8 RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
9 qw/data gnupg keyrings/ );
16 passphrase => 'rt-test',
20 use String::ShellQuote 'shell_quote';
24 my ($baseurl, $m) = RT::Test->started_ok;
26 # configure key for General queue
27 ok( $m->login, 'we did log in' );
28 $m->get( $baseurl.'/Admin/Queues/');
29 $m->follow_link_ok( {text => 'General'} );
30 $m->submit_form( form_number => 3,
31 fields => { CorrespondAddress => 'general@example.com' } );
32 $m->content_like(qr/general\@example.com.* - never/, 'has key info.');
34 ok(my $user = RT::User->new(RT->SystemUser));
35 ok($user->Load('root'), "Loaded user 'root'");
36 $user->SetEmailAddress('recipient@example.com');
38 # test simple mail. supposedly this should fail when
39 # 1. the queue requires signature
40 # 2. the from is not what the key is associated with
41 my $mail = RT::Test->open_mailgate_ok($baseurl);
43 From: recipient\@example.com
44 To: general\@$RT::rtname
45 Subject: This is a test of new ticket creation as root
50 RT::Test->close_mailgate_ok($mail);
53 my $tick = RT::Test->last_ticket;
55 'This is a test of new ticket creation as root',
58 my $txn = $tick->Transactions->First;
60 $txn->Attachments->First->Headers,
61 qr/^X-RT-Incoming-Encryption: Not encrypted/m,
62 'recorded incoming mail that is not encrypted'
64 like( $txn->Attachments->First->Content, qr/Blah/);
67 # test for signed mail
72 qw(gpg --batch --no-tty --armor --sign),
73 '--default-key' => 'recipient@example.com',
74 '--homedir' => $homedir,
75 '--passphrase' => 'recipient',
76 '--no-permission-warning',
83 $mail = RT::Test->open_mailgate_ok($baseurl);
85 From: recipient\@example.com
86 To: general\@$RT::rtname
87 Subject: signed message for queue
91 RT::Test->close_mailgate_ok($mail);
94 my $tick = RT::Test->last_ticket;
95 is( $tick->Subject, 'signed message for queue',
99 my $txn = $tick->Transactions->First;
100 my ($msg, $attach) = @{$txn->Attachments->ItemsArrayRef};
102 is( $msg->GetHeader('X-RT-Incoming-Encryption'),
104 'recorded incoming mail that is encrypted'
106 # test for some kind of PGP-Signed-By: Header
107 like( $attach->Content, qr/fnord/);
110 # test for clear-signed mail
115 qw(gpg --batch --no-tty --armor --sign --clearsign),
116 '--default-key' => 'recipient@example.com',
117 '--homedir' => $homedir,
118 '--passphrase' => 'recipient',
119 '--no-permission-warning',
126 $mail = RT::Test->open_mailgate_ok($baseurl);
128 From: recipient\@example.com
129 To: general\@$RT::rtname
130 Subject: signed message for queue
134 RT::Test->close_mailgate_ok($mail);
137 my $tick = RT::Test->last_ticket;
138 is( $tick->Subject, 'signed message for queue',
142 my $txn = $tick->Transactions->First;
143 my ($msg, $attach) = @{$txn->Attachments->ItemsArrayRef};
144 is( $msg->GetHeader('X-RT-Incoming-Encryption'),
146 'recorded incoming mail that is encrypted'
148 # test for some kind of PGP-Signed-By: Header
149 like( $attach->Content, qr/clearfnord/);
152 # test for signed and encrypted mail
157 qw(gpg --batch --no-tty --encrypt --armor --sign),
158 '--recipient' => 'general@example.com',
159 '--default-key' => 'recipient@example.com',
160 '--homedir' => $homedir,
161 '--passphrase' => 'recipient',
162 '--no-permission-warning',
169 $mail = RT::Test->open_mailgate_ok($baseurl);
171 From: recipient\@example.com
172 To: general\@$RT::rtname
173 Subject: Encrypted message for queue
177 RT::Test->close_mailgate_ok($mail);
180 my $tick = RT::Test->last_ticket;
181 is( $tick->Subject, 'Encrypted message for queue',
185 my $txn = $tick->Transactions->First;
186 my ($msg, $attach, $orig) = @{$txn->Attachments->ItemsArrayRef};
188 is( $msg->GetHeader('X-RT-Incoming-Encryption'),
190 'recorded incoming mail that is encrypted'
192 is( $msg->GetHeader('X-RT-Privacy'),
194 'recorded incoming mail that is encrypted'
196 like( $attach->Content, qr/orz/);
198 is( $orig->GetHeader('Content-Type'), 'application/x-rt-original-message');
199 ok(index($orig->Content, $buf) != -1, 'found original msg');
203 # test that if it gets base64 transfer-encoded, we still get the content out
204 $buf = encode_base64($buf);
205 $mail = RT::Test->open_mailgate_ok($baseurl);
207 From: recipient\@example.com
208 To: general\@$RT::rtname
209 Content-transfer-encoding: base64
210 Subject: Encrypted message for queue
214 RT::Test->close_mailgate_ok($mail);
217 my $tick = RT::Test->last_ticket;
218 is( $tick->Subject, 'Encrypted message for queue',
222 my $txn = $tick->Transactions->First;
223 my ($msg, $attach, $orig) = @{$txn->Attachments->ItemsArrayRef};
225 is( $msg->GetHeader('X-RT-Incoming-Encryption'),
227 'recorded incoming mail that is encrypted'
229 is( $msg->GetHeader('X-RT-Privacy'),
231 'recorded incoming mail that is encrypted'
233 like( $attach->Content, qr/orz/);
235 is( $orig->GetHeader('Content-Type'), 'application/x-rt-original-message');
236 ok(index($orig->Content, $buf) != -1, 'found original msg');
239 # test for signed mail by other key
244 qw(gpg --batch --no-tty --armor --sign),
245 '--default-key' => 'rt@example.com',
246 '--homedir' => $homedir,
247 '--passphrase' => 'test',
248 '--no-permission-warning',
255 $mail = RT::Test->open_mailgate_ok($baseurl);
257 From: recipient\@example.com
258 To: general\@$RT::rtname
259 Subject: signed message for queue
263 RT::Test->close_mailgate_ok($mail);
266 my $tick = RT::Test->last_ticket;
267 my $txn = $tick->Transactions->First;
268 my ($msg, $attach) = @{$txn->Attachments->ItemsArrayRef};
269 # XXX: in this case, which credential should we be using?
270 is( $msg->GetHeader('X-RT-Incoming-Signature'),
271 'Test User <rt@example.com>',
272 'recorded incoming mail signed by others'
276 # test for encrypted mail with key not associated to the queue
281 qw(gpg --batch --no-tty --armor --encrypt),
282 '--recipient' => 'random@localhost',
283 '--homedir' => $homedir,
284 '--no-permission-warning',
286 \"should not be there either\r\n",
291 $mail = RT::Test->open_mailgate_ok($baseurl);
293 From: recipient\@example.com
294 To: general\@$RT::rtname
295 Subject: encrypted message for queue
299 RT::Test->close_mailgate_ok($mail);
302 my $tick = RT::Test->last_ticket;
303 my $txn = $tick->Transactions->First;
304 my ($msg, $attach) = @{$txn->Attachments->ItemsArrayRef};
308 local $TODO = "this test requires keys associated with queues";
309 unlike( $attach->Content, qr/should not be there either/);
313 # test for badly encrypted mail
319 qw(gpg --batch --no-tty --armor --encrypt),
320 '--recipient' => 'rt@example.com',
321 '--homedir' => $homedir,
322 '--no-permission-warning',
324 \"really should not be there either\r\n",
329 $buf =~ s/PGP MESSAGE/SCREWED UP/g;
331 RT::Test->fetch_caught_mails;
333 $mail = RT::Test->open_mailgate_ok($baseurl);
335 From: recipient\@example.com
336 To: general\@$RT::rtname
337 Subject: encrypted message for queue
341 RT::Test->close_mailgate_ok($mail);
342 my @mail = RT::Test->fetch_caught_mails;
343 is(@mail, 1, 'caught outgoing mail.');
347 my $tick = RT::Test->last_ticket;
348 my $txn = $tick->Transactions->First;
349 my ($msg, $attach) = @{$txn->Attachments->ItemsArrayRef};
350 unlike( ($attach ? $attach->Content : ''), qr/really should not be there either/);
354 # test that if it gets base64 transfer-encoded long mail then it doesn't hang
356 local $SIG{ALRM} = sub {
357 ok 0, "timed out, web server is probably in deadlock";
361 $buf = encode_base64('a'x(250*1024));
362 $mail = RT::Test->open_mailgate_ok($baseurl);
364 From: recipient\@example.com
365 To: general\@$RT::rtname
366 Content-transfer-encoding: base64
367 Subject: Long not encrypted message for queue
371 RT::Test->close_mailgate_ok($mail);
374 my $tick = RT::Test->last_ticket;
375 is( $tick->Subject, 'Long not encrypted message for queue',
378 my $content = $tick->Transactions->First->Content;
379 like $content, qr/a{1024,}/, 'content is not lost';