tests: test DKIM signing and verification

This test makes use of DNSOverride and the new verifying milter to ensure that signatures can be verified properly. It doesn't test the actual interaction with the public DNS, but getting that kind of test to work on arbitrary platforms might be more trouble than it's worth. I note that the DNSOverride only works as long as testkey.dns is a single line, which is fine for ed25519, but maybe not for RSA.
2019-02-19 00:31:19 -05:00
parent 7bfb87fab7
commit 479820a07d
1 changed files with 98 additions and 0 deletions
@@ -0,0 +1,98 @@
+-- -*- lua -*-
+mt.echo("beginning test")
+
+msg = {
+   ['headers'] = {
+      ['From'] = 'Alice <alice@example.net>',
+      ['Message-Id'] = '<dkimpy-milter-test-02@example.net>',
+      ['To'] = 'Bob <bob@example.biz>',
+      ['Date'] = 'Mon, 18 Feb 2019 08:32:50 -0500',
+      ['Subject'] = 'Signing test',
+      ['Content-Type'] = 'text/plain',
+   },
+   ['body'] = "This is a test!\r\n",
+}
+
+-- returns miltertest connection object
+function connect_and_send (sockname, headers, body)
+   conn = mt.connect(sockname)
+   if conn == nil then
+      error "mt.connect() failed"
+   end
+   if mt.conninfo(conn, "localhost", "127.0.0.1") ~= nil then
+      error "mt.conninfo() failed"
+   end
+   if mt.getreply(conn) ~= SMFIR_CONTINUE then
+      error "mt.conninfo() unexpected reply"
+   end
+
+   -- mt.macro(conn, SMFIC_MAIL, "i", "simple-message")
+   if mt.mailfrom(conn, "<alice@example.net>") ~= nil then
+      error "mt.mailfrom() failed"
+   end
+   if mt.getreply(conn) ~= SMFIR_CONTINUE then
+      error "mt.mailfrom() unexpected reply"
+   end
+   -- mt.rcptto() is called implicitly
+
+   -- send headers
+   for key,value in pairs(headers) do
+      if mt.header(conn, key, value) ~= nil then
+         error("mt.header(" .. key .. ") failed")
+      end
+      if mt.getreply(conn) ~= SMFIR_CONTINUE then
+         error("mt.header(" .. key .. ") unexpected reply")
+      end
+   end
+   -- send EOH
+   if mt.eoh(conn) ~= nil then
+      error "mt.eoh() failed"
+   end
+   if mt.getreply(conn) ~= SMFIR_CONTINUE then
+      error "mt.eoh() unexpected reply"
+   end
+
+   -- send body
+   if mt.bodystring(conn, body) ~= nil then
+      error "mt.bodystring() failed"
+   end
+   if mt.getreply(conn) ~= SMFIR_CONTINUE then
+      error "mt.bodystring() unexpected reply"
+   end
+   -- end of message; let the filter react
+   if mt.eom(conn) ~= nil then
+      error "mt.eom() failed"
+   end
+   reply = mt.getreply(conn)
+   if reply ~= SMFIR_CONTINUE then
+      error ("mt.eom() unexpected reply: " .. reply)
+   end
+   return conn
+end
+
+signing = connect_and_send("unix:signing.sock", msg.headers, msg.body)
+-- verify that a test header field got added
+if not mt.eom_check(signing, MT_HDRINSERT) then
+   error "no header added by signer"
+end
+
+signature = mt.getheader(signing, "DKIM-Signature", 0)
+
+mt.disconnect(signing)
+
+mt.echo("DKIM-Signature: " .. signature)
+
+msg.headers['DKIM-Signature'] = signature
+
+verify = connect_and_send("unix:verify.sock", msg.headers, msg.body)
+
+if not mt.eom_check(verify, MT_HDRINSERT) then
+   error "no header added in verify"
+end
+
+authres = mt.getheader(verify, "Authentication-Results", 0)
+mt.echo("Authentication-Results: "..authres)
+
+mt.disconnect(verify)
+
+mt.echo("test complete")