git.notmuchmail.org Git - notmuch/blob - test/T356-protected-headers.sh

   1 #!/usr/bin/env bash
   2
   3 # TODO:
   4 #  * check S/MIME as well as PGP/MIME
   5 #  * process headers protected by signature
   6
   7 test_description='Message decryption with protected headers'
   8 . $(dirname "$0")/test-lib.sh || exit 1
   9
  10 ##################################################
  11
  12 add_gnupg_home
  13
  14 add_email_corpus protected-headers
  15
  16 test_begin_subtest "verify protected header is not visible without decryption"
  17 output=$(notmuch show --format=json id:protected-header@crypto.notmuchmail.org)
  18 test_json_nodes <<<"$output" \
  19                 'no_crypto_info:[0][0][0]["crypto"]={}' \
  20                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  21
  22 test_begin_subtest "verify protected header is visible with decryption"
  23 output=$(notmuch show --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
  24 test_subtest_known_broken
  25 test_json_nodes <<<"$output" \
  26                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  27                 'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'
  28
  29 test_begin_subtest "misplaced protected headers should not be made visible during decryption"
  30 output=$(notmuch show --decrypt=true --format=json id:misplaced-protected-header@crypto.notmuchmail.org)
  31 test_json_nodes <<<"$output" \
  32                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  33                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  34
  35 test_begin_subtest "verify double-wrapped phony protected header is not visible when inner decryption fails"
  36 output=$(notmuch show --decrypt=true --format=json id:double-wrapped-with-phony-protected-header@crypto.notmuchmail.org)
  37 test_json_nodes <<<"$output" \
  38                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  39                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  40
  41 test_begin_subtest "cleartext phony protected headers should not be made visible when decryption fails"
  42 output=$(notmuch show --decrypt=true --format=json id:phony-protected-header-bad-encryption@crypto.notmuchmail.org)
  43 test_json_nodes <<<"$output" \
  44                 'no_crypto_info:[0][0][0]["crypto"]={}' \
  45                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  46
  47 test_begin_subtest "wrapped protected headers should not be made visible during decryption"
  48 output=$(notmuch show --decrypt=true --format=json id:wrapped-protected-header@crypto.notmuchmail.org)
  49 test_json_nodes <<<"$output" \
  50                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "partial"}}' \
  51                 'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] Subject Unavailable"'
  52
  53 test_begin_subtest "internal headers without protected-header attribute should be skipped"
  54 output=$(notmuch show --decrypt=true --format=json id:no-protected-header-attribute@crypto.notmuchmail.org)
  55 test_json_nodes <<<"$output" \
  56                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  57                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  58
  59 test_begin_subtest "verify nested message/rfc822 protected header is visible"
  60 output=$(notmuch show --decrypt=true --format=json id:nested-rfc822-message@crypto.notmuchmail.org)
  61 test_subtest_known_broken
  62 test_json_nodes <<<"$output" \
  63                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  64                 'subject:[0][0][0]["headers"]["Subject"]="This is a message using draft-melnikov-smime-header-signing"'
  65
  66 test_done