+/* Set up unwrapped MIME part destructor */
+static void
+set_unwrapped_child_destructor (mime_node_t *node)
+{
+ GMimeObject **proxy = talloc (node, GMimeObject *);
+
+ if (proxy) {
+ *proxy = node->unwrapped_child;
+ talloc_set_destructor (proxy, _unwrapped_child_free);
+ }
+}
+
+/* Verify a signed mime node */
+static void
+node_verify (mime_node_t *node, GMimeObject *part)
+{
+ GError *err = NULL;
+ notmuch_status_t status;
+
+ node->verify_attempted = true;
+ if (GMIME_IS_APPLICATION_PKCS7_MIME (part))
+ node->sig_list = g_mime_application_pkcs7_mime_verify (
+ GMIME_APPLICATION_PKCS7_MIME (part), GMIME_VERIFY_NONE, &node->unwrapped_child, &err);
+ else
+ node->sig_list = g_mime_multipart_signed_verify (
+ GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err);
+
+ if (node->unwrapped_child) {
+ node->nchildren = 1;
+ set_unwrapped_child_destructor (node);
+ }
+
+ if (node->sig_list)
+ set_signature_list_destructor (node);
+ else
+ fprintf (stderr, "Failed to verify signed part: %s\n",
+ err ? err->message : "no error explanation given");
+
+ if (err)
+ g_error_free (err);
+
+ status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (
+ status));
+}
+
+/* Decrypt and optionally verify an encrypted mime node */
+static void
+node_decrypt_and_verify (mime_node_t *node, GMimeObject *part)
+{
+ GError *err = NULL;
+ GMimeDecryptResult *decrypt_result = NULL;
+ notmuch_status_t status;
+ notmuch_message_t *message = NULL;
+
+ if (! node->unwrapped_child) {
+ for (mime_node_t *parent = node; parent; parent = parent->parent)
+ if (parent->envelope_file) {
+ message = parent->envelope_file;
+ break;
+ }
+
+ node->unwrapped_child = _notmuch_crypto_decrypt (&node->decrypt_attempted,
+ node->ctx->crypto->decrypt,
+ message,
+ part, &decrypt_result, &err);
+ if (node->unwrapped_child)
+ set_unwrapped_child_destructor (node);
+ }
+ if (! node->unwrapped_child) {
+ fprintf (stderr, "Failed to decrypt part: %s\n",
+ err ? err->message : "no error explanation given");
+ goto DONE;
+ }
+
+ node->decrypt_success = true;
+ status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note decryption status: %s.\n",
+ notmuch_status_to_string (status));
+
+ if (decrypt_result) {
+ /* This may be NULL if the part is not signed. */
+ node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
+ if (node->sig_list) {
+ node->verify_attempted = true;
+ g_object_ref (node->sig_list);
+ set_signature_list_destructor (node);
+ status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto,
+ node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n",
+ notmuch_status_to_string (status));
+ }
+
+ if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
+ notmuch_database_t *db = notmuch_message_get_database (message);
+ const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
+ if (db && session_key)
+ print_status_message ("Failed to stash session key in the database",
+ message,
+ notmuch_message_add_property (message, "session-key",
+ session_key));
+ }
+ g_object_unref (decrypt_result);
+ }
+
+ DONE:
+ if (err)
+ g_error_free (err);
+}
+
+static bool
+_mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild);
+