Merge branch 'release'

[notmuch] / test / T357-index-decryption.sh

diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh
index ad6c36162da529366803669d5d3da1572f9b87f4..1ac2836a6e31e9cab1b8c37444038fc6162bce29 100755 (executable)
--- a/test/T357-index-decryption.sh
+++ b/test/T357-index-decryption.sh
@@ -8,8 +8,6 @@ test_description='indexing decrypted mail'
 ##################################################
 
 add_gnupg_home
-# get key fingerprint
-FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint | grep '^fpr:' | cut -d: -f10)
 
 # create a test encrypted message
 test_begin_subtest 'emacs delivery of encrypted message'
@@ -52,9 +50,6 @@ test_begin_subtest "show the message body of the encrypted message"
 notmuch dump wumpus
 output=$(notmuch show wumpus | notmuch_show_part 3)
 expected='This is a test encrypted message with a wumpus.'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
-    test_subtest_known_broken
-fi
 test_expect_equal \
     "$output" \
     "$expected"
@@ -80,6 +75,21 @@ test_expect_equal \
     "$output" \
     "$expected"
 
+# show the message using stashing decryption
+test_begin_subtest "stash decryption during show"
+output=$(notmuch show --decrypt=stash tag:encrypted subject:002 | notmuch_show_part 3)
+expected='This is a test encrypted message with a wumpus.'
+test_expect_equal \
+    "$output" \
+    "$expected"
+
+test_begin_subtest "search should now find the contents"
+output=$(notmuch search wumpus)
+expected='thread:0000000000000003   2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
+test_expect_equal \
+    "$output" \
+    "$expected"
+
 # try reinserting it with decryption, should appear again, but now we
 # have two copies of the message:
 test_begin_subtest "message cleartext is present after reinserting with --decrypt=true"
@@ -145,9 +155,6 @@ test_begin_subtest 'reindex in auto mode'
 test_expect_success 'notmuch reindex tag:encrypted and property:index.decryption=success'
 test_begin_subtest "reindexed encrypted messages, should not have changed"
 output=$(notmuch search wumpus)
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
-    test_subtest_known_broken
-fi
 test_expect_equal \
     "$output" \
     "$expected"
@@ -215,10 +222,12 @@ add_email_corpus crypto
 
 test_begin_subtest "indexing message fails when secret key not available"
 notmuch reindex --decrypt=true id:simple-encrypted@crypto.notmuchmail.org
-output=$(notmuch dump )
-expected='#notmuch-dump batch-tag:3 config,properties,tags
-+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org
-#= simple-encrypted@crypto.notmuchmail.org index.decryption=failure'
+output=$(notmuch dump | LC_ALL=C sort)
+expected='#= simple-encrypted@crypto.notmuchmail.org index.decryption=failure
+#notmuch-dump batch-tag:3 config,properties,tags
++encrypted +inbox +unread -- id:basic-encrypted@crypto.notmuchmail.org
++encrypted +inbox +unread -- id:encrypted-signed@crypto.notmuchmail.org
++encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org'
 test_expect_equal \
     "$output" \
     "$expected"
@@ -236,11 +245,8 @@ notmuch restore <<EOF
 #= simple-encrypted@crypto.notmuchmail.org session-key=9%3AFC09987F5F927CC0CC0EE80A96E4C5BBF4A499818FB591207705DFDDD6112CF9
 EOF
 notmuch reindex id:simple-encrypted@crypto.notmuchmail.org
-output=$(notmuch search sekrit)
-expected='thread:0000000000000001   2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
-    test_subtest_known_broken
-fi
+output=$(notmuch search sekrit | notmuch_search_sanitize)
+expected='thread:XXX   2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
 test_expect_equal \
     "$output" \
     "$expected"
@@ -248,9 +254,6 @@ test_expect_equal \
 test_begin_subtest "notmuch reply should show cleartext if session key is present"
 output=$(notmuch reply id:simple-encrypted@crypto.notmuchmail.org | grep '^>')
 expected='> This is a top sekrit message.'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
-    test_subtest_known_broken
-fi
 test_expect_equal \
     "$output" \
     "$expected"
@@ -258,9 +261,6 @@ test_expect_equal \
 test_begin_subtest "notmuch show should show cleartext if session key is present"
 output=$(notmuch show id:simple-encrypted@crypto.notmuchmail.org | notmuch_show_part 3)
 expected='This is a top sekrit message.'
-if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
-    test_subtest_known_broken
-fi
 test_expect_equal \
     "$output" \
     "$expected"
@@ -289,6 +289,24 @@ test_expect_equal \
     "$output" \
     "$expected"
 
+goodsig='good_sig:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"'
+nosig='no_sig:[0][0][0]["crypto"]!"signed"'
+
+test_begin_subtest "verify signature without a session key stashed when --decrypt=true"
+output=$(notmuch show --format=json --decrypt=true id:encrypted-signed@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" "$goodsig"
+
+test_begin_subtest "do not verify sig without a session key stashed if --decrypt=auto"
+output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" "$nosig"
+
+test_begin_subtest "verify signature when --decrypt=stash"
+output=$(notmuch show --format=json --decrypt=stash id:encrypted-signed@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" "$goodsig"
+
+test_begin_subtest "verify signature with stashed session key"
+output=$(notmuch show --format=json id:encrypted-signed@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" "$goodsig"
 
 # TODO: test removal of a message from the message store between
 # indexing and reindexing.