[Rt-commit] rt branch, 4.4/smime-separate-encrypt-and-sign-certs, updated. rt-4.4.3-45-g9352e72a3

? sunnavy sunnavy at bestpractical.com
Wed Oct 17 09:48:27 EDT 2018


The branch, 4.4/smime-separate-encrypt-and-sign-certs has been updated
       via  9352e72a37514afe1b1473fc05343eaeffd07b65 (commit)
      from  7be3c08615a89dea0019e35f6db6f90f206a7450 (commit)

Summary of changes:
 t/mail/smime/separate_certs.t | 137 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 t/mail/smime/separate_certs.t

- Log -----------------------------------------------------------------
commit 9352e72a37514afe1b1473fc05343eaeffd07b65
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Oct 17 21:43:43 2018 +0800

    Test separate smime certificates for signing and encryption
    
    For signing, it looks for EMAIL.signing.pem and then EMAIL.pem.
    For encryption, it looks for EMAIL.encryption.pem and then EMAIL.pem.

diff --git a/t/mail/smime/separate_certs.t b/t/mail/smime/separate_certs.t
new file mode 100644
index 000000000..9e11df60b
--- /dev/null
+++ b/t/mail/smime/separate_certs.t
@@ -0,0 +1,137 @@
+use strict;
+use warnings;
+
+use RT::Test::SMIME tests => undef;
+
+use IPC::Run3 'run3';
+use Test::Warn;
+
+my $queue = RT::Test->load_or_create_queue(
+    Name              => 'General',
+    CorrespondAddress => 'sender at example.com',
+    CommentAddress    => 'sender at example.com',
+);
+
+my ( $ret, $msg ) = $queue->SetSignAuto(1);
+ok( $ret, 'Enabled SignAuto' );
+
+my %signing = (
+    'sender at example.com.pem'            => 1,
+    'sender at example.com.signing.pem'    => 1,
+    'sender at example.com.encryption.pem' => 0,
+);
+
+my $key_ring = RT->Config->Get('SMIME')->{'Keyring'};
+for my $key ( keys %signing ) {
+    diag "Testing signing with $key";
+
+    RT::Test::SMIME->import_key('sender at example.com');
+    if ( $key ne 'sender at example.com' ) {
+        rename File::Spec->catfile( $key_ring, 'sender at example.com.pem' ), File::Spec->catfile( $key_ring, $key )
+          or die $!;
+    }
+
+    my $mail = <<END;
+From: root\@localhost
+Subject: test signing
+
+Hello
+END
+
+    my ( $ret, $id ) = RT::Test->send_via_mailgate( $mail, queue => $queue->Name, );
+    is $ret >> 8, 0, "Successfuly executed mailgate";
+
+    my @mails = RT::Test->fetch_caught_mails;
+    if ( $signing{$key} ) {
+        is scalar @mails, 1, "autoreply";
+        like( $mails[0], qr'Content-Type: application/x-pkcs7-signature', 'Sent message contains signature' );
+
+        my ( $buf, $err );
+        run3( [ qw(openssl smime -verify), '-CAfile', RT::Test::SMIME->key_path . "/demoCA/cacert.pem", ],
+            \$mails[0], \$buf, \$err );
+
+        like( $err, qr'Verification successful', 'Verification output' );
+        like( $buf, qr'This message has been automatically generated in response', 'Verified message' );
+        unlike( $buf, qr'Content-Type: application/x-pkcs7-signature', 'Verified message does not contain signature' );
+    }
+    else {
+        is scalar @mails, 0, "Couldn't send autoreply";
+    }
+
+    unlink File::Spec->catfile( $key_ring, $key );
+}
+
+( $ret, $msg ) = $queue->SetSignAuto(0);
+ok( $ret, 'Disabled SignAuto' );
+
+my %encryption = (
+    'sender at example.com.pem'            => 1,
+    'sender at example.com.signing.pem'    => 0,
+    'sender at example.com.encryption.pem' => 1,
+);
+
+my $root = RT::Test->load_or_create_user( Name => 'root' );
+( $ret, $msg ) = $root->SetEmailAddress('root at example.com');
+ok( $ret, 'set root email to root at example.com' );
+RT::Test::SMIME->import_key( 'root at example.com', $root );
+
+for my $key ( keys %encryption ) {
+    diag "Testing decryption with $key";
+
+    RT::Test::SMIME->import_key('sender at example.com');
+    if ( $key ne 'sender at example.com' ) {
+        rename File::Spec->catfile( $key_ring, 'sender at example.com.pem' ), File::Spec->catfile( $key_ring, $key )
+          or die $!;
+    }
+
+    my ( $buf, $err );
+    run3(
+        [   qw(openssl smime -encrypt  -des3),
+            -from    => 'root at example.com',
+            -to      => 'sender at example.com',
+            -subject => "Encrypted message for queue",
+            RT::Test::SMIME->key_path('sender at example.com.crt'),
+        ],
+        \"\nthis is content",
+        \$buf,
+        \$err,
+    );
+
+    my ( $ret, $id );
+    if ( $encryption{$key} ) {
+        ( $ret, $id ) = RT::Test->send_via_mailgate($buf);
+    }
+    else {
+        warning_like {
+            ( $ret, $id ) = RT::Test->send_via_mailgate($buf);
+        }
+        [   qr!Couldn't find SMIME key for addresses: sender\@example.com!,
+            qr!Failure during SMIME keycheck: Secret key is not available!
+        ],
+          "Got missing key warning";
+    }
+
+    is( $ret >> 8, 0, "The mail gateway exited normally" );
+
+    my $ticket = RT::Ticket->new($RT::SystemUser);
+    $ticket->Load($id);
+    is( $ticket->Subject, 'Encrypted message for queue', "Created the ticket" );
+    my $txn = $ticket->Transactions->First;
+    my ( $msg, $attach, $orig ) = @{ $txn->Attachments->ItemsArrayRef };
+
+    is( $msg->GetHeader('X-RT-Privacy'), 'SMIME', 'X-RT-Privacy is SMIME' );
+    is( $orig->GetHeader('Content-Type'), 'application/x-rt-original-message', 'Original message is recorded' );
+
+    if ( $encryption{$key} ) {
+        is( $msg->GetHeader('X-RT-Incoming-Encryption'), 'Success', 'X-RT-Incoming-Encryption is success' );
+        is( $attach->Content, 'this is content', 'Content is decrypted' );
+    }
+    else {
+        is( $msg->GetHeader('X-RT-Incoming-Encryption'), 'Not encrypted', 'X-RT-Incoming-Encryption is not encrypted' );
+        unlike( $attach->Content, qr/this is content/, 'Content is not decrypted' );
+    }
+
+    unlink File::Spec->catfile( $key_ring, $key );
+}
+
+done_testing;

-----------------------------------------------------------------------


More information about the rt-commit mailing list