[PATCH 1/2] cli: S/MIME verification/decryption support

Jameson Graef Rollins jrollins at finestructure.net
Sun Mar 16 21:52:23 PDT 2014 

The notmuch-show flags --decrypt and --verify will now also process
S/MIME multiparts if encountered.  Requires gmime-2.6 and gpgsm.
---
 crypto.c         | 20 ++++++++++++++++++++
 notmuch-client.h |  5 +++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/crypto.c b/crypto.c
index 6f4a6db..d66aa66 100644
--- a/crypto.c
+++ b/crypto.c
@@ -88,6 +88,21 @@ notmuch_crypto_get_context (notmuch_crypto_t *crypto, const char *protocol)
 		fprintf (stderr, "Failed to construct gpg context.\n");
 	}
 	cryptoctx = crypto->gpgctx;
+#ifdef GMIME_ATLEAST_26
+    } else if ((strcasecmp (protocol, "application/pkcs7-signature") == 0)
+	       || (strcasecmp (protocol, "application/x-pkcs7-signature") == 0)
+	       || (strcasecmp (protocol, "application/pkcs7-encrypted") == 0)) {
+	if (! crypto->pkcs7ctx) {
+	    /* TODO: GMimePasswordRequestFunc */
+	    crypto->pkcs7ctx = g_mime_pkcs7_context_new (NULL);
+	    if (crypto->pkcs7ctx) {
+		g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context*) crypto->pkcs7ctx, FALSE);
+	    } else {
+		fprintf (stderr, "Failed to construct pkcs7 context.\n");
+	    }
+	}
+	cryptoctx = crypto->pkcs7ctx;
+#endif
     } else {
 	fprintf (stderr, "Unknown or unsupported cryptographic protocol.\n");
     }
@@ -103,5 +118,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
 	crypto->gpgctx = NULL;
     }
 
+    if (crypto->pkcs7ctx) {
+	g_object_unref (crypto->pkcs7ctx);
+	crypto->pkcs7ctx = NULL;
+    }
+
     return 0;
 }
diff --git a/notmuch-client.h b/notmuch-client.h
index 278b498..9b80107 100644
--- a/notmuch-client.h
+++ b/notmuch-client.h
@@ -78,6 +78,7 @@ typedef struct notmuch_show_format {
 
 typedef struct notmuch_crypto {
     notmuch_crypto_context_t* gpgctx;
+    notmuch_crypto_context_t* pkcs7ctx;
     notmuch_bool_t verify;
     notmuch_bool_t decrypt;
 } notmuch_crypto_t;
@@ -411,8 +412,8 @@ struct mime_node {
 /* Construct a new MIME node pointing to the root message part of
  * message. If crypto->verify is true, signed child parts will be
  * verified. If crypto->decrypt is true, encrypted child parts will be
- * decrypted.  If crypto->gpgctx is NULL, it will be lazily
- * initialized.
+ * decrypted.  If the crypto contexts (crypto->gpgctx or
+ * crypto->pkcs7) are NULL, they will be lazily initialized.
  *
  * Return value:
  *
-- 
1.9.0

More information about the notmuch mailing list