From 8b18efe171ef80cbb238a9446137c39908755d2d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 25 May 2011 18:01:17 -0700 Subject: Add signature verification of PGP/MIME-signed parts with --verify. This is primarily for notmuch-show, although the functionality is added to show-message. Once signatures are processed a new part_sigstatus formatter is emitted, and the entire multipart/signed part is replaced with the contents of the signed part. At the moment only a json part_sigstatus formatting function is available. Emacs support to follow. The original work for this patch was done by Daniel Kahn Gillmor whose help with this functionality I greatly appreciate. --- notmuch-show.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) (limited to 'notmuch-show.c') diff --git a/notmuch-show.c b/notmuch-show.c index 363cdbfe..bb54e563 100644 --- a/notmuch-show.c +++ b/notmuch-show.c @@ -44,6 +44,7 @@ static const notmuch_show_format_t format_text = { "\fheader{\n", format_headers_text, "\fheader}\n", "\fbody{\n", format_part_start_text, + NULL, format_part_content_text, format_part_end_text, "", @@ -64,6 +65,9 @@ static void format_part_start_json (unused (GMimeObject *part), int *part_count); +static void +format_part_sigstatus_json (const GMimeSignatureValidity* validity); + static void format_part_content_json (GMimeObject *part); @@ -76,6 +80,7 @@ static const notmuch_show_format_t format_json = { ", \"headers\": {", format_headers_json, "}", ", \"body\": [", format_part_start_json, + format_part_sigstatus_json, format_part_content_json, format_part_end_json, ", ", @@ -97,6 +102,7 @@ static const notmuch_show_format_t format_mbox = { NULL, NULL, NULL, + NULL, "", "", "", "", @@ -111,6 +117,7 @@ static const notmuch_show_format_t format_raw = { "", NULL, "", NULL, "", "", + NULL, NULL, format_part_content_raw, NULL, @@ -396,6 +403,22 @@ show_part_content (GMimeObject *part, GMimeStream *stream_out) g_object_unref(stream_filter); } +static const char* +signerstatustostring (GMimeSignerStatus x) +{ + switch (x) { + case GMIME_SIGNER_STATUS_NONE: + return "none"; + case GMIME_SIGNER_STATUS_GOOD: + return "good"; + case GMIME_SIGNER_STATUS_BAD: + return "bad"; + case GMIME_SIGNER_STATUS_ERROR: + return "error"; + } + return "unknown"; +} + static void format_part_start_text (GMimeObject *part, int *part_count) { @@ -472,6 +495,65 @@ format_part_start_json (unused (GMimeObject *part), int *part_count) printf ("{\"id\": %d", *part_count); } +static void +format_part_sigstatus_json (const GMimeSignatureValidity* validity) +{ + printf (", \"sigstatus\": ["); + + if (!validity) { + printf ("]"); + return; + } + + const GMimeSigner *signer = g_mime_signature_validity_get_signers (validity); + int first = 1; + void *ctx_quote = talloc_new (NULL); + + while (signer) { + if (first) + first = 0; + else + printf (", "); + + printf ("{"); + + /* status */ + printf ("\"status\": %s", json_quote_str (ctx_quote, signerstatustostring(signer->status))); + + if (signer->status == GMIME_SIGNER_STATUS_GOOD) + { + if (signer->fingerprint) + printf (", \"fingerprint\": %s", json_quote_str (ctx_quote, signer->fingerprint)); + /* these dates are seconds since the epoch; should we + * provide a more human-readable format string? */ + if (signer->created) + printf (", \"created\": %d", (int) signer->created); + if (signer->expires) + printf (", \"expires\": %d", (int) signer->expires); + /* output user id only if validity is FULL or ULTIMATE. */ + /* note that gmime is using the term "trust" here, which + * is WRONG. It's actually user id "validity". */ + if ((signer->name) && (signer->trust)) { + if ((signer->trust == GMIME_SIGNER_TRUST_FULLY) || (signer->trust == GMIME_SIGNER_TRUST_ULTIMATE)) + printf (", \"userid\": %s", json_quote_str (ctx_quote, signer->name)); + } + } else { + if (signer->keyid) + printf (", \"keyid\": %s", json_quote_str (ctx_quote, signer->keyid)); + } + if (signer->errors != GMIME_SIGNER_ERROR_NONE) { + printf (", \"errors\": %x", signer->errors); + } + + printf ("}"); + signer = signer->next; + } + + printf ("]"); + + talloc_free (ctx_quote); +} + static void format_part_content_json (GMimeObject *part) { @@ -739,6 +821,7 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[])) params.entire_thread = 0; params.raw = 0; params.part = -1; + params.cryptoctx = NULL; for (i = 0; i < argc && argv[i][0] == '-'; i++) { if (strcmp (argv[i], "--") == 0) { @@ -767,6 +850,16 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[])) params.part = atoi(argv[i] + sizeof ("--part=") - 1); } else if (STRNCMP_LITERAL (argv[i], "--entire-thread") == 0) { params.entire_thread = 1; + } else if (STRNCMP_LITERAL (argv[i], "--verify") == 0) { + if (params.cryptoctx == NULL) { + GMimeSession* session = g_object_new(notmuch_gmime_session_get_type(), NULL); + if (NULL == (params.cryptoctx = g_mime_gpg_context_new(session, "gpg"))) + fprintf (stderr, "Failed to construct gpg context.\n"); + else + g_mime_gpg_context_set_always_trust((GMimeGpgContext*)params.cryptoctx, FALSE); + g_object_unref (session); + session = NULL; + } } else { fprintf (stderr, "Unrecognized option: %s\n", argv[i]); return 1; @@ -824,5 +917,8 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[])) notmuch_query_destroy (query); notmuch_database_close (notmuch); + if (params.cryptoctx) + g_object_unref(params.cryptoctx); + return 0; } -- cgit v1.2.3