David Bremner <da...@tethera.net> writes: > David Bremner <da...@tethera.net> writes: > >> The test JSON here is not correct, but the larger problem is thatit >> seems like no actual decryption is being done. > > I played with this some more, and it seems like Jamie's code (and the > gmime sample code [1] expects the top level part to be > multipart/encrypted.
By repeated bludgeoning I convinced notmuch show to actually run the decryption code, but then I hit another problem: there isn't an obvious high level way to decrypt an application/(x)-pkcs7-mime part (and the current code only works for multipart/encrypted). It should be possible up GMimeStreams and use g_mime_crypto_context_decrypt, but that seems like quite a bit more work than calling g_mime_multipart_encrypted_decrypt.
diff --git a/mime-node.c b/mime-node.c index fd9e4a4..7019be7 100644 --- a/mime-node.c +++ b/mime-node.c @@ -54,6 +54,20 @@ _mime_node_context_free (mime_node_context_t *res) return 0; } +static +notmuch_bool_t +_is_smime_encrypted_part (GMimeObject *part) { + + GMimeContentType *content_type = g_mime_object_get_content_type(part); + if (content_type) { + return g_mime_content_type_is_type (content_type, "application", + "pkcs7-mime") || + g_mime_content_type_is_type (content_type, "application", + "x-pkcs7-mime"); + } + return FALSE; +} + notmuch_status_t mime_node_open (const void *ctx, notmuch_message_t *message, notmuch_crypto_t *crypto, mime_node_t **root_out) @@ -323,22 +337,33 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) return NULL; } - if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt) + if (((GMIME_IS_MULTIPART_ENCRYPTED (part) || _is_smime_encrypted_part (part)) + && node->ctx->crypto->decrypt) || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) { GMimeContentType *content_type = g_mime_object_get_content_type (part); const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol"); + if (!protocol) { + if (_is_smime_encrypted_part (part)) { + protocol = "application/pkcs7-encrypted"; + } + } cryptoctx = notmuch_crypto_get_context (node->ctx->crypto, protocol); } - /* Handle PGP/MIME parts */ - if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt && cryptoctx) { - if (node->nchildren != 2) { - /* this violates RFC 3156 section 4, so we won't bother with it. */ - fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " - "message (must be exactly 2)\n", - node->nchildren); - } else { + /* Are we ready and able to decrypt something ? */ + if (node->ctx->crypto->decrypt && cryptoctx) { + if (_is_smime_encrypted_part (part)) { node_decrypt_and_verify (node, part, cryptoctx); + } else if (GMIME_IS_MULTIPART_ENCRYPTED (part)) { + /* Handle PGP/MIME parts */ + if (node->nchildren != 2) { + /* this violates RFC 3156 section 4, so we won't bother with it. */ + fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " + "message (must be exactly 2)\n", + node->nchildren); + } else { + node_decrypt_and_verify (node, part, cryptoctx); + } } } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify && cryptoctx) { if (node->nchildren != 2) {
_______________________________________________ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch