Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
perkeep/server/sigserver/test/10-sign.t

97 lines
4.0 KiB
Perl
Raw Blame History

#!/usr/bin/perl
use strict;
use Test::More;
use FindBin;
use lib "$FindBin::Bin";
use CamsigdTest;
use JSON::Any;
use HTTP::Request::Common;
my $server = CamsigdTest::start();
ok($server, "Started the server") or BAIL_OUT("can't start the server");
my $ua = LWP::UserAgent->new;
use constant CAMLI_SIGNER => "sha1-82e6f3494f698aa498d5906349c0aa0a183d89a6";
my $j = JSON::Any->new;
my $json = $j->objToJson({ "camliVersion" => 1,
"camliSigner" => CAMLI_SIGNER,
"foo" => "bar",
});
# Sign it.
my $sjson;
{
my $req = req("sign", { "json" => $json });
my $res = $ua->request($req);
ok($res, "got an HTTP sig response") or done_testing();
ok($res->is_success, "HTTP sig response is successful") or done_testing();
$sjson = $res->content;
print "Got signed: $sjson";
like($sjson, qr/camliSig/, "contains camliSig substring");
my $sobj = $j->jsonToObj($sjson);
is($sobj->{"foo"}, "bar", "key foo is still bar");
is($sobj->{"camliVersion"}, 1, "key camliVersion is still 1");
ok(defined $sobj->{"camliSig"}, "has camliSig key");
ok(defined $sobj->{"camliSigner"}, "has camliSigner key");
is(scalar keys %$sobj, 4, "total of 3 keys in signed object");
}
# Verify it.
{
my $req = req("verify", { "sjson" => $sjson });
my $res = $ua->request($req);
ok($res, "got an HTTP verify response") or done_testing();
ok($res->is_success, "HTTP verify response is successful") or done_testing();
print "Verify response: " . $res->content;
my $vobj = $j->jsonToObj($res->content);
ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
ok($vobj->{'signatureValid'}, "signature is valid");
my $vdat = $vobj->{'verifiedData'};
ok(defined($vdat), "has verified data");
is($vdat->{'camliSigner'}, CAMLI_SIGNER, "signer matches");
is($vdat->{'foo'}, "bar")
}
# Verification that should fail.
{
my $req = req("verify", { "sjson" => "{}" });
my $res = $ua->request($req);
ok($res, "got an HTTP verify response") or done_testing();
ok($res->is_success, "HTTP verify response is successful") or done_testing();
print "Verify response: " . $res->content;
my $vobj = $j->jsonToObj($res->content);
ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
is(0, $vobj->{'signatureValid'}, "signature is properly invalid");
ok(!defined($vobj->{'verifiedData'}), "no verified data key");
ok(defined($vobj->{'errorMessage'}), "has an error message");
}
# Imposter! Verification should fail.
{
my $eviljson = q{{"camliVersion":1,"camliSigner":"sha1-82e6f3494f698aa498d5906349c0aa0a183d89a6","foo":"evilbar","camliSig":"iQEcBAABAgAGBQJM+tnUAAoJEIUeCLJL7Fq1ruwH/RplOpmrTK51etXUHayRGN0RM0Jxttjwa0pPuiHr7fJifaZo2pvMZOMAttjFEP/HMjvpSVi8P7awBFXXlCTj0CAlexsmCsPEHzITXe3siFzH+XCSmfHNPYYti0apQ2+OcWNnzqWXLiEfP5yRVXxcxoWuxYlnFu+mfw5VdjrJpIa+n3Ys5D4zUPVCSNtF4XV537czqfd9AiSfKCY/aL2NuZykl4WtP3JgYl8btE84EjNLFasQDstcWOvp7rrP6T8hQQotw5/F4SmmFM6ybkWXk/Wkax3XpzW9qL00VqhxHd4JIWaSzSV/WcSQwCoLWc7uXttOWgVtMIhzpjeMlqt1gc0==QYU2"}};
my $req = req("verify", { "sjson" => $eviljson });
my $res = $ua->request($req);
ok($res, "got an HTTP verify response") or done_testing();
ok($res->is_success, "HTTP verify response is successful") or done_testing();
print "Verify response: " . $res->content;
my $vobj = $j->jsonToObj($res->content);
ok(defined($vobj->{'signatureValid'}), "has 'signatureValid' key");
is(0, $vobj->{'signatureValid'}, "signature is properly invalid");
ok(!defined($vobj->{'verifiedData'}), "no verified data key");
ok(defined($vobj->{'errorMessage'}), "has an error message");
like($vobj->{'errorMessage'}, qr/bad signature: RSA verification error/, "verification error");
}
done_testing(29);
sub req {
my ($method, $post_params) = @_;
return POST($server->root . "/camli/sig/" . $method,
"Authorization" => "Basic dGVzdDp0ZXN0", # test:test
Content => $post_params);
}
Reference in New Issue View Git Blame Copy Permalink