4 use RT::Test::SMIME tests => undef;
5 my $test = 'RT::Test::SMIME';
8 use String::ShellQuote 'shell_quote';
12 # configure key for General queue
13 RT::Test::SMIME->import_key('sender@example.com');
14 my $queue = RT::Test->load_or_create_queue(
16 CorrespondAddress => 'sender@example.com',
17 CommentAddress => 'sender@example.com',
19 ok $queue && $queue->id, 'loaded or created queue';
21 my $user = RT::Test->load_or_create_user(
22 Name => 'root@example.com',
23 EmailAddress => 'root@example.com',
25 RT::Test::SMIME->import_key('root@example.com.crt', $user);
26 RT::Test->add_rights( Principal => $user, Right => 'SuperUser', Object => RT->System );
32 RT->Config->Get('SMIME')->{'OpenSSL'},
33 qw( smime -sign -passin pass:123456),
34 -signer => $test->key_path('root@example.com.crt'),
35 -inkey => $test->key_path('root@example.com.key'),
37 \"Content-type: text/plain\n\nThis is the body",
41 $buf = "Subject: Signed email\n"
42 . "From: root\@example.com\n"
46 my %args = ( CAPath => undef, AcceptUntrustedCAs => undef, @_ );
48 RT->Config->Get('SMIME')->{$_} = $args{$_} for keys %args;
50 my ($status, $tid) = RT::Test->send_via_mailgate( $buf );
52 my $tick = RT::Ticket->new( $RT::SystemUser );
54 ok( $tick->Id, "found ticket " . $tick->Id );
55 is( $tick->Subject, 'Signed email',
59 my $txn = $tick->Transactions->First;
60 my ($msg, $attach, $orig) = @{$txn->Attachments->ItemsArrayRef};
62 ($status) = RT::Crypt->ParseStatus(
64 Status => $msg->GetHeader('X-RT-SMIME-Status')
67 return ($msg, $status);
70 # Test with no CA path; should not be marked as signed
72 my ($msg, $status) = $send_mail->( CAPath => undef );
73 is( $msg->GetHeader('X-RT-Incoming-Signature'),
75 "Message was not marked as signed"
78 is($status->{Operation}, "Verify", "Found the Verify operation");
79 is($status->{Status}, "BAD", "Verify was a failure");
80 is($status->{Trust}, "NONE", "Noted the no trust level");
81 like($status->{Message}, qr/not trusted/, "Verify was a failure");
82 } qr/Failure during SMIME verify: The signing CA was not trusted/;
84 # Test with the correct CA path; marked as signed, trusted
86 my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/demoCA/cacert.pem" );
87 is( $msg->GetHeader('X-RT-Incoming-Signature'),
88 '"Enoch Root" <root@example.com>', "Message is signed" );
90 is($status->{Operation}, "Verify", "Found the Verify operation");
91 is($status->{Status}, "DONE", "Verify was a success");
92 is($status->{Trust}, "FULL", "Noted the full trust level");
95 # Test with the other CA
97 my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem" );
98 is( $msg->GetHeader('X-RT-Incoming-Signature'),
100 "Message was not marked as signed"
103 is($status->{Operation}, "Verify", "Found the Verify operation");
104 is($status->{Status}, "BAD", "Verify was a failure");
105 is($status->{Trust}, "NONE", "Noted the no trust level");
106 like($status->{Message}, qr/not trusted/, "Verify was a failure");
107 } qr/Failure during SMIME verify: The signing CA was not trusted/;
109 # Other CA, but allow all CAs
111 my ($msg, $status) = $send_mail->( CAPath => $test->key_path . "/otherCA/cacert.pem", AcceptUntrustedCAs => 1 );
112 is( $msg->GetHeader('X-RT-Incoming-Signature'),
113 '"Enoch Root" <root@example.com>',
114 "Message was marked as signed"
117 is($status->{Operation}, "Verify", "Found the Verify operation");
118 is($status->{Status}, "DONE", "Verify was a success");
119 is($status->{Trust}, "NONE", "Noted the no trust level");
122 # No CA path, but allow all CAs
124 my ($msg, $status) = $send_mail->( CAPath => undef, AcceptUntrustedCAs => 1 );
125 is( $msg->GetHeader('X-RT-Incoming-Signature'),
126 '"Enoch Root" <root@example.com>',
127 "Message was marked as signed"
130 is($status->{Operation}, "Verify", "Found the Verify operation");
131 is($status->{Status}, "DONE", "Verify was a success");
132 is($status->{Trust}, "UNKNOWN", "Noted the no trust level");