[Patch v4 2/5] cli: S/MIME verification/decryption support
David Bremner
david at tethera.net
Sun Jan 18 00:02:44 PST 2015
From: Jameson Graef Rollins <jrollins at finestructure.net>
The notmuch-show flags --decrypt and --verify will now also process
S/MIME multiparts if encountered. Requires gmime-2.6 and gpgsm.
---
crypto.c | 20 ++++++++++++++++++++
notmuch-client.h | 5 +++--
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/crypto.c b/crypto.c
index 6f4a6db..d66aa66 100644
--- a/crypto.c
+++ b/crypto.c
@@ -88,6 +88,21 @@ notmuch_crypto_get_context (notmuch_crypto_t *crypto, const char *protocol)
fprintf (stderr, "Failed to construct gpg context.\n");
}
cryptoctx = crypto->gpgctx;
+#ifdef GMIME_ATLEAST_26
+ } else if ((strcasecmp (protocol, "application/pkcs7-signature") == 0)
+ || (strcasecmp (protocol, "application/x-pkcs7-signature") == 0)
+ || (strcasecmp (protocol, "application/pkcs7-encrypted") == 0)) {
+ if (! crypto->pkcs7ctx) {
+ /* TODO: GMimePasswordRequestFunc */
+ crypto->pkcs7ctx = g_mime_pkcs7_context_new (NULL);
+ if (crypto->pkcs7ctx) {
+ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context*) crypto->pkcs7ctx, FALSE);
+ } else {
+ fprintf (stderr, "Failed to construct pkcs7 context.\n");
+ }
+ }
+ cryptoctx = crypto->pkcs7ctx;
+#endif
} else {
fprintf (stderr, "Unknown or unsupported cryptographic protocol.\n");
}
@@ -103,5 +118,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
crypto->gpgctx = NULL;
}
+ if (crypto->pkcs7ctx) {
+ g_object_unref (crypto->pkcs7ctx);
+ crypto->pkcs7ctx = NULL;
+ }
+
return 0;
}
diff --git a/notmuch-client.h b/notmuch-client.h
index 5e0d475..986f6cd 100644
--- a/notmuch-client.h
+++ b/notmuch-client.h
@@ -78,6 +78,7 @@ typedef struct notmuch_show_format {
typedef struct notmuch_crypto {
notmuch_crypto_context_t* gpgctx;
+ notmuch_crypto_context_t* pkcs7ctx;
notmuch_bool_t verify;
notmuch_bool_t decrypt;
} notmuch_crypto_t;
@@ -414,8 +415,8 @@ struct mime_node {
/* Construct a new MIME node pointing to the root message part of
* message. If crypto->verify is true, signed child parts will be
* verified. If crypto->decrypt is true, encrypted child parts will be
- * decrypted. If crypto->gpgctx is NULL, it will be lazily
- * initialized.
+ * decrypted. If the crypto contexts (crypto->gpgctx or
+ * crypto->pkcs7) are NULL, they will be lazily initialized.
*
* Return value:
*
--
2.1.4
More information about the notmuch
mailing list