diff options
Diffstat (limited to 'rt/t/mail/smime/other-signed.t')
-rw-r--r-- | rt/t/mail/smime/other-signed.t | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/rt/t/mail/smime/other-signed.t b/rt/t/mail/smime/other-signed.t new file mode 100644 index 000000000..4e97e711f --- /dev/null +++ b/rt/t/mail/smime/other-signed.t @@ -0,0 +1,135 @@ +use strict; +use warnings; + +use RT::Test::SMIME tests => undef; +my $test = 'RT::Test::SMIME'; + +use IPC::Run3 'run3'; +use String::ShellQuote 'shell_quote'; +use RT::Tickets; +use Test::Warn; + +# configure key for General queue +RT::Test::SMIME->import_key('sender@example.com'); +my $queue = RT::Test->load_or_create_queue( + Name => 'General', + CorrespondAddress => 'sender@example.com', + CommentAddress => 'sender@example.com', +); +ok $queue && $queue->id, 'loaded or created queue'; + +my $user = RT::Test->load_or_create_user( + Name => 'root@example.com', + EmailAddress => 'root@example.com', +); +RT::Test::SMIME->import_key('root@example.com.crt', $user); +RT::Test->add_rights( Principal => $user, Right => 'SuperUser', Object => RT->System ); + +my $buf = ''; + +run3( + shell_quote( + RT->Config->Get('SMIME')->{'OpenSSL'}, + qw( smime -sign -passin pass:123456), + -signer => $test->key_path('root@example.com.crt'), + -inkey => $test->key_path('root@example.com.key'), + ), + \"Content-type: text/plain\n\nThis is the body", + \$buf, + \*STDERR +); +$buf = "Subject: Signed email\n" + . "From: root\@example.com\n" + . $buf; + +my $send_mail = sub { + my %args = ( CAPath => undef, AcceptUntrustedCAs => undef, @_ ); + + RT->Config->Get('SMIME')->{$_} = $args{$_} for keys %args; + + my ($status, $tid) = RT::Test->send_via_mailgate( $buf ); + + my $tick = RT::Ticket->new( $RT::SystemUser ); + $tick->Load( $tid ); + ok( $tick->Id, "found ticket " . $tick->Id ); + is( $tick->Subject, 'Signed email', + "Created the ticket" + ); + + my $txn = $tick->Transactions->First; + my ($msg, $attach, $orig) = @{$txn->Attachments->ItemsArrayRef}; + + ($status) = RT::Crypt->ParseStatus( + Protocol => 'SMIME', + Status => $msg->GetHeader('X-RT-SMIME-Status') + ); + + return ($msg, $status); +}; + +# Test with no CA path; should not be marked as signed +warning_like { + my ($msg, $status) = $send_mail->( CAPath => undef ); + is( $msg->GetHeader('X-RT-Incoming-Signature'), + undef, + "Message was not marked as signed" + ); + + is($status->{Operation}, "Verify", "Found the Verify operation"); + is($status->{Status}, "BAD", "Verify was a failure"); + is($status->{Trust}, "NONE", "Noted the no trust level"); + like($status->{Message}, qr/not trusted/, "Verify was a failure"); +} qr/Failure during SMIME verify: The signing CA was not trusted/; + +# Test with the correct CA path; marked as signed, trusted +{ + my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/demoCA/cacert.pem" ); + is( $msg->GetHeader('X-RT-Incoming-Signature'), + '"Enoch Root" <root@example.com>', "Message is signed" ); + + is($status->{Operation}, "Verify", "Found the Verify operation"); + is($status->{Status}, "DONE", "Verify was a success"); + is($status->{Trust}, "FULL", "Noted the full trust level"); +} + +# Test with the other CA +warning_like { + my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem" ); + is( $msg->GetHeader('X-RT-Incoming-Signature'), + undef, + "Message was not marked as signed" + ); + + is($status->{Operation}, "Verify", "Found the Verify operation"); + is($status->{Status}, "BAD", "Verify was a failure"); + is($status->{Trust}, "NONE", "Noted the no trust level"); + like($status->{Message}, qr/not trusted/, "Verify was a failure"); +} qr/Failure during SMIME verify: The signing CA was not trusted/; + +# Other CA, but allow all CAs +{ + my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem", AcceptUntrustedCAs => 1 ); + is( $msg->GetHeader('X-RT-Incoming-Signature'), + '"Enoch Root" <root@example.com>', + "Message was marked as signed" + ); + + is($status->{Operation}, "Verify", "Found the Verify operation"); + is($status->{Status}, "DONE", "Verify was a success"); + is($status->{Trust}, "NONE", "Noted the no trust level"); +} + +# No CA path, but allow all CAs +{ + my ($msg, $status) = $send_mail->( CAPath => undef, AcceptUntrustedCAs => 1 ); + is( $msg->GetHeader('X-RT-Incoming-Signature'), + '"Enoch Root" <root@example.com>', + "Message was marked as signed" + ); + + is($status->{Operation}, "Verify", "Found the Verify operation"); + is($status->{Status}, "DONE", "Verify was a success"); + is($status->{Trust}, "UNKNOWN", "Noted the no trust level"); +} + +done_testing; |