This commit adds testcases for the new time-stamping functionality. To trigger these testcases, the environment variables $GIT_TEST_TSA_URL and $GIT_TEST_TSA_CAPATH have to be set. They do not default to any value to avoid spamming a pre-defined Time Stamping Authority (TSA). As testing the RFC3161 functionality without a trusted time-stamp signature is not possible, all tests are disabled by default. Signed-off-by: Anton Würfel <anton.wuerfel@xxxxxx> Signed-off-by: Phillip Raffeck <phillip.raffeck@xxxxxx> --- t/t7031-verify-tag.sh | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100755 t/t7031-verify-tag.sh diff --git a/t/t7031-verify-tag.sh b/t/t7031-verify-tag.sh new file mode 100755 index 0000000..bc7953b --- /dev/null +++ b/t/t7031-verify-tag.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +test_description='signed time-stamped tag tests' +. ./test-lib.sh +. "$TEST_DIRECTORY/lib-gpg.sh" + +# Tests for RFC3161 implementation + +if test -n "$NO_OPENSSL" +then + skip_all='skipping test, git built without openssl support' + test_done +fi + +# Disable remote tests by default to avoid spamming of TSAs and to be able to +# test without internet connection + +if test -z "$GIT_TEST_TSA_URL" +then + skip_all='Remote TSA testing disabled (set GIT_TEST_TSA_URL to enable)' + test_done +fi + +if test -z "$GIT_TEST_TSA_CAPATH" +then + skip_all='Remote TSA testing disabled (set GIT_TEST_TSA_CAPATH to enable)' + test_done +fi + +test_expect_success 'create a tag with a timestamp signature' ' + git config ts.tsaurl $GIT_TEST_TSA_URL && + git config ts.capath $GIT_TEST_TSA_CAPATH && + git config ts.failonverify 1 && + test_tick && + echo foo > foo && + git add foo && + git commit -m foo && + git tag -t -m onlytime tsa_onlytime +' + +test_expect_success GPG 'create a tag with gpg and timestamp signatures' ' + echo foobar > bar && + git add bar && + git commit -m test123 && + git tag -s -t -m tsa_both tsa_both +' + +test_expect_success 'verify tag with gpg and timestamp signature' ' + git verify-tag tsa_both +' + +test_expect_success 'verify tag with timestamp signature' ' + test_must_fail git verify-tag tsa_onlytime +' + +test_expect_success 'verify tag with timestamp signature with -t' ' + git verify-tag -t tsa_onlytime +' + +test_expect_success 'verify fudged timestamp' ' + git cat-file tag tsa_onlytime >raw && + sed -e "s/onlytime/morethantime/" raw >forged1 && + git hash-object -w -t tag forged1 >forged1.tag && + test_must_fail git verify-tag $(cat forged1.tag) >actual1 2>&1 && + grep "BAD time-stamp signature" actual1 && + ! grep "Verified timestamp" actual1 +' + +test_done -- 2.8.0.rc0.62.gfc8aefa.dirty -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html