summaryrefslogtreecommitdiffstats
path: root/scripts/t/Dpkg_OpenPGP.t
blob: 2902cf6ec632d8f2846af8db5714143a2feac389 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/perl
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

use strict;
use warnings;

use Test::More;
use Test::Dpkg qw(:paths :needs test_get_openpgp_backend);

use File::Compare;

use Dpkg::ErrorHandling;
use Dpkg::Path qw(find_command);
use Dpkg::OpenPGP::KeyHandle;

my @cmds = test_needs_openpgp_backend();
unshift @cmds, 'auto';

plan tests => 2 + 15 * scalar @cmds;

use_ok('Dpkg::OpenPGP');
use_ok('Dpkg::OpenPGP::ErrorCodes');

report_options(quiet_warnings => 1);

sub test_diff
{
    my ($exp_file, $gen_file, $desc) = @_;

    my $res = compare($exp_file, $gen_file);
    if ($res) {
        system "diff -u '$exp_file' '$gen_file' >&2";
    }
    ok($res == 0, "$desc ($exp_file vs $gen_file)");
}

foreach my $cmd (@cmds) {
    my $datadir = test_get_data_path();
    my $tempdir = test_get_temp_path();

    my $backend = test_get_openpgp_backend($cmd);
    my $openpgp = Dpkg::OpenPGP->new(
        backend => $backend,
        cmd => $cmd,
    );

    my $certfile = "$datadir/dpkg-test-pub.asc";
    my $keyfile  = "$datadir/dpkg-test-sec.asc";

    SKIP: {
        skip 'missing backend command', 13
            unless $openpgp->{backend}->has_verify_cmd();

        ok($openpgp->dearmor('PUBLIC KEY BLOCK', $certfile, "$tempdir/dpkg-test-pub.pgp") == OPENPGP_OK(),
            "($backend:$cmd) dearmoring OpenPGP ASCII Armored certificate");
        ok($openpgp->armor('PUBLIC KEY BLOCK', "$tempdir/dpkg-test-pub.pgp", "$tempdir/dpkg-test-pub.asc") == OPENPGP_OK(),
            "($backend:$cmd) armoring OpenPGP binary certificate");
        test_diff($certfile, "$tempdir/dpkg-test-pub.asc",
            "($backend:$cmd) OpenPGP certificate dearmor/armor round-trip correctly");

        ok($openpgp->armor('SIGNATURE', "$datadir/sign-file.sig", "$tempdir/sign-file.asc") == OPENPGP_OK(),
            "($backend:$cmd) armoring OpenPGP binary signature succeeded");
        ok(compare("$datadir/sign-file.sig", "$tempdir/sign-file.asc") != 0,
            "($backend:$cmd) armoring OpenPGP ASCII Armor changed the file");
        ok($openpgp->armor('SIGNATURE', "$datadir/sign-file.asc", "$tempdir/sign-file-rearmor.asc") == OPENPGP_OK(),
            "($backend:$cmd) armoring OpenPGP armored signature succeeded");
        test_diff("$datadir/sign-file.asc", "$tempdir/sign-file-rearmor.asc",
            "($backend:$cmd) rearmoring OpenPGP ASCII Armor changed the file");

        ok($openpgp->dearmor('SIGNATURE', "$tempdir/sign-file.asc", "$tempdir/sign-file.sig") == OPENPGP_OK(),
            "($backend:$cmd) dearmoring OpenPGP armored signature succeeded");
        test_diff("$datadir/sign-file.sig", "$tempdir/sign-file.sig",
            "($backend:$cmd) dearmored OpenPGP ASCII Armor signature matches");

        ok($openpgp->inline_verify("$datadir/sign-file-inline.asc", undef, $certfile) == OPENPGP_OK(),
            "($backend:$cmd) verify OpenPGP ASCII Armor inline signature");
        ok($openpgp->inline_verify("$datadir/sign-file-inline.sig", undef, $certfile) == OPENPGP_OK(),
            "($backend:$cmd) verify OpenPGP binary inline signature");

        ok($openpgp->verify("$datadir/sign-file", "$datadir/sign-file.asc", $certfile) == OPENPGP_OK(),
        "($backend:$cmd) verify OpenPGP ASCII Armor detached signature");
        ok($openpgp->verify("$datadir/sign-file", "$datadir/sign-file.sig", $certfile) == OPENPGP_OK(),
            "($backend:$cmd) verify OpenPGP binary detached signature");
    };

    my $key = Dpkg::OpenPGP::KeyHandle->new(
        type => 'keyfile',
        handle => $keyfile,
    );

    SKIP: {
        skip 'cannot use secrets', 2 unless $openpgp->can_use_secrets($key);

        ok($openpgp->inline_sign("$datadir/sign-file", "$tempdir/sign-file-inline.asc", $key) == OPENPGP_OK(),
            "($backend:$cmd) inline OpenPGP sign");
        ok($openpgp->inline_verify("$tempdir/sign-file-inline.asc", undef, $certfile) == OPENPGP_OK(),
            "($backend:$cmd) verify generated inline OpenPGP signature");
    };

    # TODO: Add more test cases.
}