summaryrefslogtreecommitdiff
path: root/tests/keytrans
blob: 411b42ec2b0c5cdc883a5530eb1f3d15c7c449e8 (plain) 
    

  1. #!/usr/bin/env bash
    2. 

  2. 

  3. # Tests to ensure that the monkeysphere is working
    4. 

  4. 

  5. # Authors: 
    6. 

  6. #   Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    7. 

  7. #   Jameson Rollins <jrollins@fifthhorseman.net>
    8. 

  8. #   Micah Anderson <micah@riseup.net> 
    9. 

  9. #
    10. 

  10. # Copyright: 2008-2009
    11. 

  11. # License: GPL v3 or later
    12. 

  12. 

  13. # these tests should all be able to run as a non-privileged user.
    14. 

  14. 

  15. # all subcommands in this script should complete without failure:
    16. 

  16. set -e
    17. 

  17. # piped commands should return the code of the first non-zero return
    18. 

  18. set -o pipefail
    19. 

  19. 

  20. # make sure the TESTDIR is an absolute path, not a relative one.
    21. 

  21. export TESTDIR=$(cd $(dirname "$0") && pwd)
    22. 

  22. 

  23. source "$TESTDIR"/common
    24. 

  24. 

  25. perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.  
    26. 

  26. On debian-derived systems, you can set this up with:
    27. 

  27.   apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
    28. 

  28. 

  29. perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.  
    30. 

  30. On debian-derived systems, you can set this up with:
    31. 

  31.   apt-get install libdigest-sha1-perl" ; exit 1; }
    32. 

  32. 

  33. 

  34. ######################################################################
    35. 

  35. ### SETUP VARIABLES
    36. 

  36. 

  37. ## set up some variables to ensure that we're operating strictly in
    38. 

  38. ## the tests, not system-wide:
    39. 

  39. 

  40. mkdir -p "$TESTDIR"/tmp
    41. 

  41. TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX")
    42. 

  42. 

  43. mkdir "$TEMPDIR"/bin
    44. 

  44. ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh
    45. 

  45. ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
    46. 

  46. ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans
    47. 

  47. 

  48. # Use the local copy of executables first, instead of system ones.
    49. 

  49. # This should help us test without installing.
    50. 

  50. export PATH="$TEMPDIR"/bin:"$PATH"
    51. 

  51. 

  52. ## setup trap
    53. 

  53. trap failed_cleanup EXIT
    54. 

  54. 

  55. ######################################################################
    56. 

  56. ### TEST KEYTRANS
    57. 

  57. 

  58. echo "##################################################"
    59. 

  59. echo "### generating openpgp key..."
    60. 

  60. export GNUPGHOME="$TEMPDIR"
    61. 

  61. chmod 700 "$TEMPDIR"
    62. 

  62. 

  63. 

  64. # create the key with the same preferences that monkeysphere uses.
    65. 

  65. cat > "$TEMPDIR"/gpg.conf <<EOF
    66. 

  66. default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES
    67. 

  67. cert-digest-algo SHA256
    68. 

  68. list-options show-uid-validity,show-unusable-uids
    69. 

  69. EOF
    70. 

  70. 

  71. # generate a key
    72. 

  72. gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF
    73. 

  73. Key-Type: RSA
    74. 

  74. Key-Length: 1024
    75. 

  75. Key-Usage: sign
    76. 

  76. Name-Real: testtest
    77. 

  77. Expire-Date: 0
    78. 

  78. 

  79. %commit
    80. 

  80. %echo done
    81. 

  81. EOF
    82. 

  82. 

  83. echo "##################################################"
    84. 

  84. echo "### retrieving key timestamp..."
    85. 

  85. timestamp=$(gpg --list-key --with-colons --fixed-list-mode | \
    86. 

  86.     grep ^pub: | cut -d: -f6)
    87. 

  87. 

  88. echo "##################################################"
    89. 

  89. echo "### exporting key to ssh file..."
    90. 

  90. gpg --export-secret-key | openpgp2ssh > \
    91. 

  91.     "$TEMPDIR"/test.pem
    92. 

  92. 

  93. gpg --export-secret-key > "$TEMPDIR"/secret.key
    94. 

  94. 

  95. PEM2OPENPGP_USAGE_FLAGS=sign,certify \
    96. 

  96. PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \
    97. 

  97.  < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key
    98. 

  98. 

  99. echo "##################################################"
    100. 

  100. echo "### reconvert key, and compare to key in gpg keyring..."
    101. 

  101. diff -u \
    102. 

  102.     <(gpg --list-packets < "$TEMPDIR"/secret.key) \
    103. 

  103.     <(gpg --list-packets < "$TEMPDIR"/converted.secret.key)
    104. 

  104. 

  105. diff -u \
    106. 

  106.     <(hd "$TEMPDIR"/secret.key) \
    107. 

  107.     <(hd "$TEMPDIR"/converted.secret.key)
    108. 

  108. 

  109. KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:)
    110. 

  110. KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40)
    111. 

  111. 

  112. echo "conversions look good!"
    113. 

  113. 

  114. echo "Now working with key $KEYID at time $timestamp"
    115. 

  115. 

  116. gpg --check-trustdb
    117. 

  117. gpg --list-keys
    118. 

  118. 

  119. 

  120. echo "##################################################"
    121. 

  121. echo "### test User ID addition..."
    122. 

  122. < "$TEMPDIR"/secring.gpg \
    123. 

  123. PEM2OPENPGP_TIMESTAMP="$timestamp" \
    124. 

  124.     PEM2OPENPGP_USAGE_FLAGS=sign,certify \
    125. 

  125.     keytrans adduserid "$KEYID" "monkeymonkey" | gpg --import
    126. 

  126. 

  127. gpg --check-trustdb
    128. 

  128. gpg --list-keys
    129. 

  129. 

  130. cat >"$TEMPDIR"/expectedout <<EOF
    131. 

  131. pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
    132. 

  132. uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
    133. 

  133. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
    134. 

  134. uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
    135. 

  135. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
    136. 

  136. EOF
    137. 

  137. 

  138. diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
    139. 

  139. 

  140. echo "##################################################"
    141. 

  141. echo "### test User ID revocation ... "
    142. 

  142. 

  143. revtime=$(($timestamp + 1))
    144. 

  144. 

  145. < "$TEMPDIR"/secring.gpg \
    146. 

  146. PEM2OPENPGP_TIMESTAMP="$revtime" \
    147. 

  147.     keytrans revokeuserid "$KEYID" "testtest" | gpg --import
    148. 

  148. 

  149. gpg --check-trustdb
    150. 

  150. gpg --list-keys
    151. 

  151. 

  152. cat >"$TEMPDIR"/expectedout <<EOF
    153. 

  153. pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
    154. 

  154. uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
    155. 

  155. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
    156. 

  156. uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
    157. 

  157. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
    158. 

  158. rev:!::1:$KEYID:$revtime::::monkeymonkey:30x:
    159. 

  159. EOF
    160. 

  160. 

  161. 

  162. diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
    163. 

  163. 

  164. 

  165. echo "##################################################"
    166. 

  166. echo "### test working with two primary keys ... "
    167. 

  167. 

  168. ssh-keygen -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey
    169. 

  169. 

  170. PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \
    171. 

  171. PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \
    172. 

  172.  < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg
    173. 

  173. 

  174. NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs)
    175. 

  175. NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40)
    176. 

  176. 

  177. < "$TEMPDIR"/newkey.gpg gpg --import 
    178. 

  178. 

  179. < "$TEMPDIR"/secring.gpg \
    180. 

  180. PEM2OPENPGP_TIMESTAMP="$timestamp" \
    181. 

  181.     keytrans adduserid "$KEYID" "baz" | gpg --import
    182. 

  182. 

  183. cat >"$TEMPDIR"/expectedout <<EOF
    184. 

  184. pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
    185. 

  185. uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
    186. 

  186. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
    187. 

  187. uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
    188. 

  188. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
    189. 

  189. rev:!::1:$KEYID:$revtime::::monkeymonkey:30x:
    190. 

  190. uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz:
    191. 

  191. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
    192. 

  192. pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA:
    193. 

  193. uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar:
    194. 

  194. sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x:
    195. 

  195. EOF
    196. 

  196. 

  197. echo "test: diff expected gpg list output"
    198. 

  198. diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
    199. 

  199. 

  200. sort >"$TEMPDIR"/expectedout <<EOF
    201. 

  201. $KEYFPR
    202. 

  202. $NEWKEYFPR
    203. 

  203. EOF
    204. 

  204. 

  205. echo "test: diff expected keytrans listfpr output"
    206. 

  206. diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs | sort )
    207. 

  207. 

  208. ## FIXME: addtest: not testing subkeys at the moment.
    209. 

  209. 

  210. 

  211. trap - EXIT
    212. 

  212. 

  213. echo "##################################################"
    214. 

  214. echo " Monkeysphere keytrans test completed successfully!"
    215. 

  215. echo "##################################################"
    216. 

  216. 

  217. cleanup
    218.
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-04 21:58:05 +0000