mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-12-22 01:14:53 +01:00
tests/smime: add tests for S/MIME SignedData
Add a simple S/MIME SignedData message, taken from an upcoming draft of https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/ RFC 8551 describes a SignedData, a one-part clearsigned object that is more resistant to common patterns of MTA message munging than multipart/signed (but has the downside that it is only readable by clients that implement S/MIME). To make sure sure notmuch can handle this kind of object, we want to know a few things: Already working: - Is the content of the SignedData object indexed? It actually is right now because of dumb luck -- i think we're indexing the raw CMS object and it happens to contain the cleartext of the message in a way that we can consume it before passing it on to Xapian. - Are we accidentally indexing the embedded PKCS#7 certificates? We don't want to, and for some reason I don't understand, our indexing is actually skipping the embedded certificates already. That's good! Still need fixing: - do we know the MIME type of the embedded part? - do we know that the message is signed? - can notmuch-show read its content? - can notmuch-show indicate the signature validity? - can notmuch-reply properly quote and attribute content? Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
488e91f42b
commit
b1a04bddc2
2 changed files with 128 additions and 0 deletions
|
@ -119,4 +119,81 @@ test_subtest_known_broken
|
|||
output=$(notmuch search 'this is a test encrypted message')
|
||||
test_expect_equal "$output" "thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message 001 (encrypted inbox signed)"
|
||||
|
||||
add_email_corpus pkcs7
|
||||
|
||||
test_begin_subtest "index PKCS#7 SignedData message"
|
||||
output=$(notmuch search --output=messages Thanks)
|
||||
expected=id:smime-onepart-signed@protected-headers.example
|
||||
test_expect_equal "$expected" "$output"
|
||||
|
||||
test_begin_subtest "do not index embedded certificates from PKCS#7 SignedData"
|
||||
output=$(notmuch search --output=messages 'LAMPS Certificate')
|
||||
expected=''
|
||||
test_expect_equal "$expected" "$output"
|
||||
|
||||
test_begin_subtest "know the MIME type of the embedded part in PKCS#7 SignedData"
|
||||
test_subtest_known_broken
|
||||
output=$(notmuch search --output=messages 'mimetype:text/plain')
|
||||
expected=id:smime-onepart-signed@protected-headers.example
|
||||
test_expect_equal "$expected" "$output"
|
||||
|
||||
test_begin_subtest "PKCS#7 SignedData message is tagged 'signed'"
|
||||
test_subtest_known_broken
|
||||
output=$(notmuch dump id:smime-onepart-signed@protected-headers.example)
|
||||
expected='#notmuch-dump batch-tag:3 config,properties,tags
|
||||
+inbox +signed +unread -- id:smime-onepart-signed@protected-headers.example'
|
||||
test_expect_equal "$expected" "$output"
|
||||
|
||||
test_begin_subtest "show contents of PKCS#7 SignedData message"
|
||||
test_subtest_known_broken
|
||||
output=$(notmuch show --format=raw --part=2 id:smime-onepart-signed@protected-headers.example)
|
||||
whitespace=' '
|
||||
expected="Bob, we need to cancel this contract.
|
||||
|
||||
Please start the necessary processes to make that happen today.
|
||||
|
||||
Thanks, Alice
|
||||
--${whitespace}
|
||||
Alice Lovelace
|
||||
President
|
||||
OpenPGP Example Corp"
|
||||
test_expect_equal "$expected" "$output"
|
||||
|
||||
test_begin_subtest "reply to PKCS#7 SignedData message with proper quoting and attribution"
|
||||
test_subtest_known_broken
|
||||
output=$(notmuch reply id:smime-onepart-signed@protected-headers.example)
|
||||
expected="From: Notmuch Test Suite <test_suite@notmuchmail.org>
|
||||
Subject: Re: The FooCorp contract
|
||||
To: Alice Lovelace <alice@smime.example>, Bob Babbage <bob@smime.example>
|
||||
In-Reply-To: <smime-onepart-signed@protected-headers.example>
|
||||
References: <smime-onepart-signed@protected-headers.example>
|
||||
|
||||
On Tue, 26 Nov 2019 20:11:29 -0400, Alice Lovelace <alice@smime.example> wrote:
|
||||
> Bob, we need to cancel this contract.
|
||||
>${whitespace}
|
||||
> Please start the necessary processes to make that happen today.
|
||||
>${whitespace}
|
||||
> Thanks, Alice
|
||||
> --${whitespace}
|
||||
> Alice Lovelace
|
||||
> President
|
||||
> OpenPGP Example Corp"
|
||||
test_expect_equal "$expected" "$output"
|
||||
|
||||
test_begin_subtest "show PKCS#7 SignedData outputs valid JSON"
|
||||
output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example)
|
||||
test_valid_json "$output"
|
||||
|
||||
test_begin_subtest "Verify signature on PKCS#7 SignedData message"
|
||||
test_subtest_known_broken
|
||||
output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example)
|
||||
test_json_nodes <<<"$output" \
|
||||
'crypto:[0][0][0]["crypto"]["signed"]["status"][0]={
|
||||
"created" : 1574813489,
|
||||
"expires" : 2611032858,
|
||||
"fingerprint" : "702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB",
|
||||
"userid" : "CN=Alice Lovelace",
|
||||
"status" : "good"
|
||||
}'
|
||||
|
||||
test_done
|
||||
|
|
51
test/corpora/pkcs7/smime-onepart-signed.eml
Normal file
51
test/corpora/pkcs7/smime-onepart-signed.eml
Normal file
|
@ -0,0 +1,51 @@
|
|||
Received: from localhost (localhost [127.0.0.1]); Tue, 26 Nov 2019
|
||||
20:11:46 -0400 (UTC-04:00)
|
||||
Content-Transfer-Encoding: base64
|
||||
Content-Type: application/pkcs7-mime; name="smime.p7m";
|
||||
smime-type="signed-data"
|
||||
MIME-Version: 1.0
|
||||
From: Alice Lovelace <alice@smime.example>
|
||||
To: Bob Babbage <bob@smime.example>
|
||||
Date: Tue, 26 Nov 2019 20:11:29 -0400
|
||||
Subject: The FooCorp contract
|
||||
Message-ID: <smime-onepart-signed@protected-headers.example>
|
||||
|
||||
MIIHRQYJKoZIhvcNAQcCoIIHNjCCBzICAQExDTALBglghkgBZQMEAgEwggHJBgkq
|
||||
hkiG9w0BBwGgggG6BIIBtkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
|
||||
dD0idXMtYXNjaWkiDQpGcm9tOiBBbGljZSBMb3ZlbGFjZSA8YWxpY2VAc21pbWUu
|
||||
ZXhhbXBsZT4NClRvOiBCb2IgQmFiYmFnZSA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpE
|
||||
YXRlOiBUdWUsIDI2IE5vdiAyMDE5IDIwOjExOjI5IC0wNDAwDQpTdWJqZWN0OiBU
|
||||
aGUgRm9vQ29ycCBjb250cmFjdA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZXBhcnQt
|
||||
c2lnbmVkQHByb3RlY3RlZC1oZWFkZXJzLmV4YW1wbGU+DQoNCkJvYiwgd2UgbmVl
|
||||
ZCB0byBjYW5jZWwgdGhpcyBjb250cmFjdC4NCg0KUGxlYXNlIHN0YXJ0IHRoZSBu
|
||||
ZWNlc3NhcnkgcHJvY2Vzc2VzIHRvIG1ha2UgdGhhdCBoYXBwZW4gdG9kYXkuDQoN
|
||||
ClRoYW5rcywgQWxpY2UNCi0tIA0KQWxpY2UgTG92ZWxhY2UNClByZXNpZGVudA0K
|
||||
T3BlblBHUCBFeGFtcGxlIENvcnANCqCCA3IwggNuMIICVqADAgECAhRngrRZc1JL
|
||||
wfRxRxlq8P0RiqpMCzANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDEyJTYW1wbGUg
|
||||
TEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
|
||||
NTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJ
|
||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPurfll0bYkDPMkY1kNn2xXsAqHSGVF
|
||||
+gWNNk3mbhF6BABhLJqDjei5aLXFE3Rq9/RRNivCMrTipF1XsbMIAKgQqr/GI1Q6
|
||||
yN8lfNsK5uU3d9kw5cOyEooGpOGUrvlKMD0LPGDt6MaiJj+KJ2TR73Wd4rfRIIJo
|
||||
FMmV9HZkOs+Tvcg8x6SzGhNq18X2HD10MD78eLXKm039obRD+z2JwWvGvrLbNBey
|
||||
O5A+aMxmCPXRoP1xrNZWBFgKB+WGYDRXW5CXXChthTwMBXFWf4aBpurKMZAyjK2E
|
||||
grQafn6h/DFddQz/NtT6Dr7UhJ2hfFFEW2rYbNsiqQAdllCb4FucWuECAwEAAaOB
|
||||
lzCBlDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1w
|
||||
bGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4E
|
||||
FgQUrC5UWqT9VRivLuhmRDjRJdHXAHkwHwYDVR0jBBgwFoAUt1JNc8CIPbLDeloM
|
||||
85T394Cid9swDQYJKoZIhvcNAQENBQADggEBAHvqjhjPvKtVIVyleoutwa10jir3
|
||||
dooJcQIILM1AunjJ6yHpuuppkc0m3BhwnlOptTKb2EnvSIkTiMY037IBlHWW217Q
|
||||
cUpggEozgQm6Yb77aGptRovPi2XToEdpA8K//02I1jur1H1z8HqzVjMeHCqRaG3Z
|
||||
r4C2AngGSkb6D4yZkxBX8CjtHAsUon06UxYsGYRcVykgk3Qek9qxPScSX8yai1K7
|
||||
7xGcKUCLfIV/JMpv7ysPtXG7Jd62oNnp1T/3+KoP9JlLs5AiPLC13fjeYALPcHVG
|
||||
UXEwdIDp1AB/Zu0a6apHQqICncqRhEB4+hompiQHtlp3TqeAWXQbQUc437sxggHZ
|
||||
MIIB1QIBATBFMC0xKzApBgNVBAMTIlNhbXBsZSBMQU1QUyBDZXJ0aWZpY2F0ZSBB
|
||||
dXRob3JpdHkCFGeCtFlzUkvB9HFHGWrw/RGKqkwLMAsGCWCGSAFlAwQCAaBpMBgG
|
||||
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5MTEyNzAw
|
||||
MTEyOVowLwYJKoZIhvcNAQkEMSIEILsI9kL3zfZiVOEDjAUWrbjHjGMLoGUwEqYH
|
||||
pOA9XZ+QMA0GCSqGSIb3DQEBAQUABIIBAGDat8UYN9MShlKEw3hYVVUk6HKO6Xjp
|
||||
rdgCBKpoyoWJy0VJis0xHxaT2gn/+TPu8a5l6RslgeALjMyflzyzAmrqnknQQG8K
|
||||
bvbt/MwpU/TxnmxT+2oP9TVmAx/IQOq4pQ35uK7peSPck2CcTvZjHTeVBWcsLVEk
|
||||
hELoSD8XFRBo34qdinBzW0/sMlyK1XnlN7khKry1g7uaXcurVqptRA1rWOvCOt72
|
||||
aElKG/Q7OoVgHxbUpdzV3Hqe9/UeTRDUqCs++on2pLlA0TA0Pq8RQ0hDHD/p0t41
|
||||
1RAT1/RbnGQiVfRilMan+VGT4shokb1RoANy/1rOO9ZKlyWToYdRl9E=
|
Loading…
Reference in a new issue