X-Git-Url: https://git.notmuchmail.org/git?a=blobdiff_plain;f=test%2FT350-crypto.sh;h=3539bafe1afb1ee14189c9a504f9755247ecf898;hb=591388ccd1d7c631d1f98694543d1a80fc521d9f;hp=73aa58dee8a8a758974edc0879e43307a4b5c7d8;hpb=576cff7654a4c3e0c94498977ce7b28ce8f00251;p=notmuch diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh index 73aa58de..3539bafe 100755 --- a/test/T350-crypto.sh +++ b/test/T350-crypto.sh @@ -10,8 +10,6 @@ test_description='PGP/MIME signature verification and decryption' ################################################## add_gnupg_home -# Change this if we ship a new test key -FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381" test_begin_subtest "emacs delivery of signed message" test_expect_success \ @@ -42,7 +40,8 @@ expected='[[[{"id": "XXXXX", "body": [{"id": 1, "sigstatus": [{"status": "good", "fingerprint": "'$FINGERPRINT'", - "created": 946728000}], + "created": 946728000, + "userid": "'"$SELF_USERID"'"}], "content-type": "multipart/signed", "content": [{"id": 2, "content-type": "text/plain", @@ -137,11 +136,11 @@ test_expect_equal_json \ "$output" \ "$expected" -test_begin_subtest "signature verification with full owner trust" -test_subtest_broken_gmime_2 -# give the key full owner trust -echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1 -gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1 +test_begin_subtest "signature verification without full user ID validity" +# give the key no owner trust, removes validity on all user IDs of the +# certificate in the absence of other trusted certifiers: +gpg --quiet --batch --no-tty --export-ownertrust > "$GNUPGHOME/ownertrust.bak" +echo "${FINGERPRINT}:3:" | gpg --quiet --batch --no-tty --import-ownertrust output=$(notmuch show --format=json --verify subject:"test signed message 001" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') @@ -159,8 +158,7 @@ expected='[[[{"id": "XXXXX", "body": [{"id": 1, "sigstatus": [{"status": "good", "fingerprint": "'$FINGERPRINT'", - "created": 946728000, - "userid": "Notmuch Test Suite (INSECURE!)"}], + "created": 946728000}], "content-type": "multipart/signed", "content": [{"id": 2, "content-type": "text/plain", @@ -172,6 +170,7 @@ expected='[[[{"id": "XXXXX", test_expect_equal_json \ "$output" \ "$expected" +gpg --quiet --batch --no-tty --import-ownertrust < "$GNUPGHOME/ownertrust.bak" test_begin_subtest "signature verification with signer key unavailable" # move the gnupghome temporarily out of the way @@ -271,7 +270,6 @@ expected='[[[{"id": "XXXXX", "Date": "Sat, 01 Jan 2000 12:00:00 +0000"}, "body": [{"id": 1, "encstatus": [{"status": "good"}], - "sigstatus": [], "content-type": "multipart/encrypted", "content": [{"id": 2, "content-type": "application/pgp-encrypted", @@ -350,7 +348,6 @@ test_expect_success \ "(mml-secure-message-sign-encrypt)"' test_begin_subtest "decryption + signature verification" -test_subtest_broken_gmime_2 output=$(notmuch show --format=json --decrypt=true subject:"test encrypted message 002" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') @@ -370,7 +367,7 @@ expected='[[[{"id": "XXXXX", "sigstatus": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "created": 946728000, - "userid": "Notmuch Test Suite (INSECURE!)"}], + "userid": "'"$SELF_USERID"'"}], "content-type": "multipart/encrypted", "content": [{"id": 2, "content-type": "application/pgp-encrypted",