added kkp_ca_file config option

4 files changed, 109 insertions, 12 deletions

diff --git a/test/files/autistici-ca.pem b/test/files/autistici-ca.pem
new file mode 100644
index 0000000..f7f5c12
--- /dev/null
+++ b/test/files/autistici-ca.pem
@@ -0,0 +1,40 @@
+-----BEGIN CERTIFICATE-----
+MIIHGzCCBQOgAwIBAgIJAOz4nHK3k904MA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
+VQQGEwJJVDEcMBoGA1UEChMTQXV0aXN0aWNpL0ludmVudGF0aTE0MDIGA1UEAxMr
+QXV0aXN0aWNpL0ludmVudGF0aSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEfMB0G
+CSqGSIb3DQEJARYQY2FAYXV0aXN0aWNpLm9yZzAeFw0wNTEwMDgxNDIxMTRaFw0x
+NTA5MjkxNDIxMTRaMIGCMQswCQYDVQQGEwJJVDEcMBoGA1UEChMTQXV0aXN0aWNp
+L0ludmVudGF0aTE0MDIGA1UEAxMrQXV0aXN0aWNpL0ludmVudGF0aSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQY2FAYXV0aXN0aWNpLm9y
+ZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM0J8NPYkgcSrBpBXxEo
+rDoxPwbwUP+IYfVD/clMV66mBTovzGaZYC/q+Y8JcpvYPpLDs+Cwm0MSGRFLV8j8
+w6fmQI0ybaV5m4htGiM4HmzMaJ2b7kBuBuCM2GprSgpESS9EXJ+q0kmuMiKkvl5/
+ZdHB0DVUoNN7qnvlRTz9yK7PzXioPVHA+i6ViH90WxYpdndBjI+vSEcA9t7kVU2N
+gjuZuFDcz99e+yHn5o/yTomX0Te8BndznVlyaypIUyTVTdKAoHHJ5PoL3FkdaYAe
+CamXbLev8+9nt9p4Vc1JBiou9y6jG/Eklp9v4+fQ+p+RJxt64H+DmYpTgnWTm/3Q
+XZQuLCLyRFuLuc5hrywBQMiBFPIaZBYJmW6fYI9yIjbXbndQujWq1WFdk65NWg4t
+8PxRvmzvpIdd7WKRAPbjXsUVfDPD/k3XqZzHNd7W70kWCvszbQLH+syNUVMhgBF2
+rx19A9fbsH8GT5asNx1xqfJpueyhgl+7o2s1kjCC20RPw+Umue/JqDlorvrqBqSx
+I/VOGKipUsw/WW3c3CSIE+k5GVGoBQ07f+I+qmFl3p1yqVLk4aiDUy+UBQMWsCYH
+pyPJpyNF7254WLgb5ZaBCB55K1T72iUDx4VJn1uQd8sXjPpFlyjhIvvIszcXw0t0
+IuO8TJYgLyQbGvLwskPpaxwJAgMBAAGjggGQMIIBjDAdBgNVHQ4EFgQUcgSPaLY/
+zYu2JDg6NydLKwFrjW0wgbcGA1UdIwSBrzCBrIAUcgSPaLY/zYu2JDg6NydLKwFr
+jW2hgYikgYUwgYIxCzAJBgNVBAYTAklUMRwwGgYDVQQKExNBdXRpc3RpY2kvSW52
+ZW50YXRpMTQwMgYDVQQDEytBdXRpc3RpY2kvSW52ZW50YXRpIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MR8wHQYJKoZIhvcNAQkBFhBjYUBhdXRpc3RpY2kub3JnggkA
+7PiccreT3TgwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4
+QgEBBAQDAgAHMEYGCWCGSAGG+EIBDQQ5FjdBdXRpc3RpY2kvSW52ZW50YXRpIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5IENlcnRpZmljYXRlMBsGA1UdEQQUMBKBEGNh
+QGF1dGlzdGljaS5vcmcwGwYDVR0SBBQwEoEQY2FAYXV0aXN0aWNpLm9yZzANBgkq
+hkiG9w0BAQUFAAOCAgEAOEHJZVfVVNwe2b9tu2CGjvnKjf/wIAc6qGvVp/o2aQpZ
+TDJWNWEMXqCgQ/c90Fk4thIr47TzYYl0eaNQBNN/l87WHGRmjuCTzhJCdBcdPrqI
+jwep3IouuwZMoN0VZCTlIgeZ/DX/HC3B3bE3HNGTWlBdk3mNobw1saE9CKKEbuDX
+FE1BFbZQ3Kc3vqCY3ZOOrOy1usposj5aq2n8kfnlylvSW3Xyxpd6Ad4MkEhDuohK
+W1vQlmKMyoLwMhLlGtfiqDxeKg/nzZCBavEXg4DIelRTbCuqMwglSDFO95R0uCUG
+meI6GQ/N1+8VVY4+3yMxSmua7kQ1A00J839qqduqcMfE5/KlnZ1IDY+kBP39jBa1
+JHgpRLc3zi8Rn0GRuxuMX3L4bYAWhqcNdlodgCvh1HU2JqWRdCv0xamy2XRk99m1
+zyTYZh5ZkthQJTCJcnKm/C91jLwzm0Jxze/xftBzTQopdZ2zrr4JFGei9MHNpLZ7
+kBXXeobvgkl0bq4TLHP0wE6A9QgA39b8KQ/7LlCSHjpNxtQKv4y54Yz9Lsdj7eUh
+ZIRZTLZuwNzIlT0TGXaqQnLCmqKiP2AJKGAhUyAT4P3QXGheExdpcSyQ3X0kaVaS
+kWSqyylqMmL7oO1p7RVnSApnoVToqaTZXEj8DtmztgWUe7s2n/x8jYKR0qCtx84=
+-----END CERTIFICATE-----
diff --git a/test/files/mayfirst-ca.pem b/test/files/mayfirst-ca.pem
new file mode 100644
index 0000000..471f532
--- /dev/null
+++ b/test/files/mayfirst-ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAvagAwIBAgIJANhg2/WVrETtMA0GCSqGSIb3DQEBBQUAMIGMMR4wHAYD
+VQQKExVNYXkgRmlyc3QvUGVvcGxlIExpbmsxIDAeBgkqhkiG9w0BCQEWEWluZm9A
+bWF5Zmlyc3Qub3JnMREwDwYDVQQHEwhOZXcgWW9yazERMA8GA1UECBMITmV3IFlv
+cmsxCzAJBgNVBAYTAlVTMRUwEwYDVQQDEwxNRlBMIFJvb3QgQ0EwHhcNMDkwMTEy
+MTYyNjU3WhcNMTkwMTEwMTYyNjU3WjCBjDEeMBwGA1UEChMVTWF5IEZpcnN0L1Bl
+b3BsZSBMaW5rMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1heWZpcnN0Lm9yZzERMA8G
+A1UEBxMITmV3IFlvcmsxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQGEwJVUzEV
+MBMGA1UEAxMMTUZQTCBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDQgYTGNjAJADudHV2MZ1QJQdf3YAMB1g/buR9ADsoTzM3vKWzXBvgoC6CFrojw
+RNbVtgU3A9aetLxaWJuBSqqREub+HyZvzD14tP90hq10YthtXoCtjhs6C/mEqckk
+LCGdTZ/lsIiM8tSdoE/OFQNRqk81A4lHgyumHlw3wnVICQIDAQABo4H0MIHxMAwG
+A1UdEwQFMAMBAf8wHQYDVR0OBBYEFHzhAs1Q0Pu6lbptL6VlnVVTDni0MIHBBgNV
+HSMEgbkwgbaAFHzhAs1Q0Pu6lbptL6VlnVVTDni0oYGSpIGPMIGMMR4wHAYDVQQK
+ExVNYXkgRmlyc3QvUGVvcGxlIExpbmsxIDAeBgkqhkiG9w0BCQEWEWluZm9AbWF5
+Zmlyc3Qub3JnMREwDwYDVQQHEwhOZXcgWW9yazERMA8GA1UECBMITmV3IFlvcmsx
+CzAJBgNVBAYTAlVTMRUwEwYDVQQDEwxNRlBMIFJvb3QgQ0GCCQDYYNv1laxE7TAN
+BgkqhkiG9w0BAQUFAAOBgQA8kagGZR+Tp6GRyQWYlcNW9xVYza/xPZhPY4dVYUtv
+Czcw5N1mB0R444c4jhVLIrPWUjcpz46akXXHMGpcIsX/rNetbLCtcE9/AuB+Xg1K
+Fwr/SXkZXVK1vIppXmV0ZBaIB/tRV/SozcGRN/D9ETYX4JhBZU6OXPxNVjp5dvlH
+vQ==
+-----END CERTIFICATE-----
diff --git a/test/test_helper.rb b/test/test_helper.rb
index d6eabe5..7fbe400 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -19,7 +19,11 @@ class Minitest::Test
   end
 
   def file_content(filename)
-    (@file_contents ||= {})[filename] ||= File.read("%s/files/%s" % [File.dirname(__FILE__), filename])
+    (@file_contents ||= {})[filename] ||= File.read(file_path(filename))
+  end
+
+  def file_path(filename)
+    "%s/files/%s" % [File.dirname(__FILE__), filename]
   end
 
   def real_network
@@ -54,4 +58,11 @@ class Minitest::Test
     end
   end
 
+  #
+  # temporarily stubs the config property for the duration of the given block
+  #
+  def stub_config(property, value, &block)
+    Nickserver::Config.stub(property, value, &block)
+  end
+
 end
diff --git a/test/unit/hkp_test.rb b/test/unit/hkp_test.rb
index 0ac4728..9c10aab 100644
--- a/test/unit/hkp_test.rb
+++ b/test/unit/hkp_test.rb
@@ -34,16 +34,6 @@ class HkpTest < Minitest::Test
     end
   end
 
-  def test_key_info_real_network
-    real_network do
-      uid = 'elijah@riseup.net'
-      test_em_callback "Nickserver::HKP::FetchKeyInfo.new.search '#{uid}'" do |keys|
-        assert_equal 1, keys.size
-        assert keys.first.keyid =~ /00440025$/
-      end
-    end
-  end
-
   def test_fetch_key
     uid    = 'cloudadmin@leap.se'
     key_id = 'E818C478D3141282F7590D29D041EB11B1647490'
@@ -77,6 +67,39 @@ class HkpTest < Minitest::Test
     end
   end
 
+  #
+  # real network tests
+  # remember: must be run with REAL_NET=true
+  #
+
+  def test_key_info_real_network
+    real_network do
+      uid = 'elijah@riseup.net'
+      test_em_callback "Nickserver::HKP::FetchKeyInfo.new.search '#{uid}'" do |keys|
+        assert_equal 1, keys.size
+        assert keys.first.keyid =~ /00440025$/
+      end
+    end
+  end
+
+  def test_tls_validation_with_real_network
+    hkp_url = 'https://keys.mayfirst.org/pks/lookup'
+    ca_file = file_path('mayfirst-ca.pem')
+
+    real_network do
+      stub_config(:hkp_url, hkp_url) do
+        stub_config(:hkp_ca_file, ca_file) do
+        #stub_config(:hkp_ca_file, file_path('autistici-ca.pem')) do
+          assert File.exists?(Nickserver::Config.hkp_ca_file)
+          uid = 'elijah@riseup.net'
+          test_em_callback "Nickserver::HKP::FetchKeyInfo.new.search '#{uid}'" do |keys|
+            assert_equal 1, keys.size
+            assert keys.first.keyid =~ /00440025$/
+          end
+        end
+      end
+    end
+  end
 
   protected
 
@@ -97,7 +120,8 @@ class HkpTest < Minitest::Test
       }
       deferrable.errback {|response, msg|
         EM.stop
-        flunk "Expecting callback, but errback invoked with response: #{response} #{msg}"
+        puts caller.join("\n")
+        flunk "Expecting callback, but errback invoked with response: #{response} #{msg}\n\n#{caller.join("\n")}"
       }
     end
     assert false, 'should not get here'