}
}
+/* Unwrapped MIME part destructor */
+static int
+_unwrapped_child_free (GMimeObject **proxy)
+{
+ g_object_unref (*proxy);
+ return 0;
+}
+
+/* Set up unwrapped MIME part destructor */
+static void
+set_unwrapped_child_destructor (mime_node_t *node)
+{
+ GMimeObject **proxy = talloc (node, GMimeObject *);
+
+ if (proxy) {
+ *proxy = node->unwrapped_child;
+ talloc_set_destructor (proxy, _unwrapped_child_free);
+ }
+}
+
/* Verify a signed mime node */
static void
node_verify (mime_node_t *node, GMimeObject *part)
notmuch_status_t status;
node->verify_attempted = true;
- node->sig_list = g_mime_multipart_signed_verify (
- GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err);
+ if (GMIME_IS_APPLICATION_PKCS7_MIME (part))
+ node->sig_list = g_mime_application_pkcs7_mime_verify (
+ GMIME_APPLICATION_PKCS7_MIME (part), GMIME_VERIFY_NONE, &node->unwrapped_child, &err);
+ else
+ node->sig_list = g_mime_multipart_signed_verify (
+ GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err);
+
+ if (node->unwrapped_child) {
+ node->nchildren = 1;
+ set_unwrapped_child_destructor (node);
+ }
if (node->sig_list)
set_signature_list_destructor (node);
status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
if (status) /* this is a warning, not an error */
- fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (
+ status));
}
/* Decrypt and optionally verify an encrypted mime node */
GError *err = NULL;
GMimeDecryptResult *decrypt_result = NULL;
notmuch_status_t status;
- GMimeMultipartEncrypted *encrypteddata = GMIME_MULTIPART_ENCRYPTED (part);
notmuch_message_t *message = NULL;
if (! node->unwrapped_child) {
node->unwrapped_child = _notmuch_crypto_decrypt (&node->decrypt_attempted,
node->ctx->crypto->decrypt,
message,
- encrypteddata, &decrypt_result, &err);
+ part, &decrypt_result, &err);
+ if (node->unwrapped_child)
+ set_unwrapped_child_destructor (node);
}
if (! node->unwrapped_child) {
fprintf (stderr, "Failed to decrypt part: %s\n",
node->decrypt_success = true;
status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
if (status) /* this is a warning, not an error */
- fprintf (stderr, "Warning: failed to note decryption status: %s.\n", notmuch_status_to_string (status));
+ fprintf (stderr, "Warning: failed to note decryption status: %s.\n",
+ notmuch_status_to_string (status));
if (decrypt_result) {
/* This may be NULL if the part is not signed. */
node->verify_attempted = true;
g_object_ref (node->sig_list);
set_signature_list_destructor (node);
- status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
+ status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto,
+ node->sig_list);
if (status) /* this is a warning, not an error */
- fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n",
+ notmuch_status_to_string (status));
}
if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
}
/* Handle PGP/MIME parts (by definition not cryptographic payload parts) */
- if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
+ if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt !=
+ NOTMUCH_DECRYPT_FALSE)) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 4, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
} else {
node_verify (node, part);
}
+ } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
+ GMIME_SECURE_MIME_TYPE_SIGNED_DATA == g_mime_application_pkcs7_mime_get_smime_type (
+ GMIME_APPLICATION_PKCS7_MIME (part))) {
+ /* If node->ctx->crypto->verify is false, it would be better
+ * to just unwrap (instead of verifying), but
+ * https://github.com/jstedfast/gmime/issues/67 */
+ node_verify (node, part);
+ } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
+ GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA == g_mime_application_pkcs7_mime_get_smime_type (
+ GMIME_APPLICATION_PKCS7_MIME (part)) &&
+ (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
+ node_decrypt_and_verify (node, part);
+ if (node->unwrapped_child && node->nchildren == 0)
+ node->nchildren = 1;
} else {
- if (_notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, node->parent ? node->parent->part : NULL, numchild) &&
+ if (_notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, node->parent ?
+ node->parent->part : NULL, numchild) &&
node->ctx->msg_crypto->decryption_status == NOTMUCH_MESSAGE_DECRYPTED_FULL) {
GMimeObject *clean_payload = _notmuch_repair_crypto_payload_skip_legacy_display (part);
if (clean_payload != part) {
GMIME_MULTIPART (parent->part), child);
} else if (GMIME_IS_MESSAGE (parent->part)) {
sub = g_mime_message_get_mime_part (GMIME_MESSAGE (parent->part));
+ } else if (GMIME_IS_APPLICATION_PKCS7_MIME (parent->part) &&
+ parent->unwrapped_child &&
+ child == 0) {
+ sub = parent->unwrapped_child;
} else {
/* This should have been caught by _mime_node_set_up_part */
INTERNAL_ERROR ("Unexpected GMimeObject type: %s",