File: other-signed.t

package info (click to toggle)
request-tracker5 5.0.7%2Bdfsg-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 80,216 kB
  • sloc: javascript: 191,898; perl: 87,146; sh: 1,412; makefile: 487; python: 37; php: 15
file content (135 lines) | stat: -rw-r--r-- 4,495 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
use strict;
use warnings;

use RT::Test::Crypt SMIME=>1, tests => undef;
my $test = 'RT::Test::Crypt';

use IPC::Run3 'run3';
use String::ShellQuote 'shell_quote';
use RT::Tickets;
use Test::Warn;

# configure key for General queue
$test->smime_import_key('sender@example.com');
my $queue = RT::Test->load_or_create_queue(
    Name              => 'General',
    CorrespondAddress => 'sender@example.com',
    CommentAddress    => 'sender@example.com',
);
ok $queue && $queue->id, 'loaded or created queue';

my $user = RT::Test->load_or_create_user(
    Name => 'root@example.com',
    EmailAddress => 'root@example.com',
);
$test->smime_import_key('root@example.com.crt', $user);
RT::Test->add_rights( Principal => $user, Right => 'SuperUser', Object => RT->System );

my $buf = '';

run3(
    shell_quote(
        RT->Config->Get('SMIME')->{'OpenSSL'},
        qw( smime -sign -passin pass:123456),
        -signer => $test->smime_key_path('root@example.com.crt'),
        -inkey  => $test->smime_key_path('root@example.com.key'),
    ),
    \"Content-type: text/plain\n\nThis is the body",
    \$buf,
    \*STDERR
);
$buf = "Subject: Signed email\n"
     . "From: root\@example.com\n"
     . $buf;

my $send_mail = sub {
    my %args = ( CAPath => undef, AcceptUntrustedCAs => undef, @_ );

    RT->Config->Get('SMIME')->{$_} = $args{$_} for keys %args;

    my ($status, $tid) = RT::Test->send_via_mailgate( $buf );

    my $tick = RT::Ticket->new( $RT::SystemUser );
    $tick->Load( $tid );
    ok( $tick->Id, "found ticket " . $tick->Id );
    is( $tick->Subject, 'Signed email',
        "Created the ticket"
    );

    my $txn = $tick->Transactions->First;
    my ($msg, $attach, $orig) = @{$txn->Attachments->ItemsArrayRef};

    ($status) = RT::Crypt->ParseStatus(
        Protocol => 'SMIME',
        Status => $msg->GetHeader('X-RT-SMIME-Status')
    );

    return ($msg, $status);
};

# Test with no CA path; should not be marked as signed
warning_like {
    my ($msg, $status) = $send_mail->( CAPath => undef );
    is( $msg->GetHeader('X-RT-Incoming-Signature'),
        undef,
        "Message was not marked as signed"
    );

    is($status->{Operation}, "Verify", "Found the Verify operation");
    is($status->{Status}, "BAD", "Verify was a failure");
    is($status->{Trust}, "NONE", "Noted the no trust level");
    like($status->{Message}, qr/not trusted/, "Verify was a failure");
} qr/Failure during SMIME verify: The signing CA was not trusted/;

# Test with the correct CA path; marked as signed, trusted
{
    my ($msg, $status) = $send_mail->( CAPath => $test->smime_key_path . "/demoCA/cacert.pem" );
    is( $msg->GetHeader('X-RT-Incoming-Signature'),
        '"Enoch Root" <root@example.com>', "Message is signed" );

    is($status->{Operation}, "Verify", "Found the Verify operation");
    is($status->{Status}, "DONE", "Verify was a success");
    is($status->{Trust}, "FULL", "Noted the full trust level");
}

# Test with the other CA
warning_like {
    my ($msg, $status) = $send_mail->( CAPath => $test->smime_key_path . "/otherCA/cacert.pem" );
    is( $msg->GetHeader('X-RT-Incoming-Signature'),
        undef,
        "Message was not marked as signed"
    );

    is($status->{Operation}, "Verify", "Found the Verify operation");
    is($status->{Status}, "BAD", "Verify was a failure");
    is($status->{Trust}, "NONE", "Noted the no trust level");
    like($status->{Message}, qr/not trusted/, "Verify was a failure");
} qr/Failure during SMIME verify: The signing CA was not trusted/;

# Other CA, but allow all CAs
{
    my ($msg, $status) = $send_mail->( CAPath => $test->smime_key_path . "/otherCA/cacert.pem", AcceptUntrustedCAs => 1 );
    is( $msg->GetHeader('X-RT-Incoming-Signature'),
        '"Enoch Root" <root@example.com>',
        "Message was marked as signed"
    );

    is($status->{Operation}, "Verify", "Found the Verify operation");
    is($status->{Status}, "DONE", "Verify was a success");
    is($status->{Trust}, "NONE", "Noted the no trust level");
}

# No CA path, but allow all CAs
{
    my ($msg, $status) = $send_mail->( CAPath => undef, AcceptUntrustedCAs => 1 );
    is( $msg->GetHeader('X-RT-Incoming-Signature'),
        '"Enoch Root" <root@example.com>',
        "Message was marked as signed"
    );

    is($status->{Operation}, "Verify", "Found the Verify operation");
    is($status->{Status}, "DONE", "Verify was a success");
    is($status->{Trust}, "UNKNOWN", "Noted the no trust level");
}

done_testing;