From b415ec06c309974247d202c21a0f9f1b0d828f5d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 28 Apr 2020 14:57:22 -0400 Subject: [PATCH] test/protected-headers: Add tests for S/MIME protected headers Recognize the protected subject for S/MIME example protected header messages. Signed-off-by: Daniel Kahn Gillmor --- test/T356-protected-headers.sh | 38 +++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh index 925805df..b7a83715 100755 --- a/test/T356-protected-headers.sh +++ b/test/T356-protected-headers.sh @@ -1,14 +1,14 @@ #!/usr/bin/env bash -# TODO: -# * check S/MIME as well as PGP/MIME - test_description='Message decryption with protected headers' . $(dirname "$0")/test-lib.sh || exit 1 ################################################## +test_require_external_prereq gpgsm + add_gnupg_home +add_gpgsm_home add_email_corpus protected-headers @@ -155,6 +155,38 @@ test_begin_subtest "identify message that had a legacy display part skipped duri output=$(notmuch search --output=messages property:index.repaired=skip-protected-headers-legacy-display) test_expect_equal "$output" id:protected-with-legacy-display@crypto.notmuchmail.org +for variant in multipart-signed onepart-signed; do + test_begin_subtest "verify signed PKCS#7 subject ($variant)" + test_subtest_known_broken + output=$(notmuch show --verify --format=json "id:smime-${variant}@protected-headers.example") + test_json_nodes <<<"$output" \ + 'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \ + 'sig_good:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' \ + 'sig_fpr:[0][0][0]["crypto"]["signed"]["status"][0]["fingerprint"]="702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB"' \ + 'sig_uid:[0][0][0]["crypto"]["signed"]["status"][0]["userid"]="CN=Alice Lovelace"' \ + 'not_encrypted:[0][0][0]["crypto"]!"decrypted"' +done + +for variant in sign+enc sign+enc+legacy-disp; do + test_begin_subtest "confirm signed and encrypted PKCS#7 subject ($variant)" + test_subtest_known_broken + output=$(notmuch show --decrypt=true --format=json "id:smime-${variant}@protected-headers.example") + test_json_nodes <<<"$output" \ + 'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \ + 'sig_good:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' \ + 'sig_fpr:[0][0][0]["crypto"]["signed"]["status"][0]["fingerprint"]="702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB"' \ + 'sig_uid:[0][0][0]["crypto"]["signed"]["status"][0]["userid"]="CN=Alice Lovelace"' \ + 'encrypted:[0][0][0]["crypto"]["decrypted"]={"status":"full","header-mask":{"Subject":"..."}}' +done + +test_begin_subtest "confirm encryption-protected PKCS#7 subject (enc+legacy-disp)" +test_subtest_known_broken +output=$(notmuch show --decrypt=true --format=json "id:smime-enc+legacy-disp@protected-headers.example") +test_json_nodes <<<"$output" \ + 'encrypted:[0][0][0]["crypto"]["decrypted"]={"status":"full","header-mask":{"Subject":"..."}}' \ + 'no_sig:[0][0][0]["crypto"]!"signed"' + + # TODO: test that a part that looks like a legacy-display in # multipart/signed, but not encrypted, is indexed and not stripped.