created?: unix_time,
expires?: unix_time,
userid?: string
+ email?: string
# if status is not "good":
keyid?: string
errors?: sig_errors
sp->map_key (sp, "userid");
sp->string (sp, uid);
}
+ const char *email = g_mime_certificate_get_valid_email (certificate);
+ if (email) {
+ sp->map_key (sp, "email");
+ sp->string (sp, email);
+ }
}
} else if (certificate) {
const char *key_id = g_mime_certificate_get_fpr16 (certificate);
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
- "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'"}]}},
+ "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, "email": "'"$SELF_EMAIL"'", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'"}]}},
"headers": {"Subject": "test signed message 001",
"From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
"To": "test_suite@notmuchmail.org",
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
"created": 946728000,
+ "email": "'"$SELF_EMAIL"'",
"userid": "'"$SELF_USERID"'"}],
"content-type": "multipart/signed",
"content": [{"id": 2,
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["encrypted","inbox"],
- "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'"}],
+ "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, "fingerprint": "'$FINGERPRINT'", "email": "'"$SELF_EMAIL"'", "userid": "'"$SELF_USERID"'"}],
"encrypted": true },
"decrypted": {"status": "full"}},
"headers": {"Subject": "test encrypted message 002",
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
"created": 946728000,
+ "email": "'"$SELF_EMAIL"'",
"userid": "'"$SELF_USERID"'"}],
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
- "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status": "good","userid": "CN=Notmuch Test Suite","expires": 424242424, "created": 946728000}]}},
+ "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status": "good","userid": "CN=Notmuch Test Suite", "email": "<test_suite@notmuchmail.org>", "expires": 424242424, "created": 946728000}]}},
"headers": {"Subject": "test signed message 001",
"From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
"To": "test_suite@notmuchmail.org",
"sigstatus": [{"fingerprint": "'$FINGERPRINT'",
"status": "good",
"userid": "CN=Notmuch Test Suite",
+ "email": "<test_suite@notmuchmail.org>",
"expires": 424242424,
"created": 946728000}],
"content-type": "multipart/signed",
test_begin_subtest "show cryptographic envelope on signed mail"
output=$(notmuch show --verify --format=json id:simple-signed-mail@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
- 'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525609971, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}]}}'
+ 'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525609971, "fingerprint": "'$FINGERPRINT'", "email": "'"$SELF_EMAIL"'", "userid": "'"$SELF_USERID"'", "status": "good"}]}}'
test_begin_subtest "verify signed protected header"
output=$(notmuch show --verify --format=json id:signed-protected-header@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
- 'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525350527, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}], "headers": ["Subject"]}}'
+ 'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525350527, "fingerprint": "'$FINGERPRINT'", "email": "'"$SELF_EMAIL"'", "userid": "'"$SELF_USERID"'", "status": "good"}], "headers": ["Subject"]}}'
test_begin_subtest "protected subject does not leak by default in replies"
output=$(notmuch reply --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
output=$(notmuch show --decrypt=true --format=json id:encrypted-signed@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={
- "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "created": 1525812676}],
+ "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "email": "'"$SELF_EMAIL"'", "userid": "'"$SELF_USERID"'", "created": 1525812676}],
"encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"'
output=$(notmuch show --decrypt=true --format=json id:encrypted-signed-not-masked@crypto.notmuchmail.org)
test_json_nodes <<<"$output" \
'crypto:[0][0][0]["crypto"]={
- "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "created": 1525812676}],
+ "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "email": "'"$SELF_EMAIL"'", "created": 1525812676}],
"encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full"}}' \
'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"'
# Change this if we ship a new test key
FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
SELF_USERID="Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"
+ SELF_EMAIL="test_suite@notmuchmail.org"
printf '%s:6:\n' "$FINGERPRINT" | gpg --quiet --batch --no-tty --import-ownertrust
}
return NULL;
}
+const char *
+g_mime_certificate_get_valid_email (GMimeCertificate *cert)
+{
+ /* output e-mail address only if validity is FULL or ULTIMATE. */
+ const char *email = g_mime_certificate_get_email(cert);
+
+ if (email == NULL)
+ return email;
+ GMimeValidity validity = g_mime_certificate_get_id_validity (cert);
+
+ if (validity == GMIME_VALIDITY_FULL || validity == GMIME_VALIDITY_ULTIMATE)
+ return email;
+ return NULL;
+}
+
const char *
g_mime_certificate_get_fpr16 (GMimeCertificate *cert)
{
* Return string for valid User ID (or NULL if no valid User ID exists)
*/
const char *g_mime_certificate_get_valid_userid (GMimeCertificate *cert);
+/**
+ * Return string for valid e-mail address (or NULL if no valid e-mail address exists)
+ */
+const char *g_mime_certificate_get_valid_email (GMimeCertificate *cert);
#ifdef __cplusplus
}