From f7f327d29ef2e3468e496c6483d8f7b1e77b9126 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 27 Oct 2010 01:49:04 -0400 Subject: [PATCH] added simple test suite (must currently be executed manually) --- Changelog | 3 +- tests/basic | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100755 tests/basic diff --git a/Changelog b/Changelog index 8914598..425ea2e 100644 --- a/Changelog +++ b/Changelog @@ -7,8 +7,9 @@ msva-perl (0.6~pre) upstream; * Refactor logging code * If we have Gtk2, Linux::Inotify2, and AnyEvent, we should monitor for updates and prompt the user when we notice one. (closes MS #2540) + * Added tests/basic, as a simple test of a few functions (closes MS #2537) - -- Daniel Kahn Gillmor Tue, 26 Oct 2010 22:49:40 -0400 + -- Daniel Kahn Gillmor Wed, 27 Oct 2010 01:47:50 -0400 msva-perl (0.5) upstream; diff --git a/tests/basic b/tests/basic new file mode 100755 index 0000000..266d8a2 --- /dev/null +++ b/tests/basic @@ -0,0 +1,88 @@ +#!/bin/bash + +# simple set of tests to exercise the msva. + +# these tests currently depend on the user having the following tools +# installed locally: + +# monkeysphere (for pem2openpgp) +# openssl (for openssl req) +# gpg (for obvious reasons) +# bash (yes, this test script isn't posix-compliant) + +# note that this test requires the ability to bind on the loopback +# interface, which might not be possible in some build environments. + +# Author: Daniel Kahn Gillmor +# Copyright: 2010 +# License: This is licensed under the GPL v3 or later +# (see the top-level COPYING file in this distribution) + +set -e + +srcdir=$(dirname $0)/.. + +REPS=5 + +printf "testing %d reps of simple/quick true/false:\n" "$REPS" +for n in $(seq 1 "$REPS") ; do + "${srcdir}"/test-msva msva-perl true + printf "+" + ! "${srcdir}"/test-msva msva-perl false + printf "-" +done +printf "\ndone\n" + +WORKDIR=$(mktemp -d) +mkdir -m 0700 "${WORKDIR}/"{x509,sec,gnupg} +export GNUPGHOME="${WORKDIR}/gnupg" + +if gpg --quick-random --version ; then + GPGQR=--quick-random +elif gpg --debug-quick-random --version ; then + GPGQR=--debug-quick-random +else + GPGQR= +fi + +# make a CA +printf "Key-Type: RSA\nKey-Length: 1024\nKey-Usage: sign\nName-Real: MSVA Test Certificate Authority (DO NOT USE!)\n" | gpg --batch --no-tty $GPGQR --gen-key + +# make 3 websites (X, Y, and Z) with self-signed certs: +for name in x y z ; do + openssl req -x509 -subj "/CN=${name}.example.net/" -nodes -sha256 -newkey rsa:1024 -keyout "${WORKDIR}/sec/${name}.key" -outform DER -out "${WORKDIR}/x509/${name}.der" +done + +# translate X and Y's keys into OpenPGP cert +for name in x y; do + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "https://${name}.example.net" < "${WORKDIR}/sec/${name}.key" | gpg --import +done + +runtests() { + # X should not validate as X or Y or Z: + for name in x y z; do + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509der < "${WORKDIR}/x509/x.der" + done + + # certify X's OpenPGP cert with CA + gpg --batch --yes --sign-key https://x.example.net + + # X should now validate as X + "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net x509der < "${WORKDIR}/x509/x.der" + + # but X should not validate as Y or Z: + for name in x y z; do + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509der < "${WORKDIR}/x509/x.der" + done + + # neither Y nor Z should validate as any of them: + for src in y z; do + for targ in x y z; do + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${targ}.example.net" x509der < "${WORKDIR}/x509/${src}.der" + done + done +} + +MSVA_KEYSERVER_POLICY=never runtests + +rm -rf "$WORKDIR" -- 2.26.2