154 lines
4.7 KiB
Perl
154 lines
4.7 KiB
Perl
|
#! /usr/bin/perl -w
|
||
|
|
||
|
use constant VERIFY_OK => 0;
|
||
|
use constant VERIFY_BADDATA => 1;
|
||
|
use constant VERIFY_NOCERT => 2;
|
||
|
use constant VERIFY_BADSIG => 3;
|
||
|
|
||
|
my $sq = '/usr/local/bin/sq';
|
||
|
my $gpg = '/usr/bin/gpg';
|
||
|
my $sq_home = "$ENV{'PWD'}/keyring/sq/home/";
|
||
|
$ENV{SEQUOIA_HOME} = $sq_home;
|
||
|
|
||
|
my $failed = 0;
|
||
|
my $tests = 0;
|
||
|
|
||
|
sub pgpverify {
|
||
|
my ($file, $expected) = @_;
|
||
|
my $signer = `./tmp/pgpverify < $file`;
|
||
|
chomp $signer;
|
||
|
if ($? == VERIFY_OK && $signer eq $expected) {
|
||
|
return VERIFY_OK;
|
||
|
} else {
|
||
|
print "pgpverify exited with status ", ($? >> 8), "\n" if $? != VERIFY_OK;
|
||
|
print "pgpverify said the signer was $signer\n" if $signer;
|
||
|
return $? >> 8;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
sub fix_pgpverify {
|
||
|
my ($path, $keyring) = @_;
|
||
|
open (BASIC, "../pgpverify") or die "Can't open ../pgpverify: $!\n";
|
||
|
open (FIXED, "> tmp/pgpverify") or die "Can't create pgpverify: $!\n";
|
||
|
while (<BASIC>) {
|
||
|
s%^\# \$sq = \'.*%\$sq = '$path';% if $path =~ /sq$/;
|
||
|
s%^\# \$sq_policy_as_of = \'.*%\$sq_policy_as_of = '19970101';% if $path =~ /sq$/;
|
||
|
s%^\# \$gpg = \'.*%\$gpg = '$path';% if $path =~ /gpg$/;
|
||
|
s%^\# \$keyring = \'.*%\$keyring = '$keyring';% if $keyring;
|
||
|
s%^\$syslog_method = \'.*%\$syslog_method = '';%;
|
||
|
print FIXED;
|
||
|
}
|
||
|
close BASIC;
|
||
|
close FIXED;
|
||
|
chmod (0755, 'tmp/pgpverify');
|
||
|
}
|
||
|
|
||
|
sub fix_signcontrol {
|
||
|
my ($path, $signer) = @_;
|
||
|
open (BASIC, "../signcontrol") or die "Can't open ../signcontrol: $!\n";
|
||
|
open (FIXED, "> tmp/signcontrol") or die "Can't create signcontrol: $!\n";
|
||
|
while (<BASIC>) {
|
||
|
s/INSERT_YOUR_PGP_USERID/$signer/;
|
||
|
s/^my \$pgp = \".*/my \$pgp = '$path';/;
|
||
|
s/YOUR_ADDRESS_AND_NAME/Test Signer <test\@example.com>/;
|
||
|
s/ADDRESS_FOR_Approved_HEADER/test\@example.com/;
|
||
|
s/FULL_HOST_NAME/example.com/;
|
||
|
s/HIERARCHIES/example/;
|
||
|
print FIXED;
|
||
|
}
|
||
|
close BASIC;
|
||
|
close FIXED;
|
||
|
chmod (0755, 'tmp/signcontrol');
|
||
|
}
|
||
|
|
||
|
sub sign_verify_roundtrip_test {
|
||
|
my ($testname, $sign_exec, $verify_exec, $signer) = @_;
|
||
|
|
||
|
my $signedfile = "./tmp/signed_$testname";
|
||
|
fix_signcontrol ($sign_exec, $signer);
|
||
|
my $status = system ("./tmp/signcontrol < ./messages/newgroup > $signedfile");
|
||
|
|
||
|
if ($? == 0) {
|
||
|
print "PASS: $testname (sign)\n";
|
||
|
} else {
|
||
|
print "signcontrol exited with status ", ($? >> 8), "\n";
|
||
|
print "FAIL: $testname (sign)\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
|
||
|
fix_pgpverify ($verify_exec);
|
||
|
if (pgpverify ($signedfile, 'testing.sq') == VERIFY_OK) {
|
||
|
print "PASS: $testname (verify)\n";
|
||
|
} else {
|
||
|
print "FAIL: $testname (verify)\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
}
|
||
|
|
||
|
fix_pgpverify ($sq);
|
||
|
if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) {
|
||
|
print "PASS: big8 newgroup (verify from default cert store)\n";
|
||
|
} else {
|
||
|
print "FAIL: big8 newgroup (verify from default cert store)\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
|
||
|
fix_pgpverify ($sq, './keyring/sq/big8-cert.asc');
|
||
|
if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) {
|
||
|
print "PASS: big8 newgroup (verify from cert file)\n";
|
||
|
} else {
|
||
|
print "FAIL: big8 newgroup (verify from cert file)\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
|
||
|
fix_pgpverify ($sq, $sq_home);
|
||
|
if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) {
|
||
|
print "PASS: big8 newgroup (verify from custom cert store)\n";
|
||
|
} else {
|
||
|
print "FAIL: big8 newgroup (verify from custom cert store)\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
|
||
|
# Corrupted message, should fail with status VERIFY_BADSIG
|
||
|
fix_pgpverify ($sq);
|
||
|
if (pgpverify ('./messages/comp.lang.go-corrupted.newgroup', 'news.announce.newgroups') == VERIFY_BADSIG) {
|
||
|
print "PASS: BAD big8 newgroup (verify)\n";
|
||
|
} else {
|
||
|
print "FAIL: BAD big8 newgroup (verify)\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
|
||
|
# Unknown signer, should fail with status VERIFY_NOCERT
|
||
|
fix_pgpverify ($sq);
|
||
|
if (pgpverify ('./messages/gnu', 'usenet@gnu.org') == VERIFY_NOCERT) {
|
||
|
print "PASS: Unknown signer (verify)\n";
|
||
|
} else {
|
||
|
print "FAIL: Unknown signer (verify)\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
|
||
|
sign_verify_roundtrip_test ('signcontrol-sq-fingerprint', $sq, $sq, '4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73');
|
||
|
sign_verify_roundtrip_test ('signcontrol-sq-userid', $sq, $sq, 'testing.sq');
|
||
|
|
||
|
# Interoperability test - verify with GnuPG the message signed
|
||
|
# with sq
|
||
|
fix_pgpverify ($gpg, './keyring/');
|
||
|
if (pgpverify ('./tmp/signed_signcontrol-sq-userid', 'testing.sq') == VERIFY_OK) {
|
||
|
print "PASS: Sign with sq, verify with gpg\n";
|
||
|
} else {
|
||
|
print "FAIL: Sign with sq, verify with gpg\n";
|
||
|
$failed++;
|
||
|
}
|
||
|
$tests++;
|
||
|
|
||
|
print "\nTOTAL: Tests $tests Failed $failed\n";
|
||
|
|
||
|
|