Return-Path: <bremner@tesseract.cs.unb.ca>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
 by arlo.cworth.org (Postfix) with ESMTP id 7FCD16DE18FE
 for <notmuch@notmuchmail.org>; Sun, 16 Aug 2015 10:43:24 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at cworth.org
X-Spam-Flag: NO
X-Spam-Score: 0.126
X-Spam-Level: 
X-Spam-Status: No, score=0.126 tagged_above=-999 required=5 tests=[AWL=0.116, 
 T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=disabled
Received: from arlo.cworth.org ([127.0.0.1])
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id aDsRWghoG00M for <notmuch@notmuchmail.org>;
 Sun, 16 Aug 2015 10:43:22 -0700 (PDT)
Received: from gitolite.debian.net (gitolite.debian.net [87.98.215.224])
 by arlo.cworth.org (Postfix) with ESMTPS id 5DEC06DE17FE
 for <notmuch@notmuchmail.org>; Sun, 16 Aug 2015 10:43:20 -0700 (PDT)
Received: from remotemail by gitolite.debian.net with local (Exim 4.80)
 (envelope-from <bremner@tesseract.cs.unb.ca>)
 id 1ZR1wK-0003by-IW; Sun, 16 Aug 2015 17:41:48 +0000
Received: (nullmailer pid 26317 invoked by uid 1000); Sun, 16 Aug 2015
 17:41:28 -0000
From: David Bremner <david@tethera.net>
To: notmuch@notmuchmail.org
Subject: [PATCH 6/8] cli: crypto: S/MIME verification support
Date: Sun, 16 Aug 2015 19:41:14 +0200
Message-Id: <1439746876-23654-7-git-send-email-david@tethera.net>
X-Mailer: git-send-email 2.5.0
In-Reply-To: <1439746876-23654-1-git-send-email-david@tethera.net>
References: <54CA467B.30408@gnome.org>
 <1439746876-23654-1-git-send-email-david@tethera.net>
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Use and development of the notmuch mail system."
 <notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2015 17:43:24 -0000

From: Jani Nikula <jani@nikula.org>

notmuch-show --verify will now also process S/MIME multiparts if
encountered. Requires gmime-2.6 and gpgsm.

Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
---
 crypto.c           | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 notmuch-client.h   |  7 +++++--
 test/T355-smime.sh |  1 -
 3 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/crypto.c b/crypto.c
index 11c167e..ce683d2 100644
--- a/crypto.c
+++ b/crypto.c
@@ -43,6 +43,51 @@ create_gpg_context (notmuch_crypto_t *crypto)
     return gpgctx;
 }
 
+/* Create a PKCS7 context (GMime 2.6) */
+static notmuch_crypto_context_t *
+create_pkcs7_context (notmuch_crypto_t *crypto)
+{
+    notmuch_crypto_context_t *pkcs7ctx;
+
+    if (crypto->pkcs7ctx)
+	return crypto->pkcs7ctx;
+
+    /* TODO: GMimePasswordRequestFunc */
+    pkcs7ctx = g_mime_pkcs7_context_new (NULL);
+    if (! pkcs7ctx) {
+	fprintf (stderr, "Failed to construct pkcs7 context.\n");
+	return NULL;
+    }
+    crypto->pkcs7ctx = pkcs7ctx;
+
+    g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
+					   FALSE);
+
+    return pkcs7ctx;
+}
+
+static const struct {
+    const char *protocol;
+    notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
+} protocols[] = {
+    {
+	.protocol = "application/pgp-signature",
+	.get_context = create_gpg_context,
+    },
+    {
+	.protocol = "application/pgp-encrypted",
+	.get_context = create_gpg_context,
+    },
+    {
+	.protocol = "application/pkcs7-signature",
+	.get_context = create_pkcs7_context,
+    },
+    {
+	.protocol = "application/x-pkcs7-signature",
+	.get_context = create_pkcs7_context,
+    },
+};
+
 /* for the specified protocol return the context pointer (initializing
  * if needed) */
 notmuch_crypto_context_t *
@@ -81,5 +126,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
 	crypto->gpgctx = NULL;
     }
 
+    if (crypto->pkcs7ctx) {
+	g_object_unref (crypto->pkcs7ctx);
+	crypto->pkcs7ctx = NULL;
+    }
+
     return 0;
 }
diff --git a/notmuch-client.h b/notmuch-client.h
index 1f82656..774b620 100644
--- a/notmuch-client.h
+++ b/notmuch-client.h
@@ -31,6 +31,8 @@
 #include <gmime/gmime.h>
 
 typedef GMimeCryptoContext notmuch_crypto_context_t;
+/* This is automatically included only since gmime 2.6.10 */
+#include <gmime/gmime-pkcs7-context.h>
 
 #include "notmuch.h"
 
@@ -69,6 +71,7 @@ typedef struct notmuch_show_format {
 
 typedef struct notmuch_crypto {
     notmuch_crypto_context_t* gpgctx;
+    notmuch_crypto_context_t* pkcs7ctx;
     notmuch_bool_t verify;
     notmuch_bool_t decrypt;
     const char *gpgpath;
@@ -406,8 +409,8 @@ struct mime_node {
 /* Construct a new MIME node pointing to the root message part of
  * message. If crypto->verify is true, signed child parts will be
  * verified. If crypto->decrypt is true, encrypted child parts will be
- * decrypted.  If crypto->gpgctx is NULL, it will be lazily
- * initialized.
+ * decrypted.  If the crypto contexts (crypto->gpgctx or
+ * crypto->pkcs7) are NULL, they will be lazily initialized.
  *
  * Return value:
  *
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index b3cc76e..caedf5e 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -56,7 +56,6 @@ EOF
 test_expect_equal_file OUTPUT EXPECTED
 
 test_begin_subtest "signature verification (notmuch CLI)"
-test_subtest_known_broken
 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
     | notmuch_json_show_sanitize \
     | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
-- 
2.5.0