path: root/rt/t/mail/smime/other-signed.t
diff options
Diffstat (limited to 'rt/t/mail/smime/other-signed.t')
1 files changed, 135 insertions, 0 deletions
diff --git a/rt/t/mail/smime/other-signed.t b/rt/t/mail/smime/other-signed.t
new file mode 100644
index 000000000..4e97e711f
--- /dev/null
+++ b/rt/t/mail/smime/other-signed.t
@@ -0,0 +1,135 @@
+use strict;
+use warnings;
+use RT::Test::SMIME tests => undef;
+my $test = 'RT::Test::SMIME';
+use IPC::Run3 'run3';
+use String::ShellQuote 'shell_quote';
+use RT::Tickets;
+use Test::Warn;
+# configure key for General queue
+my $queue = RT::Test->load_or_create_queue(
+ Name => 'General',
+ CorrespondAddress => '',
+ CommentAddress => '',
+ok $queue && $queue->id, 'loaded or created queue';
+my $user = RT::Test->load_or_create_user(
+ Name => '',
+ EmailAddress => '',
+RT::Test::SMIME->import_key('', $user);
+RT::Test->add_rights( Principal => $user, Right => 'SuperUser', Object => RT->System );
+my $buf = '';
+ shell_quote(
+ RT->Config->Get('SMIME')->{'OpenSSL'},
+ qw( smime -sign -passin pass:123456),
+ -signer => $test->key_path(''),
+ -inkey => $test->key_path(''),
+ ),
+ \"Content-type: text/plain\n\nThis is the body",
+ \$buf,
+$buf = "Subject: Signed email\n"
+ . "From: root\\n"
+ . $buf;
+my $send_mail = sub {
+ my %args = ( CAPath => undef, AcceptUntrustedCAs => undef, @_ );
+ RT->Config->Get('SMIME')->{$_} = $args{$_} for keys %args;
+ my ($status, $tid) = RT::Test->send_via_mailgate( $buf );
+ my $tick = RT::Ticket->new( $RT::SystemUser );
+ $tick->Load( $tid );
+ ok( $tick->Id, "found ticket " . $tick->Id );
+ is( $tick->Subject, 'Signed email',
+ "Created the ticket"
+ );
+ my $txn = $tick->Transactions->First;
+ my ($msg, $attach, $orig) = @{$txn->Attachments->ItemsArrayRef};
+ ($status) = RT::Crypt->ParseStatus(
+ Protocol => 'SMIME',
+ Status => $msg->GetHeader('X-RT-SMIME-Status')
+ );
+ return ($msg, $status);
+# Test with no CA path; should not be marked as signed
+warning_like {
+ my ($msg, $status) = $send_mail->( CAPath => undef );
+ is( $msg->GetHeader('X-RT-Incoming-Signature'),
+ undef,
+ "Message was not marked as signed"
+ );
+ is($status->{Operation}, "Verify", "Found the Verify operation");
+ is($status->{Status}, "BAD", "Verify was a failure");
+ is($status->{Trust}, "NONE", "Noted the no trust level");
+ like($status->{Message}, qr/not trusted/, "Verify was a failure");
+} qr/Failure during SMIME verify: The signing CA was not trusted/;
+# Test with the correct CA path; marked as signed, trusted
+ my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/demoCA/cacert.pem" );
+ is( $msg->GetHeader('X-RT-Incoming-Signature'),
+ '"Enoch Root" <>', "Message is signed" );
+ is($status->{Operation}, "Verify", "Found the Verify operation");
+ is($status->{Status}, "DONE", "Verify was a success");
+ is($status->{Trust}, "FULL", "Noted the full trust level");
+# Test with the other CA
+warning_like {
+ my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem" );
+ is( $msg->GetHeader('X-RT-Incoming-Signature'),
+ undef,
+ "Message was not marked as signed"
+ );
+ is($status->{Operation}, "Verify", "Found the Verify operation");
+ is($status->{Status}, "BAD", "Verify was a failure");
+ is($status->{Trust}, "NONE", "Noted the no trust level");
+ like($status->{Message}, qr/not trusted/, "Verify was a failure");
+} qr/Failure during SMIME verify: The signing CA was not trusted/;
+# Other CA, but allow all CAs
+ my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem", AcceptUntrustedCAs => 1 );
+ is( $msg->GetHeader('X-RT-Incoming-Signature'),
+ '"Enoch Root" <>',
+ "Message was marked as signed"
+ );
+ is($status->{Operation}, "Verify", "Found the Verify operation");
+ is($status->{Status}, "DONE", "Verify was a success");
+ is($status->{Trust}, "NONE", "Noted the no trust level");
+# No CA path, but allow all CAs
+ my ($msg, $status) = $send_mail->( CAPath => undef, AcceptUntrustedCAs => 1 );
+ is( $msg->GetHeader('X-RT-Incoming-Signature'),
+ '"Enoch Root" <>',
+ "Message was marked as signed"
+ );
+ is($status->{Operation}, "Verify", "Found the Verify operation");
+ is($status->{Status}, "DONE", "Verify was a success");
+ is($status->{Trust}, "UNKNOWN", "Noted the no trust level");