feat: add integration test between easywks server and client

This commit is contained in:
s3lph 2024-06-22 03:05:37 +02:00
parent 3174aff2bc
commit dadbcdbf3f
Signed by: s3lph
GPG key ID: 0AA29A52FB33CFB5
7 changed files with 149 additions and 0 deletions

View file

@ -72,3 +72,65 @@ jobs:
gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org
kill %2 || true
kill %1 || true
easywksserver_easywksclient:
runs-on: docker
steps:
- uses: https://code.forgejo.org/actions/checkout@v4
- name: Integration Test against easywks-client
run: |
# General system setup
useradd -d /home/alice -m alice
useradd -d /home/webkey -m webkey
echo alice:supersecurepassword | chpasswd
echo "postfix postfix/mailname string example.org" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Local only'" | debconf-set-selections
apt update; apt install --yes gnupg2 ca-certificates python3-pip apache2 dovecot-imapd postfix expect
echo "openpgpkey" > /etc/hostname
echo "127.0.0.1 openpgpkey.example.org openpgpkey example.org" > /etc/hosts
pip3 install --break-system-packages -e .[test]
openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/key.pem -out /etc/ssl/cert.pem -sha256 -days 365 -nodes -subj '/CN=openpgpkey.example.org' -addext 'subjectAltName=DNS:openpgpkey.example.org,DNS:example.org'
cp /etc/ssl/cert.pem /usr/local/share/ca-certificates/local.crt
update-ca-certificates
# Setup Apache
a2enmod ssl proxy_http rewrite
rm /etc/apache2/sites-enabled/000-default.conf
cp test/apache.conf /etc/apache2/sites-enabled/easywks.conf
apache2ctl start
mkdir -p /var/www/html/.well-known/autoconfig/mail/
cp test/config-v1.1.xml /var/www/html/.well-known/autoconfig/mail/config-v1.1.xml
# Setup Dovecot
cp test/dovecot.conf /etc/dovecot/conf.d/99-local.conf
dovecot -F &
# Setup Postfix
/usr/lib/postfix/configure-instance.sh -
cp test/transport /etc/postfix/transport
postmap /etc/postfix/transport
postconf smtpd_tls_cert_file=/etc/ssl/cert.pem
postconf smtpd_tls_key_file=/etc/ssl/key.pem
postconf transport_maps=hash:/etc/postfix/transport
postconf smtpd_sasl_type=dovecot
postconf smtpd_sasl_path=private/auth
postconf smtpd_sasl_auth_enable=yes
/usr/sbin/postmulti -i - -p start
# Setup EasyWKS
mkdir -p /tmp/easywks
cp test/easywks.yml /tmp/easywks.yml
easywks --config /tmp/easywks.yml init
easywks --config /tmp/easywks.yml webserver &
easywks --config /tmp/easywks.yml lmtpd &
sleep 3
# Run the test
install -m 0700 -d /tmp/gpg /tmp/cleangpg
export GNUPGHOME=/tmp/gpg
test/genkey.sh alice@example.org
export FINGERPRINT="$(gpg --with-colons --fingerprint alice@example.org | grep -A1 ^pub | grep ^fpr | cut -d: -f10)"
test/expect
gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org
# Teardown
apache2ctl stop
doveadm stop
/usr/sbin/postmulti -i - -p stop
kill %1 || true
kill %2 || true
sleep 5 # wait for daemons to terminate

24
test/apache.conf Normal file
View file

@ -0,0 +1,24 @@
ServerName example.org
<VirtualHost *:80>
ServerName example.org
ServerAlias openpgpkey.example.org
ServerAlias openpgpkey
DocumentRoot /var/www/html
RewriteEngine On
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
ServerName example.org
ServerAlias openpgpkey.example.org
ServerAlias openpgpkey
DocumentRoot /var/www/html
SSLEngine On
SSLCertificateFile /etc/ssl/cert.pem
SSLCertificateKeyFile /etc/ssl/key.pem
ProxyPass /.well-known/openpgpkey http://localhost:8080/.well-known/openpgpkey
ProxyPassReverse /.well-known/openpgpkey http://localhost:8080/.well-known/openpgpkey
</VirtualHost>

22
test/config-v1.1.xml Normal file
View file

@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
<emailProvider id="example.org">
<domain>example.org</domain>
<displayName>EasyWKS Example</displayName>
<displayShortName>Example</displayShortName>
<incomingServer type="imap">
<hostname>example.org</hostname>
<port>993</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>example.org</hostname>
<port>25</port>
<socketType>STARTTLS</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</outgoingServer>
</emailProvider>
</clientConfig>

8
test/dovecot.conf Normal file
View file

@ -0,0 +1,8 @@
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
ssl_cert = </etc/ssl/cert.pem
ssl_key = </etc/ssl/key.pem
log_path = /dev/stderr

13
test/easywks.yml Normal file
View file

@ -0,0 +1,13 @@
directory: /tmp/easywks
httpd:
host: 127.0.0.1
port: 8080
lmtpd:
host: 127.0.0.1
port: 8024
mailing_method: smtp
domains:
example.org:
submission_address: webkey@example.org
policy_flags:
me.s3lph.easywks_permit-unsigned-response: true # required for gpg-wks-client compat

19
test/expect Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/expect -f
spawn ./client.py
expect "Enter email: "
send "alice@example.org\n"
expect "Chose $env(FINGERPRINT)"
expect "Enter IMAP/POP3/SMTP password (will not echo): "
send "supersecurepassword\n"
expect "Autoconfigured incoming server"
expect "Autoconfigured outgoing server"
expect "Please confirm: \[Y/n\] "
send "y\n"
expect "Sending submission request"
expect "Awaiting response"
expect "Received confirmation request"
expect "Creating confirmation response."
expect "Sending confirmation response"
expect "Awaiting publish response"
expect "Your key has been published to the Web Key Directory."
expect eof

1
test/transport Normal file
View file

@ -0,0 +1 @@
webkey@example.org lmtp:[127.0.0.1]:8024