1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
| | #!/usr/bin/env bash
test_description='S/MIME signature verification and decryption'
. $(dirname "$0")/test-lib.sh || exit 1
add_gpgsm_home ()
{
local fpr
[ -d "$GNUPGHOME" ] && return
_gnupg_exit () { gpgconf --kill all 2>/dev/null || true; }
at_exit_function _gnupg_exit
mkdir -m 0700 "$GNUPGHOME"
gpgsm --batch --no-tty --no-common-certs-import --disable-dirmngr --import < $NOTMUCH_SRCDIR/test/smime/test.crt >"$GNUPGHOME"/import.log 2>&1
fpr=$(gpgsm --batch --list-key test_suite@notmuchmail.org | sed -n 's/.*fingerprint: //p')
echo "$fpr S relax" >> "$GNUPGHOME/trustlist.txt"
gpgsm --quiet --batch --no-tty --no-common-certs-import --disable-dirmngr --import < $NOTMUCH_SRCDIR/test/smime/ca.crt
echo "4D:E0:FF:63:C0:E9:EC:01:29:11:C8:7A:EE:DA:3A:9A:7F:6E:C1:0D S" >> "$GNUPGHOME/trustlist.txt"
test_debug "cat $GNUPGHOME/import.log"
}
test_require_external_prereq openssl
test_require_external_prereq gpgsm
cp $NOTMUCH_SRCDIR/test/smime/key+cert.pem test_suite.pem
FINGERPRINT=$(openssl x509 -fingerprint -in test_suite.pem -noout | sed -e 's/^.*=//' -e s/://g)
add_gpgsm_home
test_begin_subtest "emacs delivery of S/MIME signed message"
test_expect_success \
'emacs_fcc_message \
"test signed message 001" \
"This is a test signed message." \
"(mml-secure-message-sign \"smime\")"'
test_begin_subtest "emacs delivery of S/MIME encrypted + signed message"
# Hard code the MML to avoid several interactive questions
test_expect_success \
'emacs_fcc_message \
"test encrypted message 001" \
"<#secure method=smime mode=signencrypt keyfile=\\\"test_suite.pem\\\" certfile=\\\"test_suite.pem\\\">\nThis is a test encrypted message.\n"'
test_begin_subtest "Signature verification (openssl)"
notmuch show --format=raw subject:"test signed message 001" |\
openssl smime -verify -CAfile $NOTMUCH_SRCDIR/test/smime/test.crt 2>OUTPUT
cat <<EOF > EXPECTED
Verification successful
EOF
test_expect_equal_file EXPECTED OUTPUT
test_begin_subtest "signature verification (notmuch CLI)"
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
| sed -e 's|"created": [-1234567890]*|"created": 946728000|g' \
-e 's|"expires": [-1234567890]*|"expires": 424242424|g' )
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
"filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
"crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status": "good","userid": "CN=Notmuch Test Suite","expires": 424242424, "created": 946728000}]}},
"headers": {"Subject": "test signed message 001",
"From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
"To": "test_suite@notmuchmail.org",
"Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
"body": [{"id": 1,
"sigstatus": [{"fingerprint": "'$FINGERPRINT'",
"status": "good",
"userid": "CN=Notmuch Test Suite",
"expires": 424242424,
"created": 946728000}],
"content-type": "multipart/signed",
"content": [{"id": 2,
"content-type": "text/plain",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-disposition": "attachment",
"content-length": "NONZERO",
"content-transfer-encoding": "base64",
"content-type": "application/x-pkcs7-signature",
"filename": "smime.p7s"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
"$expected"
test_begin_subtest "Decryption and signature verification (openssl)"
notmuch show --format=raw subject:"test encrypted message 001" |\
openssl smime -decrypt -recip test_suite.pem |\
openssl smime -verify -CAfile $NOTMUCH_SRCDIR/test/smime/test.crt 2>OUTPUT
cat <<EOF > EXPECTED
Verification successful
EOF
test_expect_equal_file EXPECTED OUTPUT
add_email_corpus pkcs7
test_begin_subtest "index PKCS#7 SignedData message"
output=$(notmuch search --output=messages Thanks)
expected=id:smime-onepart-signed@protected-headers.example
test_expect_equal "$expected" "$output"
test_begin_subtest "do not index embedded certificates from PKCS#7 SignedData"
output=$(notmuch search --output=messages 'LAMPS Certificate')
expected=''
test_expect_equal "$expected" "$output"
test_begin_subtest "know the MIME type of the embedded part in PKCS#7 SignedData"
test_subtest_known_broken
output=$(notmuch search --output=messages 'mimetype:text/plain')
expected=id:smime-onepart-signed@protected-headers.example
test_expect_equal "$expected" "$output"
test_begin_subtest "PKCS#7 SignedData message is tagged 'signed'"
test_subtest_known_broken
output=$(notmuch dump id:smime-onepart-signed@protected-headers.example)
expected='#notmuch-dump batch-tag:3 config,properties,tags
+inbox +signed +unread -- id:smime-onepart-signed@protected-headers.example'
test_expect_equal "$expected" "$output"
test_begin_subtest "show contents of PKCS#7 SignedData message"
test_subtest_known_broken
output=$(notmuch show --format=raw --part=2 id:smime-onepart-signed@protected-headers.example)
whitespace=' '
expected="Bob, we need to cancel this contract.
Please start the necessary processes to make that happen today.
Thanks, Alice
--${whitespace}
Alice Lovelace
President
OpenPGP Example Corp"
test_expect_equal "$expected" "$output"
test_begin_subtest "reply to PKCS#7 SignedData message with proper quoting and attribution"
test_subtest_known_broken
output=$(notmuch reply id:smime-onepart-signed@protected-headers.example)
expected="From: Notmuch Test Suite <test_suite@notmuchmail.org>
Subject: Re: The FooCorp contract
To: Alice Lovelace <alice@smime.example>, Bob Babbage <bob@smime.example>
In-Reply-To: <smime-onepart-signed@protected-headers.example>
References: <smime-onepart-signed@protected-headers.example>
On Tue, 26 Nov 2019 20:11:29 -0400, Alice Lovelace <alice@smime.example> wrote:
> Bob, we need to cancel this contract.
>${whitespace}
> Please start the necessary processes to make that happen today.
>${whitespace}
> Thanks, Alice
> --${whitespace}
> Alice Lovelace
> President
> OpenPGP Example Corp"
test_expect_equal "$expected" "$output"
test_begin_subtest "show PKCS#7 SignedData outputs valid JSON"
output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example)
test_valid_json "$output"
test_begin_subtest "Verify signature on PKCS#7 SignedData message"
test_subtest_known_broken
output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]["signed"]["status"][0]={
"created" : 1574813489,
"expires" : 2611032858,
"fingerprint" : "702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB",
"status" : "good"
}'
test_done
|