#! /usr/bin/perl -w use constant VERIFY_OK => 0; use constant VERIFY_BADDATA => 1; use constant VERIFY_NOCERT => 2; use constant VERIFY_BADSIG => 3; my $sq = '/usr/local/bin/sq'; my $gpg = '/usr/bin/gpg'; my $sq_home = "$ENV{'PWD'}/keyring/sq/home/"; $ENV{SEQUOIA_HOME} = $sq_home; my $failed = 0; my $tests = 0; sub pgpverify { my ($file, $expected) = @_; my $signer = `./tmp/pgpverify < $file`; chomp $signer; if ($? == VERIFY_OK && $signer eq $expected) { return VERIFY_OK; } else { print "pgpverify exited with status ", ($? >> 8), "\n" if $? != VERIFY_OK; print "pgpverify said the signer was $signer\n" if $signer; return $? >> 8; } } sub fix_pgpverify { my ($path, $keyring) = @_; open (BASIC, "../pgpverify") or die "Can't open ../pgpverify: $!\n"; open (FIXED, "> tmp/pgpverify") or die "Can't create pgpverify: $!\n"; while () { s%^\# \$sq = \'.*%\$sq = '$path';% if $path =~ /sq$/; s%^\# \$sq_policy_as_of = \'.*%\$sq_policy_as_of = '19970101';% if $path =~ /sq$/; s%^\# \$gpg = \'.*%\$gpg = '$path';% if $path =~ /gpg$/; s%^\# \$keyring = \'.*%\$keyring = '$keyring';% if $keyring; s%^\$syslog_method = \'.*%\$syslog_method = '';%; print FIXED; } close BASIC; close FIXED; chmod (0755, 'tmp/pgpverify'); } sub fix_signcontrol { my ($path, $signer) = @_; open (BASIC, "../signcontrol") or die "Can't open ../signcontrol: $!\n"; open (FIXED, "> tmp/signcontrol") or die "Can't create signcontrol: $!\n"; while () { s/INSERT_YOUR_PGP_USERID/$signer/; s/^my \$pgp = \".*/my \$pgp = '$path';/; s/YOUR_ADDRESS_AND_NAME/Test Signer /; s/ADDRESS_FOR_Approved_HEADER/test\@example.com/; s/FULL_HOST_NAME/example.com/; s/HIERARCHIES/example/; print FIXED; } close BASIC; close FIXED; chmod (0755, 'tmp/signcontrol'); } sub sign_verify_roundtrip_test { my ($testname, $sign_exec, $verify_exec, $signer) = @_; my $signedfile = "./tmp/signed_$testname"; fix_signcontrol ($sign_exec, $signer); my $status = system ("./tmp/signcontrol < ./messages/newgroup > $signedfile"); if ($? == 0) { print "PASS: $testname (sign)\n"; } else { print "signcontrol exited with status ", ($? >> 8), "\n"; print "FAIL: $testname (sign)\n"; $failed++; } $tests++; fix_pgpverify ($verify_exec); if (pgpverify ($signedfile, 'testing.sq') == VERIFY_OK) { print "PASS: $testname (verify)\n"; } else { print "FAIL: $testname (verify)\n"; $failed++; } $tests++; } fix_pgpverify ($sq); if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) { print "PASS: big8 newgroup (verify from default cert store)\n"; } else { print "FAIL: big8 newgroup (verify from default cert store)\n"; $failed++; } $tests++; fix_pgpverify ($sq, './keyring/sq/big8-cert.asc'); if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) { print "PASS: big8 newgroup (verify from cert file)\n"; } else { print "FAIL: big8 newgroup (verify from cert file)\n"; $failed++; } $tests++; fix_pgpverify ($sq, $sq_home); if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) { print "PASS: big8 newgroup (verify from custom cert store)\n"; } else { print "FAIL: big8 newgroup (verify from custom cert store)\n"; $failed++; } $tests++; # Corrupted message, should fail with status VERIFY_BADSIG fix_pgpverify ($sq); if (pgpverify ('./messages/comp.lang.go-corrupted.newgroup', 'news.announce.newgroups') == VERIFY_BADSIG) { print "PASS: BAD big8 newgroup (verify)\n"; } else { print "FAIL: BAD big8 newgroup (verify)\n"; $failed++; } $tests++; # Unknown signer, should fail with status VERIFY_NOCERT fix_pgpverify ($sq); if (pgpverify ('./messages/gnu', 'usenet@gnu.org') == VERIFY_NOCERT) { print "PASS: Unknown signer (verify)\n"; } else { print "FAIL: Unknown signer (verify)\n"; $failed++; } $tests++; sign_verify_roundtrip_test ('signcontrol-sq-fingerprint', $sq, $sq, '4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73'); sign_verify_roundtrip_test ('signcontrol-sq-userid', $sq, $sq, 'testing.sq'); # Interoperability test - verify with GnuPG the message signed # with sq fix_pgpverify ($gpg, './keyring/'); if (pgpverify ('./tmp/signed_signcontrol-sq-userid', 'testing.sq') == VERIFY_OK) { print "PASS: Sign with sq, verify with gpg\n"; } else { print "FAIL: Sign with sq, verify with gpg\n"; $failed++; } $tests++; print "\nTOTAL: Tests $tests Failed $failed\n";