diff options
| author |  Jameson Graef Rollins <jrollins@finestructure.net> | 2011-05-25 18:01:17 -0700 |
|---|---|---|
| committer |  Carl Worth <cworth@cworth.org> | 2011-05-27 16:22:00 -0700 |
| commit | 8b18efe171ef80cbb238a9446137c39908755d2d (patch) | |
| tree | 68f344312f9c55057b1541d2acf2ce43bfd89054 /show-message.c | |
| parent | 627d752501b42326b9016271de33a6cb0fa2dc8c (diff) | |
Add signature verification of PGP/MIME-signed parts with --verify.
This is primarily for notmuch-show, although the functionality is
added to show-message. Once signatures are processed a new
part_sigstatus formatter is emitted, and the entire multipart/signed
part is replaced with the contents of the signed part.
At the moment only a json part_sigstatus formatting function is
available. Emacs support to follow.
The original work for this patch was done by
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
whose help with this functionality I greatly appreciate.
Diffstat (limited to 'show-message.c')
| -rw-r--r-- | show-message.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/show-message.c b/show-message.c index fbae5301..c90f310c 100644 --- a/show-message.c +++ b/show-message.c @@ -51,9 +51,48 @@ show_message_part (GMimeObject *part, if (format->part_start) format->part_start (part, &(state->part_count)); - format->part_content (part); } + /* handle PGP/MIME parts */ + if (GMIME_IS_MULTIPART (part) && params->cryptoctx) { + GMimeMultipart *multipart = GMIME_MULTIPART (part); + GError* err = NULL; + + if (GMIME_IS_MULTIPART_SIGNED (part)) + { + if ( g_mime_multipart_get_count (multipart) != 2 ) { + /* this violates RFC 3156 section 5, so we won't bother with it. */ + fprintf (stderr, + "Error: %d part(s) for a multipart/signed message (should be exactly 2)\n", + g_mime_multipart_get_count (multipart)); + } else { + /* For some reason the GMimeSignatureValidity returned + * here is not a const (inconsistent with that + * returned by + * g_mime_multipart_encrypted_get_signature_validity, + * and therefore needs to be properly disposed of. + * Hopefully the API will become more consistent. */ + GMimeSignatureValidity *sigvalidity = g_mime_multipart_signed_verify (GMIME_MULTIPART_SIGNED (part), params->cryptoctx, &err); + if (!sigvalidity) { + fprintf (stderr, "Failed to verify signed part: %s\n", (err ? err->message : "no error explanation given")); + } + if ((selected || state->in_zone) && format->part_sigstatus) + format->part_sigstatus (sigvalidity); + /* extract only data part, and ignore signature part */ + part = g_mime_multipart_get_part (multipart, 0); + if (sigvalidity) + g_mime_signature_validity_free (sigvalidity); + } + } + + if (err) + g_error_free (err); + } + /* end handle PGP/MIME parts */ + + if (selected || state->in_zone) + format->part_content (part); + if (GMIME_IS_MULTIPART (part)) { GMimeMultipart *multipart = GMIME_MULTIPART (part); int i; |