Add tests for sq pki lookup.

- Test that the user ID designators behave correctly.
2024-12-11 17:55:36 +01:00 · 2024-12-11 17:55:36 +01:00 · 9564c5cf99
commit 9564c5cf99
parent 551084b560
3 changed files with 89 additions and 0 deletions
--- a/tests/integration.rs
+++ b/tests/integration.rs
@ -33,6 +33,7 @@ mod integration {
    mod sq_pki_link;
    mod sq_pki_link_authorize;
    mod sq_pki_link_list;
+    mod sq_pki_lookup;
    mod sq_pki_vouch_add;
    mod sq_pki_vouch_authorize;
    mod sq_sign;
--- a/tests/integration/common.rs
+++ b/tests/integration/common.rs
@ -1943,6 +1943,29 @@ impl Sq {
        }
    }

+    /// Lookup a binding.
+    pub fn pki_lookup<'a, U>(&self, extra_args: &[&str],
+                             userid: U)
+        -> Result<()>
+        where U: Into<UserIDArg<'a>>,
+    {
+        let mut cmd = self.command();
+        cmd.args([ "pki", "lookup", "--show-paths" ]);
+        for arg in extra_args {
+            cmd.arg(arg);
+        }
+        userid.into().as_arg(&mut cmd);
+
+        let output = self.run(cmd, None);
+        if output.status.success() {
+            Ok(())
+        } else {
+            Err(anyhow::anyhow!(format!(
+                "Command failed:\n{}",
+                String::from_utf8_lossy(&output.stderr))))
+        }
+    }
+
    pub fn sign<'a, H, Q>(&self,
                          signer: H,
                          password_file: Option<&Path>,
--- a/tests/integration/sq_pki_lookup.rs
+++ b/tests/integration/sq_pki_lookup.rs
@ -0,0 +1,65 @@
+use super::common::Sq;
+use super::common::UserIDArg;
+
+#[test]
+fn userid_designators() {
+    // Check the different user ID designators.
+
+    let sq = Sq::new();
+
+    let good_self_signed_email = "alice@example.org";
+    let good_self_signed_userid
+        = &format!("Alice <{}>", good_self_signed_email);
+
+    let other_email = "alice@other.org";
+    let other_userid = &format!("Alice <{}>", other_email);
+
+    let bad_self_signed_email = "alice@bad.org";
+    let bad_self_signed_userid
+        = &format!("Alice <{}>", bad_self_signed_email);
+
+    let (cert, cert_path, _rev_path)
+        = sq.key_generate(&[], &[ good_self_signed_userid ]);
+    sq.key_import(cert_path);
+
+
+    // Link the good self-signed user ID.
+    sq.pki_link_add(&[], cert.key_handle(), &[ good_self_signed_userid ]);
+
+    // Link a non-self-signed user ID.
+    sq.pki_link_add(&[], cert.key_handle(),
+                    &[ UserIDArg::AddUserID(other_userid) ]);
+
+    // --userid matches user IDs that are authenticated.  It doesn't
+    // matter if they are self-signed.
+
+    // Self signed and authenticated.
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::UserID(good_self_signed_userid)).is_ok());
+    // Not self signed, but authenticated.
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::UserID(other_userid)).is_ok());
+    // Self signed, but not authenticated.
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::UserID(bad_self_signed_userid)).is_err());
+
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::UserID(good_self_signed_email)).is_err());
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::UserID(other_email)).is_err());
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::UserID(bad_self_signed_email)).is_err());
+
+    // --email matches user IDs that are authenticated.  It doesn't
+    // matter if they are self-signed.
+
+    // Self signed and authenticated.
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::Email(good_self_signed_email)).is_ok());
+    // Not self signed, but authenticated.
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::Email(other_email)).is_ok());
+    // Self signed, but not authenticated.
+    assert!(sq.pki_lookup(
+        &[], UserIDArg::Email(bad_self_signed_email)).is_err());
+}