1 Return-Path: <bremner@tethera.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by arlo.cworth.org (Postfix) with ESMTP id B5AC06DE1603
\r
6 for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 05:55:06 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at cworth.org
\r
11 X-Spam-Status: No, score=-0.317 tagged_above=-999 required=5 tests=[AWL=0.234,
\r
12 RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled
\r
13 Received: from arlo.cworth.org ([127.0.0.1])
\r
14 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id PgQ8o_Fbj-Gl for <notmuch@notmuchmail.org>;
\r
16 Fri, 11 Dec 2015 05:55:05 -0800 (PST)
\r
17 Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197])
\r
18 by arlo.cworth.org (Postfix) with ESMTPS id 0CB706DE17A0
\r
19 for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 05:54:58 -0800 (PST)
\r
20 Received: from remotemail by fethera.tethera.net with local (Exim 4.84)
\r
21 (envelope-from <bremner@tethera.net>)
\r
22 id 1a7O9t-0000Rf-BM; Fri, 11 Dec 2015 08:54:53 -0500
\r
23 Received: (nullmailer pid 11210 invoked by uid 1000);
\r
24 Fri, 11 Dec 2015 13:54:52 -0000
\r
25 From: David Bremner <david@tethera.net>
\r
26 To: notmuch@notmuchmail.org
\r
27 Subject: [Patch v2 4/8] test: initial tests for S/MIME and notmuch-emacs
\r
28 Date: Fri, 11 Dec 2015 09:54:43 -0400
\r
29 Message-Id: <1449842087-10972-5-git-send-email-david@tethera.net>
\r
30 X-Mailer: git-send-email 2.6.2
\r
31 In-Reply-To: <1449842087-10972-1-git-send-email-david@tethera.net>
\r
32 References: <1449842087-10972-1-git-send-email-david@tethera.net>
\r
33 X-BeenThere: notmuch@notmuchmail.org
\r
34 X-Mailman-Version: 2.1.20
\r
36 List-Id: "Use and development of the notmuch mail system."
\r
37 <notmuch.notmuchmail.org>
\r
38 List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
\r
39 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
40 List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
\r
41 List-Post: <mailto:notmuch@notmuchmail.org>
\r
42 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
43 List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
\r
44 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
45 X-List-Received-Date: Fri, 11 Dec 2015 13:55:06 -0000
\r
47 Test the ability of notmuch-mua-mail to send S/MIME signed (and
\r
48 encrypted) messages; this really relies on existing functionality in
\r
51 The dependency on openssl to generate keys seems acceptable since
\r
52 that's the method I got to work for smime signing in emacs.
\r
54 The generated keys and messages will later be useful for testing the
\r
57 test/T355-smime.sh | 53 ++++++++++++++++++++++++++++++++++++++++++
\r
58 test/smime/openssl-ca-req.conf | 13 +++++++++++
\r
59 test/smime/openssl-req.conf | 13 +++++++++++
\r
60 test/test-lib.el | 10 ++++++++
\r
61 test/test-lib.sh | 1 +
\r
62 5 files changed, 90 insertions(+)
\r
63 create mode 100755 test/T355-smime.sh
\r
64 create mode 100644 test/smime/openssl-ca-req.conf
\r
65 create mode 100644 test/smime/openssl-req.conf
\r
67 diff --git a/test/T355-smime.sh b/test/T355-smime.sh
\r
68 new file mode 100755
\r
69 index 0000000..5f3ff12
\r
71 +++ b/test/T355-smime.sh
\r
73 +#!/usr/bin/env bash
\r
75 +test_description='S/MIME signature verification and decryption'
\r
78 +test_require_external_prereq openssl
\r
80 +test_begin_subtest "Generate CA Cert"
\r
81 +openssl genpkey -algorithm RSA -out ca.key -pass pass:test -des3 1024
\r
82 +openssl req -new -x509 -key ca.key -passin pass:test \
\r
83 + -config $TEST_DIRECTORY/smime/openssl-ca-req.conf -out ca.crt
\r
84 +test_expect_equal "$(openssl verify ca.crt | tail -1)" "OK"
\r
86 +test_begin_subtest "Generate User Cert"
\r
87 +openssl genpkey -algorithm RSA -out smime.key 1024
\r
88 +openssl req -config $TEST_DIRECTORY/smime/openssl-req.conf \
\r
89 + -new -key smime.key -passin pass:test -nodes \
\r
91 +openssl x509 -req -in smime.csr -passin pass:test -CA ca.crt -CAkey ca.key -set_serial 1 -out test_suite.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
\r
92 +# we need one file with the cert and private key
\r
93 +cat test_suite.crt smime.key > test_suite.pem
\r
94 +test_expect_equal "$(openssl verify -purpose smimesign -CAfile ca.crt test_suite.pem)" "test_suite.pem: OK"
\r
96 +test_expect_success 'emacs delivery of S/MIME signed message' \
\r
97 + 'emacs_fcc_message \
\r
98 + "test signed message 001" \
\r
99 + "This is a test signed message." \
\r
100 + "(mml-secure-message-sign \"smime\")"'
\r
102 +# Hard code the MML to avoid several interactive questions
\r
103 +test_expect_success 'emacs delivery of S/MIME encrypted + signed message' \
\r
104 +'emacs_fcc_message \
\r
105 + "test encrypted message 001" \
\r
106 + "<#secure method=smime mode=signencrypt keyfile=\\\"test_suite.pem\\\" certfile=\\\"test_suite.pem\\\">\nThis is a test encrypted message.\n"'
\r
108 +test_begin_subtest "Signature verification (openssl)"
\r
109 +notmuch show --format=raw subject:"test signed message 001" |\
\r
110 + openssl smime -verify -CAfile ca.crt 2>OUTPUT
\r
111 +cat <<EOF > EXPECTED
\r
112 +Verification successful
\r
114 +test_expect_equal_file OUTPUT EXPECTED
\r
116 +test_begin_subtest "Decryption and signature verification (openssl)"
\r
117 +notmuch show --format=raw subject:"test encrypted message 001" |\
\r
118 + openssl smime -decrypt -recip test_suite.pem |\
\r
119 + openssl smime -verify -CAfile ca.crt 2>OUTPUT
\r
120 +cat <<EOF > EXPECTED
\r
121 +Verification successful
\r
123 +test_expect_equal_file OUTPUT EXPECTED
\r
126 diff --git a/test/smime/openssl-ca-req.conf b/test/smime/openssl-ca-req.conf
\r
127 new file mode 100644
\r
128 index 0000000..49572ee
\r
130 +++ b/test/smime/openssl-ca-req.conf
\r
133 + distinguished_name = req_distinguished_name
\r
137 + [ req_distinguished_name ]
\r
139 + ST = Munchkinlandia
\r
141 + O = Organization Name
\r
142 + OU = Dept. of Fake Certs
\r
143 + CN = Fast Eddies Certs and Chips
\r
144 + emailAddress = fake-ca@example.com
\r
145 diff --git a/test/smime/openssl-req.conf b/test/smime/openssl-req.conf
\r
146 new file mode 100644
\r
147 index 0000000..c6b9de7
\r
149 +++ b/test/smime/openssl-req.conf
\r
152 + distinguished_name = req_distinguished_name
\r
156 + [ req_distinguished_name ]
\r
158 + ST = Munchkinlandia
\r
160 + O = Not much organization
\r
161 + OU = Dept. of Testing
\r
162 + CN = Notmuch Test Suite
\r
163 + emailAddress = test_suite@notmuchmail.org
\r
164 diff --git a/test/test-lib.el b/test/test-lib.el
\r
165 index 04c8d63..596a705 100644
\r
166 --- a/test/test-lib.el
\r
167 +++ b/test/test-lib.el
\r
168 @@ -188,3 +188,13 @@ nothing."
\r
171 (setq mm-text-html-renderer 'html2text)
\r
173 +;; Set some variables for S/MIME tests.
\r
175 +(setq smime-keys '(("" "test_suite.pem" nil)))
\r
177 +(setq mml-smime-use 'openssl)
\r
179 +;; all test keys are without passphrase
\r
180 +(eval-after-load 'smime
\r
181 + '(defun smime-ask-passphrase (cache) nil))
\r
182 diff --git a/test/test-lib.sh b/test/test-lib.sh
\r
183 index 126911f..2e9a499 100644
\r
184 --- a/test/test-lib.sh
\r
185 +++ b/test/test-lib.sh
\r
186 @@ -1325,4 +1325,5 @@ test_declare_external_prereq emacs
\r
187 test_declare_external_prereq ${TEST_EMACSCLIENT}
\r
188 test_declare_external_prereq gdb
\r
189 test_declare_external_prereq gpg
\r
190 +test_declare_external_prereq openssl
\r
191 test_declare_external_prereq ${NOTMUCH_PYTHON}
\r