git.notmuchmail.org Git - notmuch/blob - test/T356-protected-headers.sh

   1 #!/usr/bin/env bash
   2
   3 # TODO:
   4 #  * check S/MIME as well as PGP/MIME
   5 #  * process headers protected by signature
   6
   7 test_description='Message decryption with protected headers'
   8 . $(dirname "$0")/test-lib.sh || exit 1
   9
  10 ##################################################
  11
  12 add_gnupg_home
  13
  14 add_email_corpus protected-headers
  15
  16 test_begin_subtest "verify protected header is not visible without decryption"
  17 output=$(notmuch show --format=json id:protected-header@crypto.notmuchmail.org)
  18 test_json_nodes <<<"$output" \
  19                 'no_crypto_info:[0][0][0]["crypto"]={}' \
  20                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  21
  22 test_begin_subtest "verify protected header is visible with decryption"
  23 output=$(notmuch show --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
  24 test_json_nodes <<<"$output" \
  25                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
  26                 'subject:[0][0][0]["headers"]["Subject"]="This is a protected header"'
  27
  28 test_begin_subtest "misplaced protected headers should not be made visible during decryption"
  29 output=$(notmuch show --decrypt=true --format=json id:misplaced-protected-header@crypto.notmuchmail.org)
  30 test_json_nodes <<<"$output" \
  31                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  32                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  33
  34 test_begin_subtest "verify double-wrapped phony protected header is not visible when inner decryption fails"
  35 output=$(notmuch show --decrypt=true --format=json id:double-wrapped-with-phony-protected-header@crypto.notmuchmail.org)
  36 test_json_nodes <<<"$output" \
  37                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  38                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  39
  40 test_begin_subtest "cleartext phony protected headers should not be made visible when decryption fails"
  41 output=$(notmuch show --decrypt=true --format=json id:phony-protected-header-bad-encryption@crypto.notmuchmail.org)
  42 test_json_nodes <<<"$output" \
  43                 'no_crypto_info:[0][0][0]["crypto"]={}' \
  44                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  45
  46 test_begin_subtest "wrapped protected headers should not be made visible during decryption"
  47 output=$(notmuch show --decrypt=true --format=json id:wrapped-protected-header@crypto.notmuchmail.org)
  48 test_json_nodes <<<"$output" \
  49                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "partial"}}' \
  50                 'subject:[0][0][0]["headers"]["Subject"]="[mailing-list] Subject Unavailable"'
  51
  52 test_begin_subtest "internal headers without protected-header attribute should be skipped"
  53 output=$(notmuch show --decrypt=true --format=json id:no-protected-header-attribute@crypto.notmuchmail.org)
  54 test_json_nodes <<<"$output" \
  55                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full"}}' \
  56                 'subject:[0][0][0]["headers"]["Subject"]="Subject Unavailable"'
  57
  58 test_begin_subtest "verify nested message/rfc822 protected header is visible"
  59 output=$(notmuch show --decrypt=true --format=json id:nested-rfc822-message@crypto.notmuchmail.org)
  60 test_json_nodes <<<"$output" \
  61                 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
  62                 'subject:[0][0][0]["headers"]["Subject"]="This is a message using draft-melnikov-smime-header-signing"'
  63
  64 test_done