4 # * check S/MIME as well as PGP/MIME
5 # * process headers protected by signature
7 test_description='Message decryption with protected headers'
8 . $(dirname "$0")/test-lib.sh || exit 1
10 ##################################################
14 add_email_corpus protected-headers
16 test_begin_subtest "verify protected header is not visible without decryption"
17 output=$(notmuch show --format=json id:protected-header@crypto.notmuchmail.org)
18 test_json_nodes <<<"$output" \
19 'no_crypto_info:[0][0][0]["crypto"]={}' \
20 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
22 test_begin_subtest "verify protected header is visible with decryption"
23 output=$(notmuch show --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
24 test_json_nodes <<<"$output" \
25 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
26 'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'
28 test_begin_subtest "misplaced protected headers should not be made visible during decryption"
29 output=$(notmuch show --decrypt=true --format=json id:misplaced-protected-header@crypto.notmuchmail.org)
30 test_json_nodes <<<"$output" \
31 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
32 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
34 test_begin_subtest "verify double-wrapped phony protected header is not visible when inner decryption fails"
35 output=$(notmuch show --decrypt=true --format=json id:double-wrapped-with-phony-protected-header@crypto.notmuchmail.org)
36 test_json_nodes <<<"$output" \
37 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
38 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
40 test_begin_subtest "cleartext phony protected headers should not be made visible when decryption fails"
41 output=$(notmuch show --decrypt=true --format=json id:phony-protected-header-bad-encryption@crypto.notmuchmail.org)
42 test_json_nodes <<<"$output" \
43 'no_crypto_info:[0][0][0]["crypto"]={}' \
44 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
46 test_begin_subtest "wrapped protected headers should not be made visible during decryption"
47 output=$(notmuch show --decrypt=true --format=json id:wrapped-protected-header@crypto.notmuchmail.org)
48 test_json_nodes <<<"$output" \
49 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "partial"}}' \
50 'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] Subject Unavailable"'
52 test_begin_subtest "internal headers without protected-header attribute should be skipped"
53 output=$(notmuch show --decrypt=true --format=json id:no-protected-header-attribute@crypto.notmuchmail.org)
54 test_json_nodes <<<"$output" \
55 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
56 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
58 test_begin_subtest "verify nested message/rfc822 protected header is visible"
59 output=$(notmuch show --decrypt=true --format=json id:nested-rfc822-message@crypto.notmuchmail.org)
60 test_json_nodes <<<"$output" \
61 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
62 'subject:[0][0][0]["headers"]["Subject"]="This is a message using draft-melnikov-smime-header-signing"'