--- /dev/null
+Return-Path: <bremner@tesseract.cs.unb.ca>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 69537429E26\r
+ for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 00:03:32 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.438\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.438 tagged_above=-999 required=5\r
+ tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id ZIXYg8OaCpWg for <notmuch@notmuchmail.org>;\r
+ Sun, 18 Jan 2015 00:03:29 -0800 (PST)\r
+Received: from yantan.tethera.net (yantan.tethera.net [199.188.72.155])\r
+ (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))\r
+ (No client certificate requested)\r
+ by olra.theworths.org (Postfix) with ESMTPS id 09FF3429E27\r
+ for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 00:03:22 -0800 (PST)\r
+Received: from remotemail by yantan.tethera.net with local (Exim 4.80)\r
+ (envelope-from <bremner@tesseract.cs.unb.ca>)\r
+ id 1YCkpN-0004r1-Io; Sun, 18 Jan 2015 04:03:21 -0400\r
+Received: (nullmailer pid 18921 invoked by uid 1000); Sun, 18 Jan 2015\r
+ 08:02:54 -0000\r
+From: David Bremner <david@tethera.net>\r
+To: notmuch@notmuchmail.org\r
+Subject: [Patch v4 1/5] test: initial tests for S/MIME and notmuch-emacs\r
+Date: Sun, 18 Jan 2015 09:02:43 +0100\r
+Message-Id: <1421568167-18683-2-git-send-email-david@tethera.net>\r
+X-Mailer: git-send-email 2.1.4\r
+In-Reply-To: <1421568167-18683-1-git-send-email-david@tethera.net>\r
+References: <1421568167-18683-1-git-send-email-david@tethera.net>\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sun, 18 Jan 2015 08:03:32 -0000\r
+\r
+Test the ability of notmuch-mua-mail to send S/MIME signed (and\r
+encrypted) messages; this really relies on existing functionality in\r
+message-mode.\r
+\r
+The dependency on openssl to generate keys seems acceptable since\r
+that's the method I got to work for smime signing in emacs.\r
+\r
+The generated keys and messages will later be useful for testing the\r
+notmuch CLI.\r
+---\r
+ test/T355-smime.sh | 53 ++++++++++++++++++++++++++++++++++++++++++\r
+ test/smime/openssl-ca-req.conf | 13 +++++++++++\r
+ test/smime/openssl-req.conf | 13 +++++++++++\r
+ test/test-lib.el | 10 ++++++++\r
+ test/test-lib.sh | 1 +\r
+ 5 files changed, 90 insertions(+)\r
+ create mode 100755 test/T355-smime.sh\r
+ create mode 100644 test/smime/openssl-ca-req.conf\r
+ create mode 100644 test/smime/openssl-req.conf\r
+\r
+diff --git a/test/T355-smime.sh b/test/T355-smime.sh\r
+new file mode 100755\r
+index 0000000..5f3ff12\r
+--- /dev/null\r
++++ b/test/T355-smime.sh\r
+@@ -0,0 +1,53 @@\r
++#!/usr/bin/env bash\r
++\r
++test_description='S/MIME signature verification and decryption'\r
++. ./test-lib.sh\r
++\r
++test_require_external_prereq openssl\r
++\r
++test_begin_subtest "Generate CA Cert"\r
++openssl genpkey -algorithm RSA -out ca.key -pass pass:test -des3 1024\r
++openssl req -new -x509 -key ca.key -passin pass:test \\r
++ -config $TEST_DIRECTORY/smime/openssl-ca-req.conf -out ca.crt\r
++test_expect_equal "$(openssl verify ca.crt | tail -1)" "OK"\r
++\r
++test_begin_subtest "Generate User Cert"\r
++openssl genpkey -algorithm RSA -out smime.key 1024\r
++openssl req -config $TEST_DIRECTORY/smime/openssl-req.conf \\r
++ -new -key smime.key -passin pass:test -nodes \\r
++ -out smime.csr\r
++openssl x509 -req -in smime.csr -passin pass:test -CA ca.crt -CAkey ca.key -set_serial 1 -out test_suite.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout\r
++# we need one file with the cert and private key\r
++cat test_suite.crt smime.key > test_suite.pem\r
++test_expect_equal "$(openssl verify -purpose smimesign -CAfile ca.crt test_suite.pem)" "test_suite.pem: OK"\r
++\r
++test_expect_success 'emacs delivery of S/MIME signed message' \\r
++ 'emacs_fcc_message \\r
++ "test signed message 001" \\r
++ "This is a test signed message." \\r
++ "(mml-secure-message-sign \"smime\")"'\r
++\r
++# Hard code the MML to avoid several interactive questions\r
++test_expect_success 'emacs delivery of S/MIME encrypted + signed message' \\r
++'emacs_fcc_message \\r
++ "test encrypted message 001" \\r
++ "<#secure method=smime mode=signencrypt keyfile=\\\"test_suite.pem\\\" certfile=\\\"test_suite.pem\\\">\nThis is a test encrypted message.\n"'\r
++\r
++test_begin_subtest "Signature verification (openssl)"\r
++notmuch show --format=raw subject:"test signed message 001" |\\r
++ openssl smime -verify -CAfile ca.crt 2>OUTPUT\r
++cat <<EOF > EXPECTED\r
++Verification successful\r
++EOF\r
++test_expect_equal_file OUTPUT EXPECTED\r
++\r
++test_begin_subtest "Decryption and signature verification (openssl)"\r
++notmuch show --format=raw subject:"test encrypted message 001" |\\r
++ openssl smime -decrypt -recip test_suite.pem |\\r
++ openssl smime -verify -CAfile ca.crt 2>OUTPUT\r
++cat <<EOF > EXPECTED\r
++Verification successful\r
++EOF\r
++test_expect_equal_file OUTPUT EXPECTED\r
++\r
++test_done\r
+diff --git a/test/smime/openssl-ca-req.conf b/test/smime/openssl-ca-req.conf\r
+new file mode 100644\r
+index 0000000..49572ee\r
+--- /dev/null\r
++++ b/test/smime/openssl-ca-req.conf\r
+@@ -0,0 +1,13 @@\r
++ [ req ]\r
++ distinguished_name = req_distinguished_name\r
++ prompt = no\r
++\r
++\r
++ [ req_distinguished_name ]\r
++ C = OZ\r
++ ST = Munchkinlandia\r
++ L = Emerald City\r
++ O = Organization Name\r
++ OU = Dept. of Fake Certs\r
++ CN = Fast Eddies Certs and Chips\r
++ emailAddress = fake-ca@example.com\r
+diff --git a/test/smime/openssl-req.conf b/test/smime/openssl-req.conf\r
+new file mode 100644\r
+index 0000000..c6b9de7\r
+--- /dev/null\r
++++ b/test/smime/openssl-req.conf\r
+@@ -0,0 +1,13 @@\r
++ [ req ]\r
++ distinguished_name = req_distinguished_name\r
++ prompt = no\r
++\r
++\r
++ [ req_distinguished_name ]\r
++ C = OZ\r
++ ST = Munchkinlandia\r
++ L = Emerald City\r
++ O = Not much organization\r
++ OU = Dept. of Testing\r
++ CN = Notmuch Test Suite\r
++ emailAddress = test_suite@notmuchmail.org\r
+diff --git a/test/test-lib.el b/test/test-lib.el\r
+index 04c8d63..596a705 100644\r
+--- a/test/test-lib.el\r
++++ b/test/test-lib.el\r
+@@ -188,3 +188,13 @@ nothing."\r
+ ;; environments\r
+ \r
+ (setq mm-text-html-renderer 'html2text)\r
++\r
++;; Set some variables for S/MIME tests.\r
++\r
++(setq smime-keys '(("" "test_suite.pem" nil)))\r
++\r
++(setq mml-smime-use 'openssl)\r
++\r
++;; all test keys are without passphrase\r
++(eval-after-load 'smime\r
++ '(defun smime-ask-passphrase (cache) nil))\r
+diff --git a/test/test-lib.sh b/test/test-lib.sh\r
+index 6057238..00612d9 100644\r
+--- a/test/test-lib.sh\r
++++ b/test/test-lib.sh\r
+@@ -1304,3 +1304,4 @@ test_declare_external_prereq gdb\r
+ test_declare_external_prereq gpg\r
+ test_declare_external_prereq python\r
+ test_declare_external_prereq python2\r
++test_declare_external_prereq openssl\r
+-- \r
+2.1.4\r
+\r