2010-11-30 01:35:41 +00:00
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Test::More;
|
|
|
|
use FindBin;
|
|
|
|
use lib "$FindBin::Bin";
|
|
|
|
use CamsigdTest;
|
|
|
|
use JSON::Any;
|
|
|
|
use HTTP::Request::Common;
|
|
|
|
|
|
|
|
my $server = CamsigdTest::start();
|
|
|
|
ok($server, "Started the server") or BAIL_OUT("can't start the server");
|
|
|
|
|
|
|
|
my $ua = LWP::UserAgent->new;
|
|
|
|
|
2010-12-04 21:49:34 +00:00
|
|
|
use constant CAMLI_SIGNER => "sha1-82e6f3494f698aa498d5906349c0aa0a183d89a6";
|
|
|
|
|
2010-11-30 01:35:41 +00:00
|
|
|
my $j = JSON::Any->new;
|
|
|
|
my $json = $j->objToJson({ "camliVersion" => 1,
|
2010-12-04 21:49:34 +00:00
|
|
|
"camliSigner" => CAMLI_SIGNER,
|
2010-11-30 01:35:41 +00:00
|
|
|
"foo" => "bar",
|
|
|
|
});
|
|
|
|
|
2010-12-03 15:34:24 +00:00
|
|
|
# Sign it.
|
|
|
|
my $sjson;
|
|
|
|
{
|
2010-12-08 05:55:24 +00:00
|
|
|
my $req = req("sign", { "json" => $json });
|
2010-12-03 15:34:24 +00:00
|
|
|
my $res = $ua->request($req);
|
|
|
|
ok($res, "got an HTTP sig response") or done_testing();
|
|
|
|
ok($res->is_success, "HTTP sig response is successful") or done_testing();
|
|
|
|
$sjson = $res->content;
|
2010-12-04 21:49:34 +00:00
|
|
|
print "Got signed: $sjson";
|
2010-12-03 15:34:24 +00:00
|
|
|
like($sjson, qr/camliSig/, "contains camliSig substring");
|
|
|
|
|
|
|
|
my $sobj = $j->jsonToObj($sjson);
|
|
|
|
is($sobj->{"foo"}, "bar", "key foo is still bar");
|
|
|
|
is($sobj->{"camliVersion"}, 1, "key camliVersion is still 1");
|
|
|
|
ok(defined $sobj->{"camliSig"}, "has camliSig key");
|
|
|
|
ok(defined $sobj->{"camliSigner"}, "has camliSigner key");
|
|
|
|
is(scalar keys %$sobj, 4, "total of 3 keys in signed object");
|
|
|
|
}
|
|
|
|
|
|
|
|
# Verify it.
|
|
|
|
{
|
|
|
|
my $req = req("verify", { "sjson" => $sjson });
|
|
|
|
my $res = $ua->request($req);
|
|
|
|
ok($res, "got an HTTP verify response") or done_testing();
|
|
|
|
ok($res->is_success, "HTTP verify response is successful") or done_testing();
|
2010-12-04 21:49:34 +00:00
|
|
|
print "Verify response: " . $res->content;
|
|
|
|
my $vobj = $j->jsonToObj($res->content);
|
|
|
|
ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
|
|
|
|
ok($vobj->{'signatureValid'}, "signature is valid");
|
|
|
|
my $vdat = $vobj->{'verifiedData'};
|
|
|
|
ok(defined($vdat), "has verified data");
|
|
|
|
is($vdat->{'camliSigner'}, CAMLI_SIGNER, "signer matches");
|
|
|
|
is($vdat->{'foo'}, "bar")
|
|
|
|
}
|
|
|
|
|
|
|
|
# Verification that should fail.
|
|
|
|
{
|
|
|
|
my $req = req("verify", { "sjson" => "{}" });
|
|
|
|
my $res = $ua->request($req);
|
|
|
|
ok($res, "got an HTTP verify response") or done_testing();
|
|
|
|
ok($res->is_success, "HTTP verify response is successful") or done_testing();
|
|
|
|
print "Verify response: " . $res->content;
|
|
|
|
my $vobj = $j->jsonToObj($res->content);
|
|
|
|
ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
|
|
|
|
is(0, $vobj->{'signatureValid'}, "signature is properly invalid");
|
|
|
|
ok(!defined($vobj->{'verifiedData'}), "no verified data key");
|
|
|
|
ok(defined($vobj->{'errorMessage'}), "has an error message");
|
2010-12-03 15:34:24 +00:00
|
|
|
}
|
|
|
|
|
2010-12-05 00:18:03 +00:00
|
|
|
# Imposter! Verification should fail.
|
|
|
|
{
|
|
|
|
my $eviljson = q{{"camliVersion":1,"camliSigner":"sha1-82e6f3494f698aa498d5906349c0aa0a183d89a6","foo":"evilbar","camliSig":"iQEcBAABAgAGBQJM+tnUAAoJEIUeCLJL7Fq1ruwH/RplOpmrTK51etXUHayRGN0RM0Jxttjwa0pPuiHr7fJifaZo2pvMZOMAttjFEP/HMjvpSVi8P7awBFXXlCTj0CAlexsmCsPEHzITXe3siFzH+XCSmfHNPYYti0apQ2+OcWNnzqWXLiEfP5yRVXxcxoWuxYlnFu+mfw5VdjrJpIa+n3Ys5D4zUPVCSNtF4XV537czqfd9AiSfKCY/aL2NuZykl4WtP3JgYl8btE84EjNLFasQDstcWOvp7rrP6T8hQQotw5/F4SmmFM6ybkWXk/Wkax3XpzW9qL00VqhxHd4JIWaSzSV/WcSQwCoLWc7uXttOWgVtMIhzpjeMlqt1gc0==QYU2"}};
|
|
|
|
my $req = req("verify", { "sjson" => $eviljson });
|
|
|
|
my $res = $ua->request($req);
|
|
|
|
ok($res, "got an HTTP verify response") or done_testing();
|
|
|
|
ok($res->is_success, "HTTP verify response is successful") or done_testing();
|
|
|
|
print "Verify response: " . $res->content;
|
|
|
|
my $vobj = $j->jsonToObj($res->content);
|
|
|
|
ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
|
|
|
|
is(0, $vobj->{'signatureValid'}, "signature is properly invalid");
|
|
|
|
ok(!defined($vobj->{'verifiedData'}), "no verified data key");
|
|
|
|
ok(defined($vobj->{'errorMessage'}), "has an error message");
|
|
|
|
like($vobj->{'errorMessage'}, qr/bad signature: RSA verification error/, "verification error");
|
|
|
|
}
|
|
|
|
|
|
|
|
done_testing(29);
|
2010-12-03 15:34:24 +00:00
|
|
|
|
|
|
|
sub req {
|
|
|
|
my ($method, $post_params) = @_;
|
|
|
|
return POST($server->root . "/camli/sig/" . $method,
|
|
|
|
"Authorization" => "Basic dGVzdDp0ZXN0", # test:test
|
|
|
|
Content => $post_params);
|
|
|
|
}
|