#!/usr/bin/env bash

test_description='S/MIME signature verification and decryption'
. ./test-lib.sh

test_require_external_prereq openssl

test_begin_subtest "Generate CA Cert"
openssl genpkey -algorithm RSA -out ca.key -pass pass:test -des3 1024
openssl req -new -x509 -key ca.key -passin pass:test \
	-config $TEST_DIRECTORY/smime/openssl-ca-req.conf -out ca.crt
test_expect_equal "$(openssl verify ca.crt | tail -1)" "OK"

test_begin_subtest "Generate User Cert"
openssl genpkey -algorithm RSA  -out smime.key 1024
openssl req -config $TEST_DIRECTORY/smime/openssl-req.conf \
	-new -key smime.key -passin pass:test -nodes \
	-out smime.csr
openssl x509 -req -in smime.csr -passin pass:test -CA ca.crt -CAkey ca.key -set_serial 1 -out test_suite.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
# we need one file with the cert and private key
cat test_suite.crt smime.key > test_suite.pem
test_expect_equal "$(openssl verify -purpose smimesign -CAfile ca.crt test_suite.pem)" "test_suite.pem: OK"

test_expect_success 'emacs delivery of S/MIME signed message' \
     'emacs_fcc_message \
     "test signed message 001" \
     "This is a test signed message." \
     "(mml-secure-message-sign \"smime\")"'

test_begin_subtest "Signature verification (openssl)"
notmuch show --format=raw subject:"test signed message 001" |\
    openssl smime -verify -CAfile ca.crt 1>STDOUT 2>STDERR
cat <<EOF > EXPECTED
Verification successful
Content-Type: text/plain

This is a test signed message.
EOF
tr -d '\015' < STDOUT | cat STDERR - > OUTPUT
test_expect_equal_file OUTPUT EXPECTED

test_done