]> git.notmuchmail.org Git - notmuch/blobdiff - lib/index.cc
projects / notmuch / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
lib: index PKCS7 SignedData parts
[notmuch] / lib / index.cc
diff --git a/lib/index.cc b/lib/index.cc
index 158ba5cff96d1c98cbfcbe0ecd8903f018fbcda2..bbf13dc5e9127d3ae2fca1aae39b987523de4e68 100644 (file)
--- a/lib/index.cc
+++ b/lib/index.cc
@@ -372,6 +372,12 @@ _index_encrypted_mime_part (notmuch_message_t *message, notmuch_indexopts_t *ind
                            GMimeMultipartEncrypted *part,
                            _notmuch_message_crypto_t *msg_crypto);
 
+static void
+_index_pkcs7_part (notmuch_message_t *message,
+                  notmuch_indexopts_t *indexopts,
+                  GMimeObject *part,
+                  _notmuch_message_crypto_t *msg_crypto);
+
 /* Callback to generate terms for each mime part of a message. */
 static void
 _index_mime_part (notmuch_message_t *message,
@@ -466,6 +472,11 @@ _index_mime_part (notmuch_message_t *message,
        goto DONE;
     }
 
+    if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) {
+       _index_pkcs7_part (message, indexopts, part, msg_crypto);
+       goto DONE;
+    }
+
     if (! (GMIME_IS_PART (part))) {
        _notmuch_database_log (notmuch_message_get_database (message),
                               "Warning: Not indexing unknown mime part: %s.\n",
@@ -608,6 +619,52 @@ _index_encrypted_mime_part (notmuch_message_t *message,
 
 }
 
+static void
+_index_pkcs7_part (notmuch_message_t *message,
+                  notmuch_indexopts_t *indexopts,
+                  GMimeObject *part,
+                  _notmuch_message_crypto_t *msg_crypto)
+{
+    GMimeApplicationPkcs7Mime *pkcs7;
+    GMimeSecureMimeType p7type;
+    GMimeObject *mimeobj = NULL;
+    GMimeSignatureList *sigs = NULL;
+    GError *err = NULL;
+    notmuch_database_t *notmuch = NULL;
+
+    pkcs7 = GMIME_APPLICATION_PKCS7_MIME (part);
+    p7type = g_mime_application_pkcs7_mime_get_smime_type (pkcs7);
+    notmuch = notmuch_message_get_database (message);
+    _index_content_type (message, part);
+
+    if (p7type == GMIME_SECURE_MIME_TYPE_SIGNED_DATA) {
+       sigs = g_mime_application_pkcs7_mime_verify (pkcs7, GMIME_VERIFY_NONE, &mimeobj, &err);
+       if (sigs == NULL) {
+           _notmuch_database_log (notmuch, "Failed to verify PKCS#7 SignedData during indexing. (%d:%d) [%s]\n",
+                                  err->domain, err->code, err->message);
+           g_error_free (err);
+           goto DONE;
+       }
+       _notmuch_message_add_term (message, "tag", "signed");
+       GMimeObject *toindex = mimeobj;
+       if (_notmuch_message_crypto_potential_payload (msg_crypto, mimeobj, part, 0) &&
+           msg_crypto->decryption_status == NOTMUCH_MESSAGE_DECRYPTED_FULL) {
+           toindex = _notmuch_repair_crypto_payload_skip_legacy_display (mimeobj);
+           if (toindex != mimeobj)
+               notmuch_message_add_property (message, "index.repaired", "skip-protected-headers-legacy-display");
+       }
+       _index_mime_part (message, indexopts, toindex, msg_crypto);
+    } else {
+       _notmuch_database_log (notmuch, "Cannot currently handle PKCS#7 smime-type '%s'\n",
+                              g_mime_object_get_content_type_parameter (part, "smime-type"));
+    }
+ DONE:
+    if (mimeobj)
+       g_object_unref (mimeobj);
+    if (sigs)
+       g_object_unref (sigs);
+}
+
 static notmuch_status_t
 _notmuch_message_index_user_headers (notmuch_message_t *message, GMimeMessage *mime_message)
 {
Notmuch source code