debian/notmuch
1
0
Fork 0
mirror of https://git.notmuchmail.org/git/notmuch synced 2024-11-21 18:38:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
notmuch/test/T355-smime.sh

208 lines
8.4 KiB
Bash
Raw Normal View History

test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
#!/usr/bin/env bash
test_description='S/MIME signature verification and decryption'
test: use $(dirname "$0") for sourcing test-lib.sh Don't assume the tests are always run from within the source tree.
2017-09-25 22:38:19 +02:00
. $(dirname "$0")/test-lib.sh || exit 1
test: source $NOTMUCH_SRCDIR/test/test-lib-emacs.sh Sourcing test-lib.sh will cd to TMP_DIRECTORY, so relative path in $0 will not work in previous version . $(dirname "$0")/test-lib-emacs.sh Now individual test scripts -- e.g. ./test/T310-emacs.sh will work.
2021-05-23 09:34:43 +02:00
. $NOTMUCH_SRCDIR/test/test-lib-emacs.sh || exit 1
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
test: add external prereqs to many emacs tests The tests fail otherwise. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
2021-05-01 13:54:16 +02:00
test_require_emacs
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
test_require_external_prereq openssl
test_require_external_prereq gpgsm
T355: specify hash algorithm explicitly On some systems (notably, the one shipped with LibreSSL), default fingerprint digest algorithm is SHA256. On other systems, users can change default digest algorithm by changing default_md in /etc/ssl/default_md. Let's ask openssl to provide us specific algorithm to make the test more deterministic. Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
2020-08-03 17:40:57 +02:00
FINGERPRINT=$(openssl x509 -sha1 -fingerprint -in "$NOTMUCH_SRCDIR/test/smime/key+cert.pem" -noout | sed -e 's/^.*=//' -e s/://g)
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
add_gpgsm_home
test: require test_begin_subtest before test_expect_success Unify the subtests by requiring test_begin_subtest before test_expect_success. (Similar change for test_expect_code will follow.) This increases clarity in the test scripts by having a separate line for the start of the subtest with the heading, and makes it possible to simplify the test infrastructure by making all subtests similar.
2017-02-26 14:43:00 +01:00
test_begin_subtest "emacs delivery of S/MIME signed message"
test_expect_success \
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
'emacs_fcc_message \
"test signed message 001" \
"This is a test signed message." \
"(mml-secure-message-sign \"smime\")"'
test: require test_begin_subtest before test_expect_success Unify the subtests by requiring test_begin_subtest before test_expect_success. (Similar change for test_expect_code will follow.) This increases clarity in the test scripts by having a separate line for the start of the subtest with the heading, and makes it possible to simplify the test infrastructure by making all subtests similar.
2017-02-26 14:43:00 +01:00
test_begin_subtest "emacs delivery of S/MIME encrypted + signed message"
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
# Hard code the MML to avoid several interactive questions
test: require test_begin_subtest before test_expect_success Unify the subtests by requiring test_begin_subtest before test_expect_success. (Similar change for test_expect_code will follow.) This increases clarity in the test scripts by having a separate line for the start of the subtest with the heading, and makes it possible to simplify the test infrastructure by making all subtests similar.
2017-02-26 14:43:00 +01:00
test_expect_success \
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
'emacs_fcc_message \
"test encrypted message 001" \
tests/smime: Use gpgsm instead of openssl for mml creation of S/MIME msgs The documentation for message mode clearly states that EasyPG (which uses GnuPG) is the default and recommended way to use S/MIME with mml-secure: [0] https://www.gnu.org/software/emacs/manual/html_node/message/Using-S_002fMIME.html To ensure that this mode works, we just need to import the secret key in question into gpgsm in addition to the public key. gpgsm should be able pick the right keys+certificates to use based on To/From headers, so we don't have to specify anything manually in the #secure mml tag. The import process from the OpenSSL-preferred form (cert+secretkey) is rather ugly, because gpgsm wants to see a PKCS#12 object when importing secret keys. Note that EasyPG generates the more modern Content-Type: application/pkcs7-signature instead of application/x-pkcs7-signature for the detached signature. We are also obliged to manually set gpgsm's include-certs setting to 1 because gpgsm defaults to send "everything but the root cert". In our weird test case, the certificate we're using is self-signed, so it *is* the root cert, which means that gpgsm doesn't include it by default. Setting it to 1 forces inclusion of the signer's cert, which satisfies openssl's smime subcommand. See https://dev.gnupg.org/T4878 for more details. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:13 +02:00
"<#secure method=smime mode=signencrypt>\nThis is a test encrypted message.\n"'
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
test_begin_subtest "Signature verification (openssl)"
notmuch show --format=raw subject:"test signed message 001" |\
test: use source and build paths in T355-smime.sh Make a distinction between source and build directories.
2017-09-25 22:38:33 +02:00
openssl smime -verify -CAfile $NOTMUCH_SRCDIR/test/smime/test.crt 2>OUTPUT
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
cat <<EOF > EXPECTED
Verification successful
EOF
test_expect_equal_file EXPECTED OUTPUT
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
test_begin_subtest "signature verification (notmuch CLI)"
test/smime: fix signature verification test with newer gmime. The extra machinery to check for the actual output format is justified by the possibility that distros may patch this newer output format into older versions of gmime. Amended-by: Michael J Gruber <git@grubix.eu> Signed-off-by: Michael J Gruber <git@grubix.eu> Amended-again-by: db
2022-04-12 22:15:56 +02:00
if [ $NOTMUCH_GMIME_EMITS_ANGLE_BRACKETS == 1 ]; then
EXPECTED_EMAIL_ADDR='<test_suite@notmuchmail.org>'
else
EXPECTED_EMAIL_ADDR='test_suite@notmuchmail.org'
fi
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
cli/show: emit new whole-message crypto status output This allows MUAs that don't want to think about per-mime-part cryptographic status to have a simple high-level overview of the message's cryptographic state. Sensibly structured encrypted and/or signed messages will work fine with this. The only requirement for the simplest encryption + signing is that the message have all of its encryption and signing protection (the "cryptographic envelope") in a contiguous set of MIME layers at the very outside of the message itself. This is because messages with some subparts signed or encrypted, but with other subparts with no cryptographic protection is very difficult to reason about, and even harder for the user to make sense of or work with. For further characterization of the Cryptographic Envelope and some of the usability tradeoffs, see here: https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#cryptographic-envelope
2019-05-25 20:04:06 +02:00
| sed -e 's|"created": [-1234567890]*|"created": 946728000|g' \
-e 's|"expires": [-1234567890]*|"expires": 424242424|g' )
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
cli/show: list all filenames of a message in the formatted output Instead of just having the first filename for the message, list all duplicate filenames of the message as a list in the formatted outputs. This bumps the format version to 3.
2017-02-25 14:31:31 +01:00
"filename": ["YYYYY"],
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
test/smime: fix signature verification test with newer gmime. The extra machinery to check for the actual output format is justified by the possibility that distros may patch this newer output format into older versions of gmime. Amended-by: Michael J Gruber <git@grubix.eu> Signed-off-by: Michael J Gruber <git@grubix.eu> Amended-again-by: db
2022-04-12 22:15:56 +02:00
"crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status": "good","userid": "CN=Notmuch Test Suite", "email": "'$EXPECTED_EMAIL_ADDR'", "expires": 424242424, "created": 946728000}]}},
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
"headers": {"Subject": "test signed message 001",
"From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
"To": "test_suite@notmuchmail.org",
"Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
"body": [{"id": 1,
cli: implement structured output version 4 Since the error field is unused by the emacs front end, no changes are needed other than bumping the format version number. As it is, this is a bit overengineered, but it will reduce duplication when we support gmime 3.0
2017-06-03 19:47:34 +02:00
"sigstatus": [{"fingerprint": "'$FINGERPRINT'",
gmime-cleanup: simplify T355-smime.sh GMime 3.0 and later can handle User ID as expected. signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-02 15:19:39 +02:00
"status": "good",
"userid": "CN=Notmuch Test Suite",
test/smime: fix signature verification test with newer gmime. The extra machinery to check for the actual output format is justified by the possibility that distros may patch this newer output format into older versions of gmime. Amended-by: Michael J Gruber <git@grubix.eu> Signed-off-by: Michael J Gruber <git@grubix.eu> Amended-again-by: db
2022-04-12 22:15:56 +02:00
"email": "'$EXPECTED_EMAIL_ADDR'",
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
"expires": 424242424,
"created": 946728000}],
"content-type": "multipart/signed",
"content": [{"id": 2,
"content-type": "text/plain",
"content": "This is a test signed message.\n"},
{"id": 3,
cli/show: add content-disposition to structured output message parts Help the clients decide how to display parts. Test updates by Mark Walters <markwalters1009@gmail.com>. One more test fix by db
2017-02-26 19:33:48 +01:00
"content-disposition": "attachment",
tests: account for varying-size cryptographic signatures GnuPG 2.1.16 is now injecting the full issuer fingerprint in its signatures, which makes them about 32 octets larger when ascii-armored. This change in size means that the size of the MIME parts will vary depending on the version of gpg that the user has installed. at any rate, the signature part should be non-zero (this is true for basically any MIME part), so we just test for that instead of an exact size.
2016-11-23 18:57:22 +01:00
"content-length": "NONZERO",
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
"content-transfer-encoding": "base64",
tests/smime: Use gpgsm instead of openssl for mml creation of S/MIME msgs The documentation for message mode clearly states that EasyPG (which uses GnuPG) is the default and recommended way to use S/MIME with mml-secure: [0] https://www.gnu.org/software/emacs/manual/html_node/message/Using-S_002fMIME.html To ensure that this mode works, we just need to import the secret key in question into gpgsm in addition to the public key. gpgsm should be able pick the right keys+certificates to use based on To/From headers, so we don't have to specify anything manually in the #secure mml tag. The import process from the OpenSSL-preferred form (cert+secretkey) is rather ugly, because gpgsm wants to see a PKCS#12 object when importing secret keys. Note that EasyPG generates the more modern Content-Type: application/pkcs7-signature instead of application/x-pkcs7-signature for the detached signature. We are also obliged to manually set gpgsm's include-certs setting to 1 because gpgsm defaults to send "everything but the root cert". In our weird test case, the certificate we're using is self-signed, so it *is* the root cert, which means that gpgsm doesn't include it by default. Setting it to 1 forces inclusion of the signer's cert, which satisfies openssl's smime subcommand. See https://dev.gnupg.org/T4878 for more details. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:13 +02:00
"content-type": "application/pkcs7-signature",
test: add broken S/MIME signature verification test for notmuch CLI The test is pretty much cut and paste from the PGP/MIME version, with obvious updates taken from notmuch output. This also requires setting up gpgsm infrastucture.
2015-08-16 19:41:13 +02:00
"filename": "smime.p7s"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
"$expected"
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
test_begin_subtest "Decryption and signature verification (openssl)"
notmuch show --format=raw subject:"test encrypted message 001" |\
tests/smime: avoid copying the key+cert.pem around No functional change. We no longer need to identify the key and cert to mml-mode when sending an S/MIME message, so making a copy of key+cert.pem to test_suite.pem is superfluous. Get rid of the extra file. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:14 +02:00
openssl smime -decrypt -recip $NOTMUCH_SRCDIR/test/smime/key+cert.pem |\
test: use source and build paths in T355-smime.sh Make a distinction between source and build directories.
2017-09-25 22:38:33 +02:00
openssl smime -verify -CAfile $NOTMUCH_SRCDIR/test/smime/test.crt 2>OUTPUT
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
cat <<EOF > EXPECTED
Verification successful
EOF
test_expect_equal_file EXPECTED OUTPUT
test: add a known broken test for S/MIME decryption This should serve to clarify this feature is not implimented in notmuch yet.
2019-11-18 02:58:12 +01:00
test_begin_subtest "Decryption (notmuch CLI)"
notmuch show --decrypt=true subject:"test encrypted message 001" |\
grep "^This is a" > OUTPUT
cat <<EOF > EXPECTED
This is a test encrypted message.
EOF
test_expect_equal_file EXPECTED OUTPUT
tests/smime: Verify cryptographic message status When consuming a signed+encrypted S/MIME message generated by emacs, we expect to see the same cryptographic properties for the message as a whole. This is not done correctly yet, so the test is marked as known broken. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:18 +02:00
test_begin_subtest "Cryptographic message status (encrypted+signed)"
output=$(notmuch show --format=json --decrypt=true subject:"test encrypted message 001")
test_json_nodes <<<"$output" \
'crypto_encrypted:[0][0][0]["crypto"]["decrypted"]["status"]="full"' \
'crypto_sigok:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' \
'crypto_fpr:[0][0][0]["crypto"]["signed"]["status"][0]["fingerprint"]="616F46CD73834C63847756AF0DFB64A6E0972A47"' \
'crypto_uid:[0][0][0]["crypto"]["signed"]["status"][0]["userid"]="CN=Notmuch Test Suite"'
tests/smime: Test indexing cleartext of envelopedData These tests describe some simple behavior we would expect to work if we were to correctly index the cleartext of encrypted S/MIME messages (PKCS#7 envelopedData). Of course, they don't currently pass, so we mark them known-broken. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:19 +02:00
test_begin_subtest "encrypted+signed message is known to be encrypted, but signature is unknown"
output=$(notmuch search subject:"test encrypted message 001")
test_expect_equal "$output" "thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message 001 (encrypted inbox)"
test_begin_subtest "Encrypted body is not indexed"
output=$(notmuch search 'this is a test encrypted message')
test_expect_equal "$output" ""
test_begin_subtest "Reindex cleartext"
test_expect_success "notmuch reindex --decrypt=true subject:'test encrypted message 001'"
test_begin_subtest "signature is now known"
output=$(notmuch search subject:"test encrypted message 001")
test_expect_equal "$output" "thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message 001 (encrypted inbox signed)"
test_begin_subtest "Encrypted body is indexed"
output=$(notmuch search 'this is a test encrypted message')
test_expect_equal "$output" "thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message 001 (encrypted inbox signed)"
tests/smime: add tests for S/MIME SignedData Add a simple S/MIME SignedData message, taken from an upcoming draft of https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/ RFC 8551 describes a SignedData, a one-part clearsigned object that is more resistant to common patterns of MTA message munging than multipart/signed (but has the downside that it is only readable by clients that implement S/MIME). To make sure sure notmuch can handle this kind of object, we want to know a few things: Already working: - Is the content of the SignedData object indexed? It actually is right now because of dumb luck -- i think we're indexing the raw CMS object and it happens to contain the cleartext of the message in a way that we can consume it before passing it on to Xapian. - Are we accidentally indexing the embedded PKCS#7 certificates? We don't want to, and for some reason I don't understand, our indexing is actually skipping the embedded certificates already. That's good! Still need fixing: - do we know the MIME type of the embedded part? - do we know that the message is signed? - can notmuch-show read its content? - can notmuch-show indicate the signature validity? - can notmuch-reply properly quote and attribute content? Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:21 +02:00
add_email_corpus pkcs7
test_begin_subtest "index PKCS#7 SignedData message"
output=$(notmuch search --output=messages Thanks)
expected=id:smime-onepart-signed@protected-headers.example
test_expect_equal "$expected" "$output"
test_begin_subtest "do not index embedded certificates from PKCS#7 SignedData"
output=$(notmuch search --output=messages 'LAMPS Certificate')
expected=''
test_expect_equal "$expected" "$output"
test_begin_subtest "know the MIME type of the embedded part in PKCS#7 SignedData"
output=$(notmuch search --output=messages 'mimetype:text/plain')
expected=id:smime-onepart-signed@protected-headers.example
test_expect_equal "$expected" "$output"
test_begin_subtest "PKCS#7 SignedData message is tagged 'signed'"
output=$(notmuch dump id:smime-onepart-signed@protected-headers.example)
expected='#notmuch-dump batch-tag:3 config,properties,tags
+inbox +signed +unread -- id:smime-onepart-signed@protected-headers.example'
test_expect_equal "$expected" "$output"
test_begin_subtest "show contents of PKCS#7 SignedData message"
output=$(notmuch show --format=raw --part=2 id:smime-onepart-signed@protected-headers.example)
whitespace=' '
expected="Bob, we need to cancel this contract.
Please start the necessary processes to make that happen today.
Thanks, Alice
--${whitespace}
Alice Lovelace
President
OpenPGP Example Corp"
test_expect_equal "$expected" "$output"
test_begin_subtest "reply to PKCS#7 SignedData message with proper quoting and attribution"
output=$(notmuch reply id:smime-onepart-signed@protected-headers.example)
expected="From: Notmuch Test Suite <test_suite@notmuchmail.org>
Subject: Re: The FooCorp contract
To: Alice Lovelace <alice@smime.example>, Bob Babbage <bob@smime.example>
In-Reply-To: <smime-onepart-signed@protected-headers.example>
References: <smime-onepart-signed@protected-headers.example>
On Tue, 26 Nov 2019 20:11:29 -0400, Alice Lovelace <alice@smime.example> wrote:
> Bob, we need to cancel this contract.
>${whitespace}
> Please start the necessary processes to make that happen today.
>${whitespace}
> Thanks, Alice
> --${whitespace}
> Alice Lovelace
> President
> OpenPGP Example Corp"
test_expect_equal "$expected" "$output"
test_begin_subtest "show PKCS#7 SignedData outputs valid JSON"
output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example)
test_valid_json "$output"
test: support testing notmuch as installed We put some effort into testing the built copy rather than some installed copy. On the other hand for people like packagers, testing the installed copy is also of interest. When NOTMUCH_TEST_INSTALLED is set to a nonempty value, tests do not require a built notmuch tree or running configure. Some of the tests marked as broken when running against installed notmuch are probably fixable.
2023-04-09 16:26:26 +02:00
if [ -z "${NOTMUCH_TEST_INSTALLED-}" ]; then
tests/smime: add tests for S/MIME SignedData Add a simple S/MIME SignedData message, taken from an upcoming draft of https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/ RFC 8551 describes a SignedData, a one-part clearsigned object that is more resistant to common patterns of MTA message munging than multipart/signed (but has the downside that it is only readable by clients that implement S/MIME). To make sure sure notmuch can handle this kind of object, we want to know a few things: Already working: - Is the content of the SignedData object indexed? It actually is right now because of dumb luck -- i think we're indexing the raw CMS object and it happens to contain the cleartext of the message in a way that we can consume it before passing it on to Xapian. - Are we accidentally indexing the embedded PKCS#7 certificates? We don't want to, and for some reason I don't understand, our indexing is actually skipping the embedded certificates already. That's good! Still need fixing: - do we know the MIME type of the embedded part? - do we know that the message is signed? - can notmuch-show read its content? - can notmuch-show indicate the signature validity? - can notmuch-reply properly quote and attribute content? Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:21 +02:00
test_begin_subtest "Verify signature on PKCS#7 SignedData message"
test: treat undefined feature variables as 0 When running the test suite without building first, it is desirable to have the tests consider these variables being undefined as equivalent to the feature not being present, and in particular for the tests not to generate errors.
2023-04-09 16:26:23 +02:00
if [ "${NOTMUCH_HAVE_64BIT_TIME_T-0}" != "1" ]; then
test: mark two tests broken on machines with 32 bit time_t I haven't traced the code path as exhaustively for the SMIME test, but the expiry date in question is larger then representable in a signed 32 bit integer.
2020-06-24 16:32:34 +02:00
test_subtest_known_broken
fi
tests/smime: add tests for S/MIME SignedData Add a simple S/MIME SignedData message, taken from an upcoming draft of https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/ RFC 8551 describes a SignedData, a one-part clearsigned object that is more resistant to common patterns of MTA message munging than multipart/signed (but has the downside that it is only readable by clients that implement S/MIME). To make sure sure notmuch can handle this kind of object, we want to know a few things: Already working: - Is the content of the SignedData object indexed? It actually is right now because of dumb luck -- i think we're indexing the raw CMS object and it happens to contain the cleartext of the message in a way that we can consume it before passing it on to Xapian. - Are we accidentally indexing the embedded PKCS#7 certificates? We don't want to, and for some reason I don't understand, our indexing is actually skipping the embedded certificates already. That's good! Still need fixing: - do we know the MIME type of the embedded part? - do we know that the message is signed? - can notmuch-show read its content? - can notmuch-show indicate the signature validity? - can notmuch-reply properly quote and attribute content? Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:21 +02:00
output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example)
smime: tests of X.509 certificate validity are known-broken on GMime < 3.2.7 When checking cryptographic signatures, Notmuch relies on GMime to tell it whether the certificate that signs a message has a valid User ID or not. If the User ID is not valid, then notmuch does not report the signer's User ID to the user. This means that the consumer of notmuch's cryptographic summary of a message (or of its protected headers) can be confident in relaying the reported identity to the user. However, some versions of GMime before 3.2.7 cannot report Certificate validity for X.509 certificates. This is resolved upstream in GMime at https://github.com/jstedfast/gmime/pull/90. We adapt to this by marking tests of reported User IDs for S/MIME-signed messages as known-broken if GMime is older than 3.2.7 and has not been patched. If GMime >= 3.2.7 and certificate validity still doesn't work for X.509 certs, then there has likely been a regression in GMime and we should fail early, during ./configure. To break out these specific User ID checks from other checks, i had to split some tests into two parts, and reuse $output across the two subtests. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 02:42:41 +02:00
test_json_nodes <<<"$output" \
'created:[0][0][0]["crypto"]["signed"]["status"][0]["created"]=1574813489' \
'expires:[0][0][0]["crypto"]["signed"]["status"][0]["expires"]=2611032858' \
'fingerprint:[0][0][0]["crypto"]["signed"]["status"][0]["fingerprint"]="702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB"' \
'status:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"'
test: support testing notmuch as installed We put some effort into testing the built copy rather than some installed copy. On the other hand for people like packagers, testing the installed copy is also of interest. When NOTMUCH_TEST_INSTALLED is set to a nonempty value, tests do not require a built notmuch tree or running configure. Some of the tests marked as broken when running against installed notmuch are probably fixable.
2023-04-09 16:26:26 +02:00
fi # NOTMUCH_TEST_INSTALLED undefined / empty
smime: tests of X.509 certificate validity are known-broken on GMime < 3.2.7 When checking cryptographic signatures, Notmuch relies on GMime to tell it whether the certificate that signs a message has a valid User ID or not. If the User ID is not valid, then notmuch does not report the signer's User ID to the user. This means that the consumer of notmuch's cryptographic summary of a message (or of its protected headers) can be confident in relaying the reported identity to the user. However, some versions of GMime before 3.2.7 cannot report Certificate validity for X.509 certificates. This is resolved upstream in GMime at https://github.com/jstedfast/gmime/pull/90. We adapt to this by marking tests of reported User IDs for S/MIME-signed messages as known-broken if GMime is older than 3.2.7 and has not been patched. If GMime >= 3.2.7 and certificate validity still doesn't work for X.509 certs, then there has likely been a regression in GMime and we should fail early, during ./configure. To break out these specific User ID checks from other checks, i had to split some tests into two parts, and reuse $output across the two subtests. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 02:42:41 +02:00
test_begin_subtest "Verify signature on PKCS#7 SignedData message signer User ID"
cli/show: If a leaf part has children, show them instead of omitting Until we did PKCS#7 unwrapping, no leaf MIME part could have a child. Now, we treat the unwrapped MIME part as the child of the PKCS#7 SignedData object. So in that case, we want to show it instead of deliberately omitting the content. This fixes the test of the protected subject in id:smime-onepart-signed@protected-headers.example. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-13 00:29:34 +02:00
if [ $NOTMUCH_GMIME_X509_CERT_VALIDITY -ne 1 ]; then
test_subtest_known_broken
fi
tests/smime: add tests for S/MIME SignedData Add a simple S/MIME SignedData message, taken from an upcoming draft of https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/ RFC 8551 describes a SignedData, a one-part clearsigned object that is more resistant to common patterns of MTA message munging than multipart/signed (but has the downside that it is only readable by clients that implement S/MIME). To make sure sure notmuch can handle this kind of object, we want to know a few things: Already working: - Is the content of the SignedData object indexed? It actually is right now because of dumb luck -- i think we're indexing the raw CMS object and it happens to contain the cleartext of the message in a way that we can consume it before passing it on to Xapian. - Are we accidentally indexing the embedded PKCS#7 certificates? We don't want to, and for some reason I don't understand, our indexing is actually skipping the embedded certificates already. That's good! Still need fixing: - do we know the MIME type of the embedded part? - do we know that the message is signed? - can notmuch-show read its content? - can notmuch-show indicate the signature validity? - can notmuch-reply properly quote and attribute content? Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:21 +02:00
test_json_nodes <<<"$output" \
smime: tests of X.509 certificate validity are known-broken on GMime < 3.2.7 When checking cryptographic signatures, Notmuch relies on GMime to tell it whether the certificate that signs a message has a valid User ID or not. If the User ID is not valid, then notmuch does not report the signer's User ID to the user. This means that the consumer of notmuch's cryptographic summary of a message (or of its protected headers) can be confident in relaying the reported identity to the user. However, some versions of GMime before 3.2.7 cannot report Certificate validity for X.509 certificates. This is resolved upstream in GMime at https://github.com/jstedfast/gmime/pull/90. We adapt to this by marking tests of reported User IDs for S/MIME-signed messages as known-broken if GMime is older than 3.2.7 and has not been patched. If GMime >= 3.2.7 and certificate validity still doesn't work for X.509 certs, then there has likely been a regression in GMime and we should fail early, during ./configure. To break out these specific User ID checks from other checks, i had to split some tests into two parts, and reuse $output across the two subtests. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 02:42:41 +02:00
'userid:[0][0][0]["crypto"]["signed"]["status"][0]["userid"]="CN=Alice Lovelace"'
tests/smime: add tests for S/MIME SignedData Add a simple S/MIME SignedData message, taken from an upcoming draft of https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/ RFC 8551 describes a SignedData, a one-part clearsigned object that is more resistant to common patterns of MTA message munging than multipart/signed (but has the downside that it is only readable by clients that implement S/MIME). To make sure sure notmuch can handle this kind of object, we want to know a few things: Already working: - Is the content of the SignedData object indexed? It actually is right now because of dumb luck -- i think we're indexing the raw CMS object and it happens to contain the cleartext of the message in a way that we can consume it before passing it on to Xapian. - Are we accidentally indexing the embedded PKCS#7 certificates? We don't want to, and for some reason I don't understand, our indexing is actually skipping the embedded certificates already. That's good! Still need fixing: - do we know the MIME type of the embedded part? - do we know that the message is signed? - can notmuch-show read its content? - can notmuch-show indicate the signature validity? - can notmuch-reply properly quote and attribute content? Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-28 20:57:21 +02:00
test: initial tests for S/MIME and notmuch-emacs Test the ability of notmuch-mua-mail to send S/MIME signed (and encrypted) messages; this really relies on existing functionality in message-mode. The generated keys and messages will later be useful for testing the notmuch CLI.
2015-08-16 19:41:12 +02:00
test_done
Reference in a new issue Copy permalink