Re: [Patch v4 5/5] test: add broken test for SMIME decryption with notmuch CLI

diff --git a/95/253b98c5183c25680a9ec270789d3165ed88c8 b/95/253b98c5183c25680a9ec270789d3165ed88c8
new file mode 100644 (file)
index 0000000..23b8d75
--- /dev/null
+++ b/95/253b98c5183c25680a9ec270789d3165ed88c8
@@ -0,0 +1,152 @@
+Return-Path: <david@tethera.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id B2132431FD7\r
+       for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 23:37:54 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.438\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.438 tagged_above=-999 required=5\r
+       tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id r-s6PkguBvSK for <notmuch@notmuchmail.org>;\r
+       Tue, 27 Jan 2015 23:37:08 -0800 (PST)\r
+Received: from mx.xen14.node3324.gplhost.com (gitolite.debian.net\r
+       [87.98.215.224])\r
+       (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))\r
+       (No client certificate requested)\r
+       by olra.theworths.org (Postfix) with ESMTPS id 41B3E431FAF\r
+       for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 23:37:08 -0800 (PST)\r
+Received: from remotemail by mx.xen14.node3324.gplhost.com with local (Exim\r
+       4.80) (envelope-from <david@tethera.net>)\r
+       id 1YGNAw-0005LT-Eh; Wed, 28 Jan 2015 07:36:34 +0000\r
+Received: (nullmailer pid 19171 invoked by uid 1000); Wed, 28 Jan 2015\r
+       07:36:21 -0000\r
+From: David Bremner <david@tethera.net>\r
+To: notmuch@notmuchmail.org\r
+Subject: Re: [Patch v4 5/5] test: add broken test for SMIME decryption with\r
+       notmuch CLI\r
+In-Reply-To: <87h9vdup0j.fsf@maritornes.cs.unb.ca>\r
+References: <1421568167-18683-1-git-send-email-david@tethera.net>\r
+       <1421568167-18683-6-git-send-email-david@tethera.net>\r
+       <87h9vdup0j.fsf@maritornes.cs.unb.ca>\r
+User-Agent: Notmuch/0.19+48~gb74ed1c (http://notmuchmail.org) Emacs/24.4.1\r
+       (x86_64-pc-linux-gnu)\r
+Date: Wed, 28 Jan 2015 08:36:21 +0100\r
+Message-ID: <87h9vbbbm2.fsf@maritornes.cs.unb.ca>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/mixed; boundary="=-=-="\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Wed, 28 Jan 2015 07:37:56 -0000\r
+\r
+--=-=-=\r
+Content-Type: text/plain\r
+\r
+David Bremner <david@tethera.net> writes:\r
+\r
+> David Bremner <david@tethera.net> writes:\r
+>\r
+>> The test JSON here is not correct, but the larger problem is thatit\r
+>> seems like no actual decryption is being done.\r
+>\r
+> I played with this some more, and it seems like Jamie's code (and the\r
+> gmime sample code [1] expects the top level part to be\r
+> multipart/encrypted.\r
+\r
+By repeated bludgeoning I convinced notmuch show to actually run the\r
+decryption code, but then I hit another problem: there isn't an obvious\r
+high level way to decrypt an application/(x)-pkcs7-mime part (and the\r
+current code only works for multipart/encrypted). It should\r
+be possible up GMimeStreams and use g_mime_crypto_context_decrypt, but\r
+that seems like quite a bit more work than calling\r
+g_mime_multipart_encrypted_decrypt.\r
+\r
+\r
+--=-=-=\r
+Content-Type: text/x-diff\r
+Content-Disposition: inline; filename=smime.diff\r
+\r
+diff --git a/mime-node.c b/mime-node.c\r
+index fd9e4a4..7019be7 100644\r
+--- a/mime-node.c\r
++++ b/mime-node.c\r
+@@ -54,6 +54,20 @@ _mime_node_context_free (mime_node_context_t *res)\r
+     return 0;\r
+ }\r
+ \r
++static\r
++notmuch_bool_t\r
++_is_smime_encrypted_part (GMimeObject *part) {\r
++\r
++    GMimeContentType *content_type = g_mime_object_get_content_type(part);\r
++    if (content_type) {\r
++      return g_mime_content_type_is_type (content_type, "application",\r
++                                         "pkcs7-mime") ||\r
++          g_mime_content_type_is_type (content_type, "application",\r
++                                       "x-pkcs7-mime");\r
++    }\r
++    return FALSE;\r
++}\r
++\r
+ notmuch_status_t\r
+ mime_node_open (const void *ctx, notmuch_message_t *message,\r
+               notmuch_crypto_t *crypto, mime_node_t **root_out)\r
+@@ -323,22 +337,33 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)\r
+       return NULL;\r
+     }\r
+ \r
+-    if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt)\r
++    if (((GMIME_IS_MULTIPART_ENCRYPTED (part) || _is_smime_encrypted_part (part))\r
++       && node->ctx->crypto->decrypt)\r
+       || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) {\r
+       GMimeContentType *content_type = g_mime_object_get_content_type (part);\r
+       const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol");\r
++      if (!protocol) {\r
++          if (_is_smime_encrypted_part (part)) {\r
++              protocol = "application/pkcs7-encrypted";\r
++          }\r
++      }\r
+       cryptoctx = notmuch_crypto_get_context (node->ctx->crypto, protocol);\r
+     }\r
+ \r
+-    /* Handle PGP/MIME parts */\r
+-    if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt && cryptoctx) {\r
+-      if (node->nchildren != 2) {\r
+-          /* this violates RFC 3156 section 4, so we won't bother with it. */\r
+-          fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "\r
+-                   "message (must be exactly 2)\n",\r
+-                   node->nchildren);\r
+-      } else {\r
++    /* Are we ready and able to decrypt something ? */\r
++    if (node->ctx->crypto->decrypt && cryptoctx) {\r
++      if (_is_smime_encrypted_part (part)) {\r
+           node_decrypt_and_verify (node, part, cryptoctx);\r
++      } else if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {\r
++          /* Handle PGP/MIME parts */\r
++          if (node->nchildren != 2) {\r
++              /* this violates RFC 3156 section 4, so we won't bother with it. */\r
++              fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "\r
++                       "message (must be exactly 2)\n",\r
++                       node->nchildren);\r
++          } else {\r
++              node_decrypt_and_verify (node, part, cryptoctx);\r
++          }\r
+       }\r
+     } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify && cryptoctx) {\r
+       if (node->nchildren != 2) {\r
+\r
+--=-=-=--\r