3 files changed, 322 insertions, 0 deletions
diff --git a/Makefile.local b/Makefile.local
index 97f397ff..516f26e8 100644
--- a/Makefile.local
+++ b/Makefile.local
@@ -315,6 +315,7 @@ notmuch_client_srcs =		\
 	notmuch-time.c		\
 	query-string.c		\
 	show-message.c		\
+	mime-node.c		\
 	json.c
 
 notmuch_client_modules = $(notmuch_client_srcs:.c=.o)
diff --git a/mime-node.c b/mime-node.c
new file mode 100644
index 00000000..760c55f6
--- /dev/null
+++ b/mime-node.c
@@ -0,0 +1,238 @@
+/* notmuch - Not much of an email program, (just index and search)
+ *
+ * Copyright © 2009 Carl Worth
+ * Copyright © 2009 Keith Packard
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see http://www.gnu.org/licenses/ .
+ *
+ * Authors: Carl Worth <cworth@cworth.org>
+ *          Keith Packard <keithp@keithp.com>
+ *          Austin Clements <aclements@csail.mit.edu>
+ */
+
+#include "notmuch-client.h"
+
+/* Context that gets inherited from the root node. */
+typedef struct mime_node_context {
+    /* Per-message resources.  These are allocated internally and must
+     * be destroyed. */
+    FILE *file;
+    GMimeStream *stream;
+    GMimeParser *parser;
+    GMimeMessage *mime_message;
+
+    /* Context provided by the caller. */
+    GMimeCipherContext *cryptoctx;
+    notmuch_bool_t decrypt;
+} mime_node_context_t;
+
+static int
+_mime_node_context_free (mime_node_context_t *res)
+{
+    if (res->mime_message)
+	g_object_unref (res->mime_message);
+
+    if (res->parser)
+	g_object_unref (res->parser);
+
+    if (res->stream)
+	g_object_unref (res->stream);
+
+    if (res->file)
+	fclose (res->file);
+
+    return 0;
+}
+
+notmuch_status_t
+mime_node_open (const void *ctx, notmuch_message_t *message,
+		GMimeCipherContext *cryptoctx, notmuch_bool_t decrypt,
+		mime_node_t **root_out)
+{
+    const char *filename = notmuch_message_get_filename (message);
+    mime_node_context_t *mctx;
+    mime_node_t *root;
+    notmuch_status_t status;
+
+    root = talloc_zero (ctx, mime_node_t);
+    if (root == NULL) {
+	fprintf (stderr, "Out of memory.\n");
+	status = NOTMUCH_STATUS_OUT_OF_MEMORY;
+	goto DONE;
+    }
+
+    /* Create the tree-wide context */
+    mctx = talloc_zero (root, mime_node_context_t);
+    if (mctx == NULL) {
+	fprintf (stderr, "Out of memory.\n");
+	status = NOTMUCH_STATUS_OUT_OF_MEMORY;
+	goto DONE;
+    }
+    talloc_set_destructor (mctx, _mime_node_context_free);
+
+    mctx->file = fopen (filename, "r");
+    if (! mctx->file) {
+	fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno));
+	status = NOTMUCH_STATUS_FILE_ERROR;
+	goto DONE;
+    }
+
+    mctx->stream = g_mime_stream_file_new (mctx->file);
+    g_mime_stream_file_set_owner (GMIME_STREAM_FILE (mctx->stream), FALSE);
+
+    mctx->parser = g_mime_parser_new_with_stream (mctx->stream);
+
+    mctx->mime_message = g_mime_parser_construct_message (mctx->parser);
+
+    mctx->cryptoctx = cryptoctx;
+    mctx->decrypt = decrypt;
+
+    /* Create the root node */
+    root->part = GMIME_OBJECT (mctx->mime_message);
+    root->envelope_file = message;
+    root->nchildren = 1;
+    root->ctx = mctx;
+
+    *root_out = root;
+    return NOTMUCH_STATUS_SUCCESS;
+
+DONE:
+    talloc_free (root);
+    return status;
+}
+
+static int
+_signature_validity_free (GMimeSignatureValidity **proxy)
+{
+    g_mime_signature_validity_free (*proxy);
+    return 0;
+}
+
+static mime_node_t *
+_mime_node_create (const mime_node_t *parent, GMimeObject *part)
+{
+    mime_node_t *node = talloc_zero (parent, mime_node_t);
+    GError *err = NULL;
+
+    /* Set basic node properties */
+    node->part = part;
+    node->ctx = parent->ctx;
+    if (!talloc_reference (node, node->ctx)) {
+	fprintf (stderr, "Out of memory.\n");
+	talloc_free (node);
+	return NULL;
+    }
+
+    /* Deal with the different types of parts */
+    if (GMIME_IS_PART (part)) {
+	node->nchildren = 0;
+    } else if (GMIME_IS_MULTIPART (part)) {
+	node->nchildren = g_mime_multipart_get_count (GMIME_MULTIPART (part));
+    } else if (GMIME_IS_MESSAGE_PART (part)) {
+	/* Promote part to an envelope and open it */
+	GMimeMessagePart *message_part = GMIME_MESSAGE_PART (part);
+	GMimeMessage *message = g_mime_message_part_get_message (message_part);
+	node->envelope_part = message_part;
+	node->part = GMIME_OBJECT (message);
+	node->nchildren = 1;
+    } else {
+	fprintf (stderr, "Warning: Unknown mime part type: %s.\n",
+		 g_type_name (G_OBJECT_TYPE (part)));
+	talloc_free (node);
+	return NULL;
+    }
+
+    /* Handle PGP/MIME parts */
+    if (GMIME_IS_MULTIPART_ENCRYPTED (part)
+	&& node->ctx->cryptoctx && node->ctx->decrypt) {
+	if (node->nchildren != 2) {
+	    /* this violates RFC 3156 section 4, so we won't bother with it. */
+	    fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
+		     "message (must be exactly 2)\n",
+		     node->nchildren);
+	} else {
+	    GMimeMultipartEncrypted *encrypteddata =
+		GMIME_MULTIPART_ENCRYPTED (part);
+	    node->decrypt_attempted = TRUE;
+	    node->decrypted_child = g_mime_multipart_encrypted_decrypt
+		(encrypteddata, node->ctx->cryptoctx, &err);
+	    if (node->decrypted_child) {
+		node->decrypt_success = node->verify_attempted = TRUE;
+		node->sig_validity = g_mime_multipart_encrypted_get_signature_validity (encrypteddata);
+	    } else {
+		fprintf (stderr, "Failed to decrypt part: %s\n",
+			 (err ? err->message : "no error explanation given"));
+	    }
+	}
+    } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->cryptoctx) {
+	if (node->nchildren != 2) {
+	    /* this violates RFC 3156 section 5, so we won't bother with it. */
+	    fprintf (stderr, "Error: %d part(s) for a multipart/signed message "
+		     "(must be exactly 2)\n",
+		     node->nchildren);
+	} else {
+	    /* For some reason the GMimeSignatureValidity returned
+	     * here is not a const (inconsistent with that
+	     * returned by
+	     * g_mime_multipart_encrypted_get_signature_validity,
+	     * and therefore needs to be properly disposed of.
+	     *
+	     * In GMime 2.6, they're both non-const, so we'll be able
+	     * to clean up this asymmetry. */
+	    GMimeSignatureValidity *sig_validity = g_mime_multipart_signed_verify
+		(GMIME_MULTIPART_SIGNED (part), node->ctx->cryptoctx, &err);
+	    node->verify_attempted = TRUE;
+	    node->sig_validity = sig_validity;
+	    if (sig_validity) {
+		GMimeSignatureValidity **proxy =
+		    talloc (node, GMimeSignatureValidity *);
+		*proxy = sig_validity;
+		talloc_set_destructor (proxy, _signature_validity_free);
+	    }
+	}
+    }
+
+    if (node->verify_attempted && !node->sig_validity)
+	fprintf (stderr, "Failed to verify signed part: %s\n",
+		 (err ? err->message : "no error explanation given"));
+
+    if (err)
+	g_error_free (err);
+
+    return node;
+}
+
+mime_node_t *
+mime_node_child (const mime_node_t *parent, int child)
+{
+    GMimeObject *sub;
+
+    if (!parent || child < 0 || child >= parent->nchildren)
+	return NULL;
+
+    if (GMIME_IS_MULTIPART (parent->part)) {
+	if (child == 1 && parent->decrypted_child)
+	    sub = parent->decrypted_child;
+	else
+	    sub = g_mime_multipart_get_part
+		(GMIME_MULTIPART (parent->part), child);
+    } else if (GMIME_IS_MESSAGE (parent->part)) {
+	sub = g_mime_message_get_mime_part (GMIME_MESSAGE (parent->part));
+    } else {
+	/* This should have been caught by message_part_create */
+	INTERNAL_ERROR ("Unexpected GMimeObject type: %s",
+			g_type_name (G_OBJECT_TYPE (parent->part)));
+    }
+    return _mime_node_create (parent, sub);
+}
diff --git a/notmuch-client.h b/notmuch-client.h
index c521efa0..64b255c7 100644
--- a/notmuch-client.h
+++ b/notmuch-client.h
@@ -241,5 +241,88 @@ notmuch_run_hook (const char *db_path, const char *hook);
 notmuch_bool_t
 debugger_is_active (void);
 
+/* mime-node.c */
+
+/* mime_node_t represents a single node in a MIME tree.  A MIME tree
+ * abstracts the different ways of traversing different types of MIME
+ * parts, allowing a MIME message to be viewed as a generic tree of
+ * parts.  Message-type parts have one child, multipart-type parts
+ * have multiple children, and leaf parts have zero children.
+ */
+typedef struct mime_node {
+    /* The MIME object of this part.  This will be a GMimeMessage,
+     * GMimePart, GMimeMultipart, or a subclass of one of these.
+     *
+     * This will never be a GMimeMessagePart because GMimeMessagePart
+     * is structurally redundant with GMimeMessage.  If this part is a
+     * message (that is, 'part' is a GMimeMessage), then either
+     * envelope_file will be set to a notmuch_message_t (for top-level
+     * messages) or envelope_part will be set to a GMimeMessagePart
+     * (for embedded message parts).
+     */
+    GMimeObject *part;
+
+    /* If part is a GMimeMessage, these record the envelope of the
+     * message: either a notmuch_message_t representing a top-level
+     * message, or a GMimeMessagePart representing a MIME part
+     * containing a message.
+     */
+    notmuch_message_t *envelope_file;
+    GMimeMessagePart *envelope_part;
+
+    /* The number of children of this part. */
+    int nchildren;
+
+    /* True if decryption of this part was attempted. */
+    notmuch_bool_t decrypt_attempted;
+    /* True if decryption of this part's child succeeded.  In this
+     * case, the decrypted part is substituted for the second child of
+     * this part (which would usually be the encrypted data). */
+    notmuch_bool_t decrypt_success;
+
+    /* True if signature verification on this part was attempted. */
+    notmuch_bool_t verify_attempted;
+    /* For signed or encrypted containers, the validity of the
+     * signature.  May be NULL if signature verification failed.  If
+     * there are simply no signatures, this will be non-NULL with an
+     * empty signers list. */
+    const GMimeSignatureValidity *sig_validity;
+
+    /* Internal: Context inherited from the root iterator. */
+    struct mime_node_context *ctx;
+
+    /* Internal: For successfully decrypted multipart parts, the
+     * decrypted part to substitute for the second child. */
+    GMimeObject *decrypted_child;
+} mime_node_t;
+
+/* Construct a new MIME node pointing to the root message part of
+ * message.  If cryptoctx is non-NULL, it will be used to verify
+ * signatures on any child parts.  If decrypt is true, then cryptoctx
+ * will additionally be used to decrypt any encrypted child parts.
+ *
+ * Return value:
+ *
+ * NOTMUCH_STATUS_SUCCESS: Root node is returned in *node_out.
+ *
+ * NOTMUCH_STATUS_FILE_ERROR: Failed to open message file.
+ *
+ * NOTMUCH_STATUS_OUT_OF_MEMORY: Out of memory.
+ */
+notmuch_status_t
+mime_node_open (const void *ctx, notmuch_message_t *message,
+		GMimeCipherContext *cryptoctx, notmuch_bool_t decrypt,
+		mime_node_t **node_out);
+
+/* Return a new MIME node for the requested child part of parent.
+ * parent will be used as the talloc context for the returned child
+ * node.
+ *
+ * In case of any failure, this function returns NULL, (after printing
+ * an error message on stderr).
+ */
+mime_node_t *
+mime_node_child (const mime_node_t *parent, int child);
+
 #include "command-line-arguments.h"
 #endif