1 Return-Path: <bremner@tesseract.cs.unb.ca>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 69537429E26
\r
6 for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 00:03:32 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
\r
12 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id ZIXYg8OaCpWg for <notmuch@notmuchmail.org>;
\r
16 Sun, 18 Jan 2015 00:03:29 -0800 (PST)
\r
17 Received: from yantan.tethera.net (yantan.tethera.net [199.188.72.155])
\r
18 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
\r
19 (No client certificate requested)
\r
20 by olra.theworths.org (Postfix) with ESMTPS id 09FF3429E27
\r
21 for <notmuch@notmuchmail.org>; Sun, 18 Jan 2015 00:03:22 -0800 (PST)
\r
22 Received: from remotemail by yantan.tethera.net with local (Exim 4.80)
\r
23 (envelope-from <bremner@tesseract.cs.unb.ca>)
\r
24 id 1YCkpN-0004r1-Io; Sun, 18 Jan 2015 04:03:21 -0400
\r
25 Received: (nullmailer pid 18921 invoked by uid 1000); Sun, 18 Jan 2015
\r
27 From: David Bremner <david@tethera.net>
\r
28 To: notmuch@notmuchmail.org
\r
29 Subject: [Patch v4 1/5] test: initial tests for S/MIME and notmuch-emacs
\r
30 Date: Sun, 18 Jan 2015 09:02:43 +0100
\r
31 Message-Id: <1421568167-18683-2-git-send-email-david@tethera.net>
\r
32 X-Mailer: git-send-email 2.1.4
\r
33 In-Reply-To: <1421568167-18683-1-git-send-email-david@tethera.net>
\r
34 References: <1421568167-18683-1-git-send-email-david@tethera.net>
\r
35 X-BeenThere: notmuch@notmuchmail.org
\r
36 X-Mailman-Version: 2.1.13
\r
38 List-Id: "Use and development of the notmuch mail system."
\r
39 <notmuch.notmuchmail.org>
\r
40 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
41 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
42 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
43 List-Post: <mailto:notmuch@notmuchmail.org>
\r
44 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
45 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
46 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
47 X-List-Received-Date: Sun, 18 Jan 2015 08:03:32 -0000
\r
49 Test the ability of notmuch-mua-mail to send S/MIME signed (and
\r
50 encrypted) messages; this really relies on existing functionality in
\r
53 The dependency on openssl to generate keys seems acceptable since
\r
54 that's the method I got to work for smime signing in emacs.
\r
56 The generated keys and messages will later be useful for testing the
\r
59 test/T355-smime.sh | 53 ++++++++++++++++++++++++++++++++++++++++++
\r
60 test/smime/openssl-ca-req.conf | 13 +++++++++++
\r
61 test/smime/openssl-req.conf | 13 +++++++++++
\r
62 test/test-lib.el | 10 ++++++++
\r
63 test/test-lib.sh | 1 +
\r
64 5 files changed, 90 insertions(+)
\r
65 create mode 100755 test/T355-smime.sh
\r
66 create mode 100644 test/smime/openssl-ca-req.conf
\r
67 create mode 100644 test/smime/openssl-req.conf
\r
69 diff --git a/test/T355-smime.sh b/test/T355-smime.sh
\r
70 new file mode 100755
\r
71 index 0000000..5f3ff12
\r
73 +++ b/test/T355-smime.sh
\r
75 +#!/usr/bin/env bash
\r
77 +test_description='S/MIME signature verification and decryption'
\r
80 +test_require_external_prereq openssl
\r
82 +test_begin_subtest "Generate CA Cert"
\r
83 +openssl genpkey -algorithm RSA -out ca.key -pass pass:test -des3 1024
\r
84 +openssl req -new -x509 -key ca.key -passin pass:test \
\r
85 + -config $TEST_DIRECTORY/smime/openssl-ca-req.conf -out ca.crt
\r
86 +test_expect_equal "$(openssl verify ca.crt | tail -1)" "OK"
\r
88 +test_begin_subtest "Generate User Cert"
\r
89 +openssl genpkey -algorithm RSA -out smime.key 1024
\r
90 +openssl req -config $TEST_DIRECTORY/smime/openssl-req.conf \
\r
91 + -new -key smime.key -passin pass:test -nodes \
\r
93 +openssl x509 -req -in smime.csr -passin pass:test -CA ca.crt -CAkey ca.key -set_serial 1 -out test_suite.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
\r
94 +# we need one file with the cert and private key
\r
95 +cat test_suite.crt smime.key > test_suite.pem
\r
96 +test_expect_equal "$(openssl verify -purpose smimesign -CAfile ca.crt test_suite.pem)" "test_suite.pem: OK"
\r
98 +test_expect_success 'emacs delivery of S/MIME signed message' \
\r
99 + 'emacs_fcc_message \
\r
100 + "test signed message 001" \
\r
101 + "This is a test signed message." \
\r
102 + "(mml-secure-message-sign \"smime\")"'
\r
104 +# Hard code the MML to avoid several interactive questions
\r
105 +test_expect_success 'emacs delivery of S/MIME encrypted + signed message' \
\r
106 +'emacs_fcc_message \
\r
107 + "test encrypted message 001" \
\r
108 + "<#secure method=smime mode=signencrypt keyfile=\\\"test_suite.pem\\\" certfile=\\\"test_suite.pem\\\">\nThis is a test encrypted message.\n"'
\r
110 +test_begin_subtest "Signature verification (openssl)"
\r
111 +notmuch show --format=raw subject:"test signed message 001" |\
\r
112 + openssl smime -verify -CAfile ca.crt 2>OUTPUT
\r
113 +cat <<EOF > EXPECTED
\r
114 +Verification successful
\r
116 +test_expect_equal_file OUTPUT EXPECTED
\r
118 +test_begin_subtest "Decryption and signature verification (openssl)"
\r
119 +notmuch show --format=raw subject:"test encrypted message 001" |\
\r
120 + openssl smime -decrypt -recip test_suite.pem |\
\r
121 + openssl smime -verify -CAfile ca.crt 2>OUTPUT
\r
122 +cat <<EOF > EXPECTED
\r
123 +Verification successful
\r
125 +test_expect_equal_file OUTPUT EXPECTED
\r
128 diff --git a/test/smime/openssl-ca-req.conf b/test/smime/openssl-ca-req.conf
\r
129 new file mode 100644
\r
130 index 0000000..49572ee
\r
132 +++ b/test/smime/openssl-ca-req.conf
\r
135 + distinguished_name = req_distinguished_name
\r
139 + [ req_distinguished_name ]
\r
141 + ST = Munchkinlandia
\r
143 + O = Organization Name
\r
144 + OU = Dept. of Fake Certs
\r
145 + CN = Fast Eddies Certs and Chips
\r
146 + emailAddress = fake-ca@example.com
\r
147 diff --git a/test/smime/openssl-req.conf b/test/smime/openssl-req.conf
\r
148 new file mode 100644
\r
149 index 0000000..c6b9de7
\r
151 +++ b/test/smime/openssl-req.conf
\r
154 + distinguished_name = req_distinguished_name
\r
158 + [ req_distinguished_name ]
\r
160 + ST = Munchkinlandia
\r
162 + O = Not much organization
\r
163 + OU = Dept. of Testing
\r
164 + CN = Notmuch Test Suite
\r
165 + emailAddress = test_suite@notmuchmail.org
\r
166 diff --git a/test/test-lib.el b/test/test-lib.el
\r
167 index 04c8d63..596a705 100644
\r
168 --- a/test/test-lib.el
\r
169 +++ b/test/test-lib.el
\r
170 @@ -188,3 +188,13 @@ nothing."
\r
173 (setq mm-text-html-renderer 'html2text)
\r
175 +;; Set some variables for S/MIME tests.
\r
177 +(setq smime-keys '(("" "test_suite.pem" nil)))
\r
179 +(setq mml-smime-use 'openssl)
\r
181 +;; all test keys are without passphrase
\r
182 +(eval-after-load 'smime
\r
183 + '(defun smime-ask-passphrase (cache) nil))
\r
184 diff --git a/test/test-lib.sh b/test/test-lib.sh
\r
185 index 6057238..00612d9 100644
\r
186 --- a/test/test-lib.sh
\r
187 +++ b/test/test-lib.sh
\r
188 @@ -1304,3 +1304,4 @@ test_declare_external_prereq gdb
\r
189 test_declare_external_prereq gpg
\r
190 test_declare_external_prereq python
\r
191 test_declare_external_prereq python2
\r
192 +test_declare_external_prereq openssl
\r