3 # Tests to ensure that the monkeysphere is working
6 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7 # Jameson Rollins <jrollins@fifthhorseman.net>
8 # Micah Anderson <micah@riseup.net>
10 # Copyright: 2008-2009
11 # License: GPL v3 or later
13 # these tests should all be able to run as a non-privileged user.
15 # all subcommands in this script should complete without failure:
17 # piped commands should return the code of the first non-zero return
20 # make sure the TESTDIR is an absolute path, not a relative one.
21 export TESTDIR=$(cd $(dirname "$0") && pwd)
23 source "$TESTDIR"/common
25 perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.
26 On debian-derived systems, you can set this up with:
27 apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
29 perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.
30 On debian-derived systems, you can set this up with:
31 apt-get install libdigest-sha1-perl" ; exit 1; }
34 ######################################################################
37 ## set up some variables to ensure that we're operating strictly in
38 ## the tests, not system-wide:
40 mkdir -p "$TESTDIR"/tmp
41 TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX")
44 ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh
45 ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
46 ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans
48 # Use the local copy of executables first, instead of system ones.
49 # This should help us test without installing.
50 export PATH="$TEMPDIR"/bin:"$PATH"
53 trap failed_cleanup EXIT
55 ######################################################################
58 echo "##################################################"
59 echo "### generating openpgp key..."
60 export GNUPGHOME="$TEMPDIR"
64 # create the key with the same preferences that monkeysphere uses.
65 cat > "$TEMPDIR"/gpg.conf <<EOF
66 default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES
67 cert-digest-algo SHA256
68 list-options show-uid-validity,show-unusable-uids
72 gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF
83 echo "##################################################"
84 echo "### retrieving key timestamp..."
85 timestamp=$(gpg --list-key --with-colons --fixed-list-mode | \
86 grep ^pub: | cut -d: -f6)
88 echo "##################################################"
89 echo "### exporting key to ssh file..."
90 gpg --export-secret-key | openpgp2ssh > \
93 gpg --export-secret-key > "$TEMPDIR"/secret.key
95 PEM2OPENPGP_USAGE_FLAGS=sign,certify \
96 PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \
97 < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key
99 echo "##################################################"
100 echo "### reconvert key, and compare to key in gpg keyring..."
102 <(gpg --list-packets < "$TEMPDIR"/secret.key) \
103 <(gpg --list-packets < "$TEMPDIR"/converted.secret.key)
106 <(hd "$TEMPDIR"/secret.key) \
107 <(hd "$TEMPDIR"/converted.secret.key)
109 KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:)
110 KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40)
112 echo "conversions look good!"
114 echo "Now working with key $KEYID at time $timestamp"
120 echo "##################################################"
121 echo "### test User ID addition..."
122 < "$TEMPDIR"/secring.gpg \
123 PEM2OPENPGP_TIMESTAMP="$timestamp" \
124 PEM2OPENPGP_USAGE_FLAGS=sign,certify \
125 keytrans adduserid "$KEYID" "monkeymonkey" | gpg --import
130 cat >"$TEMPDIR"/expectedout <<EOF
131 pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
132 uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
133 sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
134 uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
135 sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
138 diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
140 echo "##################################################"
141 echo "### test User ID revocation ... "
143 revtime=$(($timestamp + 1))
145 < "$TEMPDIR"/secring.gpg \
146 PEM2OPENPGP_TIMESTAMP="$revtime" \
147 keytrans revokeuserid "$KEYID" "testtest" | gpg --import
152 cat >"$TEMPDIR"/expectedout <<EOF
153 pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
154 uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
155 sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
156 uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
157 sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
158 rev:!::1:$KEYID:$revtime::::monkeymonkey:30x:
162 diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
165 echo "##################################################"
166 echo "### test working with two primary keys ... "
168 ssh-keygen -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey
170 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \
171 PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \
172 < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg
174 NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs)
175 NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40)
177 < "$TEMPDIR"/newkey.gpg gpg --import
179 < "$TEMPDIR"/secring.gpg \
180 PEM2OPENPGP_TIMESTAMP="$timestamp" \
181 keytrans adduserid "$KEYID" "baz" | gpg --import
183 gpg --check-sigs --with-colons --fixed-list-mode
185 cat >"$TEMPDIR"/expectedout <<EOF
186 pub:u:1024:1:$KEYID:$timestamp:::u:::scSC:
187 uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey:
188 sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
189 uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest:
190 sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
191 rev:!::1:$KEYID:$revtime::::monkeymonkey:30x:
192 uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz:
193 sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:
194 pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA:
195 uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar:
196 sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x:
199 echo "test: diff expected gpg list output"
200 diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru)
202 cat >"$TEMPDIR"/expectedout <<EOF
207 echo "test: diff expected keytrans listfpr output"
208 if ! diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs) ; then
210 echo "test: diff test again with permuted order"
211 cat >"$TEMPDIR"/expectedout <<EOF
215 diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs)
218 ## FIXME: addtest: not testing subkeys at the moment.
223 echo "##################################################"
224 echo " Monkeysphere keytrans test completed successfully!"
225 echo "##################################################"