[Rt-commit] rt branch, 4.4/smime-separate-encrypt-and-sign-certs, updated. rt-4.4.3-45-g9352e72a3
? sunnavy
sunnavy at bestpractical.com
Wed Oct 17 09:48:27 EDT 2018
The branch, 4.4/smime-separate-encrypt-and-sign-certs has been updated
via 9352e72a37514afe1b1473fc05343eaeffd07b65 (commit)
from 7be3c08615a89dea0019e35f6db6f90f206a7450 (commit)
Summary of changes:
t/mail/smime/separate_certs.t | 137 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 137 insertions(+)
create mode 100644 t/mail/smime/separate_certs.t
- Log -----------------------------------------------------------------
commit 9352e72a37514afe1b1473fc05343eaeffd07b65
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Oct 17 21:43:43 2018 +0800
Test separate smime certificates for signing and encryption
For signing, it looks for EMAIL.signing.pem and then EMAIL.pem.
For encryption, it looks for EMAIL.encryption.pem and then EMAIL.pem.
diff --git a/t/mail/smime/separate_certs.t b/t/mail/smime/separate_certs.t
new file mode 100644
index 000000000..9e11df60b
--- /dev/null
+++ b/t/mail/smime/separate_certs.t
@@ -0,0 +1,137 @@
+use strict;
+use warnings;
+
+use RT::Test::SMIME tests => undef;
+
+use IPC::Run3 'run3';
+use Test::Warn;
+
+my $queue = RT::Test->load_or_create_queue(
+ Name => 'General',
+ CorrespondAddress => 'sender at example.com',
+ CommentAddress => 'sender at example.com',
+);
+
+my ( $ret, $msg ) = $queue->SetSignAuto(1);
+ok( $ret, 'Enabled SignAuto' );
+
+my %signing = (
+ 'sender at example.com.pem' => 1,
+ 'sender at example.com.signing.pem' => 1,
+ 'sender at example.com.encryption.pem' => 0,
+);
+
+my $key_ring = RT->Config->Get('SMIME')->{'Keyring'};
+for my $key ( keys %signing ) {
+ diag "Testing signing with $key";
+
+ RT::Test::SMIME->import_key('sender at example.com');
+ if ( $key ne 'sender at example.com' ) {
+ rename File::Spec->catfile( $key_ring, 'sender at example.com.pem' ), File::Spec->catfile( $key_ring, $key )
+ or die $!;
+ }
+
+ my $mail = <<END;
+From: root\@localhost
+Subject: test signing
+
+Hello
+END
+
+ my ( $ret, $id ) = RT::Test->send_via_mailgate( $mail, queue => $queue->Name, );
+ is $ret >> 8, 0, "Successfuly executed mailgate";
+
+ my @mails = RT::Test->fetch_caught_mails;
+ if ( $signing{$key} ) {
+ is scalar @mails, 1, "autoreply";
+ like( $mails[0], qr'Content-Type: application/x-pkcs7-signature', 'Sent message contains signature' );
+
+ my ( $buf, $err );
+ run3( [ qw(openssl smime -verify), '-CAfile', RT::Test::SMIME->key_path . "/demoCA/cacert.pem", ],
+ \$mails[0], \$buf, \$err );
+
+ like( $err, qr'Verification successful', 'Verification output' );
+ like( $buf, qr'This message has been automatically generated in response', 'Verified message' );
+ unlike( $buf, qr'Content-Type: application/x-pkcs7-signature', 'Verified message does not contain signature' );
+ }
+ else {
+ is scalar @mails, 0, "Couldn't send autoreply";
+ }
+
+ unlink File::Spec->catfile( $key_ring, $key );
+}
+
+( $ret, $msg ) = $queue->SetSignAuto(0);
+ok( $ret, 'Disabled SignAuto' );
+
+my %encryption = (
+ 'sender at example.com.pem' => 1,
+ 'sender at example.com.signing.pem' => 0,
+ 'sender at example.com.encryption.pem' => 1,
+);
+
+my $root = RT::Test->load_or_create_user( Name => 'root' );
+( $ret, $msg ) = $root->SetEmailAddress('root at example.com');
+ok( $ret, 'set root email to root at example.com' );
+RT::Test::SMIME->import_key( 'root at example.com', $root );
+
+for my $key ( keys %encryption ) {
+ diag "Testing decryption with $key";
+
+ RT::Test::SMIME->import_key('sender at example.com');
+ if ( $key ne 'sender at example.com' ) {
+ rename File::Spec->catfile( $key_ring, 'sender at example.com.pem' ), File::Spec->catfile( $key_ring, $key )
+ or die $!;
+ }
+
+ my ( $buf, $err );
+ run3(
+ [ qw(openssl smime -encrypt -des3),
+ -from => 'root at example.com',
+ -to => 'sender at example.com',
+ -subject => "Encrypted message for queue",
+ RT::Test::SMIME->key_path('sender at example.com.crt'),
+ ],
+ \"\nthis is content",
+ \$buf,
+ \$err,
+ );
+
+ my ( $ret, $id );
+ if ( $encryption{$key} ) {
+ ( $ret, $id ) = RT::Test->send_via_mailgate($buf);
+ }
+ else {
+ warning_like {
+ ( $ret, $id ) = RT::Test->send_via_mailgate($buf);
+ }
+ [ qr!Couldn't find SMIME key for addresses: sender\@example.com!,
+ qr!Failure during SMIME keycheck: Secret key is not available!
+ ],
+ "Got missing key warning";
+ }
+
+ is( $ret >> 8, 0, "The mail gateway exited normally" );
+
+ my $ticket = RT::Ticket->new($RT::SystemUser);
+ $ticket->Load($id);
+ is( $ticket->Subject, 'Encrypted message for queue', "Created the ticket" );
+ my $txn = $ticket->Transactions->First;
+ my ( $msg, $attach, $orig ) = @{ $txn->Attachments->ItemsArrayRef };
+
+ is( $msg->GetHeader('X-RT-Privacy'), 'SMIME', 'X-RT-Privacy is SMIME' );
+ is( $orig->GetHeader('Content-Type'), 'application/x-rt-original-message', 'Original message is recorded' );
+
+ if ( $encryption{$key} ) {
+ is( $msg->GetHeader('X-RT-Incoming-Encryption'), 'Success', 'X-RT-Incoming-Encryption is success' );
+ is( $attach->Content, 'this is content', 'Content is decrypted' );
+ }
+ else {
+ is( $msg->GetHeader('X-RT-Incoming-Encryption'), 'Not encrypted', 'X-RT-Incoming-Encryption is not encrypted' );
+ unlike( $attach->Content, qr/this is content/, 'Content is not decrypted' );
+ }
+
+ unlink File::Spec->catfile( $key_ring, $key );
+}
+
+done_testing;
-----------------------------------------------------------------------
More information about the rt-commit
mailing list