diff options
Diffstat (limited to '')
-rwxr-xr-x | tests/setup.sh | 173 | ||||
-rwxr-xr-x | tests/t0001-sanity-checks.sh | 6 | ||||
-rwxr-xr-x | tests/t0010-generate-tests.sh | 10 | ||||
-rwxr-xr-x | tests/t0020-show-tests.sh | 12 | ||||
-rwxr-xr-x | tests/t0050-mv-tests.sh | 10 | ||||
-rwxr-xr-x | tests/t0060-rm-tests.sh | 11 | ||||
-rwxr-xr-x | tests/t0100-insert-tests.sh | 9 | ||||
-rwxr-xr-x | tests/t0200-edit-tests.sh | 10 | ||||
-rwxr-xr-x | tests/t0300-reencryption.sh | 18 |
9 files changed, 50 insertions, 209 deletions
diff --git a/tests/setup.sh b/tests/setup.sh index 130589d..ac2d58a 100755 --- a/tests/setup.sh +++ b/tests/setup.sh @@ -6,25 +6,24 @@ # $KEY{1..5} GPG key ids of testing keys # $TEST_HOME This folder -# -# Constants +. ./sharness.sh -TEST_HOME="$(cd "$(dirname "$BASH_SOURCE")"; pwd)" +TEST_HOME="$(cd "$(dirname "$SHARNESS_TEST_FILE")/.."; pwd)" -# -# Find the pass script +export PASSWORD_STORE_DIR="$SHARNESS_TRASH_DIRECTORY/test-store/" +rm -rf "$PASSWORD_STORE_DIR" +mkdir -p "$PASSWORD_STORE_DIR" +if [[ ! -d $PASSWORD_STORE_DIR ]]; then + echo "Could not create $PASSWORD_STORE_DIR" + exit 1 +fi PASS="$TEST_HOME/../src/password-store.sh" - if [[ ! -e $PASS ]]; then echo "Could not find password-store.sh" exit 1 fi -# -# GnuPG configuration - -# Where the test keyring and test key id # Note: the assumption is the test key is unencrypted. export GNUPGHOME="$TEST_HOME/gnupg/" chmod 700 "$GNUPGHOME" @@ -42,157 +41,3 @@ KEY3="EB7D54A8" # pass test key 3 KEY4="E4691410" # pass test key 4 KEY5="39E5020C" # pass test key 5 -# pass_init() -# -# Initialize a password store, setting PASSWORD_STORE_DIR -# -# Arguments: None -# Returns: Nothing, sets PASSWORD_STORE_DIR -pass_init() { - export PASSWORD_STORE_DIR="$SHARNESS_TRASH_DIRECTORY/test-store/" - echo "Initializing test password store ($PASSWORD_STORE_DIR) with key $KEY1" - - if [[ -d $PASSWORD_STORE_DIR ]] ; then - rm -rf "$PASSWORD_STORE_DIR" - if [[ -d $PASSWORD_STORE_DIR ]] ; then - echo "Removal of old store failed." - return 1 - fi - fi - - $PASS init $KEY1 || return 1 -} - -# check_cred() -# -# Check to make sure the given credential looks valid. -# Meaning it exists and has at least one line. -# -# Arguments: <credential name> -# Returns: 0 if valid looking, 1 otherwise -check_cred() { - if [[ "$#" -ne 1 ]]; then - echo "$0: Bad arguments" - return 1 - fi - local cred="$1" - echo "Checking credential $cred" - if ! $PASS show "$cred"; then - echo "Credential $cred does not exist" - return 1 - fi - if [[ -z "$($PASS show "$cred")" ]]; then - echo "Credential $cred empty" - return 1 - fi -} - -# check_no_cred() -# -# Check to make sure the given credential does not exist. -# Use to validate removal, moving, etc. -# -# Arguments: <credential name> -# Returns: 0 if credential does not exist, 1 otherwise -check_no_cred() { - if [[ "$#" -ne 1 ]]; then - echo "$0: Bad arguments" - return 1 - fi - local cred="$1" - echo "Checking for lack of credential $cred" - $PASS show "$cred" || return 0 - echo "Credential $cred exists." - return 1 -} - -# create_cred() -# -# Create a credential with the given name and, optionally, password. -# Credential must not already exist. -# -# Arguments: <credential name> [<password>] -# Returns: 0 on success, 1 otherwise. -create_cred() { - if ! [[ "$#" -gt 0 && "$#" -lt 3 ]]; then - echo "$0: Bad arguments" - return 1 - fi - local cred="$1" - echo "Creating credential $cred" - if ! check_no_cred "$cred"; then - echo "Credential already exists" - return 1 - fi - if [[ "$#" -eq 1 ]]; then - local password="$1" - echo "Using password \"$password\" for $cred" - $PASS insert -f -e "$cred" <<<"$password" || return 1 - else - echo "Generating random password for $cred" - if ! $PASS generate -f "$cred" 24 > /dev/null; then - echo "Failed to create credential $cred" - return 1 - fi - fi - return 0 -} - -# verify_password() -# -# Verify a given credential exists and has the given password. -# -# Arguments: <credential name> <password> -# Returns: 0 on success, 1 otherwise. -verify_password() { - if [[ "$#" -ne 2 ]]; then - echo "$0: Bad arguments" - return 1 - fi - local cred="$1" expected="$2" - echo "Verifing credential $cred has password \"$expected\"" - check_cred "$cred" || return 1 - local actualfile="$SHARNESS_TRASH_DIRECTORY/verify-password-actual.$RANDOM.$RANDOM.$RANDOM.$RANDOM" - local expectedfile="$SHARNESS_TRASH_DIRECTORY/verify-password-expected.$RANDOM.$RANDOM.$RANDOM.$RANDOM" - $PASS show "$TEST_CRED" | sed -n 1p > "$actualfile" && - echo "$expected" > "$expectedfile" && - test_cmp "$expectedfile" "$actualfile" -} - -# canonicalize_gpg_keys() -# -# Resolves key names to key ids. -# -# Arguments: <key name>... -# Returns: 0, and echos keys on new lines -canonicalize_gpg_keys() { - $GPG --list-keys --keyid-format long "$@" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u -} - -# gpg_keys_from_encrypted_file() -# -# Finds keys used to encrypt a .gpg file. -# -# Arguments: <gpg file> -# Returns 0, and echos keys on new lines -gpg_keys_from_encrypted_file() { - $GPG -v --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | sort -u -} - -# gpg_keys_from_group() -# -# Finds keys used in gpg.conf group -# -# Arguments: <group> -# Returns: 0, and echos keys on new lines -gpg_keys_from_group() { - local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)" - local saved_ifs="$IFS" - IFS=";" - local keys=( $output ) - IFS="$saved_ifs" - canonicalize_gpg_keys "${keys[@]}" -} - -# Initialize the test harness -. ./sharness.sh diff --git a/tests/t0001-sanity-checks.sh b/tests/t0001-sanity-checks.sh index 989ca2f..111f21d 100755 --- a/tests/t0001-sanity-checks.sh +++ b/tests/t0001-sanity-checks.sh @@ -8,9 +8,9 @@ test_expect_success 'Make sure we can run pass' ' ' test_expect_success 'Make sure we can initialize our test store' ' - pass_init && - ls -ld "$PASSWORD_STORE_DIR" && - [[ -d "$PASSWORD_STORE_DIR" ]] + pass init $KEY1 && + [[ -e "$PASSWORD_STORE_DIR/.gpg-id" ]] && + [[ $(cat "$PASSWORD_STORE_DIR/.gpg-id") == "$KEY1" ]] ' test_done diff --git a/tests/t0010-generate-tests.sh b/tests/t0010-generate-tests.sh index 71a7f68..66660de 100755 --- a/tests/t0010-generate-tests.sh +++ b/tests/t0010-generate-tests.sh @@ -3,14 +3,10 @@ test_description='Test generate' . ./setup.sh -TEST_CRED="test_cred" -TEST_CRED_LEN=24 - test_expect_success 'Test "generate" command' ' - pass_init && - echo Generating credential "$TEST_CRED" with length $TEST_CRED_LEN && - $PASS generate "$TEST_CRED" $TEST_CRED_LEN && - check_cred "$TEST_CRED" + pass init $KEY1 && + $PASS generate cred 19 && + [[ $($PASS show cred | wc -m) -eq 20 ]] ' test_done diff --git a/tests/t0020-show-tests.sh b/tests/t0020-show-tests.sh index 98108f5..059f537 100755 --- a/tests/t0020-show-tests.sh +++ b/tests/t0020-show-tests.sh @@ -3,16 +3,14 @@ test_description='Test show' . ./setup.sh -TEST_CRED="test_cred" - test_expect_success 'Test "show" command' ' - pass_init && - create_cred "$TEST_CRED" && - $PASS show "$TEST_CRED" + pass init $KEY1 && + pass generate cred1 20 && + $PASS show cred1 ' test_expect_success 'Test "show" of nonexistant password' ' - pass_init && - test_must_fail $PASS show "$TEST_CRED" + test_must_fail $PASS show cred2 ' + test_done diff --git a/tests/t0050-mv-tests.sh b/tests/t0050-mv-tests.sh index cbc1919..10a33f8 100755 --- a/tests/t0050-mv-tests.sh +++ b/tests/t0050-mv-tests.sh @@ -7,12 +7,10 @@ TEST_CRED="test_cred" TEST_CRED_NEW="test_cred_new" test_expect_success 'Test "mv" command' ' - pass_init && - create_cred "$TEST_CRED" && - echo "Moving $TEST_CRED to $TEST_CRED_NEW" && - $PASS mv "$TEST_CRED" "$TEST_CRED_NEW" && - check_cred "$TEST_CRED_NEW" && - check_no_cred "$TEST_CRED" + pass init $KEY1 && + $PASS generate cred1 39 && + $PASS mv cred1 cred2 && + [[ -e $PASSWORD_STORE_DIR/cred2.gpg && ! -e $PASSWORD_STORE_DIR/cred1.gpg ]] ' test_done diff --git a/tests/t0060-rm-tests.sh b/tests/t0060-rm-tests.sh index 25c9e52..50f2790 100755 --- a/tests/t0060-rm-tests.sh +++ b/tests/t0060-rm-tests.sh @@ -3,14 +3,11 @@ test_description='Test rm' . ./setup.sh -TEST_CRED="test_cred" - test_expect_success 'Test "rm" command' ' - pass_init && - create_cred "$TEST_CRED" && - echo "Removing $TEST_CRED" && - echo "y" | $PASS rm "$TEST_CRED" && - check_no_cred "$TEST_CRED" + $PASS init $KEY1 && + $PASS generate cred1 43 && + echo "y" | $PASS rm cred1 && + [[ ! -e $PASSWORD_STORE_DIR/cred1.gpg ]] ' test_expect_success 'Test "rm" of non-existent password' ' diff --git a/tests/t0100-insert-tests.sh b/tests/t0100-insert-tests.sh index 7cc5d5f..28c50d2 100755 --- a/tests/t0100-insert-tests.sh +++ b/tests/t0100-insert-tests.sh @@ -3,13 +3,10 @@ test_description='Test insert' . ./setup.sh -TEST_CRED="test_cred" -TEST_PASSWORD="Hello world" - test_expect_success 'Test "insert" command' ' - pass_init && - echo "$TEST_PASSWORD" | $PASS insert -e "$TEST_CRED" && - verify_password "$TEST_CRED" "$TEST_PASSWORD" + $PASS init $KEY1 && + echo "Hello world" | $PASS insert -e cred1 && + [[ $($PASS show cred1) == "Hello world" ]] ' test_done diff --git a/tests/t0200-edit-tests.sh b/tests/t0200-edit-tests.sh index 288446e..fc88bd5 100755 --- a/tests/t0200-edit-tests.sh +++ b/tests/t0200-edit-tests.sh @@ -3,15 +3,13 @@ test_description='Test edit' . ./setup.sh -TEST_CRED="test_cred" - test_expect_success 'Test "edit" command' ' - pass_init && - create_cred "$TEST_CRED" && + $PASS init $KEY1 && + $PASS generate cred1 90 && export FAKE_EDITOR_PASSWORD="big fat fake password" && export EDITOR="$TEST_HOME/fake-editor-change-password.sh" && - $PASS edit "$TEST_CRED" && - verify_password "$TEST_CRED" "$FAKE_EDITOR_PASSWORD" + $PASS edit cred1 && + [[ $($PASS show cred1) == "$FAKE_EDITOR_PASSWORD" ]] ' test_done diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh index 87f445e..f7968a4 100755 --- a/tests/t0300-reencryption.sh +++ b/tests/t0300-reencryption.sh @@ -5,11 +5,23 @@ test_description='Reencryption consistency' INITIAL_PASSWORD="will this password live? a big question indeed..." -test_expect_success 'Init with key1' ' - pass_init -' +canonicalize_gpg_keys() { + $GPG --list-keys --keyid-format long "$@" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u +} +gpg_keys_from_encrypted_file() { + $GPG -v --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | sort -u +} +gpg_keys_from_group() { + local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)" + local saved_ifs="$IFS" + IFS=";" + local keys=( $output ) + IFS="$saved_ifs" + canonicalize_gpg_keys "${keys[@]}" +} test_expect_success 'Root key encryption' ' + $PASS init $KEY1 && $PASS insert -e folder/cred1 <<<"$INITIAL_PASSWORD" && [[ $(canonicalize_gpg_keys "$KEY1") == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' |