tests/smime: add tests for S/MIME SignedData
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Tue, 28 Apr 2020 18:57:21 +0000 (14:57 -0400)
committerDavid Bremner <david@tethera.net>
Thu, 30 Apr 2020 20:57:26 +0000 (17:57 -0300)
commitb1a04bddc27c80411cf1ca148b3c33720bc8e785
tree94ae64fde9554f638b36d12a22ceecbbe7e74745
parent488e91f42b95c116b387212c90ea47c43c716f5b
tests/smime: add tests for S/MIME SignedData

Add a simple S/MIME SignedData message, taken from an upcoming draft
of
https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/

RFC 8551 describes a SignedData, a one-part clearsigned object that is
more resistant to common patterns of MTA message munging than
multipart/signed (but has the downside that it is only readable by
clients that implement S/MIME).

To make sure sure notmuch can handle this kind of object, we want to
know a few things:

Already working:

 - Is the content of the SignedData object indexed?  It actually is
   right now because of dumb luck -- i think we're indexing the raw
   CMS object and it happens to contain the cleartext of the message
   in a way that we can consume it before passing it on to Xapian.
 - Are we accidentally indexing the embedded PKCS#7 certificates? We
   don't want to, and for some reason I don't understand, our indexing
   is actually skipping the embedded certificates already.  That's
   good!

Still need fixing:
 - do we know the MIME type of the embedded part?
 - do we know that the message is signed?
 - can notmuch-show read its content?
 - can notmuch-show indicate the signature validity?
 - can notmuch-reply properly quote and attribute content?

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
test/T355-smime.sh
test/corpora/pkcs7/smime-onepart-signed.eml [new file with mode: 0644]