summaryrefslogtreecommitdiff
path: root/tests/keytrans
blob: 3aaed50cfc498fce2ab2bf83a5bbfd60d7641734 (plain)
  1. #!/usr/bin/env bash
  2. # Tests to ensure that the monkeysphere is working
  3. # Authors:
  4. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  5. # Jameson Rollins <jrollins@fifthhorseman.net>
  6. # Micah Anderson <micah@riseup.net>
  7. #
  8. # Copyright: 2008-2009
  9. # License: GPL v3 or later
  10. # these tests should all be able to run as a non-privileged user.
  11. # all subcommands in this script should complete without failure:
  12. set -e
  13. # piped commands should return the code of the first non-zero return
  14. set -o pipefail
  15. # make sure the TESTDIR is an absolute path, not a relative one.
  16. export TESTDIR=$(cd $(dirname "$0") && pwd)
  17. source "$TESTDIR"/common
  18. perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.
  19. On debian-derived systems, you can set this up with:
  20. apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
  21. perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.
  22. On debian-derived systems, you can set this up with:
  23. apt-get install libdigest-sha1-perl" ; exit 1; }
  24. ######################################################################
  25. ### SETUP VARIABLES
  26. ## set up some variables to ensure that we're operating strictly in
  27. ## the tests, not system-wide:
  28. mkdir -p "$TESTDIR"/tmp
  29. TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX")
  30. mkdir "$TEMPDIR"/bin
  31. ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh
  32. ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
  33. ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans
  34. # Use the local copy of executables first, instead of system ones.
  35. # This should help us test without installing.
  36. export PATH="$TEMPDIR"/bin:"$PATH"
  37. ## setup trap
  38. trap failed_cleanup EXIT
  39. ######################################################################
  40. ### TEST KEYTRANS
  41. echo "##################################################"
  42. echo "### generating openpgp key..."
  43. export GNUPGHOME="$TEMPDIR"
  44. chmod 700 "$TEMPDIR"
  45. # create the key with the same preferences that monkeysphere uses.
  46. cat > "$TEMPDIR"/gpg.conf <<EOF
  47. default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES
  48. cert-digest-algo SHA256
  49. list-options show-uid-validity,show-unusable-uids
  50. EOF
  51. # generate a key
  52. gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF
  53. Key-Type: RSA
  54. Key-Length: 1024
  55. Key-Usage: sign
  56. Name-Real: testtest
  57. Expire-Date: 0
  58. %commit
  59. %echo done
  60. EOF
  61. echo "##################################################"
  62. echo "### retrieving key timestamp..."
  63. timestamp=$(gpg --list-key --with-colons --fixed-list-mode | \
  64. grep ^pub: | cut -d: -f6)
  65. echo "##################################################"
  66. echo "### exporting key to ssh file..."
  67. gpg --export-secret-key | openpgp2ssh > \
  68. "$TEMPDIR"/test.pem
  69. gpg --export-secret-key > "$TEMPDIR"/secret.key
  70. PEM2OPENPGP_USAGE_FLAGS=sign,certify \
  71. PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \
  72. < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key
  73. echo "##################################################"
  74. echo "### reconvert key, and compare to key in gpg keyring..."
  75. diff -u \
  76. <(gpg --list-packets < "$TEMPDIR"/secret.key) \
  77. <(gpg --list-packets < "$TEMPDIR"/converted.secret.key)
  78. diff -u \
  79. <(hd "$TEMPDIR"/secret.key) \
  80. <(hd "$TEMPDIR"/converted.secret.key)
  81. KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:)
  82. KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40)
  83. echo "conversions look good!"
  84. echo "Now working with key $KEYID at time $timestamp"
  85. gpg --check-trustdb
  86. gpg --list-keys
  87. echo "##################################################"
  88. echo "### test User ID addition..."
  89. < "$TEMPDIR"/secring.gpg \
  90. PEM2OPENPGP_TIMESTAMP="$timestamp" \
  91. PEM2OPENPGP_USAGE_FLAGS=sign,certify \
  92. keytrans adduserid "$KEYID" "monkeymonkey" | gpg --import
  93. gpg --check-trustdb
  94. gpg --list-keys
  95. cat >"$TEMPDIR"/expectedout <<EOF
  96. pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
  97. uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
  98. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
  99. uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
  100. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
  101. EOF
  102. diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
  103. echo "##################################################"
  104. echo "### sleeping to avoid test suite breakage on fast"
  105. echo "### processors (see http://bugs.debian.org/591118)"
  106. sleep 2
  107. echo "##################################################"
  108. echo "### test User ID revocation ... "
  109. revtime=$(($timestamp + 1))
  110. < "$TEMPDIR"/secring.gpg \
  111. PEM2OPENPGP_TIMESTAMP="$revtime" \
  112. keytrans revokeuserid "$KEYID" "testtest" | gpg --import
  113. gpg --check-trustdb
  114. gpg --list-keys
  115. cat >"$TEMPDIR"/expectedout <<EOF
  116. pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
  117. uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
  118. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
  119. uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
  120. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
  121. rev:!::1:$KEYID:$revtime::::monkeymonkey:30x:
  122. EOF
  123. diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
  124. echo "##################################################"
  125. echo "### test working with two primary keys ... "
  126. ssh-keygen -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey
  127. PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \
  128. PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \
  129. < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg
  130. NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs)
  131. NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40)
  132. < "$TEMPDIR"/newkey.gpg gpg --import
  133. < "$TEMPDIR"/secring.gpg \
  134. PEM2OPENPGP_TIMESTAMP="$timestamp" \
  135. keytrans adduserid "$KEYID" "baz" | gpg --import
  136. cat >"$TEMPDIR"/expectedout <<EOF
  137. pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
  138. uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
  139. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
  140. uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
  141. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
  142. rev:!::1:$KEYID:$revtime::::monkeymonkey:30x:
  143. uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz:
  144. sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
  145. pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA:
  146. uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar:
  147. sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x:
  148. EOF
  149. echo "test: diff expected gpg list output"
  150. diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
  151. sort >"$TEMPDIR"/expectedout <<EOF
  152. $KEYFPR
  153. $NEWKEYFPR
  154. EOF
  155. echo "test: diff expected keytrans listfpr output"
  156. diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs | sort )
  157. ## FIXME: addtest: not testing subkeys at the moment.
  158. trap - EXIT
  159. echo "##################################################"
  160. echo " Monkeysphere keytrans test completed successfully!"
  161. echo "##################################################"
  162. cleanup