diff options
author | Heikki Toivonen <heikki@heikkitoivonen.net> | 2006-02-25 07:12:51 +0000 |
---|---|---|
committer | Heikki Toivonen <heikki@heikkitoivonen.net> | 2006-02-25 07:12:51 +0000 |
commit | 13d100f8354e3c23296b137b81ec15a66b9ba95e (patch) | |
tree | c7e47192b6573efde3326b05959fa303bc67ff1a | |
parent | edc0497ee7c38328c62d8f3d79612f9fe9e0964d (diff) | |
download | m2crypto-13d100f8354e3c23296b137b81ec15a66b9ba95e.tar.gz |
S/MIME unit tests, not yet complete...
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@356 2715db39-9adf-0310-9c64-84f055769b4b
-rw-r--r-- | tests/alltests.py | 1 | ||||
-rw-r--r-- | tests/recipient.pem | 18 | ||||
-rw-r--r-- | tests/recipient_key.pem | 15 | ||||
-rw-r--r-- | tests/signer.pem | 18 | ||||
-rw-r--r-- | tests/signer_key.pem | 15 | ||||
-rw-r--r-- | tests/test_smime.py | 198 |
6 files changed, 265 insertions, 0 deletions
diff --git a/tests/alltests.py b/tests/alltests.py index b7f36d3..f1c29c9 100644 --- a/tests/alltests.py +++ b/tests/alltests.py @@ -17,6 +17,7 @@ def suite(): 'test_dsa', 'test_evp', 'test_rsa', + 'test_smime', 'test_x509'] if os.name == 'posix': modules_to_test.append('test_ssl') diff --git a/tests/recipient.pem b/tests/recipient.pem new file mode 100644 index 0000000..78b6c14 --- /dev/null +++ b/tests/recipient.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAmCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBhMQswCQYDVQQGEwJTRzER +MA8GA1UEChMITTJDcnlwdG8xGTAXBgNVBAMTEFMvTUlNRSBSZWNpcGllbnQxJDAi +BgkqhkiG9w0BCQEWFXJlY2lwaWVudEBleGFtcGxlLmRvbTAeFw0wMTAzMzExMTQy +MTVaFw0wMjAzMzExMTQyMTVaMGExCzAJBgNVBAYTAlNHMREwDwYDVQQKEwhNMkNy +eXB0bzEZMBcGA1UEAxMQUy9NSU1FIFJlY2lwaWVudDEkMCIGCSqGSIb3DQEJARYV +cmVjaXBpZW50QGV4YW1wbGUuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDQwLwQSshbTn/GUZXnZUQEUDc61OUd+qcPpHfi76Y7ar+2NwsalQ3bu2i7edEK +IZZWMFRnrOwE9PhmJHJIzfYDswgpHWtRy0P/Oyzt5kLBjvJYuMIqu8gZtWFz0G28 +Q8tGvIuPdWba+9TT3LOv4CXNF1V0k0KgAPd1Uq2FUcBa2QIDAQABo4G+MIG7MB0G +A1UdDgQWBBQe7b4CDEBuMJyiscil27YBdZBr9zCBiwYDVR0jBIGDMIGAgBQe7b4C +DEBuMJyiscil27YBdZBr96FlpGMwYTELMAkGA1UEBhMCU0cxETAPBgNVBAoTCE0y +Q3J5cHRvMRkwFwYDVQQDExBTL01JTUUgUmVjaXBpZW50MSQwIgYJKoZIhvcNAQkB +FhVyZWNpcGllbnRAZXhhbXBsZS5kb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG +9w0BAQQFAAOBgQAJbQXzP7AK9u2kyvl8oeZAeJQDRsip4PVMkYd64HW3Hq/9ud3g +hj/laeUyfcga+c1c1yPUug5Ab+loeHhEEKsL9LqYFXzpFU1lXaID02zcqG7g3PWe +r9RKsUqrn4ZbRQ+clidnIx4nYLuG6CPQ6ME/uFrYHMsmQEO/+KoJONf/cg== +-----END CERTIFICATE----- diff --git a/tests/recipient_key.pem b/tests/recipient_key.pem new file mode 100644 index 0000000..0cb61f6 --- /dev/null +++ b/tests/recipient_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDQwLwQSshbTn/GUZXnZUQEUDc61OUd+qcPpHfi76Y7ar+2Nwsa +lQ3bu2i7edEKIZZWMFRnrOwE9PhmJHJIzfYDswgpHWtRy0P/Oyzt5kLBjvJYuMIq +u8gZtWFz0G28Q8tGvIuPdWba+9TT3LOv4CXNF1V0k0KgAPd1Uq2FUcBa2QIDAQAB +AoGAVOMrFozycH65YtHmXVRGlmJwMxJDoS8+JBRDVBsTw/Gix9wWPdcC7amF60ac +BLynv6Cjkg01ZMahBBgqCQUH1rii6Kg20MJJtpqvt1X+CAZkytVsQqwutSQXHj+g +TzZVDxQiuPKMyVhKTSVqutqs2EyFgSKcYuodfms5xDk2EyECQQD6vnEAl2PHBoia +5wrauujbWTM6H5oioWvJgLaUNgUhJ86/Y+ewKoGxLdYaxx99KhKxN/04i2chIHk0 +c53THOt9AkEA1SD1Rdm93FUMEor+BYEQgiN/4pWnSIsgUjyqV7lPv9QegdDTbVfm +WuPNev6Z+qo9mpDWbvhCZhH159q7uGfzjQJAe88dLRWThuqK+TGsAmTYJbbdvI1u +JjteZZjQjk4+KijlxUsnU60pbLsdRQudWMg1gpwKxKjQu2K1dljATUWyYQJARI83 +l2K1+py5J3XixS6BevukdeUiTOnEWe/98/4+szyvG59rg+8UwQQq43fnXIVLD9+r +u0LNSTxZ2F26qVV3OQJBAIBG0Gv9C44UlCPiJhmMqcpzexX20erOEGu+UiCUhHAC +ZdWdFaD2dlmk0O/E82LxPPivkGv5DtkNpzCl+3Vo+kI= +-----END RSA PRIVATE KEY----- diff --git a/tests/signer.pem b/tests/signer.pem new file mode 100644 index 0000000..9189aaa --- /dev/null +++ b/tests/signer.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4zCCAkygAwIBAgIBADANBgkqhkiG9w0BAQQFADBbMQswCQYDVQQGEwJTRzER +MA8GA1UEChMITTJDcnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBTZW5kZXIxITAfBgkq +hkiG9w0BCQEWEnNlbmRlckBleGFtcGxlLmRvbTAeFw0wMTAzMzExMTQwMzNaFw0w +MjAzMzExMTQwMzNaMFsxCzAJBgNVBAYTAlNHMREwDwYDVQQKEwhNMkNyeXB0bzEW +MBQGA1UEAxMNUy9NSU1FIFNlbmRlcjEhMB8GCSqGSIb3DQEJARYSc2VuZGVyQGV4 +YW1wbGUuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlzlOPUIdNI7Fr +WrarQViLAxZgem0mkly+1mZTCuBTmwesDw6cIzRwNcSPQo9/dx82Md98HwdYzMjh +QSA2YVdA2zGgZn6KrDEuU2PL0yHt4Vb8GOrmE1dui5KVDStYFGSjFXrjL63qVB6F +vfZZ9hdBsoXEUlJfNLE7HdHxiFI93QIDAQABo4G2MIGzMB0GA1UdDgQWBBRc7KiU +vW3iNoHBkVEzsxLycEvNSjCBgwYDVR0jBHwweoAUXOyolL1t4jaBwZFRM7MS8nBL +zUqhX6RdMFsxCzAJBgNVBAYTAlNHMREwDwYDVQQKEwhNMkNyeXB0bzEWMBQGA1UE +AxMNUy9NSU1FIFNlbmRlcjEhMB8GCSqGSIb3DQEJARYSc2VuZGVyQGV4YW1wbGUu +ZG9tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAejcOsIdHzp9J +NUC9+Jd1KzBaoq0ISFQdF0JMsUaXiEOTYbJnFoW6pnCJRHP8fucyJzKYjbCTPwf/ +DIcWDwbcEh6FRGmPa/9lZdh6i9uBLsRkAtVWQOPiE2X8ggdZ3oa2/VQ4N/tRFvG2 +XeFD395NYhOt59PWF64+dqvxzPJ2w4s= +-----END CERTIFICATE----- diff --git a/tests/signer_key.pem b/tests/signer_key.pem new file mode 100644 index 0000000..ad15a87 --- /dev/null +++ b/tests/signer_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDlzlOPUIdNI7FrWrarQViLAxZgem0mkly+1mZTCuBTmwesDw6c +IzRwNcSPQo9/dx82Md98HwdYzMjhQSA2YVdA2zGgZn6KrDEuU2PL0yHt4Vb8GOrm +E1dui5KVDStYFGSjFXrjL63qVB6FvfZZ9hdBsoXEUlJfNLE7HdHxiFI93QIDAQAB +AoGBALqc4OgZSbYPjQyTfpD1IJTKLgqsgCR5aE0kR7WZuG7MDt/e3ktWn0ebsgFv +2J12u2bD+yqM++dVbK7WtvTR+QpMhb/0XMhXNsvmn5gOLdKlJjS0RXDDs2DzIS6p +JNzAmn5zqTVteZAMDLk7ygkO++iGzwRz713ZgxRaKr5YWiLVAkEA+3ev1TTXNEOk +wQ9fbukMrfUXesqwgrx9VZ1z1X5we42RIIMTYI1edpcujXYvgS3/jdzAWDS1Nqta +9QB3uy91ywJBAOnysIIQhHn+4zvaOA5vh85WczPhN9C+yRmV70eyL9h+aThUFS4c +kg2jQOLp8MaxAkmk4xRbZBgehjmDr45b5fcCQQDpIGNlYFBmhpN129+YffugRgjX +cJNFEKONPKRHd6mmEW9K2dmb+FNr0+p3gOq3csJpbQ7wdyTMov13B1D4ux4TAkAR +URB1oCleKlrBjGaH0wOXZ1jBp1MNVYHnLez3Pp5CBSFetQKYVi8NaV8dLLnQyztj +Hhxc3mLrUh8XVMMC45SDAkEAxRCKmkneLceIdwixLIUF0zr0OzJtgyhxMxvHu3ET +gJcZqNN0y3EgPwcNihpBw7rjpp5e5sjlRNVqLqn8a5/Fog== +-----END RSA PRIVATE KEY----- diff --git a/tests/test_smime.py b/tests/test_smime.py new file mode 100644 index 0000000..70b2644 --- /dev/null +++ b/tests/test_smime.py @@ -0,0 +1,198 @@ +#!/usr/bin/env python + +"""Unit tests for M2Crypto.SMIME. + +Copyright (C) 2006 Open Source Applications Foundation. All Rights Reserved. +""" + +import unittest +from M2Crypto import SMIME, BIO, Rand, X509 + +cleartext = 'some text to manipulate' +signature = signature2 = None +encrypted = encrypted2 = None +signedEncrypted = None + +class SMIMETestCase(unittest.TestCase): + def check_1_sign(self): + global signature, signature2 + + buf = BIO.MemoryBuffer(cleartext) + s = SMIME.SMIME() + s.load_key('signer_key.pem', 'signer.pem') + p7 = s.sign(buf) + assert len(buf) == 0 + assert p7.type() == SMIME.PKCS7_SIGNED, p7.type() + assert isinstance(p7, SMIME.PKCS7), p7 + #assert p7.get0_signers() + out = BIO.MemoryBuffer() + p7.write(out) + + buf = out.read() + + assert buf[:len('-----BEGIN PKCS7-----')] == '-----BEGIN PKCS7-----' + #assert buf[-len('-----END PKCS7-----'):] == '-----END PKCS7-----' + assert len(buf) > len('-----END PKCS7-----') + len('-----BEGIN PKCS7-----') + + s.write(out, p7, BIO.MemoryBuffer(cleartext)) + signature = out + # another copy... + s.write(out, p7, BIO.MemoryBuffer(cleartext)) + signature2 = out + + def check_2_verify(self): + s = SMIME.SMIME() + + x509 = X509.load_cert('signer.pem') + sk = X509.X509_Stack() + sk.push(x509) + s.set_x509_stack(sk) + + st = X509.X509_Store() + st.load_info('signer.pem') + s.set_x509_store(st) + + p7, data = SMIME.smime_load_pkcs7_bio(signature) + assert data.read() == cleartext + assert isinstance(p7, SMIME.PKCS7), p7 + #v = s.verify(p7) # XXX expired cert + #assert v == cleartext + + def _check_2_verifyBad(self): + s = SMIME.SMIME() + + x509 = X509.load_cert('recipient.pem') + sk = X509.X509_Stack() + sk.push(x509) + s.set_x509_stack(sk) + + st = X509.X509_Store() + st.load_info('recipient.pem') + s.set_x509_store(st) + + p7, data = SMIME.smime_load_pkcs7_bio(signature2) + assert data.read() == cleartext + assert isinstance(p7, SMIME.PKCS7), p7 + self.assertRaises(SMIME.SMIME_Error, s.verify, p7) # Bad signer + + def check_3_encrypt(self): + global encrypted, encrypted2 + + buf = BIO.MemoryBuffer(cleartext) + s = SMIME.SMIME() + + x509 = X509.load_cert('recipient.pem') + sk = X509.X509_Stack() + sk.push(x509) + s.set_x509_stack(sk) + + s.set_cipher(SMIME.Cipher('des_ede3_cbc')) + p7 = s.encrypt(buf) + + assert len(buf) == 0 + assert p7.type() == SMIME.PKCS7_ENVELOPED, p7.type() + assert isinstance(p7, SMIME.PKCS7), p7 + #assert p7.get0_signers() + out = BIO.MemoryBuffer() + p7.write(out) + + buf = out.read() + + assert buf[:len('-----BEGIN PKCS7-----')] == '-----BEGIN PKCS7-----' + #assert buf[-len('-----END PKCS7-----'):] == '-----END PKCS7-----' + assert len(buf) > len('-----END PKCS7-----') + len('-----BEGIN PKCS7-----') + + s.write(out, p7) + encrypted = out + # another copy... + s.write(out, p7) + encrypted2 = out + + def check_4_decrypt(self): + s = SMIME.SMIME() + + s.load_key('recipient_key.pem', 'recipient.pem') + + p7, data = SMIME.smime_load_pkcs7_bio(encrypted) + assert isinstance(p7, SMIME.PKCS7), p7 + self.assertRaises(SMIME.SMIME_Error, s.verify, p7) # No signer + + out = s.decrypt(p7) + assert out == cleartext + + def _check_4_decryptBad(self): + s = SMIME.SMIME() + + s.load_key('signer_key.pem', 'signer.pem') + + p7, data = SMIME.smime_load_pkcs7_bio(encrypted2) + assert isinstance(p7, SMIME.PKCS7), p7 + self.assertRaises(SMIME.SMIME_Error, s.verify, p7) # No signer + + # Cannot decrypt: no recipient matches certificate + self.assertRaises(SMIME.PKCS7_Error, s.decrypt, p7) + + def check_5_signEncrypt(self): + global signedEncrypted + + s = SMIME.SMIME() + + buf = BIO.MemoryBuffer(cleartext) + + s.load_key('signer_key.pem', 'signer.pem') + p7 = s.sign(buf) + + x509 = X509.load_cert('recipient.pem') + sk = X509.X509_Stack() + sk.push(x509) + s.set_x509_stack(sk) + + s.set_cipher(SMIME.Cipher('des_ede3_cbc')) + + tmp = BIO.MemoryBuffer() + + s.write(tmp, p7) + + p7 = s.encrypt(tmp) + # XXX Hmm, how to get PKCS7_SIGNED_ENVELOPED? + assert p7.type() == SMIME.PKCS7_ENVELOPED, p7.type() + + out = BIO.MemoryBuffer() + s.write(out, p7) + + signedEncrypted = out + + def _check_6_decryptVerify(self): + s = SMIME.SMIME() + + s.load_key('recipient_key.pem', 'recipient.pem') + + # XXX Bug not enough data? + p7, data = SMIME.smime_load_pkcs7_bio(signedEncrypted) + + out = s.decrypt(p7) + + x509 = X509.load_cert('signer.pem') + sk = X509.X509_Stack() + sk.push(x509) + s.set_x509_stack(sk) + + st = X509.X509_Store() + st.load_info('signer.pem') + s.set_x509_store(st) + + p7_bio = BIO.MemoryBuffer(out) + p7, data = SMIME.smime_load_pkcs7_bio(p7_bio) + v = s.verify(p7) + assert v == cleartext + + +def suite(): + return unittest.makeSuite(SMIMETestCase, 'check') + + +if __name__ == '__main__': + Rand.load_file('randpool.dat', -1) + unittest.TextTestRunner().run(suite()) + Rand.save_file('randpool.dat') + |