1#!/usr/bin/env bash 2 3# Tests to ensure that the monkeysphere is working 4 5# Authors: 6# Daniel Kahn Gillmor <dkg@fifthhorseman.net> 7# Jameson Rollins <jrollins@fifthhorseman.net> 8# Micah Anderson <micah@riseup.net> 9# 10# Copyright: 2008-2009 11# License: GPL v3 or later 12 13# these tests should all be able to run as a non-privileged user. 14 15# all subcommands in this script should complete without failure: 16set -e 17# piped commands should return the code of the first non-zero return 18set -o pipefail 19 20# make sure the TESTDIR is an absolute path, not a relative one. 21export TESTDIR=$(cd $(dirname "$0") && pwd) 22 23source "$TESTDIR"/common 24 25perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test. 26On debian-derived systems, you can set this up with: 27 apt-get install libcrypt-openssl-rsa-perl" ; exit 1; } 28 29perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test. 30On debian-derived systems, you can set this up with: 31 apt-get install libdigest-sha1-perl" ; exit 1; } 32 33 34###################################################################### 35### SETUP VARIABLES 36 37## set up some variables to ensure that we're operating strictly in 38## the tests, not system-wide: 39 40mkdir -p "$TESTDIR"/tmp 41TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/ms.XXX") 42 43if [ -z "$MONKEYSPHERE_TEST_USE_SYSTEM" ] ; then 44 mkdir "$TEMPDIR"/bin 45 ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh 46 ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp 47 ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans 48 49 # Use the local copy of executables first, instead of system ones. 50 # This should help us test without installing. 51 export PATH="$TEMPDIR"/bin:"$PATH" 52else 53 export PATH=/usr/share/monkeysphere:"$PATH" 54fi 55 56## setup trap 57trap failed_cleanup EXIT 58 59###################################################################### 60### TEST KEYTRANS 61 62echo "##################################################" 63echo "### generating openpgp key..." 64export GNUPGHOME="$TEMPDIR" 65chmod 700 "$TEMPDIR" 66 67 68# create the key with the same preferences that monkeysphere uses. 69cat > "$TEMPDIR"/gpg.conf <<EOF 70default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES 71cert-digest-algo SHA256 72list-options show-uid-validity,show-unusable-uids 73fixed-list-mode 74EOF 75 76cat > "$TEMPDIR"/gpg-agent.conf <<EOF 77pinentry-program $TESTDIR/phony-pinentry-nopass 78EOF 79 80# generate a key 81gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF 82Key-Type: RSA 83Key-Length: 1024 84Key-Usage: sign 85Name-Real: testtest 86Expire-Date: 0 87 88%no-ask-passphrase 89%no-protection 90%commit 91%echo done 92EOF 93 94echo "##################################################" 95echo "### retrieving key timestamp..." 96timestamp=$(gpg --list-key --with-colons | \ 97 grep ^pub: | cut -d: -f6) 98 99echo "##################################################" 100echo "### exporting key to ssh file..." 101gpg --export-secret-keys | openpgp2ssh > \ 102 "$TEMPDIR"/test.pem 103 104gpg --export-secret-keys > "$TEMPDIR"/secret.key 105 106PEM2OPENPGP_USAGE_FLAGS=sign,certify \ 107PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \ 108 < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key 109 110echo "##################################################" 111echo "### reconvert key, and compare to key in gpg keyring..." 112diff -u \ 113 <(gpg --list-packets < "$TEMPDIR"/secret.key) \ 114 <(gpg --list-packets < "$TEMPDIR"/converted.secret.key) 115 116diff -u \ 117 <(hd "$TEMPDIR"/secret.key) \ 118 <(hd "$TEMPDIR"/converted.secret.key) 119 120KEYFPR=$(gpg --fingerprint --with-colons --list-keys | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }') 121KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40) 122 123echo "conversions look good!" 124 125echo "Now working with key $KEYID at time $timestamp" 126 127gpg --check-trustdb 128gpg --list-keys 129 130 131echo "##################################################" 132echo "### test User ID addition..." 133gpg --export-secret-keys | \ 134PEM2OPENPGP_TIMESTAMP="$timestamp" \ 135 PEM2OPENPGP_USAGE_FLAGS=sign,certify \ 136 keytrans adduserid "$KEYID" "monkeymonkey" | gpg --import 137 138gpg --check-trustdb 139gpg --list-keys 140 141cat >"$TEMPDIR"/expectedout <<EOF 142pub:u:1024:1:$KEYID:$timestamp:::u:::scSC 143uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey 144sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8 145uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest 146sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8 147EOF 148 149diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | cut -d: -f1-16 | sed 's/:*$//') 150 151echo "##################################################" 152echo "### sleeping to avoid test suite breakage on fast" 153echo "### processors (see http://bugs.debian.org/591118)" 154 155sleep 2 156 157echo "##################################################" 158echo "### test User ID revocation ... " 159 160revtime=$(($timestamp + 1)) 161 162gpg --export-secret-keys | \ 163PEM2OPENPGP_TIMESTAMP="$revtime" \ 164 keytrans revokeuserid "$KEYID" "testtest" | gpg --import 165 166gpg --check-trustdb 167gpg --list-keys 168 169cat >"$TEMPDIR"/expectedout <<EOF 170pub:u:1024:1:$KEYID:$timestamp:::u:::scSC 171uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey 172sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8 173uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest 174sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8 175rev:!::1:$KEYID:$revtime::::monkeymonkey:30x,20::$KEYFPR:::8 176EOF 177 178 179diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | cut -d: -f1-16 | sed 's/:*$//') 180 181 182echo "##################################################" 183echo "### test working with two primary keys ... " 184 185ssh-keygen -m PEM -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey 186 187PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \ 188PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \ 189 < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg 190 191NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs) 192NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40) 193 194< "$TEMPDIR"/newkey.gpg gpg --import 195 196gpg --export-secret-keys | \ 197PEM2OPENPGP_TIMESTAMP="$timestamp" \ 198 keytrans adduserid "$KEYID" "baz" | gpg --import 199 200cat >"$TEMPDIR"/expectedout <<EOF 201pub:u:1024:1:$KEYID:$timestamp:::u:::scSC 202uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey 203sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8 204uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest 205sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8 206rev:!::1:$KEYID:$revtime::::monkeymonkey:30x,20::$KEYFPR:::8 207uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz 208sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8 209pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA 210uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar 211sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x::$NEWKEYFPR:::8 212EOF 213 214echo "test: diff expected gpg list output" 215diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | cut -d: -f1-16 | sed 's/:*$//') 216 217sort >"$TEMPDIR"/expectedout <<EOF 218$KEYFPR 219$NEWKEYFPR 220EOF 221 222echo "test: diff expected keytrans listfpr output" 223diff -u "$TEMPDIR"/expectedout <( gpg --export-secret-keys | keytrans listfprs | sort ) 224 225## FIXME: addtest: not testing subkeys at the moment. 226 227 228trap - EXIT 229 230echo "##################################################" 231echo " Monkeysphere keytrans test completed successfully!" 232echo "##################################################" 233 234cleanup 235