From ad8f396db0700e5bc351d74d2fa57f71df464026 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 21 Feb 2019 10:49:22 -0500
Subject: [PATCH] Expand test suite to cover RSA as well as ed25519

---
 tests/00_minimal.miltertest      | 16 +++++---
 tests/01_connect.miltertest      | 60 +++++++++++++++-------------
 tests/02_sign_message.miltertest | 54 ++++++++++++-------------
 tests/runtests                   | 67 ++++++++++++++++++++------------
 4 files changed, 112 insertions(+), 85 deletions(-)

diff --git a/tests/00_minimal.miltertest b/tests/00_minimal.miltertest
index a07b48e..fbe0849 100644
--- a/tests/00_minimal.miltertest
+++ b/tests/00_minimal.miltertest
@@ -1,8 +1,12 @@
 -- -*- lua -*-
-mt.echo("beginning test")
-conn = mt.connect("unix:signing.sock")
-if conn == nil then
-  error "mt.connect() failed"
+for _, keytype in ipairs({"ed25519", "rsa"}) do
+   for _, func in ipairs({"signing", "verify"}) do
+      mt.echo("testing "..keytype.." "..func)
+      conn = mt.connect("unix:"..keytype.."."..func..".sock")
+      if conn == nil then
+         error("mt.connect() failed "..keytype.." "..func)
+      end
+      mt.disconnect(conn)
+      mt.echo(keytype.." "..func.." complete")
+   end
 end
-mt.disconnect(conn)
-mt.echo("test complete")
diff --git a/tests/01_connect.miltertest b/tests/01_connect.miltertest
index 4d20bd2..2f43eff 100755
--- a/tests/01_connect.miltertest
+++ b/tests/01_connect.miltertest
@@ -1,36 +1,40 @@
 -- -*- lua -*-
-mt.echo("beginning test")
-conn = mt.connect("unix:signing.sock")
-if conn == nil then
-  error "mt.connect() failed"
-end
-if mt.conninfo(conn, "localhost", "127.0.0.1") ~= nil then
-  error "mt.conninfo() failed"
-end
-if mt.getreply(conn) ~= SMFIR_CONTINUE then
-     error "mt.conninfo() unexpected reply"
-end
+for _, keytype in ipairs({"ed25519", "rsa"}) do
+   for _, func in ipairs({"signing", "verify"}) do
+      mt.echo("testing "..keytype.." "..func)
+      conn = mt.connect("unix:"..keytype.."."..func..".sock")
+      if conn == nil then
+         error("mt.connect() failed "..keytype.." "..func)
+      end
+      if mt.conninfo(conn, "localhost", "127.0.0.1") ~= nil then
+         error("mt.conninfo() failed "..keytype.." "..func)
+      end
+      if mt.getreply(conn) ~= SMFIR_CONTINUE then
+         error("mt.conninfo() unexpected reply "..keytype.." "..func)
+      end
 
-if mt.test_action(conn, SMFIF_ADDHDRS) then
-   print "could add headers"
-else
-   error "mt.test_action() says could not add headers"
-end
+      if mt.test_action(conn, SMFIF_ADDHDRS) then
+         print("could add headers "..keytype.." "..func)
+      else
+         error("mt.test_action() says could not add headers "..keytype.." "..func)
+      end
 
-if mt.test_action(conn, SMFIF_CHGHDRS) then
-   print "could change headers"
-else
-   error "mt.test_action() says could not change headers"
-end
+      if mt.test_action(conn, SMFIF_CHGHDRS) then
+         print("could change headers "..keytype.." "..func)
+      else
+         error("mt.test_action() says could not change headers "..keytype.." "..func)
+      end
 
 -- -- FIXME: this part of the test fails, as apparently the
 -- -- dkimpy-milter claims the right to change the body of a message,
 -- -- even though it shouldn't.  How can we fix the negotiation?
--- if mt.test_action(conn, SMFIF_CHGBODY) then
---   error "mt.test_action() says could change body"
--- else
---   print "could not change body"
--- end
+--      if mt.test_action(conn, SMFIF_CHGBODY) then
+--         error("mt.test_action() says could change body "..keytype.." "..func)
+--      else
+--         print("could not change body "..keytype.." "..func)
+--      end
 
-mt.disconnect(conn)
-mt.echo("test complete")
+      mt.disconnect(conn)
+      mt.echo(keytype.." "..func.." test complete")
+   end
+end
diff --git a/tests/02_sign_message.miltertest b/tests/02_sign_message.miltertest
index 6bd4f4b..cb5e7ff 100644
--- a/tests/02_sign_message.miltertest
+++ b/tests/02_sign_message.miltertest
@@ -1,5 +1,4 @@
 -- -*- lua -*-
-mt.echo("beginning test")
 
 msg = {
    ['headers'] = {
@@ -70,29 +69,32 @@ function connect_and_send (sockname, headers, body)
    return conn
 end
 
-signing = connect_and_send("unix:signing.sock", msg.headers, msg.body)
--- verify that a test header field got added
-if not mt.eom_check(signing, MT_HDRINSERT) then
-   error "no header added by signer"
+for _, keytype in ipairs({"ed25519", "rsa"}) do
+   mt.echo("testing "..keytype)
+   signing = connect_and_send("unix:"..keytype..".signing.sock", msg.headers, msg.body)
+   -- verify that a test header field got added
+   if not mt.eom_check(signing, MT_HDRINSERT) then
+      error "no header added by signer"
+   end
+
+   signature = mt.getheader(signing, "DKIM-Signature", 0)
+
+   mt.disconnect(signing)
+
+   mt.echo("DKIM-Signature: " .. signature)
+
+   msg.headers['DKIM-Signature'] = signature
+
+   verify = connect_and_send("unix:"..keytype..".verify.sock", msg.headers, msg.body)
+
+   if not mt.eom_check(verify, MT_HDRINSERT) then
+      error "no header added in verify"
+   end
+
+   authres = mt.getheader(verify, "Authentication-Results", 0)
+   mt.echo("Authentication-Results: "..authres)
+
+   mt.disconnect(verify)
+
+   mt.echo(keytype.." complete")
 end
-
-signature = mt.getheader(signing, "DKIM-Signature", 0)
-
-mt.disconnect(signing)
-
-mt.echo("DKIM-Signature: " .. signature)
-
-msg.headers['DKIM-Signature'] = signature
-
-verify = connect_and_send("unix:verify.sock", msg.headers, msg.body)
-
-if not mt.eom_check(verify, MT_HDRINSERT) then
-   error "no header added in verify"
-end
-
-authres = mt.getheader(verify, "Authentication-Results", 0)
-mt.echo("Authentication-Results: "..authres)
-
-mt.disconnect(verify)
-
-mt.echo("test complete")
diff --git a/tests/runtests b/tests/runtests
index d535e9f..7878f17 100755
--- a/tests/runtests
+++ b/tests/runtests
@@ -4,55 +4,72 @@ set -e
 WORKDIR=$(mktemp -d)
 TESTDIR=$(realpath "$(dirname "$0")")
 DKIMPY_MILTER=${DKIMPY_MILTER:-"$TESTDIR/dkimpy-milter"}
+KEY_TYPES=(ed25519 rsa)
 
 cd "$WORKDIR"
 
 printf "Testing %s from directory %s\n" "$DKIMPY_MILTER" "$WORKDIR"
 
-dknewkey --ktype ed25519 testkey
-cat > signing.conf <<EOF
+for keytype in "${KEY_TYPES[@]}"; do
+    dknewkey --ktype "$keytype" "testkey.$keytype"
+    if [ "$keytype" = ed25519 ]; then
+        keyfile=KeyFileEd25519
+        selector=SelectorEd25519
+    else
+        keyfile=KeyFile
+        selector=Selector
+    fi
+    cat > "$keytype.signing.conf" <<EOF
 Domain example.net
-KeyFileEd25519 testkey.key
-SelectorEd25519 testkey
-Socket unix:signing.sock
-PidFile signing.pid
+$keyfile testkey.$keytype.key
+$selector testkey
+Socket unix:$keytype.signing.sock
+PidFile $keytype.signing.pid
 Mode s
 UserID $(id --name --user):$(id --name --group)
 EOF
 
-cat > verify.conf <<EOF
-Socket unix:verify.sock
-PidFile verify.pid
+    cat > "$keytype.verify.conf" <<EOF
+Socket unix:$keytype.verify.sock
+PidFile $keytype.verify.pid
 Mode v
-DNSOverride $(cat testkey.dns)
+DNSOverride $(cat testkey.$keytype.dns)
 UserID $(id --name --user):$(id --name --group)
 EOF
+done
 
 cleanup() {
     echo cleaning up jobs:
     jobs
-    if [ -s signing.pid ] && kill -0 "$(cat signing.pid)"; then
-        kill "$(cat signing.pid)"
-    fi
-    if [ -s verify.pid ] && kill -0 "$(cat verify.pid)"; then
-        kill "$(cat verify.pid)"
-    fi
+    for keytype in "${KEY_TYPES[@]}"; do
+        for func in signing verify; do
+            if [ -s "$keytype.$func.pid" ] && kill -0 "$(cat "$keytype.$func.pid")"; then
+                kill "$(cat $keytype.$func.pid)"
+            fi
+        done
+    done
     wait
-    for errdata in signing.stderr verify.stderr; do
-        if [ -s "$errdata" ]; then
-            printf -- "-> %s:\n" "$errdata"
-            cat "$errdata"
-            printf -- "-> end %s\n" "$errdata"
-        fi
+    for keytype in "${KEY_TYPES[@]}"; do
+        for func in signing verify; do
+            errdata="$keytype.$func.stderr"
+            if [ -s "$errdata" ]; then
+                printf -- "-> %s:\n" "$errdata"
+                cat "$errdata"
+                printf -- "-> end %s\n" "$errdata"
+            fi
+        done
     done
     rm -rf "$WORKDIR"
 }
 
-PYTHONPATH="$(dirname "$TESTDIR")" "$DKIMPY_MILTER" signing.conf 2>signing.stderr &
-PYTHONPATH="$(dirname "$TESTDIR")" "$DKIMPY_MILTER" verify.conf 2>verify.stderr &
+for keytype in "${KEY_TYPES[@]}"; do
+    for func in signing verify; do
+        PYTHONPATH="$(dirname "$TESTDIR")" "$DKIMPY_MILTER" "$keytype.$func.conf" 2>"$keytype.$func.stderr" &
+    done
+done
 trap cleanup EXIT
 
-# ugly ugly (how are we supposed to know that the filter is ready?):
+# ugly ugly (how are we supposed to know that the milters are all ready?):
 sleep 2
 
 # uses miltertest from opendkim: