From dadbcdbf3f4ae88ce6d4cb9df8f4f95154045416 Mon Sep 17 00:00:00 2001
From: s3lph <s3lph@kabelsalat.ch>
Date: Sat, 22 Jun 2024 03:05:37 +0200
Subject: [PATCH] feat: add integration test between easywks server and client

---
 .forgejo/workflows/test.yml | 62 +++++++++++++++++++++++++++++++++++++
 test/apache.conf            | 24 ++++++++++++++
 test/config-v1.1.xml        | 22 +++++++++++++
 test/dovecot.conf           |  8 +++++
 test/easywks.yml            | 13 ++++++++
 test/expect                 | 19 ++++++++++++
 test/transport              |  1 +
 7 files changed, 149 insertions(+)
 create mode 100644 test/apache.conf
 create mode 100644 test/config-v1.1.xml
 create mode 100644 test/dovecot.conf
 create mode 100644 test/easywks.yml
 create mode 100755 test/expect
 create mode 100644 test/transport

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index 8325149..6355a54 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -72,3 +72,65 @@ jobs:
           gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org
           kill %2 || true
           kill %1 || true
+
+  easywksserver_easywksclient:
+    runs-on: docker
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v4
+      - name: Integration Test against easywks-client
+        run: |
+          # General system setup
+          useradd -d /home/alice -m alice
+          useradd -d /home/webkey -m webkey
+          echo alice:supersecurepassword | chpasswd
+          echo "postfix postfix/mailname string example.org" | debconf-set-selections
+          echo "postfix postfix/main_mailer_type string 'Local only'" | debconf-set-selections
+          apt update; apt install --yes gnupg2 ca-certificates python3-pip apache2 dovecot-imapd postfix expect
+          echo "openpgpkey" > /etc/hostname
+          echo "127.0.0.1 openpgpkey.example.org openpgpkey example.org" > /etc/hosts
+          pip3 install --break-system-packages -e .[test]
+          openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/key.pem -out /etc/ssl/cert.pem -sha256 -days 365 -nodes -subj '/CN=openpgpkey.example.org' -addext 'subjectAltName=DNS:openpgpkey.example.org,DNS:example.org'
+          cp /etc/ssl/cert.pem /usr/local/share/ca-certificates/local.crt
+          update-ca-certificates
+          # Setup Apache
+          a2enmod ssl proxy_http rewrite
+          rm /etc/apache2/sites-enabled/000-default.conf
+          cp test/apache.conf /etc/apache2/sites-enabled/easywks.conf
+          apache2ctl start
+          mkdir -p /var/www/html/.well-known/autoconfig/mail/
+          cp test/config-v1.1.xml /var/www/html/.well-known/autoconfig/mail/config-v1.1.xml
+          # Setup Dovecot
+          cp test/dovecot.conf /etc/dovecot/conf.d/99-local.conf
+          dovecot -F &
+          # Setup Postfix
+          /usr/lib/postfix/configure-instance.sh -
+          cp test/transport /etc/postfix/transport
+          postmap /etc/postfix/transport
+          postconf smtpd_tls_cert_file=/etc/ssl/cert.pem
+          postconf smtpd_tls_key_file=/etc/ssl/key.pem
+          postconf transport_maps=hash:/etc/postfix/transport
+          postconf smtpd_sasl_type=dovecot
+          postconf smtpd_sasl_path=private/auth
+          postconf smtpd_sasl_auth_enable=yes
+          /usr/sbin/postmulti -i - -p start
+          # Setup EasyWKS
+          mkdir -p /tmp/easywks
+          cp test/easywks.yml /tmp/easywks.yml
+          easywks --config /tmp/easywks.yml init
+          easywks --config /tmp/easywks.yml webserver &
+          easywks --config /tmp/easywks.yml lmtpd &
+          sleep 3
+          # Run the test
+          install -m 0700 -d /tmp/gpg /tmp/cleangpg
+          export GNUPGHOME=/tmp/gpg
+          test/genkey.sh alice@example.org
+          export FINGERPRINT="$(gpg --with-colons --fingerprint alice@example.org | grep -A1 ^pub | grep ^fpr | cut -d: -f10)"
+          test/expect
+          gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org
+          # Teardown
+          apache2ctl stop
+          doveadm stop
+          /usr/sbin/postmulti -i - -p stop
+          kill %1 || true
+          kill %2 || true
+          sleep 5  # wait for daemons to terminate
diff --git a/test/apache.conf b/test/apache.conf
new file mode 100644
index 0000000..b207f3d
--- /dev/null
+++ b/test/apache.conf
@@ -0,0 +1,24 @@
+ServerName example.org
+
+<VirtualHost *:80>
+    ServerName example.org
+    ServerAlias openpgpkey.example.org
+    ServerAlias openpgpkey
+    DocumentRoot /var/www/html
+    RewriteEngine On
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName example.org
+    ServerAlias openpgpkey.example.org
+    ServerAlias openpgpkey
+    DocumentRoot /var/www/html
+
+    SSLEngine On
+    SSLCertificateFile /etc/ssl/cert.pem
+    SSLCertificateKeyFile /etc/ssl/key.pem
+
+    ProxyPass /.well-known/openpgpkey http://localhost:8080/.well-known/openpgpkey
+    ProxyPassReverse /.well-known/openpgpkey http://localhost:8080/.well-known/openpgpkey
+</VirtualHost>
\ No newline at end of file
diff --git a/test/config-v1.1.xml b/test/config-v1.1.xml
new file mode 100644
index 0000000..50ebbb5
--- /dev/null
+++ b/test/config-v1.1.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<clientConfig version="1.1">
+  <emailProvider id="example.org">
+    <domain>example.org</domain>
+    <displayName>EasyWKS Example</displayName>
+    <displayShortName>Example</displayShortName>
+    <incomingServer type="imap">
+      <hostname>example.org</hostname>
+      <port>993</port>
+      <socketType>SSL</socketType>
+      <authentication>password-cleartext</authentication>
+      <username>%EMAILLOCALPART%</username>
+    </incomingServer>
+    <outgoingServer type="smtp">
+      <hostname>example.org</hostname>
+      <port>25</port>
+      <socketType>STARTTLS</socketType>
+      <authentication>password-cleartext</authentication>
+      <username>%EMAILLOCALPART%</username>
+    </outgoingServer>
+  </emailProvider>
+</clientConfig>
\ No newline at end of file
diff --git a/test/dovecot.conf b/test/dovecot.conf
new file mode 100644
index 0000000..4eaf3c5
--- /dev/null
+++ b/test/dovecot.conf
@@ -0,0 +1,8 @@
+service auth {
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0666
+  }
+}
+ssl_cert = </etc/ssl/cert.pem
+ssl_key = </etc/ssl/key.pem
+log_path = /dev/stderr
\ No newline at end of file
diff --git a/test/easywks.yml b/test/easywks.yml
new file mode 100644
index 0000000..509db68
--- /dev/null
+++ b/test/easywks.yml
@@ -0,0 +1,13 @@
+directory: /tmp/easywks
+httpd:
+  host: 127.0.0.1
+  port: 8080
+lmtpd:
+  host: 127.0.0.1
+  port: 8024
+mailing_method: smtp
+domains:
+  example.org:
+    submission_address: webkey@example.org
+    policy_flags:
+      me.s3lph.easywks_permit-unsigned-response: true  # required for gpg-wks-client compat
\ No newline at end of file
diff --git a/test/expect b/test/expect
new file mode 100755
index 0000000..0f9bfcf
--- /dev/null
+++ b/test/expect
@@ -0,0 +1,19 @@
+#!/usr/bin/expect -f
+spawn ./client.py
+expect "Enter email: "
+send "alice@example.org\n"
+expect "Chose $env(FINGERPRINT)"
+expect "Enter IMAP/POP3/SMTP password (will not echo): "
+send "supersecurepassword\n"
+expect "Autoconfigured incoming server"
+expect "Autoconfigured outgoing server"
+expect "Please confirm: \[Y/n\] "
+send "y\n"
+expect "Sending submission request"
+expect "Awaiting response"
+expect "Received confirmation request"
+expect "Creating confirmation response."
+expect "Sending confirmation response"
+expect "Awaiting publish response"
+expect "Your key has been published to the Web Key Directory."
+expect eof
\ No newline at end of file
diff --git a/test/transport b/test/transport
new file mode 100644
index 0000000..5400b10
--- /dev/null
+++ b/test/transport
@@ -0,0 +1 @@
+webkey@example.org  lmtp:[127.0.0.1]:8024
\ No newline at end of file