From 9169a853b5bef09b32bd21a446f08ee8e4b9741c Mon Sep 17 00:00:00 2001
From: Alberto Bertogli <albertito@blitiri.com.ar>
Date: Sat, 9 Mar 2024 21:51:10 +0000
Subject: [PATCH] test: Remove obsolete driusan/dkim and dkimpy tests

This patch removes the integration tests that covered using driusan/dkim
and dkimpy's tools in the example hook.

Now that we have internal DKIM support, the example hook doesn't attempt
to use them, so we can remove the tests that cover it.

Those tools, and other DKIM implementations, can still be used in the
post-data hook just as before.
---
 test/t-15-driusan_dkim/config/chasquid.conf   | 10 ---
 .../config/domains/testserver/dkim_selector   |  1 -
 test/t-15-driusan_dkim/config/hooks/post-data | 19 -----
 test/t-15-driusan_dkim/content                |  9 --
 test/t-15-driusan_dkim/hosts                  |  1 -
 test/t-15-driusan_dkim/run.sh                 | 57 -------------
 test/t-19-dkimpy/config/chasquid.conf         | 10 ---
 .../config/domains/testserver/dkim_selector   |  1 -
 test/t-19-dkimpy/config/hooks/post-data       | 42 ----------
 test/t-19-dkimpy/content                      |  9 --
 test/t-19-dkimpy/hosts                        |  1 -
 test/t-19-dkimpy/run.sh                       | 82 -------------------
 12 files changed, 242 deletions(-)
 delete mode 100644 test/t-15-driusan_dkim/config/chasquid.conf
 delete mode 100644 test/t-15-driusan_dkim/config/domains/testserver/dkim_selector
 delete mode 100755 test/t-15-driusan_dkim/config/hooks/post-data
 delete mode 100644 test/t-15-driusan_dkim/content
 delete mode 100644 test/t-15-driusan_dkim/hosts
 delete mode 100755 test/t-15-driusan_dkim/run.sh
 delete mode 100644 test/t-19-dkimpy/config/chasquid.conf
 delete mode 100644 test/t-19-dkimpy/config/domains/testserver/dkim_selector
 delete mode 100755 test/t-19-dkimpy/config/hooks/post-data
 delete mode 100644 test/t-19-dkimpy/content
 delete mode 100644 test/t-19-dkimpy/hosts
 delete mode 100755 test/t-19-dkimpy/run.sh

diff --git a/test/t-15-driusan_dkim/config/chasquid.conf b/test/t-15-driusan_dkim/config/chasquid.conf
deleted file mode 100644
index cf76e8a..0000000
--- a/test/t-15-driusan_dkim/config/chasquid.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-smtp_address: ":1025"
-submission_address: ":1587"
-submission_over_tls_address: ":1465"
-monitoring_address: ":1099"
-
-mail_delivery_agent_bin: "test-mda"
-mail_delivery_agent_args: "%to%"
-
-data_dir: "../.data"
-mail_log_path: "../.logs/mail_log"
diff --git a/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector b/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector
deleted file mode 100644
index 59ccb93..0000000
--- a/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector
+++ /dev/null
@@ -1 +0,0 @@
-testselector1
diff --git a/test/t-15-driusan_dkim/config/hooks/post-data b/test/t-15-driusan_dkim/config/hooks/post-data
deleted file mode 100755
index 354a849..0000000
--- a/test/t-15-driusan_dkim/config/hooks/post-data
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-# If authenticated, sign; otherwise, verify.
-#
-# It is not recommended that we fail delivery on dkim verification failures,
-# but leave it to the MUA to handle verifications.
-# https://tools.ietf.org/html/rfc6376#section-2.2
-#
-# We do a verification here so we have a stronger integration test (check
-# encodings/dot-stuffing/etc. works ok), but it's not recommended for general
-# purposes.
-
-if [ "$AUTH_AS" != "" ]; then
-	DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
-	exec dkimsign -n -hd -key ../.dkimcerts/private.pem \
-		-s $(cat "domains/$DOMAIN/dkim_selector") -d "$DOMAIN"
-fi
-
-exec dkimverify -txt ../.dkimcerts/dns.txt
diff --git a/test/t-15-driusan_dkim/content b/test/t-15-driusan_dkim/content
deleted file mode 100644
index fa095d3..0000000
--- a/test/t-15-driusan_dkim/content
+++ /dev/null
@@ -1,9 +0,0 @@
-Subject: Prueba desde el test
-To: someone@testserver
-
-Crece desde el test el futuro
-Crece desde el test
-
-.
-
-El punto de arriba testea el dot-stuffing, que es importante para DKIM.
diff --git a/test/t-15-driusan_dkim/hosts b/test/t-15-driusan_dkim/hosts
deleted file mode 100644
index 2b9b623..0000000
--- a/test/t-15-driusan_dkim/hosts
+++ /dev/null
@@ -1 +0,0 @@
-testserver localhost
diff --git a/test/t-15-driusan_dkim/run.sh b/test/t-15-driusan_dkim/run.sh
deleted file mode 100755
index 7074eee..0000000
--- a/test/t-15-driusan_dkim/run.sh
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/bash
-#
-# Test integration with driusan's DKIM tools.
-# https://github.com/driusan/dkim
-
-set -e
-. "$(dirname "$0")/../util/lib.sh"
-
-init
-check_hostaliases
-
-for binary in dkimsign dkimverify dkimkeygen; do
-	if ! command -v $binary > /dev/null; then
-		skip "$binary binary not found"
-	fi
-done
-
-generate_certs_for testserver
-( mkdir -p .dkimcerts; cd .dkimcerts; dkimkeygen )
-
-add_user user@testserver secretpassword
-add_user someone@testserver secretpassword
-
-mkdir -p .logs
-chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
-wait_until_ready 1465
-
-# Authenticated: user@testserver -> someone@testserver
-# Should be signed.
-smtpc --addr=localhost:1465 \
-	--server_cert=config/certs/testserver/fullchain.pem \
-	--user=user@testserver --password=secretpassword \
-	someone@testserver < content
-wait_for_file .mail/someone@testserver
-mail_diff content .mail/someone@testserver
-grep -q "DKIM-Signature:" .mail/someone@testserver
-
-# Verify the signature manually, just in case.
-dkimverify -txt .dkimcerts/dns.txt < .mail/someone@testserver
-
-# Save the signed mail so we can verify it later.
-# Drop the first line ("From blah") so it can be used as email contents.
-tail -n +2 .mail/someone@testserver > .signed_content
-
-# Not authenticated: someone@testserver -> someone@testserver
-smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content
-
-# Check that the signature fails on modified content.
-echo "Added content, invalid and not signed" >> .signed_content
-if smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content \
-	> /dev/null 2>&1 ; then
-	fail "DKIM verification succeeded on modified content"
-fi
-
-success
diff --git a/test/t-19-dkimpy/config/chasquid.conf b/test/t-19-dkimpy/config/chasquid.conf
deleted file mode 100644
index cf76e8a..0000000
--- a/test/t-19-dkimpy/config/chasquid.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-smtp_address: ":1025"
-submission_address: ":1587"
-submission_over_tls_address: ":1465"
-monitoring_address: ":1099"
-
-mail_delivery_agent_bin: "test-mda"
-mail_delivery_agent_args: "%to%"
-
-data_dir: "../.data"
-mail_log_path: "../.logs/mail_log"
diff --git a/test/t-19-dkimpy/config/domains/testserver/dkim_selector b/test/t-19-dkimpy/config/domains/testserver/dkim_selector
deleted file mode 100644
index 59ccb93..0000000
--- a/test/t-19-dkimpy/config/domains/testserver/dkim_selector
+++ /dev/null
@@ -1 +0,0 @@
-testselector1
diff --git a/test/t-19-dkimpy/config/hooks/post-data b/test/t-19-dkimpy/config/hooks/post-data
deleted file mode 100755
index 1071e3e..0000000
--- a/test/t-19-dkimpy/config/hooks/post-data
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-# If authenticated, sign; otherwise, verify.
-#
-# It is not recommended that we fail delivery on dkim verification failures,
-# but leave it to the MUA to handle verifications.
-# https://tools.ietf.org/html/rfc6376#section-2.2
-#
-# We do a verification here so we have a stronger integration test (check
-# encodings/dot-stuffing/etc. works ok), but it's not recommended for general
-# purposes.
-
-set -e
-
-TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
-trap 'rm "$TF"' EXIT
-
-# Save the message to the temporary file.
-cat > "$TF"
-
-if [ "$AUTH_AS" != "" ]; then
-	DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
-
-	# Call /usr/bin/dkimsign directly to prevent a conflict with
-	# driusan/dkim, which the integration tests install in ~/go/bin.
-	/usr/bin/dkimsign \
-		"$(cat "domains/$DOMAIN/dkim_selector")" \
-		"$DOMAIN" \
-		"../.dkimcerts/private.key" \
-		< "$TF" > "$TF.dkimout"
-	# dkimpy doesn't provide a way to just show the new headers, so we
-	# have to compute the difference.
-	diff --changed-group-format='%>' \
-		--unchanged-group-format='' \
-		"$TF" "$TF.dkimout" && exit 1
-	rm "$TF.dkimout"
-else
-	# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be
-	# overridden to get the DNS information from anywhere else (text file or custom
-	# DNS server).
-	dkimverify -txt ../.dkimcerts/private.dns < "$TF"
-fi
diff --git a/test/t-19-dkimpy/content b/test/t-19-dkimpy/content
deleted file mode 100644
index fa095d3..0000000
--- a/test/t-19-dkimpy/content
+++ /dev/null
@@ -1,9 +0,0 @@
-Subject: Prueba desde el test
-To: someone@testserver
-
-Crece desde el test el futuro
-Crece desde el test
-
-.
-
-El punto de arriba testea el dot-stuffing, que es importante para DKIM.
diff --git a/test/t-19-dkimpy/hosts b/test/t-19-dkimpy/hosts
deleted file mode 100644
index 2b9b623..0000000
--- a/test/t-19-dkimpy/hosts
+++ /dev/null
@@ -1 +0,0 @@
-testserver localhost
diff --git a/test/t-19-dkimpy/run.sh b/test/t-19-dkimpy/run.sh
deleted file mode 100755
index 7d882b3..0000000
--- a/test/t-19-dkimpy/run.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/bin/bash
-#
-# Test integration with dkimpy.
-
-set -e
-. "$(dirname "$0")/../util/lib.sh"
-
-init
-check_hostaliases
-
-# Check if dkimpy tools are installed in /usr/bin, and driusan/dkim is
-# installed somewhere else in $PATH.
-#
-# Unfortunately we need both because dkimpy's dkimverify lacks the features
-# needed to use it in integration testing.
-#
-# We need to run them and check the help because there are other binaries with
-# the same name.
-# This is really hacky but the most practical way to handle it, since they
-# both have the same binary names.
-if ! /usr/bin/dkimsign --help 2>&1 | grep -q -- --identity; then
-	skip "/usr/bin/dkimsign is not dkimpy's"
-fi
-if ! dkimverify --help 2>&1 < /dev/null | grep -q -- "-txt string"; then
-	skip "dkimverify is not driusan/dkim's"
-fi
-
-generate_certs_for testserver
-( mkdir -p .dkimcerts; cd .dkimcerts; dknewkey private > log 2>&1 )
-
-# Some dkimpy versions have a bug where it can't parse the keys generated by
-# its own key generator. Detect if that's the case, and if so, skip the test.
-# See https://bugs.launchpad.net/dkimpy/+bug/1978835.
-if ! /usr/bin/dkimsign \
-	testselector1 testserver .dkimcerts/private.key \
-	< content 2>&1 | grep -q "DKIM-Signature:"
-then
-	skip "buggy dkimpy version"
-fi
-
-add_user user@testserver secretpassword
-add_user someone@testserver secretpassword
-
-mkdir -p .logs
-chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
-wait_until_ready 1025
-
-# Authenticated: user@testserver -> someone@testserver
-# Should be signed.
-smtpc --addr=localhost:1465 \
-	--server_cert=config/certs/testserver/fullchain.pem \
-	--user=user@testserver --password=secretpassword \
-	someone@testserver < content
-wait_for_file .mail/someone@testserver
-mail_diff content .mail/someone@testserver
-if ! grep -q "DKIM-Signature:" .mail/someone@testserver; then
-	fail "mail not signed, DKIM-Signature header missing"
-fi
-
-# Verify the signature manually, just in case.
-# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be
-# overridden to get the DNS information from anywhere else (text file or custom
-# DNS server).
-dkimverify -txt .dkimcerts/private.dns < .mail/someone@testserver
-
-# Save the signed mail so we can verify it later.
-# Drop the first line ("From blah") so it can be used as email contents.
-tail -n +2 .mail/someone@testserver > .signed_content
-
-# Not authenticated: someone@testserver -> someone@testserver
-smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content
-
-# Check that the signature fails on modified content.
-echo "Added content, invalid and not signed" >> .signed_content
-if smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content \
-	> /dev/null 2>&1 ; then
-	fail "DKIM verification succeeded on modified content"
-fi
-
-success