S/MIME unit tests, not yet complete...

git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@356 2715db39-9adf-0310-9c64-84f055769b4b

6 files changed, 265 insertions, 0 deletions

diff --git a/tests/alltests.py b/tests/alltests.py
index b7f36d3..f1c29c9 100644
--- a/tests/alltests.py
+++ b/tests/alltests.py
@@ -17,6 +17,7 @@ def suite():
         'test_dsa',
         'test_evp',
         'test_rsa',
+        'test_smime',
         'test_x509']
     if os.name == 'posix':
         modules_to_test.append('test_ssl')
diff --git a/tests/recipient.pem b/tests/recipient.pem
new file mode 100644
index 0000000..78b6c14
--- /dev/null
+++ b/tests/recipient.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9zCCAmCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBhMQswCQYDVQQGEwJTRzER
+MA8GA1UEChMITTJDcnlwdG8xGTAXBgNVBAMTEFMvTUlNRSBSZWNpcGllbnQxJDAi
+BgkqhkiG9w0BCQEWFXJlY2lwaWVudEBleGFtcGxlLmRvbTAeFw0wMTAzMzExMTQy
+MTVaFw0wMjAzMzExMTQyMTVaMGExCzAJBgNVBAYTAlNHMREwDwYDVQQKEwhNMkNy
+eXB0bzEZMBcGA1UEAxMQUy9NSU1FIFJlY2lwaWVudDEkMCIGCSqGSIb3DQEJARYV
+cmVjaXBpZW50QGV4YW1wbGUuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDQwLwQSshbTn/GUZXnZUQEUDc61OUd+qcPpHfi76Y7ar+2NwsalQ3bu2i7edEK
+IZZWMFRnrOwE9PhmJHJIzfYDswgpHWtRy0P/Oyzt5kLBjvJYuMIqu8gZtWFz0G28
+Q8tGvIuPdWba+9TT3LOv4CXNF1V0k0KgAPd1Uq2FUcBa2QIDAQABo4G+MIG7MB0G
+A1UdDgQWBBQe7b4CDEBuMJyiscil27YBdZBr9zCBiwYDVR0jBIGDMIGAgBQe7b4C
+DEBuMJyiscil27YBdZBr96FlpGMwYTELMAkGA1UEBhMCU0cxETAPBgNVBAoTCE0y
+Q3J5cHRvMRkwFwYDVQQDExBTL01JTUUgUmVjaXBpZW50MSQwIgYJKoZIhvcNAQkB
+FhVyZWNpcGllbnRAZXhhbXBsZS5kb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAJbQXzP7AK9u2kyvl8oeZAeJQDRsip4PVMkYd64HW3Hq/9ud3g
+hj/laeUyfcga+c1c1yPUug5Ab+loeHhEEKsL9LqYFXzpFU1lXaID02zcqG7g3PWe
+r9RKsUqrn4ZbRQ+clidnIx4nYLuG6CPQ6ME/uFrYHMsmQEO/+KoJONf/cg==
+-----END CERTIFICATE-----
diff --git a/tests/recipient_key.pem b/tests/recipient_key.pem
new file mode 100644
index 0000000..0cb61f6
--- /dev/null
+++ b/tests/recipient_key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDQwLwQSshbTn/GUZXnZUQEUDc61OUd+qcPpHfi76Y7ar+2Nwsa
+lQ3bu2i7edEKIZZWMFRnrOwE9PhmJHJIzfYDswgpHWtRy0P/Oyzt5kLBjvJYuMIq
+u8gZtWFz0G28Q8tGvIuPdWba+9TT3LOv4CXNF1V0k0KgAPd1Uq2FUcBa2QIDAQAB
+AoGAVOMrFozycH65YtHmXVRGlmJwMxJDoS8+JBRDVBsTw/Gix9wWPdcC7amF60ac
+BLynv6Cjkg01ZMahBBgqCQUH1rii6Kg20MJJtpqvt1X+CAZkytVsQqwutSQXHj+g
+TzZVDxQiuPKMyVhKTSVqutqs2EyFgSKcYuodfms5xDk2EyECQQD6vnEAl2PHBoia
+5wrauujbWTM6H5oioWvJgLaUNgUhJ86/Y+ewKoGxLdYaxx99KhKxN/04i2chIHk0
+c53THOt9AkEA1SD1Rdm93FUMEor+BYEQgiN/4pWnSIsgUjyqV7lPv9QegdDTbVfm
+WuPNev6Z+qo9mpDWbvhCZhH159q7uGfzjQJAe88dLRWThuqK+TGsAmTYJbbdvI1u
+JjteZZjQjk4+KijlxUsnU60pbLsdRQudWMg1gpwKxKjQu2K1dljATUWyYQJARI83
+l2K1+py5J3XixS6BevukdeUiTOnEWe/98/4+szyvG59rg+8UwQQq43fnXIVLD9+r
+u0LNSTxZ2F26qVV3OQJBAIBG0Gv9C44UlCPiJhmMqcpzexX20erOEGu+UiCUhHAC
+ZdWdFaD2dlmk0O/E82LxPPivkGv5DtkNpzCl+3Vo+kI=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/signer.pem b/tests/signer.pem
new file mode 100644
index 0000000..9189aaa
--- /dev/null
+++ b/tests/signer.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAkygAwIBAgIBADANBgkqhkiG9w0BAQQFADBbMQswCQYDVQQGEwJTRzER
+MA8GA1UEChMITTJDcnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBTZW5kZXIxITAfBgkq
+hkiG9w0BCQEWEnNlbmRlckBleGFtcGxlLmRvbTAeFw0wMTAzMzExMTQwMzNaFw0w
+MjAzMzExMTQwMzNaMFsxCzAJBgNVBAYTAlNHMREwDwYDVQQKEwhNMkNyeXB0bzEW
+MBQGA1UEAxMNUy9NSU1FIFNlbmRlcjEhMB8GCSqGSIb3DQEJARYSc2VuZGVyQGV4
+YW1wbGUuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlzlOPUIdNI7Fr
+WrarQViLAxZgem0mkly+1mZTCuBTmwesDw6cIzRwNcSPQo9/dx82Md98HwdYzMjh
+QSA2YVdA2zGgZn6KrDEuU2PL0yHt4Vb8GOrmE1dui5KVDStYFGSjFXrjL63qVB6F
+vfZZ9hdBsoXEUlJfNLE7HdHxiFI93QIDAQABo4G2MIGzMB0GA1UdDgQWBBRc7KiU
+vW3iNoHBkVEzsxLycEvNSjCBgwYDVR0jBHwweoAUXOyolL1t4jaBwZFRM7MS8nBL
+zUqhX6RdMFsxCzAJBgNVBAYTAlNHMREwDwYDVQQKEwhNMkNyeXB0bzEWMBQGA1UE
+AxMNUy9NSU1FIFNlbmRlcjEhMB8GCSqGSIb3DQEJARYSc2VuZGVyQGV4YW1wbGUu
+ZG9tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAejcOsIdHzp9J
+NUC9+Jd1KzBaoq0ISFQdF0JMsUaXiEOTYbJnFoW6pnCJRHP8fucyJzKYjbCTPwf/
+DIcWDwbcEh6FRGmPa/9lZdh6i9uBLsRkAtVWQOPiE2X8ggdZ3oa2/VQ4N/tRFvG2
+XeFD395NYhOt59PWF64+dqvxzPJ2w4s=
+-----END CERTIFICATE-----
diff --git a/tests/signer_key.pem b/tests/signer_key.pem
new file mode 100644
index 0000000..ad15a87
--- /dev/null
+++ b/tests/signer_key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDlzlOPUIdNI7FrWrarQViLAxZgem0mkly+1mZTCuBTmwesDw6c
+IzRwNcSPQo9/dx82Md98HwdYzMjhQSA2YVdA2zGgZn6KrDEuU2PL0yHt4Vb8GOrm
+E1dui5KVDStYFGSjFXrjL63qVB6FvfZZ9hdBsoXEUlJfNLE7HdHxiFI93QIDAQAB
+AoGBALqc4OgZSbYPjQyTfpD1IJTKLgqsgCR5aE0kR7WZuG7MDt/e3ktWn0ebsgFv
+2J12u2bD+yqM++dVbK7WtvTR+QpMhb/0XMhXNsvmn5gOLdKlJjS0RXDDs2DzIS6p
+JNzAmn5zqTVteZAMDLk7ygkO++iGzwRz713ZgxRaKr5YWiLVAkEA+3ev1TTXNEOk
+wQ9fbukMrfUXesqwgrx9VZ1z1X5we42RIIMTYI1edpcujXYvgS3/jdzAWDS1Nqta
+9QB3uy91ywJBAOnysIIQhHn+4zvaOA5vh85WczPhN9C+yRmV70eyL9h+aThUFS4c
+kg2jQOLp8MaxAkmk4xRbZBgehjmDr45b5fcCQQDpIGNlYFBmhpN129+YffugRgjX
+cJNFEKONPKRHd6mmEW9K2dmb+FNr0+p3gOq3csJpbQ7wdyTMov13B1D4ux4TAkAR
+URB1oCleKlrBjGaH0wOXZ1jBp1MNVYHnLez3Pp5CBSFetQKYVi8NaV8dLLnQyztj
+Hhxc3mLrUh8XVMMC45SDAkEAxRCKmkneLceIdwixLIUF0zr0OzJtgyhxMxvHu3ET
+gJcZqNN0y3EgPwcNihpBw7rjpp5e5sjlRNVqLqn8a5/Fog==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/test_smime.py b/tests/test_smime.py
new file mode 100644
index 0000000..70b2644
--- /dev/null
+++ b/tests/test_smime.py
@@ -0,0 +1,198 @@
+#!/usr/bin/env python
+
+"""Unit tests for M2Crypto.SMIME.
+
+Copyright (C) 2006 Open Source Applications Foundation. All Rights Reserved.
+"""
+
+import unittest
+from M2Crypto import SMIME, BIO, Rand, X509
+
+cleartext = 'some text to manipulate'
+signature = signature2 = None
+encrypted = encrypted2 = None
+signedEncrypted = None
+
+class SMIMETestCase(unittest.TestCase):
+    def check_1_sign(self):
+        global signature, signature2
+        
+        buf = BIO.MemoryBuffer(cleartext)
+        s = SMIME.SMIME()
+        s.load_key('signer_key.pem', 'signer.pem')
+        p7 = s.sign(buf)
+        assert len(buf) == 0
+        assert p7.type() == SMIME.PKCS7_SIGNED, p7.type()
+        assert isinstance(p7, SMIME.PKCS7), p7
+        #assert p7.get0_signers()
+        out = BIO.MemoryBuffer()
+        p7.write(out)
+        
+        buf = out.read()
+        
+        assert buf[:len('-----BEGIN PKCS7-----')] == '-----BEGIN PKCS7-----'
+        #assert buf[-len('-----END PKCS7-----'):] == '-----END PKCS7-----'
+        assert len(buf) > len('-----END PKCS7-----') + len('-----BEGIN PKCS7-----')
+        
+        s.write(out, p7, BIO.MemoryBuffer(cleartext))
+        signature = out
+        # another copy...
+        s.write(out, p7, BIO.MemoryBuffer(cleartext))
+        signature2 = out
+    
+    def check_2_verify(self):
+        s = SMIME.SMIME()
+        
+        x509 = X509.load_cert('signer.pem')
+        sk = X509.X509_Stack()
+        sk.push(x509)
+        s.set_x509_stack(sk)
+        
+        st = X509.X509_Store()
+        st.load_info('signer.pem')
+        s.set_x509_store(st)
+        
+        p7, data = SMIME.smime_load_pkcs7_bio(signature)
+        assert data.read() == cleartext
+        assert isinstance(p7, SMIME.PKCS7), p7
+        #v = s.verify(p7) # XXX expired cert
+        #assert v == cleartext
+    
+    def _check_2_verifyBad(self):
+        s = SMIME.SMIME()
+        
+        x509 = X509.load_cert('recipient.pem')
+        sk = X509.X509_Stack()
+        sk.push(x509)
+        s.set_x509_stack(sk)
+        
+        st = X509.X509_Store()
+        st.load_info('recipient.pem')
+        s.set_x509_store(st)
+        
+        p7, data = SMIME.smime_load_pkcs7_bio(signature2)
+        assert data.read() == cleartext
+        assert isinstance(p7, SMIME.PKCS7), p7
+        self.assertRaises(SMIME.SMIME_Error, s.verify, p7) # Bad signer
+
+    def check_3_encrypt(self):
+        global encrypted, encrypted2
+        
+        buf = BIO.MemoryBuffer(cleartext)
+        s = SMIME.SMIME()
+
+        x509 = X509.load_cert('recipient.pem')
+        sk = X509.X509_Stack()
+        sk.push(x509)
+        s.set_x509_stack(sk)
+
+        s.set_cipher(SMIME.Cipher('des_ede3_cbc'))
+        p7 = s.encrypt(buf)
+        
+        assert len(buf) == 0
+        assert p7.type() == SMIME.PKCS7_ENVELOPED, p7.type()
+        assert isinstance(p7, SMIME.PKCS7), p7
+        #assert p7.get0_signers()
+        out = BIO.MemoryBuffer()
+        p7.write(out)
+    
+        buf = out.read()
+        
+        assert buf[:len('-----BEGIN PKCS7-----')] == '-----BEGIN PKCS7-----'
+        #assert buf[-len('-----END PKCS7-----'):] == '-----END PKCS7-----'
+        assert len(buf) > len('-----END PKCS7-----') + len('-----BEGIN PKCS7-----')
+        
+        s.write(out, p7)
+        encrypted = out
+        # another copy...
+        s.write(out, p7)
+        encrypted2 = out
+
+    def check_4_decrypt(self):
+        s = SMIME.SMIME()
+
+        s.load_key('recipient_key.pem', 'recipient.pem')
+        
+        p7, data = SMIME.smime_load_pkcs7_bio(encrypted)
+        assert isinstance(p7, SMIME.PKCS7), p7
+        self.assertRaises(SMIME.SMIME_Error, s.verify, p7) # No signer
+        
+        out = s.decrypt(p7)
+        assert out == cleartext
+
+    def _check_4_decryptBad(self):
+        s = SMIME.SMIME()
+
+        s.load_key('signer_key.pem', 'signer.pem')
+        
+        p7, data = SMIME.smime_load_pkcs7_bio(encrypted2)
+        assert isinstance(p7, SMIME.PKCS7), p7
+        self.assertRaises(SMIME.SMIME_Error, s.verify, p7) # No signer
+
+        # Cannot decrypt: no recipient matches certificate
+        self.assertRaises(SMIME.PKCS7_Error, s.decrypt, p7)
+
+    def check_5_signEncrypt(self):
+        global signedEncrypted
+        
+        s = SMIME.SMIME()
+        
+        buf = BIO.MemoryBuffer(cleartext)
+        
+        s.load_key('signer_key.pem', 'signer.pem')
+        p7 = s.sign(buf)
+        
+        x509 = X509.load_cert('recipient.pem')
+        sk = X509.X509_Stack()
+        sk.push(x509)
+        s.set_x509_stack(sk)
+    
+        s.set_cipher(SMIME.Cipher('des_ede3_cbc'))
+        
+        tmp = BIO.MemoryBuffer()
+        
+        s.write(tmp, p7)
+        
+        p7 = s.encrypt(tmp)
+        # XXX Hmm, how to get PKCS7_SIGNED_ENVELOPED?
+        assert p7.type() == SMIME.PKCS7_ENVELOPED, p7.type()
+        
+        out = BIO.MemoryBuffer()
+        s.write(out, p7)
+        
+        signedEncrypted = out
+        
+    def _check_6_decryptVerify(self):
+        s = SMIME.SMIME()
+    
+        s.load_key('recipient_key.pem', 'recipient.pem')
+        
+        # XXX Bug not enough data?
+        p7, data = SMIME.smime_load_pkcs7_bio(signedEncrypted)
+        
+        out = s.decrypt(p7)
+        
+        x509 = X509.load_cert('signer.pem')
+        sk = X509.X509_Stack()
+        sk.push(x509)
+        s.set_x509_stack(sk)
+        
+        st = X509.X509_Store()
+        st.load_info('signer.pem')
+        s.set_x509_store(st)
+        
+        p7_bio = BIO.MemoryBuffer(out)
+        p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
+        v = s.verify(p7)
+        assert v == cleartext
+    
+
+def suite():
+    return unittest.makeSuite(SMIMETestCase, 'check')
+
+
+if __name__ == '__main__':
+    Rand.load_file('randpool.dat', -1)
+    unittest.TextTestRunner().run(suite())
+    Rand.save_file('randpool.dat')
+