blob 242ad105ce7dd69cd80805ced5c9d9d284c323d2 3503 bytes (raw)
name: test/T356-protected-headers.sh # note: path name is non-authoritative(*)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
| | #!/usr/bin/env bash
# TODO:
# * check S/MIME as well as PGP/MIME
# * process headers protected by signature
test_description='Message decryption with protected headers'
. $(dirname "$0")/test-lib.sh || exit 1
##################################################
add_gnupg_home
# Change this if we ship a new test key
FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
add_email_corpus protected-headers
test_begin_subtest "verify protected header is not visible without decryption"
output=$(notmuch show --format=json id:protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'no_crypto:[0][0][0]!"crypto"' \
'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
test_begin_subtest "verify protected header is visible with decryption"
output=$(notmuch show --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'
test_begin_subtest "misplaced protected headers should not be made visible during decryption"
output=$(notmuch show --decrypt=true --format=json id:misplaced-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
test_begin_subtest "verify double-wrapped phony protected header is not visible when inner decryption fails"
output=$(notmuch show --decrypt=true --format=json id:double-wrapped-with-phony-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
test_begin_subtest "cleartext phony protected headers should not be made visible when decryption fails"
output=$(notmuch show --decrypt=true --format=json id:phony-protected-header-bad-encryption@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'no_crypto:[0][0][0]!"crypto"' \
'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
test_begin_subtest "wrapped protected headers should not be made visible during decryption"
output=$(notmuch show --decrypt=true --format=json id:wrapped-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "partial"}}' \
'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] encrypted message"'
test_begin_subtest "internal headers without protected-header attribute should be skipped"
output=$(notmuch show --decrypt=true --format=json id:no-protected-header-attribute@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
'subject:[0][0][0]["headers"]["Subject"]="encrypted message"'
test_begin_subtest "verify nested message/rfc822 protected header is visible"
output=$(notmuch show --decrypt=true --format=json id:nested-rfc822-message@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
'subject:[0][0][0]["headers"]["Subject"]="This is a message using draft-melnikov-smime-header-signing"'
test_done
|
debug log:
solving 242ad105 ...
found 242ad105 in https://yhetil.org/notmuch/20180511055544.13676-12-dkg@fifthhorseman.net/
found 9c6fe467 in https://yhetil.org/notmuch/20180511055544.13676-11-dkg@fifthhorseman.net/
applying [1/2] https://yhetil.org/notmuch/20180511055544.13676-11-dkg@fifthhorseman.net/
diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh
new file mode 100755
index 00000000..9c6fe467
applying [2/2] https://yhetil.org/notmuch/20180511055544.13676-12-dkg@fifthhorseman.net/
diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh
index 9c6fe467..242ad105 100755
Checking patch test/T356-protected-headers.sh...
Applied patch test/T356-protected-headers.sh cleanly.
Checking patch test/T356-protected-headers.sh...
Applied patch test/T356-protected-headers.sh cleanly.
index at:
100755 242ad105ce7dd69cd80805ced5c9d9d284c323d2 test/T356-protected-headers.sh
(*) Git path names are given by the tree(s) the blob belongs to.
Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).