tor-browser

smime.sh (35535B)

---

#! /bin/bash
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

########################################################################
#
# mozilla/security/nss/tests/smime/smime.sh
#
# Script to test NSS smime
#
# needs to work on all Unix and Windows platforms
#
# special strings
# ---------------
#   FIXME ... known problems, search for this string
#   NOTE .... unexpected behavior
#
########################################################################

EMAILDATE=`date --rfc-email --utc`

# parameter: MIME part boundary
make_multipart()
{
 mp_start="Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha-HASHHASH; boundary=\"$1\"

This is a cryptographically signed message in MIME format.

--$1"

 mp_middle="
--$1
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
Content-Description: S/MIME Cryptographic Signature
"

 mp_end="--$1--
"
}

############################## smime_init ##############################
# local shell function to initialize this script
########################################################################
smime_init()
{
 SCRIPTNAME=smime.sh      # sourced - $0 would point to all.sh

 if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
     CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
 fi

 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     cd ../common
     . ./init.sh
 fi
 if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
     cd ../cert
     . ./cert.sh
 fi
 SCRIPTNAME=smime.sh

 html_head "S/MIME Tests"

 grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
     Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
 }

 SMIMEDIR=${HOSTDIR}/smime
 R_SMIMEDIR=../smime
 mkdir -p ${SMIMEDIR}
 cd ${SMIMEDIR}
 cp ${QADIR}/smime/alice.txt ${SMIMEDIR}
 SMIMEPOLICY=${QADIR}/smime/smimepolicy.txt

 mkdir tb
 cp ${QADIR}/smime/interop-openssl/*.p12 ${SMIMEDIR}/tb
 cp ${QADIR}/smime/interop-openssl/*.env ${SMIMEDIR}

 make_multipart "------------ms030903020902020502030404"
 multipart_start="$mp_start"
 multipart_middle="$mp_middle"
 multipart_end="$mp_end"

 make_multipart "------------ms010205070902020502030809"
 multipart_start_b2="$mp_start"
 multipart_middle_b2="$mp_middle"
 multipart_end_b2="$mp_end"
}

cms_sign()
{
 HASH_CMD="-H SHA${HASH}"
 SIG=sig.SHA${HASH}

 echo "$SCRIPTNAME: Signing Detached Message {$HASH} ------------------"
 echo "cmsutil -S -G -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}
 html_msg $? 0 "Create Detached Signature Alice (${HASH})" "."

 echo "cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR}
 html_msg $? 0 "Verifying Alice's Detached Signature (${HASH})" "."

 echo "$SCRIPTNAME: Signing Attached Message (${HASH}) ------------------"
 echo "cmsutil -S -G -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}
 html_msg $? 0 "Create Attached Signature Alice (${HASH})" "."

 echo "cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}
 html_msg $? 0 "Decode Alice's Attached Signature (${HASH})" "."

 echo "diff alice.txt alice.data.${HASH}"
 diff alice.txt alice.data.${HASH}
 html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."

# Test ECDSA signing for all hash algorithms.
 echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
 echo "cmsutil -S -G -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
 html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."

 echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR}
 html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."

 echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
 echo "cmsutil -S -G -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
 html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."

 echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
 html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."

 echo "diff alice.txt alice-ec.data.${HASH}"
 diff alice.txt alice-ec.data.${HASH}
 html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
}

header_mime_from_to_subject="MIME-Version: 1.0
Date: ${EMAILDATE}
From: Alice@example.com
To: Bob@example.com
Subject: "

header_dave_mime_from_to_subject="MIME-Version: 1.0
Date: ${EMAILDATE}
From: Dave@example.com
To: Bob@example.com
Subject: "

header_opaque_signed="Content-Type: application/pkcs7-mime; name=smime.p7m;
   smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
Content-Description: S/MIME Cryptographic Signature
"

header_enveloped="Content-Type: application/pkcs7-mime; name=smime.p7m;
   smime-type=enveloped-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
Content-Description: S/MIME Encrypted Message
"

header_clearsigned="Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
"

header_plaintext="Content-Type: text/plain
"

CR=$(printf '\r')

mime_init()
{
 OUT="tb/alice.mime"
 echo "${header_clearsigned}" >>${OUT}
 cat alice.txt >>${OUT}
 sed -i"" "s/\$/${CR}/" ${OUT}

 OUT="tb/alice.textplain"
 echo "${header_plaintext}" >>${OUT}
 cat alice.txt >>${OUT}
 sed -i"" "s/\$/${CR}/" ${OUT}
}

smime_enveloped()
{
 ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i tb/alice.mime -d ${P_R_ALICEDIR} -p nss -o tb/alice.mime.env

 OUT="tb/alice.env"
 echo "${header_enveloped}" >>${OUT}
 cat "tb/alice.mime.env" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}
 echo >>${OUT}

 OUT="tb/alice.env.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "enveloped ${SIG}" >>${OUT}
 cat "tb/alice.env" >>${OUT}
 sed -i"" "s/\$/${CR}/" ${OUT}
}

smime_signed_enveloped()
{
 SIG=sig.SHA${HASH}

 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -T -N Alice ${HASH_CMD} -i tb/alice.mime -d ${P_R_ALICEDIR} -p nss -o tb/alice.mime.d${SIG}

 OUT="tb/alice.d${SIG}.multipart"
 echo "${multipart_start}" | sed "s/HASHHASH/${HASH}/" >>${OUT}
 cat tb/alice.mime | sed 's/\r$//' >>${OUT}
 echo "${multipart_middle}" >>${OUT}
 cat tb/alice.mime.d${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}
 echo "${multipart_end}" >>${OUT}

 ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i ${OUT} -d ${P_R_ALICEDIR} -p nss -o ${OUT}.env

 OUT="tb/alice.d${SIG}.multipart.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "clear-signed ${SIG}" >>${OUT}
 cat "tb/alice.d${SIG}.multipart" >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}

 OUT="tb/alice.d${SIG}.multipart.env.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "clear-signed then enveloped $SIG" >>${OUT}
 echo "$header_enveloped" >>${OUT}
 cat "tb/alice.d${SIG}.multipart.env" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}
 echo >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}

 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Alice ${HASH_CMD} -i tb/alice.textplain -d ${P_R_ALICEDIR} -p nss -o tb/alice.textplain.${SIG}

 OUT="tb/alice.${SIG}.opaque"
 echo "$header_opaque_signed" >>${OUT}
 cat tb/alice.textplain.${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}

 ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i ${OUT} -d ${P_R_ALICEDIR} -p nss -o ${OUT}.env

 OUT="tb/alice.${SIG}.opaque.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "opaque-signed $SIG" >>${OUT}
 cat "tb/alice.${SIG}.opaque" >>${OUT}
 echo >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}

 OUT="tb/alice.${SIG}.opaque.env.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "opaque-signed then enveloped $SIG" >>${OUT}
 echo "$header_enveloped" >>$OUT
 cat "tb/alice.${SIG}.opaque.env" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}
 echo >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}

 # bad messages below

 OUT="tb/alice.d${SIG}.multipart.bad.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "BAD clear-signed $SIG" >>${OUT}
 cat "tb/alice.d${SIG}.multipart" | sed 's/test message from Alice/FAKE message NOT from Alice/' >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}

 OUT="tb/alice.d${SIG}.multipart.mismatch-econtent"
 echo "${multipart_start}" | sed "s/HASHHASH/$HASH/" >>${OUT}
 cat tb/alice.mime | sed 's/test message from Alice/FAKE message NOT from Alice/' | sed 's/\r$//' >>${OUT}
 echo "${multipart_middle}" >>${OUT}
 cat tb/alice.textplain.${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}
 echo "${multipart_end}" >>${OUT}

 OUT="tb/alice.d${SIG}.multipart.mismatch-econtent.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "BAD mismatch-econtent $SIG" >>${OUT}
 cat "tb/alice.d${SIG}.multipart.mismatch-econtent" >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}
}

smime_plain_signed()
{
 SIG=sig.SHA${HASH}

 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -T -N Alice ${HASH_CMD} -i tb/alice.textplain -d ${P_R_ALICEDIR} -p nss -o tb/alice.plain.d${SIG}

 OUT="tb/alice.plain.d${SIG}.multipart"
 echo "${multipart_start}" | sed "s/HASHHASH/${HASH}/" >>${OUT}
 cat tb/alice.textplain | sed 's/\r$//' >>${OUT}
 echo "${multipart_middle}" >>${OUT}
 cat tb/alice.plain.d${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}
 echo "${multipart_end}" >>${OUT}

 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Alice ${HASH_CMD} -i tb/alice.textplain -d ${P_R_ALICEDIR} -p nss -o tb/alice.plain.${SIG}

 OUT="tb/alice.plain.${SIG}.opaque"
 echo "$header_opaque_signed" >>${OUT}
 cat tb/alice.plain.${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}

 # Second outer, opaque signature layer.

 INPUT="tb/alice.plain.d${SIG}.multipart"
 OUT_SIG="${INPUT}.dave.${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Dave ${HASH_CMD} -i "$INPUT" -d ${P_R_DAVEDIR} -p nss -o "$OUT_SIG"

 OUT_MIME="${OUT_SIG}.opaque"
 echo "$header_opaque_signed" >>${OUT_MIME}
 cat "$OUT_SIG" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT_MIME}

 OUT_EML="${OUT_MIME}.eml"
 echo -n "${header_dave_mime_from_to_subject}" >>${OUT_EML}
 echo "clear-signed $SIG then opaque signed by dave" >>${OUT_EML}
 cat "${OUT_MIME}" >>${OUT_EML}
 echo >>${OUT_EML}
 sed -i"" "s/\$/$CR/" ${OUT_EML}

 INPUT="tb/alice.plain.${SIG}.opaque"
 OUT_SIG="${INPUT}.dave.${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Dave ${HASH_CMD} -i "$INPUT" -d ${P_R_DAVEDIR} -p nss -o "$OUT_SIG"

 OUT_MIME="${OUT_SIG}.opaque"
 echo "$header_opaque_signed" >>${OUT_MIME}
 cat "$OUT_SIG" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT_MIME}

 OUT_EML="${OUT_MIME}.eml"
 echo -n "${header_dave_mime_from_to_subject}" >>${OUT_EML}
 echo "opaque-signed $SIG then opaque signed by dave" >>${OUT_EML}
 cat "${OUT_MIME}" >>${OUT_EML}
 echo >>${OUT_EML}
 sed -i"" "s/\$/$CR/" ${OUT_EML}

 # Alternatively, second outer, multipart signature layer.

 INPUT="tb/alice.plain.d${SIG}.multipart"
 OUT_SIG="${INPUT}.dave.d${SIG}"
 cat "$INPUT" | sed "s/\$/$CR/" > "${INPUT}.cr"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -T -N Dave ${HASH_CMD} -i "${INPUT}.cr" -d ${P_R_DAVEDIR} -p nss -o "$OUT_SIG"

 OUT_MIME="${OUT_SIG}.multipart"
 echo "${multipart_start_b2}" | sed "s/HASHHASH/${HASH}/" >>${OUT_MIME}
 cat "${INPUT}.cr" | sed 's/\r$//' >>${OUT_MIME}
 rm "${INPUT}.cr"
 echo "${multipart_middle_b2}" >>${OUT_MIME}
 echo >>${OUT_MIME}
 cat "$OUT_SIG" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT_MIME}
 echo "${multipart_end_b2}" >>${OUT_MIME}

 OUT_EML="${OUT_MIME}.eml"
 echo -n "${header_dave_mime_from_to_subject}" >>${OUT_EML}
 echo "clear-signed $SIG then clear-signed signed by dave" >>${OUT_EML}
 cat "${OUT_MIME}" >>${OUT_EML}
 echo >>${OUT_EML}
 sed -i"" "s/\$/$CR/" ${OUT_EML}

 INPUT="tb/alice.plain.${SIG}.opaque"
 OUT_SIG="${INPUT}.dave.d${SIG}"
 cat "$INPUT" | sed "s/\$/$CR/" > "${INPUT}.cr"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -T -N Dave ${HASH_CMD} -i "${INPUT}.cr" -d ${P_R_DAVEDIR} -p nss -o "$OUT_SIG"

 OUT_MIME="${OUT_SIG}.multipart"
 echo "${multipart_start_b2}" | sed "s/HASHHASH/${HASH}/" >>${OUT_MIME}
 cat "${INPUT}.cr" | sed 's/\r$//' >>${OUT_MIME}
 rm "${INPUT}.cr"
 echo "${multipart_middle_b2}" >>${OUT_MIME}
 echo >>${OUT_MIME}
 cat "$OUT_SIG" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT_MIME}
 echo "${multipart_end_b2}" >>${OUT_MIME}

 OUT_EML="${OUT_MIME}.eml"
 echo -n "${header_dave_mime_from_to_subject}" >>${OUT_EML}
 echo "opaque-signed $SIG then clear-signed signed by dave" >>${OUT_EML}
 cat "${OUT_MIME}" >>${OUT_EML}
 echo >>${OUT_EML}
 sed -i"" "s/\$/$CR/" ${OUT_EML}
}

smime_enveloped_signed()
{
 SIG=sig.SHA${HASH}

 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -T -N Alice ${HASH_CMD} -i tb/alice.env -d ${P_R_ALICEDIR} -p nss -o tb/alice.env.d${SIG}

 OUT="tb/alice.env.d${SIG}.multipart"
 echo "${multipart_start}" | sed "s/HASHHASH/${HASH}/" >>${OUT}
 cat tb/alice.env | sed 's/\r$//' >>${OUT}
 echo "${multipart_middle}" >>${OUT}
 cat tb/alice.env.d${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}
 echo "${multipart_end}" >>${OUT}

 OUT="tb/alice.env.d${SIG}.multipart.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "enveloped then clear-signed ${SIG}" >>${OUT}
 cat "tb/alice.env.d${SIG}.multipart" >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}

 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Alice ${HASH_CMD} -i tb/alice.env -d ${P_R_ALICEDIR} -p nss -o tb/alice.env.${SIG}

 OUT="tb/alice.env.${SIG}.opaque"
 echo "$header_opaque_signed" >>${OUT}
 cat tb/alice.env.${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT}

 OUT="tb/alice.env.${SIG}.opaque.eml"
 echo -n "${header_mime_from_to_subject}" >>${OUT}
 echo "enveloped then opaque-signed $SIG" >>${OUT}
 cat "tb/alice.env.${SIG}.opaque" >>${OUT}
 echo >>${OUT}
 sed -i"" "s/\$/$CR/" ${OUT}

 # Second outer, opaque signature layer.

 INPUT="tb/alice.env.d${SIG}.multipart"
 OUT_SIG="${INPUT}.dave.${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Dave ${HASH_CMD} -i "$INPUT" -d ${P_R_DAVEDIR} -p nss -o "$OUT_SIG"

 OUT_MIME="${OUT_SIG}.opaque"
 echo "$header_opaque_signed" >>${OUT_MIME}
 cat "$OUT_SIG" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT_MIME}

 OUT_EML="${OUT_MIME}.eml"
 echo -n "${header_dave_mime_from_to_subject}" >>${OUT_EML}
 echo "enveloped then clear-signed $SIG then opaque signed by dave" >>${OUT_EML}
 cat "${OUT_MIME}" >>${OUT_EML}
 echo >>${OUT_EML}
 sed -i"" "s/\$/$CR/" ${OUT_EML}

 INPUT="tb/alice.env.${SIG}.opaque"
 OUT_SIG="${INPUT}.dave.${SIG}"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -G -N Dave ${HASH_CMD} -i "$INPUT" -d ${P_R_DAVEDIR} -p nss -o "$OUT_SIG"

 OUT_MIME="${OUT_SIG}.opaque"
 echo "$header_opaque_signed" >>${OUT_MIME}
 cat "$OUT_SIG" | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT_MIME}

 OUT_EML="${OUT_MIME}.eml"
 echo -n "${header_dave_mime_from_to_subject}" >>${OUT_EML}
 echo "enveloped then opaque-signed $SIG then opaque signed by dave" >>${OUT_EML}
 cat "${OUT_MIME}" >>${OUT_EML}
 echo >>${OUT_EML}
 sed -i"" "s/\$/$CR/" ${OUT_EML}
}

smime_p7()
{
 echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
 echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
 ${PROFTOOL} ${BINDIR}/p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env
 html_msg $? 0 "Creating envelope for user Alice" "."

 echo "p7content -d ${P_R_ALICEDIR} -i alice_p7.env -o alice_p7.data"
 ${PROFTOOL} ${BINDIR}/p7content -d ${P_R_ALICEDIR} -i alice_p7.env -o alice_p7.data -p nss
 html_msg $? 0 "Verifying file delivered to user Alice" "."

 sed -e '3,3p' -n alice_p7.data > alice_p7.data.sed

 echo "diff alice.txt alice_p7.data.sed"
 diff alice.txt alice_p7.data.sed
 html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."

 p7sig() {
   echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e $alg $usage"
   ${PROFTOOL} ${BINDIR}/p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e $alg $usage
   html_msg $? $1 "Signing file for user Alice $alg $usage$2" "."
 }
 p7sigver() {
   p7sig 0 ''

   echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig $usage"
   ${PROFTOOL} ${BINDIR}/p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig $usage
   html_msg $? 0 "Verifying file delivered to user Alice $alg $usage" "."
 }
 # no md2 or md5 (SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED)
 for alg in "" "-a sha-1" "-a sha-256" "-a sha-384" "-a SHA-512" "-a SHA-224"; do
   usage=; p7sigver
   for usage in $(seq 0 12); do
     case $usage in
       2|3|6|10) usage="-u $usage"; p7sig 1 ' (inadequate)' ;; # SEC_ERROR_INADEQUATE_CERT_TYPE/SEC_ERROR_INADEQUATE_KEY_USAGE
       7|9)                                                 ;; # not well-liked by cert_VerifyCertWithFlags() on debug builds
       *)        usage="-u $usage"; p7sigver                ;;
     esac
   done
 done
}

smime_enveloped_openssl_interop() {
   echo "$SCRIPTNAME: OpenSSL interoperability --------------------------------"

   ${BINDIR}/pk12util -d ${P_R_ALICEDIR} -i tb/Fran.p12 -W nss -K nss
   ${BINDIR}/pk12util -d ${P_R_ALICEDIR} -i tb/Fran-ec.p12 -W nss -K nss
   
   echo "This is a test message to Fran." > fran.txt

   echo "cmsutil -D -i fran-oaep_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data1"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data1
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data1
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha256hash_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data2"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha256hash_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data2
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data2
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha384hash_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data3"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha384hash_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data3
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data3
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha512hash_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data4"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha512hash_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data4
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data4
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha256mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data5"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha256mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data5
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data5
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha384mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data6"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha384mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data6
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data6
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha512mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data7"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha512mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data7
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data7
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-label_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data8"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-label_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data8
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data8
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha256hash-sha256mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data9"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha256hash-sha256mgf_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data9
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data9
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha256hash-label_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data10"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha256hash-label_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data10
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data10
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep-sha256mgf-label_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data11"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep-sha256mgf-label_ossl.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data11
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data11
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-oaep_ossl-sha256hash-sha256mgf-label.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data12"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-oaep_ossl-sha256hash-sha256mgf-label.env -d ${P_R_ALICEDIR} -p nss -o fran-oaep.data12
   html_msg $? 0 "Decode OpenSSL OAEP Enveloped Data Fran" "."

   diff fran.txt fran-oaep.data12
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."

   echo "cmsutil -D -i fran-ec_ossl-aes128-sha1.env -d ${P_R_ALICEDIR} -p nss -o fran.data1"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-ec_ossl-aes128-sha1.env -d ${P_R_ALICEDIR} -p nss -o fran.data1
   html_msg $? 0 "Decode OpenSSL Enveloped Data Fran (ECDH, AES128 key wrap, SHA-1 KDF)" "."
   
   diff fran.txt fran.data1
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."
   
   echo "cmsutil -D -i fran-ec_ossl-aes128-sha224.env -d ${P_R_ALICEDIR} -p nss -o fran.data2"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-ec_ossl-aes128-sha224.env -d ${P_R_ALICEDIR} -p nss -o fran.data2
   html_msg $? 0 "Decode OpenSSL Enveloped Data Fran (ECDH, AES128 key wrap, SHA-224 KDF)" "."
   
   diff fran.txt fran.data2
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."
   
   echo "cmsutil -D -i fran-ec_ossl-aes128-sha256.env -d ${P_R_ALICEDIR} -p nss -o fran.data3"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-ec_ossl-aes128-sha256.env -d ${P_R_ALICEDIR} -p nss -o fran.data3
   html_msg $? 0 "Decode OpenSSL Enveloped Data Fran (ECDH, AES128 key wrap, SHA-256 KDF)" "."
   
   diff fran.txt fran.data3
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."
   
   echo "cmsutil -D -i fran-ec_ossl-aes192-sha384.env -d ${P_R_ALICEDIR} -p nss -o fran.data4"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-ec_ossl-aes192-sha384.env -d ${P_R_ALICEDIR} -p nss -o fran.data4
   html_msg $? 0 "Decode OpenSSL Enveloped Data Fran (ECDH, AES192 key wrap, SHA-384 KDF)" "."
   
   diff fran.txt fran.data4
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."
   
   echo "cmsutil -D -i fran-ec_ossl-aes256-sha512.env -d ${P_R_ALICEDIR} -p nss -o fran.data5"
   ${PROFTOOL} ${BINDIR}/cmsutil -D -i fran-ec_ossl-aes256-sha512.env -d ${P_R_ALICEDIR} -p nss -o fran.data5
   html_msg $? 0 "Decode OpenSSL Enveloped Data Fran (ECDH, AES256 key wrap, SHA-512 KDF)" "."
   
   diff fran.txt fran.data5
   html_msg $? 0 "Compare Decoded with OpenSSL enveloped" "."
}

############################## smime_main ##############################
# local shell function to test basic signed and enveloped messages
# from 1 --> 2"
########################################################################
smime_main()
{
 mime_init
 smime_enveloped

 HASH="1"
 cms_sign
 smime_signed_enveloped
 smime_plain_signed
 smime_enveloped_signed
 HASH="256"
 cms_sign
 smime_signed_enveloped
 smime_plain_signed
 smime_enveloped_signed
 HASH="384"
 cms_sign
 smime_signed_enveloped
 smime_plain_signed
 smime_enveloped_signed
 HASH="512"
 cms_sign
 smime_signed_enveloped
 smime_plain_signed
 smime_enveloped_signed

 echo "$SCRIPTNAME: Enveloped Data Tests ------------------------------"
 echo "cmsutil -E -r bob@example.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\"
 echo "        -o alice.env"
 ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
 html_msg $? 0 "Create Enveloped Data Alice" "."

 echo "cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
 html_msg $? 0 "Decode Enveloped Data Alice" "."

 echo "diff alice.txt alice.data1"
 diff alice.txt alice.data1
 html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."

 echo "$SCRIPTNAME: Enveloped Data Tests (ECDH) ------------------------------"
 echo "cmsutil -E -r bob-ec@example.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\"
 echo "        -o alice-ec.env"
 ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob-ec@example.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.env
 html_msg $? 0 "Create Enveloped Data with Alice (ECDH)" "."

 echo "cmsutil -D -i alice-ec.env -d ${P_R_BOBDIR} -p nss -o alice.data1"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.env -d ${P_R_BOBDIR} -p nss -o alice-ec.data1
 html_msg $? 0 "Decode Enveloped Data Alice (ECDH)" "."

 echo "diff alice.txt alice-ec.data1"
 diff alice.txt alice-ec.data1
 html_msg $? 0 "Compare Decoded Enveloped Data and Original (ECDH)" "."

 # multiple recip
 echo "$SCRIPTNAME: Testing multiple recipients ------------------------------"
 echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
 echo "        -r bob@example.com,dave@example.com"
 ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
         -r bob@example.com,dave-ec@example.com
 ret=$?
 html_msg $ret 0 "Create Multiple Recipients Enveloped Data Alice" "."
 if [ $ret != 0 ] ; then
echo "certutil -L -d ${P_R_ALICEDIR}"
${BINDIR}/certutil -L -d ${P_R_ALICEDIR}
echo "certutil -L -d ${P_R_ALICEDIR} -n dave@example.com"
${BINDIR}/certutil -L -d ${P_R_ALICEDIR} -n dave@example.com
 fi

 echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------"
 echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
 echo "        -r eve@example.net"
 ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
         -r eve@example.net
 ret=$?
 html_msg $ret 0 "Encrypt to a Multiple Email cert" "."

 echo "cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
 html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Bob" "."

 echo "cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
 html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Dave (ECDH)" "."

 echo "cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
 html_msg $? 0 "Decrypt with a Multiple Email cert" "."

 diff alice.txt alice.data2
 html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Bob" "."

 diff alice.txt alice.data3
 html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Dave" "."

 diff alice.txt alice.data4
 html_msg $? 0 "Compare Decoded with Multiple Email cert" "."

 smime_enveloped_openssl_interop

 echo "$SCRIPTNAME: Sending CERTS-ONLY Message ------------------------------"
 echo "cmsutil -O -r \"Alice,bob@example.com,dave@example.com\" \\"
 echo "        -d ${P_R_ALICEDIR} > co.der"
 ${PROFTOOL} ${BINDIR}/cmsutil -O -r "Alice,bob@example.com,dave@example.com" -d ${P_R_ALICEDIR} > co.der
 html_msg $? 0 "Create Certs-Only Alice" "."

 echo "cmsutil -D -i co.der -d ${P_R_BOBDIR}"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i co.der -d ${P_R_BOBDIR}
 html_msg $? 0 "Verify Certs-Only by CA" "."

 echo "$SCRIPTNAME: Encrypted-Data Message ---------------------------------"
 echo "cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \\"
 echo "        -r \"bob@example.com\" > alice.enc"
 ${PROFTOOL} ${BINDIR}/cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
         -r "bob@example.com" > alice.enc
 html_msg $? 0 "Create Encrypted-Data" "."

 echo "cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss \\"
 echo "        -o alice.data2"
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
 html_msg $? 0 "Decode Encrypted-Data" "."

 diff alice.txt alice.data2
 html_msg $? 0 "Compare Decoded and Original Data" "."
}

smime_data_tb()
{
 ${BINDIR}/pk12util -d ${P_R_ALICEDIR} -o tb/Alice.p12 -n Alice -K nss -W nss
 ${BINDIR}/pk12util -d ${P_R_ALICEDIR} -o tb/Alice-ec.p12 -n Alice-ec -K nss -W nss
 ${BINDIR}/pk12util -d ${P_R_BOBDIR} -o tb/Bob.p12 -n Bob -K nss -W nss
 ${BINDIR}/pk12util -d ${P_R_DAVEDIR} -o tb/Dave.p12 -n Dave -K nss -W nss
 ${BINDIR}/pk12util -d ${P_R_EVEDIR} -o tb/Eve.p12 -n Eve -K nss -W nss
 CAOUT=tb/TestCA.pem
 cat ${P_R_CADIR}/TestCA.ca.cert | sed 's/\r$//' | ${BINDIR}/btoa -w c >> ${CAOUT}
}

################## smime_setup_policy_directory ########################
# set up a clean directory for the policy test
########################################################################
smime_setup_policy_directory()
{
     dir=$1
     name=$2
     policy=$3
     policy=`echo ${policy} | sed -e 's;_; ;g'`

     rm -rf ${dir} ; mkdir ${dir}
     ${BINDIR}/certutil -N -d ${dir} -f ${R_PWFILE}
     ${BINDIR}/certutil -A -n "TestCA" -t "TC,TC,TC" -f ${R_PWFILE} -d ${dir} -i ${P_R_CADIR}/TestCA.ca.cert
     ${BINDIR}/pk12util -d ${dir} -i tb/${name}.p12 -K nss -W nss > /dev/null
     setup_policy "$policy" ${dir}
}

############################## smime_policy ##############################
# local shell function to perform SMIME Policy tests
########################################################################
smime_policy()
{
 testname=""
 recipient_dir=tb/recipient
 sender_dir=tb/sender
 source=alice.txt
 sign=${recipient_dir}/message.sig
 verify=${sender_dir}/message.vfy
 encrypt=${sender_dir}/message.enc
 envelope=${sender_dir}/message.env
 decrypt=${recipient_dir}/message.dec

 ignore_blank_lines ${SMIMEPOLICY} | \
 while read sign_ret verify_ret encrypt_ret decrypt_ret hash recipient_email recipient_name recipient_policy sender_name sender_policy algorithm testname
 do
     echo "$SCRIPTNAME: S/MIME Policy Test {${testname}} ---------------"
     smime_setup_policy_directory ${recipient_dir} ${recipient_name} ${recipient_policy}
     smime_setup_policy_directory ${sender_dir} ${sender_name} ${sender_policy}

     # first the recipient signs a message
     echo "$SCRIPTNAME: Signing policy message {${testname}} ---------------"
     echo "cmsutil -S -G -P -N ${recipient_name} -H ${hash} -i ${source} -d ${recipient_dir} -p nss -o ${sign}"
     ${PROFTOOL} ${BINDIR}/cmsutil -S -G -P -N ${recipient_name} -H ${hash} -i ${source} -d ${recipient_dir} -p nss -o ${sign}
     ret=$?
     html_msg $ret ${sign_ret} "Signing policy message (${testname})" "."

     if [ ${sign_ret} -ne 0 ]; then
         continue;
     fi

     # next the sender imports the certs in the signed message
     echo "$SCRIPTNAME: Verify policy message {${testname}} ---------------"
     echo "cmsutil -D -k -i ${sign} -d ${sender_dir} -o ${verify}"
     ${PROFTOOL} ${BINDIR}/cmsutil -D -k -i ${sign} -d ${sender_dir} -o ${verify}
     ret=$?
     html_msg $ret ${verify_ret} "Verify policy message (${testname})" "."

     if [ ${verify_ret} -ne 0 ]; then
         continue;
     fi

     echo "diff ${source} ${verify}"
     diff ${source} ${verify}
     html_msg $? 0 "Compare policy signed data (${testname})" "."

     # the sender encrypts a message
     echo "$SCRIPTNAME: Encrypt policy message (${testname}) --------"
     echo "cmsutil -C -i ${source} -d ${sender_dir} -e ${envelope} \\"
     echo "        -r \"${recipient_email}\" -o ${encrypt}"
     ${PROFTOOL} ${BINDIR}/cmsutil -C -i ${source} -d ${sender_dir} \
         -e ${envelope} -r "${recipient_email}" -o ${encrypt}
     ret=$?
     html_msg $ret ${encrypt_ret} "Encrypted policy message (${testname})" "."

     if [ ${encrypt_ret} -ne 0 ]; then
         continue;
     fi

     # verify the message was encrypted with the algorithm
     encryption=$(${BINDIR}/pp -t pkcs7 -i ${encrypt} | grep "Content Encryption Algorithm" | sed -e 's;^.*Content Encryption Algorithm: ;;')
     if [ "${encryption}" != "${algorithm}" ]; then
         html_failed "Encryption algorithm (${encryption}) doe not match expected algorithm (${algorithm}) in policy test ({$testname})"
     fi

     # the recipient decrypts the message
     echo "$SCRIPTNAME: Decrypt policy message (${testname}) --------"
     echo "cmsutil -D -i ${encrypt} -d ${recipient_dir} -e ${envelope} -p nss \\"
     echo "        -o ${decrypt}"
     ${PROFTOOL} ${BINDIR}/cmsutil -D -i ${encrypt} -d ${recipient_dir} -e ${envelope} -p nss -o ${decrypt}

     ret=$?
     html_msg $ret ${decrypt_ret} "Decrypted policy message (${testname})" "."

     if [ ${decrypt_ret} -eq 0 ]; then
         echo "diff ${source} ${decrypt}"
         diff ${source} ${decrypt}
         html_msg $? 0 "Compare policy encrypted data (${testname})" "."
     fi

 done
}

############################## smime_cleanup ###########################
# local shell function to finish this script (no exit since it might be
# sourced)
########################################################################
smime_cleanup()
{
 html "</TABLE><BR>"
 cd ${QADIR}
 . common/cleanup.sh
}

################## main #################################################

smime_init
smime_main
smime_data_tb
smime_p7
if using_sql ; then
 smime_policy
fi
smime_cleanup