David Bremner <[email protected]> writes:
> David Bremner <[email protected]> writes:
>
>> The test JSON here is not correct, but the larger problem is thatit
>> seems like no actual decryption is being done.
>
> I played with this some more, and it seems like Jamie's code (and the
> gmime sample code [1] expects the top level part to be
> multipart/encrypted.
By repeated bludgeoning I convinced notmuch show to actually run the
decryption code, but then I hit another problem: there isn't an obvious
high level way to decrypt an application/(x)-pkcs7-mime part (and the
current code only works for multipart/encrypted). It should
be possible up GMimeStreams and use g_mime_crypto_context_decrypt, but
that seems like quite a bit more work than calling
g_mime_multipart_encrypted_decrypt.
diff --git a/mime-node.c b/mime-node.c
index fd9e4a4..7019be7 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -54,6 +54,20 @@ _mime_node_context_free (mime_node_context_t *res)
return 0;
}
+static
+notmuch_bool_t
+_is_smime_encrypted_part (GMimeObject *part) {
+
+ GMimeContentType *content_type = g_mime_object_get_content_type(part);
+ if (content_type) {
+ return g_mime_content_type_is_type (content_type, "application",
+ "pkcs7-mime") ||
+ g_mime_content_type_is_type (content_type, "application",
+ "x-pkcs7-mime");
+ }
+ return FALSE;
+}
+
notmuch_status_t
mime_node_open (const void *ctx, notmuch_message_t *message,
notmuch_crypto_t *crypto, mime_node_t **root_out)
@@ -323,22 +337,33 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
return NULL;
}
- if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt)
+ if (((GMIME_IS_MULTIPART_ENCRYPTED (part) || _is_smime_encrypted_part (part))
+ && node->ctx->crypto->decrypt)
|| (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) {
GMimeContentType *content_type = g_mime_object_get_content_type (part);
const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol");
+ if (!protocol) {
+ if (_is_smime_encrypted_part (part)) {
+ protocol = "application/pkcs7-encrypted";
+ }
+ }
cryptoctx = notmuch_crypto_get_context (node->ctx->crypto, protocol);
}
- /* Handle PGP/MIME parts */
- if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt && cryptoctx) {
- if (node->nchildren != 2) {
- /* this violates RFC 3156 section 4, so we won't bother with it. */
- fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
- "message (must be exactly 2)\n",
- node->nchildren);
- } else {
+ /* Are we ready and able to decrypt something ? */
+ if (node->ctx->crypto->decrypt && cryptoctx) {
+ if (_is_smime_encrypted_part (part)) {
node_decrypt_and_verify (node, part, cryptoctx);
+ } else if (GMIME_IS_MULTIPART_ENCRYPTED (part)) {
+ /* Handle PGP/MIME parts */
+ if (node->nchildren != 2) {
+ /* this violates RFC 3156 section 4, so we won't bother with it. */
+ fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
+ "message (must be exactly 2)\n",
+ node->nchildren);
+ } else {
+ node_decrypt_and_verify (node, part, cryptoctx);
+ }
}
} else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify && cryptoctx) {
if (node->nchildren != 2) {
_______________________________________________
notmuch mailing list
[email protected]
http://notmuchmail.org/mailman/listinfo/notmuch
