1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
use strict;
use warnings;
use RT::Test::SMIME tests => undef;
my $test = 'RT::Test::SMIME';
use IPC::Run3 'run3';
use String::ShellQuote 'shell_quote';
use RT::Tickets;
use Test::Warn;
# configure key for General queue
RT::Test::SMIME->import_key('sender@example.com');
my $queue = RT::Test->load_or_create_queue(
Name => 'General',
CorrespondAddress => 'sender@example.com',
CommentAddress => 'sender@example.com',
);
ok $queue && $queue->id, 'loaded or created queue';
my $user = RT::Test->load_or_create_user(
Name => 'root@example.com',
EmailAddress => 'root@example.com',
);
RT::Test::SMIME->import_key('root@example.com.crt', $user);
RT::Test->add_rights( Principal => $user, Right => 'SuperUser', Object => RT->System );
my $buf = '';
run3(
shell_quote(
RT->Config->Get('SMIME')->{'OpenSSL'},
qw( smime -sign -passin pass:123456),
-signer => $test->key_path('root@example.com.crt'),
-inkey => $test->key_path('root@example.com.key'),
),
\"Content-type: text/plain\n\nThis is the body",
\$buf,
\*STDERR
);
$buf = "Subject: Signed email\n"
. "From: root\@example.com\n"
. $buf;
my $send_mail = sub {
my %args = ( CAPath => undef, AcceptUntrustedCAs => undef, @_ );
RT->Config->Get('SMIME')->{$_} = $args{$_} for keys %args;
my ($status, $tid) = RT::Test->send_via_mailgate( $buf );
my $tick = RT::Ticket->new( $RT::SystemUser );
$tick->Load( $tid );
ok( $tick->Id, "found ticket " . $tick->Id );
is( $tick->Subject, 'Signed email',
"Created the ticket"
);
my $txn = $tick->Transactions->First;
my ($msg, $attach, $orig) = @{$txn->Attachments->ItemsArrayRef};
($status) = RT::Crypt->ParseStatus(
Protocol => 'SMIME',
Status => $msg->GetHeader('X-RT-SMIME-Status')
);
return ($msg, $status);
};
# Test with no CA path; should not be marked as signed
warning_like {
my ($msg, $status) = $send_mail->( CAPath => undef );
is( $msg->GetHeader('X-RT-Incoming-Signature'),
undef,
"Message was not marked as signed"
);
is($status->{Operation}, "Verify", "Found the Verify operation");
is($status->{Status}, "BAD", "Verify was a failure");
is($status->{Trust}, "NONE", "Noted the no trust level");
like($status->{Message}, qr/not trusted/, "Verify was a failure");
} qr/Failure during SMIME verify: The signing CA was not trusted/;
# Test with the correct CA path; marked as signed, trusted
{
my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/demoCA/cacert.pem" );
is( $msg->GetHeader('X-RT-Incoming-Signature'),
'"Enoch Root" <root@example.com>', "Message is signed" );
is($status->{Operation}, "Verify", "Found the Verify operation");
is($status->{Status}, "DONE", "Verify was a success");
is($status->{Trust}, "FULL", "Noted the full trust level");
}
# Test with the other CA
warning_like {
my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem" );
is( $msg->GetHeader('X-RT-Incoming-Signature'),
undef,
"Message was not marked as signed"
);
is($status->{Operation}, "Verify", "Found the Verify operation");
is($status->{Status}, "BAD", "Verify was a failure");
is($status->{Trust}, "NONE", "Noted the no trust level");
like($status->{Message}, qr/not trusted/, "Verify was a failure");
} qr/Failure during SMIME verify: The signing CA was not trusted/;
# Other CA, but allow all CAs
{
my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem", AcceptUntrustedCAs => 1 );
is( $msg->GetHeader('X-RT-Incoming-Signature'),
'"Enoch Root" <root@example.com>',
"Message was marked as signed"
);
is($status->{Operation}, "Verify", "Found the Verify operation");
is($status->{Status}, "DONE", "Verify was a success");
is($status->{Trust}, "NONE", "Noted the no trust level");
}
# No CA path, but allow all CAs
{
my ($msg, $status) = $send_mail->( CAPath => undef, AcceptUntrustedCAs => 1 );
is( $msg->GetHeader('X-RT-Incoming-Signature'),
'"Enoch Root" <root@example.com>',
"Message was marked as signed"
);
is($status->{Operation}, "Verify", "Found the Verify operation");
is($status->{Status}, "DONE", "Verify was a success");
is($status->{Trust}, "UNKNOWN", "Noted the no trust level");
}
done_testing;
|
