From 479820a07d722a35eba89ebd70ef2d152bf3b88e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 19 Feb 2019 00:31:19 -0500 Subject: [PATCH] tests: test DKIM signing and verification This test makes use of DNSOverride and the new verifying milter to ensure that signatures can be verified properly. It doesn't test the actual interaction with the public DNS, but getting that kind of test to work on arbitrary platforms might be more trouble than it's worth. I note that the DNSOverride only works as long as testkey.dns is a single line, which is fine for ed25519, but maybe not for RSA. --- tests/02_sign_message.miltertest | 98 ++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 tests/02_sign_message.miltertest diff --git a/tests/02_sign_message.miltertest b/tests/02_sign_message.miltertest new file mode 100644 index 0000000..6bd4f4b --- /dev/null +++ b/tests/02_sign_message.miltertest @@ -0,0 +1,98 @@ +-- -*- lua -*- +mt.echo("beginning test") + +msg = { + ['headers'] = { + ['From'] = 'Alice ', + ['Message-Id'] = '', + ['To'] = 'Bob ', + ['Date'] = 'Mon, 18 Feb 2019 08:32:50 -0500', + ['Subject'] = 'Signing test', + ['Content-Type'] = 'text/plain', + }, + ['body'] = "This is a test!\r\n", +} + +-- returns miltertest connection object +function connect_and_send (sockname, headers, body) + conn = mt.connect(sockname) + if conn == nil then + error "mt.connect() failed" + end + if mt.conninfo(conn, "localhost", "127.0.0.1") ~= nil then + error "mt.conninfo() failed" + end + if mt.getreply(conn) ~= SMFIR_CONTINUE then + error "mt.conninfo() unexpected reply" + end + + -- mt.macro(conn, SMFIC_MAIL, "i", "simple-message") + if mt.mailfrom(conn, "") ~= nil then + error "mt.mailfrom() failed" + end + if mt.getreply(conn) ~= SMFIR_CONTINUE then + error "mt.mailfrom() unexpected reply" + end + -- mt.rcptto() is called implicitly + + -- send headers + for key,value in pairs(headers) do + if mt.header(conn, key, value) ~= nil then + error("mt.header(" .. key .. ") failed") + end + if mt.getreply(conn) ~= SMFIR_CONTINUE then + error("mt.header(" .. key .. ") unexpected reply") + end + end + -- send EOH + if mt.eoh(conn) ~= nil then + error "mt.eoh() failed" + end + if mt.getreply(conn) ~= SMFIR_CONTINUE then + error "mt.eoh() unexpected reply" + end + + -- send body + if mt.bodystring(conn, body) ~= nil then + error "mt.bodystring() failed" + end + if mt.getreply(conn) ~= SMFIR_CONTINUE then + error "mt.bodystring() unexpected reply" + end + -- end of message; let the filter react + if mt.eom(conn) ~= nil then + error "mt.eom() failed" + end + reply = mt.getreply(conn) + if reply ~= SMFIR_CONTINUE then + error ("mt.eom() unexpected reply: " .. reply) + end + return conn +end + +signing = connect_and_send("unix:signing.sock", msg.headers, msg.body) +-- verify that a test header field got added +if not mt.eom_check(signing, MT_HDRINSERT) then + error "no header added by signer" +end + +signature = mt.getheader(signing, "DKIM-Signature", 0) + +mt.disconnect(signing) + +mt.echo("DKIM-Signature: " .. signature) + +msg.headers['DKIM-Signature'] = signature + +verify = connect_and_send("unix:verify.sock", msg.headers, msg.body) + +if not mt.eom_check(verify, MT_HDRINSERT) then + error "no header added in verify" +end + +authres = mt.getheader(verify, "Authentication-Results", 0) +mt.echo("Authentication-Results: "..authres) + +mt.disconnect(verify) + +mt.echo("test complete")