diff options
Diffstat (limited to 'rt/t/mail/crypt-gnupg.t')
| -rw-r--r-- | rt/t/mail/crypt-gnupg.t | 312 |
1 files changed, 312 insertions, 0 deletions
diff --git a/rt/t/mail/crypt-gnupg.t b/rt/t/mail/crypt-gnupg.t new file mode 100644 index 000000000..f33fbab1c --- /dev/null +++ b/rt/t/mail/crypt-gnupg.t @@ -0,0 +1,312 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use RT::Test nodata => 1, tests => 92; +plan skip_all => 'GnuPG required.' + unless eval 'use GnuPG::Interface; 1'; +plan skip_all => 'gpg executable is required.' + unless RT::Test->find_executable('gpg'); + + +use File::Spec (); +use Cwd; + +my $homedir = RT::Test::get_abs_relocatable_dir(File::Spec->updir(), + qw(data gnupg keyrings) ); + +mkdir $homedir; + +use_ok('RT::Crypt::GnuPG'); +use_ok('MIME::Entity'); + +RT->Config->Set( 'GnuPG', + Enable => 1, + OutgoingMessagesFormat => 'RFC' ); + +RT->Config->Set( 'GnuPGOptions', + homedir => $homedir, + 'no-permission-warning' => undef, +); + + +diag 'only signing. correct passphrase' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Encrypt => 0, Passphrase => 'test' ); + ok( $entity, 'signed entity'); + ok( !$res{'logger'}, "log is here as well" ) or diag $res{'logger'}; + my @status = RT::Crypt::GnuPG::ParseStatus( $res{'status'} ); + is( scalar @status, 2, 'two records: passphrase, signing'); + is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct'); + is( $status[0]->{'Status'}, 'DONE', 'good passphrase'); + is( $status[1]->{'Operation'}, 'Sign', 'operation is correct'); + is( $status[1]->{'Status'}, 'DONE', 'done'); + is( $status[1]->{'User'}->{'EmailAddress'}, 'rt@example.com', 'correct email'); + + ok( $entity->is_multipart, 'signed message is multipart' ); + is( $entity->parts, 2, 'two parts' ); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 1, 'one protected part' ); + is( $parts[0]->{'Type'}, 'signed', "have signed part" ); + is( $parts[0]->{'Format'}, 'RFC3156', "RFC3156 format" ); + is( $parts[0]->{'Top'}, $entity, "it's the same entity" ); + + my @res = RT::Crypt::GnuPG::VerifyDecrypt( Entity => $entity ); + is scalar @res, 1, 'one operation'; + @status = RT::Crypt::GnuPG::ParseStatus( $res[0]{'status'} ); + is( scalar @status, 1, 'one record'); + is( $status[0]->{'Operation'}, 'Verify', 'operation is correct'); + is( $status[0]->{'Status'}, 'DONE', 'good passphrase'); + is( $status[0]->{'Trust'}, 'ULTIMATE', 'have trust value'); +} + +diag 'only signing. missing passphrase' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Encrypt => 0, Passphrase => '' ); + ok( $res{'exit_code'}, "couldn't sign without passphrase"); + ok( $res{'error'} || $res{'logger'}, "error is here" ); + + my @status = RT::Crypt::GnuPG::ParseStatus( $res{'status'} ); + is( scalar @status, 1, 'one record'); + is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct'); + is( $status[0]->{'Status'}, 'MISSING', 'missing passphrase'); +} + +diag 'only signing. wrong passphrase' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Encrypt => 0, Passphrase => 'wrong' ); + ok( $res{'exit_code'}, "couldn't sign with bad passphrase"); + ok( $res{'error'} || $res{'logger'}, "error is here" ); + + my @status = RT::Crypt::GnuPG::ParseStatus( $res{'status'} ); + is( scalar @status, 1, 'one record'); + is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct'); + is( $status[0]->{'Status'}, 'BAD', 'wrong passphrase'); +} + +diag 'encryption only' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Sign => 0 ); + ok( !$res{'exit_code'}, "successful encryption" ); + ok( !$res{'logger'}, "no records in logger" ); + + my @status = RT::Crypt::GnuPG::ParseStatus( $res{'status'} ); + is( scalar @status, 1, 'one record'); + is( $status[0]->{'Operation'}, 'Encrypt', 'operation is correct'); + is( $status[0]->{'Status'}, 'DONE', 'done'); + + ok($entity, 'get an encrypted part'); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 1, 'one protected part' ); + is( $parts[0]->{'Type'}, 'encrypted', "have encrypted part" ); + is( $parts[0]->{'Format'}, 'RFC3156', "RFC3156 format" ); + is( $parts[0]->{'Top'}, $entity, "it's the same entity" ); +} + +diag 'encryption only, bad recipient' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'keyless@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Sign => 0 ); + ok( $res{'exit_code'}, 'no way to encrypt without keys of recipients'); + ok( $res{'logger'}, "errors are in logger" ); + + my @status = RT::Crypt::GnuPG::ParseStatus( $res{'status'} ); + is( scalar @status, 1, 'one record'); + is( $status[0]->{'Keyword'}, 'INV_RECP', 'invalid recipient'); +} + +diag 'encryption and signing with combined method' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Passphrase => 'test' ); + ok( !$res{'exit_code'}, "successful encryption with signing" ); + ok( !$res{'logger'}, "no records in logger" ); + + my @status = RT::Crypt::GnuPG::ParseStatus( $res{'status'} ); + is( scalar @status, 3, 'three records: passphrase, sign and encrypt'); + is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct'); + is( $status[0]->{'Status'}, 'DONE', 'done'); + is( $status[1]->{'Operation'}, 'Sign', 'operation is correct'); + is( $status[1]->{'Status'}, 'DONE', 'done'); + is( $status[2]->{'Operation'}, 'Encrypt', 'operation is correct'); + is( $status[2]->{'Status'}, 'DONE', 'done'); + + ok($entity, 'get an encrypted and signed part'); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 1, 'one protected part' ); + is( $parts[0]->{'Type'}, 'encrypted', "have encrypted part" ); + is( $parts[0]->{'Format'}, 'RFC3156', "RFC3156 format" ); + is( $parts[0]->{'Top'}, $entity, "it's the same entity" ); +} + +diag 'encryption and signing with cascading, sign on encrypted' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Sign => 0 ); + ok( !$res{'exit_code'}, 'successful encryption' ); + ok( !$res{'logger'}, "no records in logger" ); + %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Encrypt => 0, Passphrase => 'test' ); + ok( !$res{'exit_code'}, 'successful signing' ); + ok( !$res{'logger'}, "no records in logger" ); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 1, 'one protected part, top most' ); + is( $parts[0]->{'Type'}, 'signed', "have signed part" ); + is( $parts[0]->{'Format'}, 'RFC3156', "RFC3156 format" ); + is( $parts[0]->{'Top'}, $entity, "it's the same entity" ); +} + +diag 'find signed/encrypted part deep inside' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Sign => 0 ); + ok( !$res{'exit_code'}, "success" ); + $entity->make_multipart( 'mixed', Force => 1 ); + $entity->attach( + Type => 'text/plain', + Data => ['-'x76, 'this is mailing list'], + ); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 1, 'one protected part' ); + is( $parts[0]->{'Type'}, 'encrypted', "have encrypted part" ); + is( $parts[0]->{'Format'}, 'RFC3156', "RFC3156 format" ); + is( $parts[0]->{'Top'}, $entity->parts(0), "it's the same entity" ); +} + +diag 'wrong signed/encrypted parts: no protocol' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Sign => 0 ); + ok( !$res{'exit_code'}, 'success' ); + $entity->head->mime_attr( 'Content-Type.protocol' => undef ); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 0, 'no protected parts' ); +} + +diag 'wrong signed/encrypted parts: not enought parts' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Sign => 0 ); + ok( !$res{'exit_code'}, 'success' ); + $entity->parts([ $entity->parts(0) ]); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 0, 'no protected parts' ); +} + +diag 'wrong signed/encrypted parts: wrong proto' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Sign => 0 ); + ok( !$res{'exit_code'}, 'success' ); + $entity->head->mime_attr( 'Content-Type.protocol' => 'application/bad-proto' ); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 0, 'no protected parts' ); +} + +diag 'wrong signed/encrypted parts: wrong proto' if $ENV{'TEST_VERBOSE'}; +{ + my $entity = MIME::Entity->build( + From => 'rt@example.com', + To => 'rt@example.com', + Subject => 'test', + Data => ['test'], + ); + my %res = RT::Crypt::GnuPG::SignEncrypt( Entity => $entity, Encrypt => 0, Passphrase => 'test' ); + ok( !$res{'exit_code'}, 'success' ); + $entity->head->mime_attr( 'Content-Type.protocol' => 'application/bad-proto' ); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 0, 'no protected parts' ); +} + +diag 'verify inline and in attachment signatures' if $ENV{'TEST_VERBOSE'}; +{ + open my $fh, "$homedir/signed_old_style_with_attachment.eml"; + my $parser = new MIME::Parser; + my $entity = $parser->parse( $fh ); + + my @parts = RT::Crypt::GnuPG::FindProtectedParts( Entity => $entity ); + is( scalar @parts, 2, 'two protected parts' ); + is( $parts[1]->{'Type'}, 'signed', "have signed part" ); + is( $parts[1]->{'Format'}, 'Inline', "inline format" ); + is( $parts[1]->{'Data'}, $entity->parts(0), "it's first part" ); + + is( $parts[0]->{'Type'}, 'signed', "have signed part" ); + is( $parts[0]->{'Format'}, 'Attachment', "attachment format" ); + is( $parts[0]->{'Data'}, $entity->parts(1), "data in second part" ); + is( $parts[0]->{'Signature'}, $entity->parts(2), "file's signature in third part" ); + + my @res = RT::Crypt::GnuPG::VerifyDecrypt( Entity => $entity ); + my @status = RT::Crypt::GnuPG::ParseStatus( $res[0]->{'status'} ); + is( scalar @status, 1, 'one record'); + is( $status[0]->{'Operation'}, 'Verify', 'operation is correct'); + is( $status[0]->{'Status'}, 'DONE', 'good passphrase'); + is( $status[0]->{'Trust'}, 'ULTIMATE', 'have trust value'); + + $parser->filer->purge(); +} + |