mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-25 04:18:08 +01:00
cli: crypto: S/MIME verification support
notmuch-show --verify will now also process S/MIME multiparts if encountered. Requires gmime-2.6 and gpgsm. Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
This commit is contained in:
parent
a530a1706a
commit
2355f1522a
3 changed files with 40 additions and 3 deletions
35
crypto.c
35
crypto.c
|
@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto)
|
|||
return gpgctx;
|
||||
}
|
||||
|
||||
/* Create a PKCS7 context (GMime 2.6) */
|
||||
static notmuch_crypto_context_t *
|
||||
create_pkcs7_context (notmuch_crypto_t *crypto)
|
||||
{
|
||||
notmuch_crypto_context_t *pkcs7ctx;
|
||||
|
||||
if (crypto->pkcs7ctx)
|
||||
return crypto->pkcs7ctx;
|
||||
|
||||
/* TODO: GMimePasswordRequestFunc */
|
||||
pkcs7ctx = g_mime_pkcs7_context_new (NULL);
|
||||
if (! pkcs7ctx) {
|
||||
fprintf (stderr, "Failed to construct pkcs7 context.\n");
|
||||
return NULL;
|
||||
}
|
||||
crypto->pkcs7ctx = pkcs7ctx;
|
||||
|
||||
g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
|
||||
FALSE);
|
||||
|
||||
return pkcs7ctx;
|
||||
}
|
||||
static const struct {
|
||||
const char *protocol;
|
||||
notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
|
||||
|
@ -55,6 +77,14 @@ static const struct {
|
|||
.protocol = "application/pgp-encrypted",
|
||||
.get_context = create_gpg_context,
|
||||
},
|
||||
{
|
||||
.protocol = "application/pkcs7-signature",
|
||||
.get_context = create_pkcs7_context,
|
||||
},
|
||||
{
|
||||
.protocol = "application/x-pkcs7-signature",
|
||||
.get_context = create_pkcs7_context,
|
||||
},
|
||||
};
|
||||
|
||||
/* for the specified protocol return the context pointer (initializing
|
||||
|
@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
|
|||
crypto->gpgctx = NULL;
|
||||
}
|
||||
|
||||
if (crypto->pkcs7ctx) {
|
||||
g_object_unref (crypto->pkcs7ctx);
|
||||
crypto->pkcs7ctx = NULL;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -31,6 +31,8 @@
|
|||
#include <gmime/gmime.h>
|
||||
|
||||
typedef GMimeCryptoContext notmuch_crypto_context_t;
|
||||
/* This is automatically included only since gmime 2.6.10 */
|
||||
#include <gmime/gmime-pkcs7-context.h>
|
||||
|
||||
#include "notmuch.h"
|
||||
|
||||
|
@ -70,6 +72,7 @@ typedef struct notmuch_show_format {
|
|||
|
||||
typedef struct notmuch_crypto {
|
||||
notmuch_crypto_context_t* gpgctx;
|
||||
notmuch_crypto_context_t* pkcs7ctx;
|
||||
notmuch_bool_t verify;
|
||||
notmuch_bool_t decrypt;
|
||||
const char *gpgpath;
|
||||
|
@ -407,8 +410,8 @@ struct mime_node {
|
|||
/* Construct a new MIME node pointing to the root message part of
|
||||
* message. If crypto->verify is true, signed child parts will be
|
||||
* verified. If crypto->decrypt is true, encrypted child parts will be
|
||||
* decrypted. If crypto->gpgctx is NULL, it will be lazily
|
||||
* initialized.
|
||||
* decrypted. If the crypto contexts (crypto->gpgctx or
|
||||
* crypto->pkcs7) are NULL, they will be lazily initialized.
|
||||
*
|
||||
* Return value:
|
||||
*
|
||||
|
|
|
@ -44,7 +44,6 @@ EOF
|
|||
test_expect_equal_file EXPECTED OUTPUT
|
||||
|
||||
test_begin_subtest "signature verification (notmuch CLI)"
|
||||
test_subtest_known_broken
|
||||
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
|
||||
| notmuch_json_show_sanitize \
|
||||
| sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
|
||||
|
|
Loading…
Reference in a new issue