From: Jani Nikula Date: Sun, 16 Aug 2015 17:41:14 +0000 (+0200) Subject: cli: crypto: S/MIME verification support X-Git-Tag: 0.22_rc0~66 X-Git-Url: https://git.notmuchmail.org/git?p=notmuch;a=commitdiff_plain;h=2355f1522ae77a1012ca3ef08d97098a5951d142 cli: crypto: S/MIME verification support notmuch-show --verify will now also process S/MIME multiparts if encountered. Requires gmime-2.6 and gpgsm. Based on work by Jameson Graef Rollins . --- diff --git a/crypto.c b/crypto.c index feae9494..3dabc97b 100644 --- a/crypto.c +++ b/crypto.c @@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto) return gpgctx; } +/* Create a PKCS7 context (GMime 2.6) */ +static notmuch_crypto_context_t * +create_pkcs7_context (notmuch_crypto_t *crypto) +{ + notmuch_crypto_context_t *pkcs7ctx; + + if (crypto->pkcs7ctx) + return crypto->pkcs7ctx; + + /* TODO: GMimePasswordRequestFunc */ + pkcs7ctx = g_mime_pkcs7_context_new (NULL); + if (! pkcs7ctx) { + fprintf (stderr, "Failed to construct pkcs7 context.\n"); + return NULL; + } + crypto->pkcs7ctx = pkcs7ctx; + + g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx, + FALSE); + + return pkcs7ctx; +} static const struct { const char *protocol; notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto); @@ -55,6 +77,14 @@ static const struct { .protocol = "application/pgp-encrypted", .get_context = create_gpg_context, }, + { + .protocol = "application/pkcs7-signature", + .get_context = create_pkcs7_context, + }, + { + .protocol = "application/x-pkcs7-signature", + .get_context = create_pkcs7_context, + }, }; /* for the specified protocol return the context pointer (initializing @@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto) crypto->gpgctx = NULL; } + if (crypto->pkcs7ctx) { + g_object_unref (crypto->pkcs7ctx); + crypto->pkcs7ctx = NULL; + } + return 0; } diff --git a/notmuch-client.h b/notmuch-client.h index 3bd2903e..18e6c60b 100644 --- a/notmuch-client.h +++ b/notmuch-client.h @@ -31,6 +31,8 @@ #include typedef GMimeCryptoContext notmuch_crypto_context_t; +/* This is automatically included only since gmime 2.6.10 */ +#include #include "notmuch.h" @@ -70,6 +72,7 @@ typedef struct notmuch_show_format { typedef struct notmuch_crypto { notmuch_crypto_context_t* gpgctx; + notmuch_crypto_context_t* pkcs7ctx; notmuch_bool_t verify; notmuch_bool_t decrypt; const char *gpgpath; @@ -407,8 +410,8 @@ struct mime_node { /* Construct a new MIME node pointing to the root message part of * message. If crypto->verify is true, signed child parts will be * verified. If crypto->decrypt is true, encrypted child parts will be - * decrypted. If crypto->gpgctx is NULL, it will be lazily - * initialized. + * decrypted. If the crypto contexts (crypto->gpgctx or + * crypto->pkcs7) are NULL, they will be lazily initialized. * * Return value: * diff --git a/test/T355-smime.sh b/test/T355-smime.sh index a059fac5..d9424125 100755 --- a/test/T355-smime.sh +++ b/test/T355-smime.sh @@ -44,7 +44,6 @@ EOF test_expect_equal_file EXPECTED OUTPUT test_begin_subtest "signature verification (notmuch CLI)" -test_subtest_known_broken output=$(notmuch show --format=json --verify subject:"test signed message 001" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \