_file, output=certificate_file)
             test_certificates[username].append(certificate_file)
 
+            key_revocation_packet = key_file.parent / f"{key_file.name}.rev"
+            key_revocation_joined = key_file.parent / f"{key_file.name}.joined.rev"
+            key_revocation_cert = key_file.parent / f"{key_file.name}.cert.rev"
+            packet_join(packets=[certificate_file, key_revocation_packet], output=key_revocation_joined)
+            keyring_merge(certificates=[key_revocation_joined], output=key_revocation_cert)
+            test_key_revocation[username].append(key_revocation_cert)
+
             target_dir = keyring_root / keyring_type
 
             decomposed_path: Path = convert_certificate(
@@ -125,6 +136,39 @@ def create_uid_certification(
     return decorator(func)
 
 
+def create_key_revocation(
+    username: Username,
+    keyring_type: str = "packager",
+    func: Optional[Callable[..., Any]] = None,
+) -> Callable[..., Any]:
+    def decorator(decorated_func: Callable[..., None]) -> Callable[..., Any]:
+        @wraps(decorated_func)
+        def wrapper(working_dir: Path, *args: Any, **kwargs: Any) -> None:
+
+            revocation = test_key_revocation[username][0]
+
+            keyring_root: Path = working_dir / "keyring"
+            keyring_root.mkdir(parents=True, exist_ok=True)
+            target_dir = keyring_root / keyring_type
+
+            decomposed_path: Path = convert_certificate(
+                working_dir=working_dir,
+                certificate=revocation,
+                keyring_dir=keyring_root / keyring_type,
+            )
+            user_dir = decomposed_path.parent
+            (target_dir / user_dir.name).mkdir(parents=True, exist_ok=True)
+            copytree(src=user_dir, dst=(target_dir / user_dir.name), dirs_exist_ok=True)
+
+            decorated_func(working_dir=working_dir, *args, **kwargs)
+
+        return wrapper
+
+    if not func:
+        return decorator
+    return decorator(func)
+
+
 @fixture(scope="function")
 def working_dir() -> Generator[Path, None, None]:
     with TemporaryDirectory(prefix="arch-keyringctl-test-") as tempdir:
diff --git a/tests/test_trust.py b/tests/test_trust.py
index 5e8b284..8bceae4 100644
--- a/tests/test_trust.py
+++ b/tests/test_trust.py
@@ -6,6 +6,7 @@ from libkeyringctl.types import Uid
 from libkeyringctl.types import Username
 
 from .conftest import create_certificate
+from .conftest import create_key_revocation
 from .conftest import create_uid_certification
 from .conftest import test_keyring_certificates
 from .conftest import test_main_fingerprints
@@ -20,6 +21,16 @@ def test_certificate_trust_main_key_has_full_trust(working_dir: Path, keyring_di
     assert Trust.full == trust
 
 
+@create_certificate(username=Username("foobar"), uids=[Uid("foobar <foo@bar.xyz>")], keyring_type="main")
+@create_key_revocation(username=Username("foobar"), keyring_type="main")
+def test_certificate_trust_main_key_revoked(working_dir: Path, keyring_dir: Path) -> None:
+    trust = certificate_trust(
+        test_keyring_certificates[Username("foobar")][0],
+        test_main_fingerprints,
+    )
+    assert Trust.revoked == trust
+
+
 @create_certificate(username=Username("main"), uids=[Uid("main <foo@bar.xyz>")])
 @create_certificate(username=Username("foobar"), uids=[Uid("foobar <foo@bar.xyz>")])
 def test_certificate_trust_no_signature_is_unknown(working_dir: Path, keyring_dir: Path) -> None:
@@ -66,3 +77,14 @@ def test_certificate_trust_three_main_signature_gives_full_trust(working_dir: Pa
         test_main_fingerprints,
     )
     assert Trust.full == trust
+
+
+@create_certificate(username=Username("main"), uids=[Uid("main <foo@bar.xyz>")], keyring_type="main")
+@create_certificate(username=Username("foobar"), uids=[Uid("foobar <foo@bar.xyz>")])
+@create_key_revocation(username=Username("foobar"), keyring_type="packager")
+def test_certificate_trust_revoked_key(working_dir: Path, keyring_dir: Path) -> None:
+    trust = certificate_trust(
+        test_keyring_certificates[Username("foobar")][0],
+        test_main_fingerprints,
+    )
+    assert Trust.revoked == trust