From f0285ae2b54940156a35ef0cd276cbd0a8c0954c Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Fri, 4 Jul 2014 20:05:54 -0400
Subject: [PATCH] [test suite] add invalid gpg sig ID list

---
 Makefile.am                              |  1 +
 test/conf/gpg_invalid_sig_id_access.conf |  7 +++++++
 test/test-fwknop.pl                      |  1 +
 test/tests/gpg_no_pw.pl                  | 11 +++++++++++
 4 files changed, 20 insertions(+)
 create mode 100644 test/conf/gpg_invalid_sig_id_access.conf

diff --git a/Makefile.am b/Makefile.am
index 727aea52..20aaa19d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -165,6 +165,7 @@ EXTRA_DIST = \
     test/conf/gpg_no_pw_bad_fpr_access.conf \
     test/conf/gpg_no_pw_no_fpr_access.conf \
     test/conf/gpg_no_sig_verify_access.conf \
+    test/conf/gpg_invalid_sig_id_access.conf \
     test/conf/fwknoprc_gpg_invalid_exe \
     test/conf/fwknoprc_hmac_defaults \
     test/conf/fwknoprc_hmac_time_offset_mins \
diff --git a/test/conf/gpg_invalid_sig_id_access.conf b/test/conf/gpg_invalid_sig_id_access.conf
new file mode 100644
index 00000000..da9a1546
--- /dev/null
+++ b/test/conf/gpg_invalid_sig_id_access.conf
@@ -0,0 +1,7 @@
+SOURCE                      ANY
+FW_ACCESS_TIMEOUT           3
+GPG_HOME_DIR                conf/server-gpg-no-pw
+GPG_DECRYPT_ID              361BBAD4
+GPG_ALLOW_NO_PW             Y
+### the following ID won't verify, but we've disabled signature verification
+GPG_REMOTE_ID               AAAAAAAA
diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl
index 0b16f267..226f5218 100755
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@@ -119,6 +119,7 @@ our %cf = (
     'gpg_no_pw_hmac_serverdir_access' => "$conf_dir/gpg_no_pw_hmac_serverdir_access.conf",
     'gpg_no_pw_hmac_sha512_access' => "$conf_dir/gpg_no_pw_hmac_sha512_access.conf",
     'gpg_no_sig_verify_access'     => "$conf_dir/gpg_no_sig_verify_access.conf",
+    'gpg_invalid_sig_id_access'    => "$conf_dir/gpg_invalid_sig_id_access.conf",
     'tcp_server'                   => "$conf_dir/tcp_server_fwknopd.conf",
     'spa_over_http'                => "$conf_dir/spa_over_http_fwknopd.conf",
     'tcp_pcap_filter'              => "$conf_dir/tcp_pcap_filter_fwknopd.conf",
diff --git a/test/tests/gpg_no_pw.pl b/test/tests/gpg_no_pw.pl
index bc11a567..b4ef36b3 100644
--- a/test/tests/gpg_no_pw.pl
+++ b/test/tests/gpg_no_pw.pl
@@ -22,6 +22,17 @@
         'fw_rule_created' => $NEW_RULE_REQUIRED,
         'fw_rule_removed' => $NEW_RULE_REMOVED,
     },
+    {
+        'category' => 'GPG (no pw)',
+        'subcategory' => 'client+server',
+        'detail'   => 'invalid sig list',
+        'function' => \&spa_cycle,
+        'cmdline'  => $default_client_gpg_args_no_pw,
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} " .
+            "-a $cf{'gpg_invalid_sig_id_access'} $intf_str " .
+            "-d $default_digest_file -p $default_pid_file",
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+    },
 
     {
         'category' => 'GPG (no pw)',