When the certificate that signs a message is known to be valid, GMime
is capable of reporting on the e-mail address embedded in the
certificate.
We pass this information along to the caller of "notmuch show", as
often only the e-mail address of the certificate has actually been
checked/verified.
Furthermore, signature verification should probably at some point
compare the e-mail address of the caller against the sender address of
the message itself. Having to parse what gmime thinks is a "userid"
to extract an e-mail address seems clunky and unnecessary if gmime
already thinks it knows what the e-mail address is.
See id:878s41ax6t@fifthhorseman.net for more motivation and discussion.
Signed-off-by: Daniel Kahn Gillmor
---
devel/schemata | 1 +
notmuch-show.c | 5 +
test/T350-crypto.sh| 6 --
test/T355-smime.sh | 3 ++-
test/T356-protected-headers.sh | 8
test/test-lib.sh | 1 +
util/gmime-extra.c | 15 +++
util/gmime-extra.h | 4
8 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/devel/schemata b/devel/schemata
index 28332c6b..ae84a528 100644
--- a/devel/schemata
+++ b/devel/schemata
@@ -158,6 +158,7 @@ signature = {
created?: unix_time,
expires?: unix_time,
userid?:string
+email?: string
# if status is not "good":
keyid?: string
errors?: sig_errors
diff --git a/notmuch-show.c b/notmuch-show.c
index bdb87321..232557d5 100644
--- a/notmuch-show.c
+++ b/notmuch-show.c
@@ -475,6 +475,11 @@ format_part_sigstatus_sprinter (sprinter_t *sp,
GMimeSignatureList *siglist)
sp->map_key (sp, "userid");
sp->string (sp, uid);
}
+ const char *email = g_mime_certificate_get_valid_email
(certificate);
+ if (email) {
+ sp->map_key (sp, "email");
+ sp->string (sp, email);
+ }
}
} else if (certificate) {
const char *key_id = g_mime_certificate_get_fpr16 (certificate);
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index 4508c984..a25c4b0b 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -35,7 +35,7 @@ expected='[[[{"id": "X",
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
- "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000,
"fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'"}]}},
+ "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000,
"email": "'"$SELF_EMAIL"'", "fingerprint": "'$FINGERPRINT'", "userid":
"'"$SELF_USERID"'"}]}},
"headers": {"Subject": "test signed message 001",
"From": "Notmuch Test Suite ",
"To": "test_su...@notmuchmail.org",
@@ -44,6 +44,7 @@ expected='[[[{"id": "X",
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
"created": 946728000,
+ "email": "'"$SELF_EMAIL"'",
"userid": "'"$SELF_USERID"'"}],
"content-type": "multipart/signed",
"content": [{"id": 2,
@@ -367,7 +368,7 @@ expected='[[[{"id": "X",
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["encrypted","inbox"],
- "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000,
"fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'"}],
+ "crypto": {"signed": {"status": [{ "status": "good", "created": 946728000,
"fingerprint": "'$FINGERPRINT'", "email": "'"$SELF_EMAIL"'", "userid":
"'"$SELF_USERID"'"}],
"encrypted": true },
"decrypted": {"status": "full"}},
"headers": {"Subject": "test encrypted message 002",
@@ -379,6 +380,7 @@ expected='[[[{"id": "X",
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
"created": 946728000,
+ "email": "'"$SELF_EMAIL"'",
"userid": "'"$SELF_USERID"'"}],
"content-type": "multipart/encrypted",
"content": [{"id": 2,
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index 69bdcfac..9c6e7340 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -46,7 +46,7 @@ expected='[[[{"id": "X",
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
- "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status":
"good","userid": "CN=Notmuch Test Suite","expires": 424242424, "created":
946728000}]}},
+ "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "status":
"good","userid": "CN=Notmuch Test Suite", "email":
"", "expires": 424242424, "created": 946728000}]}},
"headers": {"Subject": "test signed message 001",
"From": "Notmuch Test Suite ",
"To": "test_su...@notmuchmail.org",
@@ -55,6 +55,7 @@ expected='[[[{"id": "X",
"sigstatus": [{"fingerprint": "'$FINGERPRINT'",
"status": "good",
"userid": "CN=Notmuch Test Suite",
+ "email": "",
"expires": 424242424,
"created":