diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2020-04-28 14:57:21 -0400 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2020-04-30 17:57:26 -0300 |
| commit | b1a04bddc27c80411cf1ca148b3c33720bc8e785 (patch) | |
| tree | 94ae64fde9554f638b36d12a22ceecbbe7e74745 /test/T355-smime.sh | |
| parent | 488e91f42b95c116b387212c90ea47c43c716f5b (diff) | |
tests/smime: add tests for S/MIME SignedData
Add a simple S/MIME SignedData message, taken from an upcoming draft
of
https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/
RFC 8551 describes a SignedData, a one-part clearsigned object that is
more resistant to common patterns of MTA message munging than
multipart/signed (but has the downside that it is only readable by
clients that implement S/MIME).
To make sure sure notmuch can handle this kind of object, we want to
know a few things:
Already working:
- Is the content of the SignedData object indexed? It actually is
right now because of dumb luck -- i think we're indexing the raw
CMS object and it happens to contain the cleartext of the message
in a way that we can consume it before passing it on to Xapian.
- Are we accidentally indexing the embedded PKCS#7 certificates? We
don't want to, and for some reason I don't understand, our indexing
is actually skipping the embedded certificates already. That's
good!
Still need fixing:
- do we know the MIME type of the embedded part?
- do we know that the message is signed?
- can notmuch-show read its content?
- can notmuch-show indicate the signature validity?
- can notmuch-reply properly quote and attribute content?
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'test/T355-smime.sh')
| -rwxr-xr-x | test/T355-smime.sh | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/test/T355-smime.sh b/test/T355-smime.sh index 14e4531d..117fa2b9 100755 --- a/test/T355-smime.sh +++ b/test/T355-smime.sh @@ -119,4 +119,81 @@ test_subtest_known_broken output=$(notmuch search 'this is a test encrypted message') test_expect_equal "$output" "thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message 001 (encrypted inbox signed)" +add_email_corpus pkcs7 + +test_begin_subtest "index PKCS#7 SignedData message" +output=$(notmuch search --output=messages Thanks) +expected=id:smime-onepart-signed@protected-headers.example +test_expect_equal "$expected" "$output" + +test_begin_subtest "do not index embedded certificates from PKCS#7 SignedData" +output=$(notmuch search --output=messages 'LAMPS Certificate') +expected='' +test_expect_equal "$expected" "$output" + +test_begin_subtest "know the MIME type of the embedded part in PKCS#7 SignedData" +test_subtest_known_broken +output=$(notmuch search --output=messages 'mimetype:text/plain') +expected=id:smime-onepart-signed@protected-headers.example +test_expect_equal "$expected" "$output" + +test_begin_subtest "PKCS#7 SignedData message is tagged 'signed'" +test_subtest_known_broken +output=$(notmuch dump id:smime-onepart-signed@protected-headers.example) +expected='#notmuch-dump batch-tag:3 config,properties,tags ++inbox +signed +unread -- id:smime-onepart-signed@protected-headers.example' +test_expect_equal "$expected" "$output" + +test_begin_subtest "show contents of PKCS#7 SignedData message" +test_subtest_known_broken +output=$(notmuch show --format=raw --part=2 id:smime-onepart-signed@protected-headers.example) +whitespace=' ' +expected="Bob, we need to cancel this contract. + +Please start the necessary processes to make that happen today. + +Thanks, Alice +--${whitespace} +Alice Lovelace +President +OpenPGP Example Corp" +test_expect_equal "$expected" "$output" + +test_begin_subtest "reply to PKCS#7 SignedData message with proper quoting and attribution" +test_subtest_known_broken +output=$(notmuch reply id:smime-onepart-signed@protected-headers.example) +expected="From: Notmuch Test Suite <test_suite@notmuchmail.org> +Subject: Re: The FooCorp contract +To: Alice Lovelace <alice@smime.example>, Bob Babbage <bob@smime.example> +In-Reply-To: <smime-onepart-signed@protected-headers.example> +References: <smime-onepart-signed@protected-headers.example> + +On Tue, 26 Nov 2019 20:11:29 -0400, Alice Lovelace <alice@smime.example> wrote: +> Bob, we need to cancel this contract. +>${whitespace} +> Please start the necessary processes to make that happen today. +>${whitespace} +> Thanks, Alice +> --${whitespace} +> Alice Lovelace +> President +> OpenPGP Example Corp" +test_expect_equal "$expected" "$output" + +test_begin_subtest "show PKCS#7 SignedData outputs valid JSON" +output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example) +test_valid_json "$output" + +test_begin_subtest "Verify signature on PKCS#7 SignedData message" +test_subtest_known_broken +output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]["signed"]["status"][0]={ + "created" : 1574813489, + "expires" : 2611032858, + "fingerprint" : "702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB", + "userid" : "CN=Alice Lovelace", + "status" : "good" + }' + test_done |