DandelionNStuff/dkimpy-milter-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand test suite to cover RSA as well as ed25519

Browse Source
This commit is contained in:
Daniel Kahn Gillmor
2019-02-21 10:49:22 -05:00
parent 479820a07d
commit ad8f396db0
4 changed files with 112 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/00_minimal.miltertest
+10 -6
View File
@@ -1,8 +1,12 @@
-- -*- lua -*- -- -*- lua -*-
mt.echo("beginning test") for _, keytype in ipairs({"ed25519", "rsa"}) do
conn = mt.connect("unix:signing.sock") for _, func in ipairs({"signing", "verify"}) do
if conn == nil then mt.echo("testing "..keytype.." "..func)
error "mt.connect() failed" conn = mt.connect("unix:"..keytype.."."..func..".sock")
if conn == nil then
error("mt.connect() failed "..keytype.." "..func)
end
mt.disconnect(conn)
mt.echo(keytype.." "..func.." complete")
end
end end
mt.disconnect(conn)
mt.echo("test complete")
tests/01_connect.miltertest
+32 -28
View File
@@ -1,36 +1,40 @@
-- -*- lua -*- -- -*- lua -*-
mt.echo("beginning test") for _, keytype in ipairs({"ed25519", "rsa"}) do
conn = mt.connect("unix:signing.sock") for _, func in ipairs({"signing", "verify"}) do
if conn == nil then mt.echo("testing "..keytype.." "..func)
error "mt.connect() failed" conn = mt.connect("unix:"..keytype.."."..func..".sock")
end if conn == nil then
if mt.conninfo(conn, "localhost", "127.0.0.1") ~= nil then error("mt.connect() failed "..keytype.." "..func)
error "mt.conninfo() failed" end
end if mt.conninfo(conn, "localhost", "127.0.0.1") ~= nil then
if mt.getreply(conn) ~= SMFIR_CONTINUE then error("mt.conninfo() failed "..keytype.." "..func)
error "mt.conninfo() unexpected reply" end
end if mt.getreply(conn) ~= SMFIR_CONTINUE then
error("mt.conninfo() unexpected reply "..keytype.." "..func)
end
if mt.test_action(conn, SMFIF_ADDHDRS) then if mt.test_action(conn, SMFIF_ADDHDRS) then
print "could add headers" print("could add headers "..keytype.." "..func)
else else
error "mt.test_action() says could not add headers" error("mt.test_action() says could not add headers "..keytype.." "..func)
end end
if mt.test_action(conn, SMFIF_CHGHDRS) then if mt.test_action(conn, SMFIF_CHGHDRS) then
print "could change headers" print("could change headers "..keytype.." "..func)
else else
error "mt.test_action() says could not change headers" error("mt.test_action() says could not change headers "..keytype.." "..func)
end end
-- -- FIXME: this part of the test fails, as apparently the -- -- FIXME: this part of the test fails, as apparently the
-- -- dkimpy-milter claims the right to change the body of a message, -- -- dkimpy-milter claims the right to change the body of a message,
-- -- even though it shouldn't. How can we fix the negotiation? -- -- even though it shouldn't. How can we fix the negotiation?
-- if mt.test_action(conn, SMFIF_CHGBODY) then -- if mt.test_action(conn, SMFIF_CHGBODY) then
-- error "mt.test_action() says could change body" -- error("mt.test_action() says could change body "..keytype.." "..func)
-- else -- else
-- print "could not change body" -- print("could not change body "..keytype.." "..func)
-- end -- end
mt.disconnect(conn) mt.disconnect(conn)
mt.echo("test complete") mt.echo(keytype.." "..func.." test complete")
end
end
tests/02_sign_message.miltertest
+28 -26
View File
@@ -1,5 +1,4 @@
-- -*- lua -*- -- -*- lua -*-
mt.echo("beginning test")
msg = { msg = {
['headers'] = { ['headers'] = {
@@ -70,29 +69,32 @@ function connect_and_send (sockname, headers, body)
return conn return conn
end end
signing = connect_and_send("unix:signing.sock", msg.headers, msg.body) for _, keytype in ipairs({"ed25519", "rsa"}) do
-- verify that a test header field got added mt.echo("testing "..keytype)
if not mt.eom_check(signing, MT_HDRINSERT) then signing = connect_and_send("unix:"..keytype..".signing.sock", msg.headers, msg.body)
error "no header added by signer" -- verify that a test header field got added
if not mt.eom_check(signing, MT_HDRINSERT) then
error "no header added by signer"
end
signature = mt.getheader(signing, "DKIM-Signature", 0)
mt.disconnect(signing)
mt.echo("DKIM-Signature: " .. signature)
msg.headers['DKIM-Signature'] = signature
verify = connect_and_send("unix:"..keytype..".verify.sock", msg.headers, msg.body)
if not mt.eom_check(verify, MT_HDRINSERT) then
error "no header added in verify"
end
authres = mt.getheader(verify, "Authentication-Results", 0)
mt.echo("Authentication-Results: "..authres)
mt.disconnect(verify)
mt.echo(keytype.." complete")
end end
signature = mt.getheader(signing, "DKIM-Signature", 0)
mt.disconnect(signing)
mt.echo("DKIM-Signature: " .. signature)
msg.headers['DKIM-Signature'] = signature
verify = connect_and_send("unix:verify.sock", msg.headers, msg.body)
if not mt.eom_check(verify, MT_HDRINSERT) then
error "no header added in verify"
end
authres = mt.getheader(verify, "Authentication-Results", 0)
mt.echo("Authentication-Results: "..authres)
mt.disconnect(verify)
mt.echo("test complete")
tests/runtests
+42 -25
View File
@@ -4,55 +4,72 @@ set -e
WORKDIR=$(mktemp -d) WORKDIR=$(mktemp -d)
TESTDIR=$(realpath "$(dirname "$0")") TESTDIR=$(realpath "$(dirname "$0")")
DKIMPY_MILTER=${DKIMPY_MILTER:-"$TESTDIR/dkimpy-milter"} DKIMPY_MILTER=${DKIMPY_MILTER:-"$TESTDIR/dkimpy-milter"}
KEY_TYPES=(ed25519 rsa)
cd "$WORKDIR" cd "$WORKDIR"
printf "Testing %s from directory %s\n" "$DKIMPY_MILTER" "$WORKDIR" printf "Testing %s from directory %s\n" "$DKIMPY_MILTER" "$WORKDIR"
dknewkey --ktype ed25519 testkey for keytype in "${KEY_TYPES[@]}"; do
cat > signing.conf <<EOF dknewkey --ktype "$keytype" "testkey.$keytype"
if [ "$keytype" = ed25519 ]; then
keyfile=KeyFileEd25519
selector=SelectorEd25519
else
keyfile=KeyFile
selector=Selector
fi
cat > "$keytype.signing.conf" <<EOF
Domain example.net Domain example.net
KeyFileEd25519 testkey.key $keyfile testkey.$keytype.key
SelectorEd25519 testkey $selector testkey
Socket unix:signing.sock Socket unix:$keytype.signing.sock
PidFile signing.pid PidFile $keytype.signing.pid
Mode s Mode s
UserID $(id --name --user):$(id --name --group) UserID $(id --name --user):$(id --name --group)
EOF EOF
cat > verify.conf <<EOF cat > "$keytype.verify.conf" <<EOF
Socket unix:verify.sock Socket unix:$keytype.verify.sock
PidFile verify.pid PidFile $keytype.verify.pid
Mode v Mode v
DNSOverride $(cat testkey.dns) DNSOverride $(cat testkey.$keytype.dns)
UserID $(id --name --user):$(id --name --group) UserID $(id --name --user):$(id --name --group)
EOF EOF
done
cleanup() { cleanup() {
echo cleaning up jobs: echo cleaning up jobs:
jobs jobs
if [ -s signing.pid ] && kill -0 "$(cat signing.pid)"; then for keytype in "${KEY_TYPES[@]}"; do
kill "$(cat signing.pid)" for func in signing verify; do
fi if [ -s "$keytype.$func.pid" ] && kill -0 "$(cat "$keytype.$func.pid")"; then
if [ -s verify.pid ] && kill -0 "$(cat verify.pid)"; then kill "$(cat $keytype.$func.pid)"
kill "$(cat verify.pid)" fi
fi done
done
wait wait
for errdata in signing.stderr verify.stderr; do for keytype in "${KEY_TYPES[@]}"; do
if [ -s "$errdata" ]; then for func in signing verify; do
printf -- "-> %s:\n" "$errdata" errdata="$keytype.$func.stderr"
cat "$errdata" if [ -s "$errdata" ]; then
printf -- "-> end %s\n" "$errdata" printf -- "-> %s:\n" "$errdata"
fi cat "$errdata"
printf -- "-> end %s\n" "$errdata"
fi
done
done done
rm -rf "$WORKDIR" rm -rf "$WORKDIR"
} }
PYTHONPATH="$(dirname "$TESTDIR")" "$DKIMPY_MILTER" signing.conf 2>signing.stderr & for keytype in "${KEY_TYPES[@]}"; do
PYTHONPATH="$(dirname "$TESTDIR")" "$DKIMPY_MILTER" verify.conf 2>verify.stderr & for func in signing verify; do
PYTHONPATH="$(dirname "$TESTDIR")" "$DKIMPY_MILTER" "$keytype.$func.conf" 2>"$keytype.$func.stderr" &
done
done
trap cleanup EXIT trap cleanup EXIT
# ugly ugly (how are we supposed to know that the filter is ready?): # ugly ugly (how are we supposed to know that the milters are all ready?):
sleep 2 sleep 2
# uses miltertest from opendkim: # uses miltertest from opendkim: