[Patch v2 4/8] test: initial tests for S/MIME and notmuch-emacs

[notmuch-archives.git] / aa / 5dba9956ed2ddbeb28bf0c676197c5eccba892

Return-Path: <bremner@tethera.net>\r
X-Original-To: notmuch@notmuchmail.org\r
Delivered-To: notmuch@notmuchmail.org\r
Received: from localhost (localhost [127.0.0.1])\r
 by arlo.cworth.org (Postfix) with ESMTP id B5AC06DE1603\r
 for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 05:55:06 -0800 (PST)\r
X-Virus-Scanned: Debian amavisd-new at cworth.org\r
X-Spam-Flag: NO\r
X-Spam-Score: -0.317\r
X-Spam-Level: \r
X-Spam-Status: No, score=-0.317 tagged_above=-999 required=5 tests=[AWL=0.234,\r
  RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled\r
Received: from arlo.cworth.org ([127.0.0.1])\r
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
 with ESMTP id PgQ8o_Fbj-Gl for <notmuch@notmuchmail.org>;\r
 Fri, 11 Dec 2015 05:55:05 -0800 (PST)\r
Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197])\r
 by arlo.cworth.org (Postfix) with ESMTPS id 0CB706DE17A0\r
 for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 05:54:58 -0800 (PST)\r
Received: from remotemail by fethera.tethera.net with local (Exim 4.84)\r
 (envelope-from <bremner@tethera.net>)\r
 id 1a7O9t-0000Rf-BM; Fri, 11 Dec 2015 08:54:53 -0500\r
Received: (nullmailer pid 11210 invoked by uid 1000);\r
 Fri, 11 Dec 2015 13:54:52 -0000\r
From: David Bremner <david@tethera.net>\r
To: notmuch@notmuchmail.org\r
Subject: [Patch v2 4/8] test: initial tests for S/MIME and notmuch-emacs\r
Date: Fri, 11 Dec 2015 09:54:43 -0400\r
Message-Id: <1449842087-10972-5-git-send-email-david@tethera.net>\r
X-Mailer: git-send-email 2.6.2\r
In-Reply-To: <1449842087-10972-1-git-send-email-david@tethera.net>\r
References: <1449842087-10972-1-git-send-email-david@tethera.net>\r
X-BeenThere: notmuch@notmuchmail.org\r
X-Mailman-Version: 2.1.20\r
Precedence: list\r
List-Id: "Use and development of the notmuch mail system."\r
 <notmuch.notmuchmail.org>\r
List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
List-Post: <mailto:notmuch@notmuchmail.org>\r
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
X-List-Received-Date: Fri, 11 Dec 2015 13:55:06 -0000\r
\r
Test the ability of notmuch-mua-mail to send S/MIME signed (and\r
encrypted) messages; this really relies on existing functionality in\r
message-mode.\r
\r
The dependency on openssl to generate keys seems acceptable since\r
that's the method I got to work for smime signing in emacs.\r
\r
The generated keys and messages will later be useful for testing the\r
notmuch CLI.\r
---\r
 test/T355-smime.sh             | 53 ++++++++++++++++++++++++++++++++++++++++++\r
 test/smime/openssl-ca-req.conf | 13 +++++++++++\r
 test/smime/openssl-req.conf    | 13 +++++++++++\r
 test/test-lib.el               | 10 ++++++++\r
 test/test-lib.sh               |  1 +\r
 5 files changed, 90 insertions(+)\r
 create mode 100755 test/T355-smime.sh\r
 create mode 100644 test/smime/openssl-ca-req.conf\r
 create mode 100644 test/smime/openssl-req.conf\r
\r
diff --git a/test/T355-smime.sh b/test/T355-smime.sh\r
new file mode 100755\r
index 0000000..5f3ff12\r
--- /dev/null\r
+++ b/test/T355-smime.sh\r
@@ -0,0 +1,53 @@\r
+#!/usr/bin/env bash\r
+\r
+test_description='S/MIME signature verification and decryption'\r
+. ./test-lib.sh\r
+\r
+test_require_external_prereq openssl\r
+\r
+test_begin_subtest "Generate CA Cert"\r
+openssl genpkey -algorithm RSA -out ca.key -pass pass:test -des3 1024\r
+openssl req -new -x509 -key ca.key -passin pass:test \\r
+       -config $TEST_DIRECTORY/smime/openssl-ca-req.conf -out ca.crt\r
+test_expect_equal "$(openssl verify ca.crt | tail -1)" "OK"\r
+\r
+test_begin_subtest "Generate User Cert"\r
+openssl genpkey -algorithm RSA  -out smime.key 1024\r
+openssl req -config $TEST_DIRECTORY/smime/openssl-req.conf \\r
+       -new -key smime.key -passin pass:test -nodes \\r
+       -out smime.csr\r
+openssl x509 -req -in smime.csr -passin pass:test -CA ca.crt -CAkey ca.key -set_serial 1 -out test_suite.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout\r
+# we need one file with the cert and private key\r
+cat test_suite.crt smime.key > test_suite.pem\r
+test_expect_equal "$(openssl verify -purpose smimesign -CAfile ca.crt test_suite.pem)" "test_suite.pem: OK"\r
+\r
+test_expect_success 'emacs delivery of S/MIME signed message' \\r
+     'emacs_fcc_message \\r
+     "test signed message 001" \\r
+     "This is a test signed message." \\r
+     "(mml-secure-message-sign \"smime\")"'\r
+\r
+# Hard code the MML to avoid several interactive questions\r
+test_expect_success 'emacs delivery of S/MIME encrypted + signed message' \\r
+'emacs_fcc_message \\r
+    "test encrypted message 001" \\r
+    "<#secure method=smime mode=signencrypt keyfile=\\\"test_suite.pem\\\" certfile=\\\"test_suite.pem\\\">\nThis is a test encrypted message.\n"'\r
+\r
+test_begin_subtest "Signature verification (openssl)"\r
+notmuch show --format=raw subject:"test signed message 001" |\\r
+    openssl smime -verify -CAfile ca.crt 2>OUTPUT\r
+cat <<EOF > EXPECTED\r
+Verification successful\r
+EOF\r
+test_expect_equal_file OUTPUT EXPECTED\r
+\r
+test_begin_subtest "Decryption and signature verification (openssl)"\r
+notmuch show --format=raw subject:"test encrypted message 001" |\\r
+    openssl smime -decrypt -recip test_suite.pem |\\r
+    openssl smime -verify -CAfile ca.crt 2>OUTPUT\r
+cat <<EOF > EXPECTED\r
+Verification successful\r
+EOF\r
+test_expect_equal_file OUTPUT EXPECTED\r
+\r
+test_done\r
diff --git a/test/smime/openssl-ca-req.conf b/test/smime/openssl-ca-req.conf\r
new file mode 100644\r
index 0000000..49572ee\r
--- /dev/null\r
+++ b/test/smime/openssl-ca-req.conf\r
@@ -0,0 +1,13 @@\r
+ [ req ]\r
+ distinguished_name     = req_distinguished_name\r
+ prompt                 = no\r
+\r
+\r
+ [ req_distinguished_name ]\r
+ C                      = OZ\r
+ ST                     = Munchkinlandia\r
+ L                      = Emerald City\r
+ O                      = Organization Name\r
+ OU                     = Dept. of Fake Certs\r
+ CN                     = Fast Eddies Certs and Chips\r
+ emailAddress           = fake-ca@example.com\r
diff --git a/test/smime/openssl-req.conf b/test/smime/openssl-req.conf\r
new file mode 100644\r
index 0000000..c6b9de7\r
--- /dev/null\r
+++ b/test/smime/openssl-req.conf\r
@@ -0,0 +1,13 @@\r
+ [ req ]\r
+ distinguished_name     = req_distinguished_name\r
+ prompt                 = no\r
+\r
+\r
+ [ req_distinguished_name ]\r
+ C                      = OZ\r
+ ST                     = Munchkinlandia\r
+ L                      = Emerald City\r
+ O                      = Not much organization\r
+ OU                     = Dept. of Testing\r
+ CN                     = Notmuch Test Suite\r
+ emailAddress           = test_suite@notmuchmail.org\r
diff --git a/test/test-lib.el b/test/test-lib.el\r
index 04c8d63..596a705 100644\r
--- a/test/test-lib.el\r
+++ b/test/test-lib.el\r
@@ -188,3 +188,13 @@ nothing."\r
 ;; environments\r
 \r
 (setq mm-text-html-renderer 'html2text)\r
+\r
+;; Set some variables for S/MIME tests.\r
+\r
+(setq smime-keys '(("" "test_suite.pem" nil)))\r
+\r
+(setq mml-smime-use 'openssl)\r
+\r
+;; all test keys are without passphrase\r
+(eval-after-load 'smime\r
+  '(defun smime-ask-passphrase (cache)  nil))\r
diff --git a/test/test-lib.sh b/test/test-lib.sh\r
index 126911f..2e9a499 100644\r
--- a/test/test-lib.sh\r
+++ b/test/test-lib.sh\r
@@ -1325,4 +1325,5 @@ test_declare_external_prereq emacs\r
 test_declare_external_prereq ${TEST_EMACSCLIENT}\r
 test_declare_external_prereq gdb\r
 test_declare_external_prereq gpg\r
+test_declare_external_prereq openssl\r
 test_declare_external_prereq ${NOTMUCH_PYTHON}\r
-- \r
2.6.2\r
\r