From d008a0b2695d18ea8326a88f609909b26ddf15d0 Mon Sep 17 00:00:00 2001
From: Anton Wuerfel <anton.wuerfel@fau.de>
Date: Wed, 16 Mar 2016 19:45:01 +0100
Subject: [PATCH] Add Testcases for time-stamping functionality
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit adds testcases for the new time-stamping functionality. To trigger
these testcases, the environment variables $GIT_TEST_TSA_URL and
$GIT_TEST_TSA_CAPATH have to be set. They do not default to any value to avoid
spamming a pre-defined Time Stamping Authority (TSA).
As testing the RFC3161 functionality without a trusted time-stamp signature is
not possible, all tests are disabled by default.

Signed-off-by: Anton Würfel <anton.wuerfel@fau.de>
Signed-off-by: Phillip Raffeck <phillip.raffeck@fau.de>
---
 t/t7031-verify-tag.sh | 69 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100755 t/t7031-verify-tag.sh

diff --git a/t/t7031-verify-tag.sh b/t/t7031-verify-tag.sh
new file mode 100755
index 0000000000..bc7953b851
--- /dev/null
+++ b/t/t7031-verify-tag.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+test_description='signed time-stamped tag tests'
+. ./test-lib.sh
+. "$TEST_DIRECTORY/lib-gpg.sh"
+
+# Tests for RFC3161 implementation
+
+if test -n "$NO_OPENSSL"
+then
+	skip_all='skipping test, git built without openssl support'
+	test_done
+fi
+
+# Disable remote tests by default to avoid spamming of TSAs and to be able to
+# test without internet connection
+
+if test -z "$GIT_TEST_TSA_URL"
+then
+	skip_all='Remote TSA testing disabled (set GIT_TEST_TSA_URL to enable)'
+	test_done
+fi
+
+if test -z "$GIT_TEST_TSA_CAPATH"
+then
+	skip_all='Remote TSA testing disabled (set GIT_TEST_TSA_CAPATH to enable)'
+	test_done
+fi
+
+test_expect_success 'create a tag with a timestamp signature' '
+	git config ts.tsaurl $GIT_TEST_TSA_URL &&
+	git config ts.capath $GIT_TEST_TSA_CAPATH &&
+	git config ts.failonverify 1 &&
+	test_tick &&
+	echo foo > foo &&
+	git add foo &&
+	git commit -m foo &&
+	git tag -t -m onlytime tsa_onlytime
+'
+
+test_expect_success GPG 'create a tag with gpg and timestamp signatures' '
+	echo foobar > bar &&
+	git add bar &&
+	git commit -m test123 &&
+	git tag -s -t -m tsa_both tsa_both
+'
+
+test_expect_success 'verify tag with gpg and timestamp signature' '
+	git verify-tag tsa_both
+'
+
+test_expect_success 'verify tag with timestamp signature' '
+	test_must_fail git verify-tag tsa_onlytime
+'
+
+test_expect_success 'verify tag with timestamp signature with -t' '
+	git verify-tag -t tsa_onlytime
+'
+
+test_expect_success 'verify fudged timestamp' '
+	git cat-file tag tsa_onlytime >raw &&
+	sed -e "s/onlytime/morethantime/" raw >forged1 &&
+	git hash-object -w -t tag forged1 >forged1.tag &&
+	test_must_fail git verify-tag $(cat forged1.tag) >actual1 2>&1 &&
+	grep "BAD time-stamp signature" actual1 &&
+	! grep "Verified timestamp" actual1
+'
+
+test_done
-- 
GitLab