5 use RT::Test tests => 60;
7 plan skip_all => 'GnuPG required.'
8 unless eval 'use GnuPG::Interface; 1';
9 plan skip_all => 'gpg executable is required.'
10 unless RT::Test->find_executable('gpg');
13 use RT::Action::SendEmail;
14 use File::Temp qw(tempdir);
16 RT::Test->set_mail_catcher;
18 use_ok('RT::Crypt::GnuPG');
20 RT->Config->Set( GnuPG =>
22 OutgoingMessagesFormat => 'RFC',
25 RT->Config->Set( GnuPGOptions =>
26 homedir => scalar tempdir( CLEANUP => 0 ),
27 passphrase => 'rt-test',
28 'no-permission-warning' => undef,
30 diag "GnuPG --homedir ". RT->Config->Get('GnuPGOptions')->{'homedir'} if $ENV{TEST_VERBOSE};
32 RT->Config->Set( 'MailPlugins' => 'Auth::MailFrom', 'Auth::GnuPG' );
34 my $queue = RT::Test->load_or_create_queue(
36 CorrespondAddress => 'rt-recipient@example.com',
37 CommentAddress => 'rt-recipient@example.com',
39 ok $queue && $queue->id, 'loaded or created queue';
42 Principal => 'Everyone',
43 Right => ['CreateTicket', 'ShowTicket', 'SeeQueue', 'ReplyToTicket', 'ModifyTicket'],
46 my ($baseurl, $m) = RT::Test->started_ok;
47 ok $m->login, 'logged in';
49 diag "check that signing doesn't work if there is no key" if $ENV{TEST_VERBOSE};
51 RT::Test->clean_caught_mails;
53 ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
55 $m->tick( Sign => 1 );
56 $m->field( Requestors => 'rt-test@example.com' );
57 $m->field( Content => 'Some content' );
60 qr/unable to sign outgoing email messages/i,
61 'problems with passphrase'
64 my @mail = RT::Test->fetch_caught_mails;
65 ok !@mail, 'there are no outgoing emails';
69 RT::Test->import_gnupg_key('rt-recipient@example.com');
70 RT::Test->trust_gnupg_key('rt-recipient@example.com');
71 my %res = RT::Crypt::GnuPG::GetKeysInfo('rt-recipient@example.com');
72 is $res{'info'}[0]{'TrustTerse'}, 'ultimate', 'ultimately trusted key';
75 diag "check that things don't work if there is no key" if $ENV{TEST_VERBOSE};
77 RT::Test->clean_caught_mails;
79 ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
81 $m->tick( Encrypt => 1 );
82 $m->field( Requestors => 'rt-test@example.com' );
83 $m->field( Content => 'Some content' );
86 qr/You are going to encrypt outgoing email messages/i,
90 qr/There is no key suitable for encryption/i,
94 my $form = $m->form_number(3);
95 ok !$form->find_input( 'UseKey-rt-test@example.com' ), 'no key selector';
97 my @mail = RT::Test->fetch_caught_mails;
98 ok !@mail, 'there are no outgoing emails';
101 diag "import first key of rt-test\@example.com" if $ENV{TEST_VERBOSE};
104 RT::Test->import_gnupg_key('rt-test@example.com', 'public');
105 my %res = RT::Crypt::GnuPG::GetKeysInfo('rt-test@example.com');
106 is $res{'info'}[0]{'TrustLevel'}, 0, 'is not trusted key';
107 $fpr1 = $res{'info'}[0]{'Fingerprint'};
110 diag "check that things still doesn't work if key is not trusted" if $ENV{TEST_VERBOSE};
112 RT::Test->clean_caught_mails;
114 ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
116 $m->tick( Encrypt => 1 );
117 $m->field( Requestors => 'rt-test@example.com' );
118 $m->field( Content => 'Some content' );
121 qr/You are going to encrypt outgoing email messages/i,
125 qr/There is one suitable key, but trust level is not set/i,
129 my $form = $m->form_number(3);
130 ok my $input = $form->find_input( 'UseKey-rt-test@example.com' ), 'found key selector';
131 is scalar $input->possible_values, 1, 'one option';
133 $m->select( 'UseKey-rt-test@example.com' => $fpr1 );
136 qr/You are going to encrypt outgoing email messages/i,
140 qr/Selected key either is not trusted/i,
144 my @mail = RT::Test->fetch_caught_mails;
145 ok !@mail, 'there are no outgoing emails';
148 diag "import a second key of rt-test\@example.com" if $ENV{TEST_VERBOSE};
151 RT::Test->import_gnupg_key('rt-test@example.com.2', 'public');
152 my %res = RT::Crypt::GnuPG::GetKeysInfo('rt-test@example.com');
153 is $res{'info'}[1]{'TrustLevel'}, 0, 'is not trusted key';
154 $fpr2 = $res{'info'}[2]{'Fingerprint'};
157 diag "check that things still doesn't work if two keys are not trusted" if $ENV{TEST_VERBOSE};
159 RT::Test->clean_caught_mails;
161 ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
163 $m->tick( Encrypt => 1 );
164 $m->field( Requestors => 'rt-test@example.com' );
165 $m->field( Content => 'Some content' );
168 qr/You are going to encrypt outgoing email messages/i,
172 qr/There are several keys suitable for encryption/i,
176 my $form = $m->form_number(3);
177 ok my $input = $form->find_input( 'UseKey-rt-test@example.com' ), 'found key selector';
178 is scalar $input->possible_values, 2, 'two options';
180 $m->select( 'UseKey-rt-test@example.com' => $fpr1 );
183 qr/You are going to encrypt outgoing email messages/i,
187 qr/Selected key either is not trusted/i,
191 my @mail = RT::Test->fetch_caught_mails;
192 ok !@mail, 'there are no outgoing emails';
196 RT::Test->lsign_gnupg_key( $fpr1 );
197 my %res = RT::Crypt::GnuPG::GetKeysInfo('rt-test@example.com');
198 ok $res{'info'}[0]{'TrustLevel'} > 0, 'trusted key';
199 is $res{'info'}[1]{'TrustLevel'}, 0, 'is not trusted key';
202 diag "check that we see key selector even if only one key is trusted but there are more keys";
204 RT::Test->clean_caught_mails;
206 ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
208 $m->tick( Encrypt => 1 );
209 $m->field( Requestors => 'rt-test@example.com' );
210 $m->field( Content => 'Some content' );
213 qr/You are going to encrypt outgoing email messages/i,
217 qr/There are several keys suitable for encryption/i,
221 my $form = $m->form_number(3);
222 ok my $input = $form->find_input( 'UseKey-rt-test@example.com' ), 'found key selector';
223 is scalar $input->possible_values, 2, 'two options';
225 my @mail = RT::Test->fetch_caught_mails;
226 ok !@mail, 'there are no outgoing emails';
229 diag "check that key selector works and we can select trusted key";
231 RT::Test->clean_caught_mails;
233 ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
235 $m->tick( Encrypt => 1 );
236 $m->field( Requestors => 'rt-test@example.com' );
237 $m->field( Content => 'Some content' );
240 qr/You are going to encrypt outgoing email messages/i,
244 qr/There are several keys suitable for encryption/i,
248 my $form = $m->form_number(3);
249 ok my $input = $form->find_input( 'UseKey-rt-test@example.com' ), 'found key selector';
250 is scalar $input->possible_values, 2, 'two options';
252 $m->select( 'UseKey-rt-test@example.com' => $fpr1 );
254 $m->content_like( qr/Ticket \d+ created in queue/i, 'ticket created' );
256 my @mail = RT::Test->fetch_caught_mails;
257 ok @mail, 'there are some emails';
258 check_text_emails( { Encrypt => 1 }, @mail );
261 diag "check encrypting of attachments";
263 RT::Test->clean_caught_mails;
265 ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
267 $m->tick( Encrypt => 1 );
268 $m->field( Requestors => 'rt-test@example.com' );
269 $m->field( Content => 'Some content' );
270 $m->field( Attach => $0 );
273 qr/You are going to encrypt outgoing email messages/i,
277 qr/There are several keys suitable for encryption/i,
281 my $form = $m->form_number(3);
282 ok my $input = $form->find_input( 'UseKey-rt-test@example.com' ), 'found key selector';
283 is scalar $input->possible_values, 2, 'two options';
285 $m->select( 'UseKey-rt-test@example.com' => $fpr1 );
287 $m->content_like( qr/Ticket \d+ created in queue/i, 'ticket created' );
289 my @mail = RT::Test->fetch_caught_mails;
290 ok @mail, 'there are some emails';
291 check_text_emails( { Encrypt => 1, Attachment => 1 }, @mail );
294 sub check_text_emails {
295 my %args = %{ shift @_ };
298 ok scalar @mail, "got some mail";
299 for my $mail (@mail) {
300 for my $type ('email', 'attachment') {
301 next if $type eq 'attachment' && !$args{'Attachment'};
303 my $content = $type eq 'email'
305 : "Attachment content";
307 if ( $args{'Encrypt'} ) {
308 unlike $mail, qr/$content/, "outgoing $type was encrypted";
310 like $mail, qr/$content/, "outgoing $type was not encrypted";
313 next unless $type eq 'email';
315 if ( $args{'Sign'} && $args{'Encrypt'} ) {
316 like $mail, qr/BEGIN PGP MESSAGE/, 'outgoing email was signed';
317 } elsif ( $args{'Sign'} ) {
318 like $mail, qr/SIGNATURE/, 'outgoing email was signed';
320 unlike $mail, qr/SIGNATURE/, 'outgoing email was not signed';