Viewing file: smime_keys_test.pl (3.39 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#! /usr/bin/perl -W
# by Mike Schiraldi <raldi@research.netsol.com>
use strict; use Expect;
sub run ($;$ );
umask 077; # probably not necc. but can't hurt
my $tmpdir = "/tmp/smime_keys_test-$$-" . time;
mkdir $tmpdir or die; chdir $tmpdir or die;
open TMP, '>muttrc' or die; print TMP <<EOF; set smime_ca_location="$tmpdir/ca-bundle.crt" set smime_certificates="$tmpdir/certificates" set smime_keys="$tmpdir/keys" EOF close TMP;
$ENV{MUTT_CMDLINE} = "mutt -F $tmpdir/muttrc";
# make a user key run 'smime_keys init'; run 'openssl genrsa -out user.key 1024';
# make a request for this key to be signed run 'openssl req -new -key user.key -out newreq.pem', "\n\nx\n\nx\nx\nuser\@smime.mutt\n\nx\n";
mkdir 'demoCA' or die; mkdir 'demoCA/certs' or die; mkdir 'demoCA/crl' or die; mkdir 'demoCA/newcerts' or die; mkdir 'demoCA/private' or die; open OUT, '>demoCA/serial' or die; print OUT "01\n"; close OUT; open OUT, '>demoCA/index.txt' or die; close OUT;
# make the CA run 'openssl req -new -x509 -keyout demoCA/private/cakey.pem -out demoCA/cacert.pem -days 7300 -nodes', "\n\nx\n\nx\nx\n\n";
# trust it run 'smime_keys add_root demoCA/cacert.pem', "root_CA\n";
# have the CA process the request run 'openssl ca -batch -startdate 000101000000Z -enddate 200101000000Z -days 7300 ' . '-policy policy_anything -out newcert.pem -infiles newreq.pem';
unlink 'newreq.pem' or die;
# put it all in a .p12 bundle run 'openssl pkcs12 -export -inkey user.key -in newcert.pem -out cert.p12 -CAfile demoCA/cacert.pem -chain', "pass1\n" x 2; unlink 'newcert.pem' or die; unlink 'demoCA/cacert.pem' or die; unlink 'demoCA/index.txt' or die; unlink 'demoCA/index.txt.old' or die; unlink 'demoCA/serial' or die; unlink 'demoCA/serial.old' or die; unlink 'demoCA/newcerts/01.pem' or die; unlink 'demoCA/private/cakey.pem' or die; rmdir 'demoCA/certs' or die; rmdir 'demoCA/crl' or die; rmdir 'demoCA/private' or die; rmdir 'demoCA/newcerts' or die; rmdir 'demoCA' or die;
# have smime_keys process it run 'smime_keys add_p12 cert.p12', "pass1\n" . "pass2\n" x 2 . "old_label\n"; unlink 'cert.p12' or die;
# make sure it showed up run 'smime_keys list > list';
open IN, 'list' or die; <IN> eq "\n" or die; <IN> =~ /^(.*)\: Issued for\: user\@smime\.mutt \"old_label\" \(Unverified\)\n/ or die; close IN;
my $keyid = $1;
# see if we can rename it run "smime_keys label $keyid", "new_label\n";
# make sure it worked run 'smime_keys list > list';
open IN, 'list' or die; <IN> eq "\n" or die; <IN> =~ /^$keyid\: Issued for\: user\@smime\.mutt \"new_label\" \(Unverified\)\n/ or die; close IN;
unlink 'list' or die;
# try signing something run "openssl smime -sign -signer certificates/$keyid -inkey user.key -in /etc/passwd -certfile certificates/37adefc3.0 > signed"; unlink 'user.key' or die;
# verify it run 'openssl smime -verify -out /dev/null -in signed -CAfile ca-bundle.crt'; unlink 'signed' or die;
# clean up unlink 'ca-bundle.crt' or die; unlink 'muttrc' or die; unlink 'keys/.index' or die; unlink 'certificates/.index' or die; unlink <keys/*> or die; unlink <certificates/*> or die; rmdir 'keys' or die; rmdir 'certificates' or die; chdir '/' or die; rmdir $tmpdir or die;
sub run ($;$) { my $cmd = shift or die; my $input = shift; print "\n\nRunning [$cmd]\n";
my $exp = Expect->spawn ($cmd); if (defined $input) { print $exp $input; } $exp->soft_close; $? and die "$cmd returned $?"; }
|