Re: [PATCH 1/2] cli/show: produce "email" element in sigstatus

2021-06-27 Thread David Bremner 
Daniel Kahn Gillmor  writes:

> When the certificate that signs a message is known to be valid, GMime
> is capable of reporting on the e-mail address embedded in the
> certificate.

applied to master.
___
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-le...@notmuchmail.org

[PATCH 1/2] cli/show: produce "email" element in sigstatus

2021-05-26 Thread Daniel Kahn Gillmor 
When the certificate that signs a message is known to be valid, GMime
is capable of reporting on the e-mail address embedded in the
certificate.

We pass this information along to the caller of "notmuch show", as
often only the e-mail address of the certificate has actually been
checked/verified.

Furthermore, signature verification should probably at some point
compare the e-mail address of the caller against the sender address of
the message itself.  Having to parse what gmime thinks is a "userid"
to extract an e-mail address seems clunky and unnecessary if gmime
already thinks it knows what the e-mail address is.

See id:878s41ax6t@fifthhorseman.net for more motivation and discussion.

Signed-off-by: Daniel Kahn Gillmor 
---
 devel/schemata |  1 +
 notmuch-show.c |  5 +
 test/T350-crypto.sh|  6 --
 test/T355-smime.sh |  3 ++-
 test/T356-protected-headers.sh |  8 
 test/test-lib.sh   |  1 +
 util/gmime-extra.c | 15 +++
 util/gmime-extra.h |  4 
 8 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/devel/schemata b/devel/schemata
index 28332c6b..ae84a528 100644
--- a/devel/schemata
+++ b/devel/schemata
@@ -158,6 +158,7 @@ signature = {
 created?:   unix_time,
 expires?:   unix_time,
 userid?:string
+email?: string
 # if status is not "good":
 keyid?: string
 errors?:   sig_errors
diff --git a/notmuch-show.c b/notmuch-show.c
index bdb87321..232557d5 100644
--- a/notmuch-show.c
+++ b/notmuch-show.c
@@ -475,6 +475,11 @@ format_part_sigstatus_sprinter (sprinter_t *sp, 
GMimeSignatureList *siglist)
sp->map_key (sp, "userid");
sp->string (sp, uid);
}
+   const char *email = g_mime_certificate_get_valid_email 
(certificate);
+   if (email) {
+   sp->map_key (sp, "email");
+   sp->string (sp, email);
+   }
}
} else if (certificate) {
const char *key_id = g_mime_certificate_get_fpr16 (certificate);
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index 4508c984..a25c4b0b 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -35,7 +35,7 @@ expected='[[[{"id": "X",
  "timestamp": 946728000,
  "date_relative": "2000-01-01",
  "tags": ["inbox","signed"],
- "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, 
"fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'"}]}},
+ "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, 
"email": "'"$SELF_EMAIL"'", "fingerprint": "'$FINGERPRINT'", "userid": 
"'"$SELF_USERID"'"}]}},
  "headers": {"Subject": "test signed message 001",
  "From": "Notmuch Test Suite ",
  "To": "test_su...@notmuchmail.org",
@@ -44,6 +44,7 @@ expected='[[[{"id": "X",
  "sigstatus": [{"status": "good",
  "fingerprint": "'$FINGERPRINT'",
  "created": 946728000,
+ "email": "'"$SELF_EMAIL"'",
  "userid": "'"$SELF_USERID"'"}],
  "content-type": "multipart/signed",
  "content": [{"id": 2,
@@ -367,7 +368,7 @@ expected='[[[{"id": "X",
  "timestamp": 946728000,
  "date_relative": "2000-01-01",
  "tags": ["encrypted","inbox"],
- "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, 
"fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'"}],
+ "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000, 
"fingerprint": "'$FINGERPRINT'", "email": "'"$SELF_EMAIL"'", "userid": 
"'"$SELF_USERID"'"}],
"encrypted": true },
 "decrypted": {"status": "full"}},
  "headers": {"Subject": "test encrypted message 002",
@@ -379,6 +380,7 @@ expected='[[[{"id": "X",
  "sigstatus": [{"status": "good",
  "fingerprint": "'$FINGERPRINT'",
  "created": 946728000,
+ "email": "'"$SELF_EMAIL"'",
  "userid": "'"$SELF_USERID"'"}],
  "content-type": "multipart/encrypted",
  "content": [{"id": 2,
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index 69bdcfac..9c6e7340 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -46,7 +46,7 @@ expected='[[[{"id": "X",
  "timestamp": 946728000,
  "date_relative": "2000-01-01",
  "tags": ["inbox","signed"],
- "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status": 
"good","userid": "CN=Notmuch Test Suite","expires": 424242424, "created": 
946728000}]}},
+ "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status": 
"good","userid": "CN=Notmuch Test Suite", "email": 
"", "expires": 424242424, "created": 946728000}]}},
  "headers": {"Subject": "test signed message 001",
  "From": "Notmuch Test Suite ",
  "To": "test_su...@notmuchmail.org",
@@ -55,6 +55,7 @@ expected='[[[{"id": "X",
  "sigstatus": [{"fingerprint": "'$FINGERPRINT'",
  "status": "good",
  "userid": "CN=Notmuch Test Suite",
+ "email": "",
  "expires": 424242424,
  "created":