[PATCH 6/8] cli: crypto: S/MIME verification support
Jani Nikula
jani at nikula.org
Sat Sep 26 04:58:41 PDT 2015
On Sun, 16 Aug 2015, David Bremner <david at tethera.net> wrote:
> From: Jani Nikula <jani at nikula.org>
>
> notmuch-show --verify will now also process S/MIME multiparts if
> encountered. Requires gmime-2.6 and gpgsm.
>
> Based on work by Jameson Graef Rollins <jrollins at finestructure.net>.
> ---
> crypto.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
> notmuch-client.h | 7 +++++--
> test/T355-smime.sh | 1 -
> 3 files changed, 55 insertions(+), 3 deletions(-)
>
> diff --git a/crypto.c b/crypto.c
> index 11c167e..ce683d2 100644
> --- a/crypto.c
> +++ b/crypto.c
> @@ -43,6 +43,51 @@ create_gpg_context (notmuch_crypto_t *crypto)
> return gpgctx;
> }
>
> +/* Create a PKCS7 context (GMime 2.6) */
> +static notmuch_crypto_context_t *
> +create_pkcs7_context (notmuch_crypto_t *crypto)
> +{
> + notmuch_crypto_context_t *pkcs7ctx;
> +
> + if (crypto->pkcs7ctx)
> + return crypto->pkcs7ctx;
> +
> + /* TODO: GMimePasswordRequestFunc */
> + pkcs7ctx = g_mime_pkcs7_context_new (NULL);
> + if (! pkcs7ctx) {
> + fprintf (stderr, "Failed to construct pkcs7 context.\n");
> + return NULL;
> + }
> + crypto->pkcs7ctx = pkcs7ctx;
> +
> + g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
> + FALSE);
> +
> + return pkcs7ctx;
> +}
> +
> +static const struct {
> + const char *protocol;
> + notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
> +} protocols[] = {
> + {
> + .protocol = "application/pgp-signature",
> + .get_context = create_gpg_context,
> + },
> + {
> + .protocol = "application/pgp-encrypted",
> + .get_context = create_gpg_context,
> + },
> + {
> + .protocol = "application/pkcs7-signature",
> + .get_context = create_pkcs7_context,
> + },
> + {
> + .protocol = "application/x-pkcs7-signature",
> + .get_context = create_pkcs7_context,
> + },
> +};
The array itself should be added in patch 2 as it depends on it, and
this patch should only add the pkcs7 ones. I guess this got broken at
some rebase.
BR,
Jani.
> +
> /* for the specified protocol return the context pointer (initializing
> * if needed) */
> notmuch_crypto_context_t *
> @@ -81,5 +126,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
> crypto->gpgctx = NULL;
> }
>
> + if (crypto->pkcs7ctx) {
> + g_object_unref (crypto->pkcs7ctx);
> + crypto->pkcs7ctx = NULL;
> + }
> +
> return 0;
> }
> diff --git a/notmuch-client.h b/notmuch-client.h
> index 1f82656..774b620 100644
> --- a/notmuch-client.h
> +++ b/notmuch-client.h
> @@ -31,6 +31,8 @@
> #include <gmime/gmime.h>
>
> typedef GMimeCryptoContext notmuch_crypto_context_t;
> +/* This is automatically included only since gmime 2.6.10 */
> +#include <gmime/gmime-pkcs7-context.h>
>
> #include "notmuch.h"
>
> @@ -69,6 +71,7 @@ typedef struct notmuch_show_format {
>
> typedef struct notmuch_crypto {
> notmuch_crypto_context_t* gpgctx;
> + notmuch_crypto_context_t* pkcs7ctx;
> notmuch_bool_t verify;
> notmuch_bool_t decrypt;
> const char *gpgpath;
> @@ -406,8 +409,8 @@ struct mime_node {
> /* Construct a new MIME node pointing to the root message part of
> * message. If crypto->verify is true, signed child parts will be
> * verified. If crypto->decrypt is true, encrypted child parts will be
> - * decrypted. If crypto->gpgctx is NULL, it will be lazily
> - * initialized.
> + * decrypted. If the crypto contexts (crypto->gpgctx or
> + * crypto->pkcs7) are NULL, they will be lazily initialized.
> *
> * Return value:
> *
> diff --git a/test/T355-smime.sh b/test/T355-smime.sh
> index b3cc76e..caedf5e 100755
> --- a/test/T355-smime.sh
> +++ b/test/T355-smime.sh
> @@ -56,7 +56,6 @@ EOF
> test_expect_equal_file OUTPUT EXPECTED
>
> test_begin_subtest "signature verification (notmuch CLI)"
> -test_subtest_known_broken
> output=$(notmuch show --format=json --verify subject:"test signed message 001" \
> | notmuch_json_show_sanitize \
> | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
> --
> 2.5.0
More information about the notmuch
mailing list