2005-12-06 [paul] 1.9.100cvs69
[claws.git] / src / plugins / pgpcore / sgpgme.c
1 /*
2  * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 1999-2003 Hiroyuki Yamamoto & the Sylpheed-Claws team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18  */
19  
20 #ifdef HAVE_CONFIG_H
21 #  include "config.h"
22 #endif
23  
24 #ifdef USE_GPGME
25
26 #include <time.h>
27 #include <gtk/gtk.h>
28 #include <gpgme.h>
29 #include <glib.h>
30 #include <glib/gi18n.h>
31 #include <stdio.h>
32 #include <errno.h>
33 #if HAVE_LOCALE_H
34 #  include <locale.h>
35 #endif
36
37 #include "sgpgme.h"
38 #include "privacy.h"
39 #include "prefs_common.h"
40 #include "utils.h"
41 #include "alertpanel.h"
42 #include "passphrase.h"
43 #include "prefs_gpg.h"
44 #include "select-keys.h"
45
46 static void sgpgme_disable_all(void)
47 {
48     /* FIXME: set a flag, so that we don't bother the user with failed
49      * gpgme messages */
50 }
51
52 gpgme_verify_result_t sgpgme_verify_signature(gpgme_ctx_t ctx, gpgme_data_t sig, 
53                                         gpgme_data_t plain, gpgme_data_t dummy)
54 {
55         gpgme_verify_result_t status = NULL;
56         gpgme_error_t err;
57
58         if ((err = gpgme_op_verify(ctx, sig, plain, dummy)) != GPG_ERR_NO_ERROR) {
59                 debug_print("op_verify err %s\n", gpgme_strerror(err));
60                 return GINT_TO_POINTER(-GPG_ERR_SYSTEM_ERROR);
61                 
62         }
63         status = gpgme_op_verify_result(ctx);
64
65         return status;
66 }
67
68 SignatureStatus sgpgme_sigstat_gpgme_to_privacy(gpgme_ctx_t ctx, gpgme_verify_result_t status)
69 {
70         unsigned long validity = 0;
71         gpgme_signature_t sig = NULL;
72         
73         if (GPOINTER_TO_INT(status) == -GPG_ERR_SYSTEM_ERROR) {
74                 debug_print("system error\n");
75                 return SIGNATURE_CHECK_FAILED;
76         }
77
78         if (status == NULL) {
79                 debug_print("status == NULL\n");
80                 return SIGNATURE_UNCHECKED;
81         }
82         sig = status->signatures;
83
84         if (sig == NULL) {
85                 debug_print("sig == NULL\n");
86                 return SIGNATURE_UNCHECKED;
87         }
88         validity = sig->validity;
89
90         debug_print("err code %d\n", gpg_err_code(sig->status));
91         switch (gpg_err_code(sig->status)) {
92         case GPG_ERR_NO_ERROR:
93                 return SIGNATURE_OK;
94         case GPG_ERR_SIG_EXPIRED:
95         case GPG_ERR_KEY_EXPIRED:
96                 return SIGNATURE_WARN;
97         case GPG_ERR_BAD_SIGNATURE:
98                 return SIGNATURE_INVALID;
99         case GPG_ERR_NO_PUBKEY:
100                 return SIGNATURE_CHECK_FAILED;
101         default:
102                 return SIGNATURE_CHECK_FAILED;
103         }
104         return SIGNATURE_CHECK_FAILED;
105 }
106
107 static const gchar *get_validity_str(unsigned long validity)
108 {
109         switch (gpg_err_code(validity)) {
110         case GPGME_VALIDITY_UNKNOWN:
111                 return _("Unknown");
112         case GPGME_VALIDITY_UNDEFINED:
113                 return _("Undefined");
114         case GPGME_VALIDITY_NEVER:
115                 return _("Never");
116         case GPGME_VALIDITY_MARGINAL:
117                 return _("Marginal");
118         case GPGME_VALIDITY_FULL:
119                 return _("Full");
120         case GPGME_VALIDITY_ULTIMATE:
121                 return _("Ultimate");
122         default:
123                 return _("Error");
124         }
125 }
126
127 static gchar *extract_name(const char *uid)
128 {
129         if (uid == NULL)
130                 return NULL;
131         if (!strncmp(uid, "CN=", 3)) {
132                 gchar *result = g_strdup(uid+3);
133                 if (strstr(result, ","))
134                         *(strstr(result, ",")) = '\0';
135                 return result;
136         } else if (strstr(uid, ",CN=")) {
137                 gchar *result = g_strdup(strstr(uid, ",CN=")+4);
138                 if (strstr(result, ","))
139                         *(strstr(result, ",")) = '\0';
140                 return result;
141         } else {
142                 return g_strdup(uid);
143         }
144 }
145 gchar *sgpgme_sigstat_info_short(gpgme_ctx_t ctx, gpgme_verify_result_t status)
146 {
147         gpgme_signature_t sig = NULL;
148         gchar *uname = NULL;
149         gpgme_key_t key;
150         gchar *result = NULL;
151
152         if (GPOINTER_TO_INT(status) == -GPG_ERR_SYSTEM_ERROR) {
153                 return g_strdup(_("The signature can't be checked - GPG error."));
154         }
155
156         if (status == NULL) {
157                 return g_strdup(_("The signature has not been checked."));
158         }
159         sig = status->signatures;
160         if (sig == NULL) {
161                 return g_strdup(_("The signature has not been checked."));
162         }
163
164         gpgme_get_key(ctx, sig->fpr, &key, 0);
165         if (key)
166                 uname = extract_name(key->uids->uid);
167         else
168                 uname = g_strdup("<?>");
169         switch (gpg_err_code(sig->status)) {
170         case GPG_ERR_NO_ERROR:
171                 result = g_strdup_printf(_("Good signature from %s."),
172                         uname);
173                 break;
174         case GPG_ERR_SIG_EXPIRED:
175                 result = g_strdup_printf(_("Expired signature from %s."), uname);
176                 break;
177         case GPG_ERR_KEY_EXPIRED:
178                 result = g_strdup_printf(_("Expired key from %s."), uname);
179                 break;
180         case GPG_ERR_BAD_SIGNATURE:
181                 result = g_strdup_printf(_("Bad signature from %s."), uname);
182                 break;
183         case GPG_ERR_NO_PUBKEY:
184                 result = g_strdup(_("No key available to verify this signature."));
185                 break;
186         default:
187                 result = g_strdup(_("The signature has not been checked."));
188                 break;
189         }
190         if (result == NULL)
191                 result = g_strdup(_("Error"));
192         g_free(uname);
193         return result;
194 }
195
196 gchar *sgpgme_sigstat_info_full(gpgme_ctx_t ctx, gpgme_verify_result_t status)
197 {
198         gint i = 0;
199         gchar *ret;
200         GString *siginfo;
201         gpgme_signature_t sig = status->signatures;
202         
203         siginfo = g_string_sized_new(64);
204         while (sig) {
205                 gpgme_user_id_t user = NULL;
206                 gpgme_key_t key;
207
208                 const gchar *keytype, *keyid, *uid;
209                 
210                 gpgme_get_key(ctx, sig->fpr, &key, 0);
211
212                 if (key) {
213                         user = key->uids;
214                         keytype = gpgme_pubkey_algo_name(
215                                         key->subkeys->pubkey_algo);
216                         keyid = key->subkeys->keyid;
217                         uid = user->uid;
218                 } else {
219                         keytype = "?";
220                         keyid = "?";
221                         uid = "?";
222                 }
223                 g_string_append_printf(siginfo,
224                         _("Signature made using %s key ID %s\n"),
225                         keytype, keyid);
226                 
227                 switch (gpg_err_code(sig->status)) {
228                 case GPG_ERR_NO_ERROR:
229                 case GPG_ERR_KEY_EXPIRED:
230                         g_string_append_printf(siginfo,
231                                 _("Good signature from \"%s\" (Trust: %s)\n"),
232                                 uid, get_validity_str(sig->validity));
233                         break;
234                 case GPG_ERR_SIG_EXPIRED:
235                         g_string_append_printf(siginfo,
236                                 _("Expired signature from \"%s\"\n"),
237                                 uid);
238                         break;
239                 case GPG_ERR_BAD_SIGNATURE:
240                         g_string_append_printf(siginfo,
241                                 _("BAD signature from \"%s\"\n"),
242                                 uid);
243                         break;
244                 default:
245                         break;
246                 }
247                 if (sig->status != GPG_ERR_BAD_SIGNATURE) {
248                         gint j = 1;
249                         user = user ? user->next : NULL;
250                         while (user != NULL) {
251                                 g_string_append_printf(siginfo,
252                                         _("                aka \"%s\"\n"),
253                                         user->uid);
254                                 j++;
255                                 user = user->next;
256                         }
257                         g_string_append_printf(siginfo,
258                                 _("Primary key fingerprint: %s\n"), 
259                                 sig ? sig->fpr: "?");
260                 }
261                 
262                 g_string_append(siginfo, "\n");
263                 i++;
264                 sig = sig->next;
265         }
266
267         ret = siginfo->str;
268         g_string_free(siginfo, FALSE);
269         return ret;
270 }
271
272 gpgme_data_t sgpgme_data_from_mimeinfo(MimeInfo *mimeinfo)
273 {
274         gpgme_data_t data = NULL;
275         gpgme_error_t err;
276         FILE *fp = g_fopen(mimeinfo->data.filename, "rb");
277         gchar *tmp_file = NULL;
278
279         if (!fp) 
280                 return NULL;
281
282         tmp_file = get_tmp_file();
283         copy_file_part(fp, mimeinfo->offset, mimeinfo->length, tmp_file);
284         fclose(fp);
285         fp = g_fopen(tmp_file, "rb");
286         debug_print("tmp file %s\n", tmp_file);
287         if (!fp) 
288                 return NULL;
289         
290         err = gpgme_data_new_from_file(&data, tmp_file, 1);
291         g_unlink(tmp_file);
292         g_free(tmp_file);
293
294         debug_print("data %p (%d %d)\n", (void *)&data, mimeinfo->offset, mimeinfo->length);
295         if (err) {
296                 debug_print ("gpgme_data_new_from_file failed: %s\n",
297                              gpgme_strerror (err));
298                 return NULL;
299         }
300         return data;
301 }
302
303 gpgme_data_t sgpgme_decrypt_verify(gpgme_data_t cipher, gpgme_verify_result_t *status, gpgme_ctx_t ctx)
304 {
305         struct passphrase_cb_info_s info;
306         gpgme_data_t plain;
307         gpgme_error_t err;
308
309         memset (&info, 0, sizeof info);
310         
311         if (gpgme_data_new(&plain) != GPG_ERR_NO_ERROR) {
312                 gpgme_release(ctx);
313                 return NULL;
314         }
315         
316         if (!getenv("GPG_AGENT_INFO")) {
317                 info.c = ctx;
318                 gpgme_set_passphrase_cb (ctx, gpgmegtk_passphrase_cb, &info);
319         }
320
321         err = gpgme_op_decrypt_verify(ctx, cipher, plain);
322         if (err != GPG_ERR_NO_ERROR) {
323                 debug_print("can't decrypt (%s)\n", gpgme_strerror(err));
324                 gpgmegtk_free_passphrase();
325                 gpgme_data_release(plain);
326                 return NULL;
327         }
328
329         err = gpgme_data_rewind(plain);
330         if (err) {
331                 debug_print("can't seek (%d %d %s)\n", err, errno, strerror(errno));
332         }
333
334         debug_print("decrypted.\n");
335         *status = gpgme_op_verify_result (ctx);
336
337         return plain;
338 }
339
340 gchar *sgpgme_get_encrypt_data(GSList *recp_names)
341 {
342         SelectionResult result = KEY_SELECTION_CANCEL;
343         gpgme_key_t *keys = gpgmegtk_recipient_selection(recp_names, &result);
344         gchar *ret = NULL;
345         int i = 0;
346
347         if (!keys) {
348                 if (result == KEY_SELECTION_DONT)
349                         return g_strdup("_DONT_ENCRYPT_");
350                 else
351                         return NULL;
352         }
353         while (keys[i]) {
354                 gpgme_subkey_t skey = keys[i]->subkeys;
355                 gchar *fpr = skey->fpr;
356                 gchar *tmp = NULL;
357                 debug_print("adding %s\n", fpr);
358                 tmp = g_strconcat(ret?ret:"", fpr, " ", NULL);
359                 g_free(ret);
360                 ret = tmp;
361                 i++;
362         }
363         return ret;
364 }
365
366 gboolean sgpgme_setup_signers(gpgme_ctx_t ctx, PrefsAccount *account)
367 {
368         GPGAccountConfig *config;
369
370         gpgme_signers_clear(ctx);
371
372         config = prefs_gpg_account_get_config(account);
373
374         if (config->sign_key != SIGN_KEY_DEFAULT) {
375                 gchar *keyid;
376                 gpgme_key_t key;
377
378                 if (config->sign_key == SIGN_KEY_BY_FROM)
379                         keyid = account->address;
380                 else if (config->sign_key == SIGN_KEY_CUSTOM)
381                         keyid = config->sign_key_id;
382                 else
383                         return FALSE;
384
385                 gpgme_op_keylist_start(ctx, keyid, 1);
386                 while (!gpgme_op_keylist_next(ctx, &key)) {
387                         gpgme_signers_add(ctx, key);
388                         gpgme_key_release(key);
389                 }
390                 gpgme_op_keylist_end(ctx);
391         }
392
393         prefs_gpg_account_free_config(config);
394
395         return TRUE;
396 }
397
398 void sgpgme_init()
399 {
400         gpgme_engine_info_t engineInfo;
401         if (gpgme_check_version("0.4.5")) {
402                 gpgme_set_locale(NULL, LC_CTYPE, setlocale(LC_CTYPE, NULL));
403                 gpgme_set_locale(NULL, LC_MESSAGES, setlocale(LC_MESSAGES, NULL));
404                 if (!gpgme_get_engine_info(&engineInfo)) {
405                         while (engineInfo) {
406                                 debug_print("GpgME Protocol: %s\n      Version: %s\n",
407                                         gpgme_get_protocol_name(engineInfo->protocol),
408                                         engineInfo->version);
409                                 engineInfo = engineInfo->next;
410                         }
411                 }
412         } else {
413                 sgpgme_disable_all();
414
415                 if (prefs_gpg_get_config()->gpg_warning) {
416                         AlertValue val;
417
418                         val = alertpanel_full
419                                 (_("Warning"),
420                                  _("GnuPG is not installed properly, or needs "
421                                  "to be upgraded.\n"
422                                  "OpenPGP support disabled."),
423                                  GTK_STOCK_CLOSE, NULL, NULL, TRUE, NULL,
424                                  ALERT_WARNING, G_ALERTDEFAULT);
425                         if (val & G_ALERTDISABLE)
426                                 prefs_gpg_get_config()->gpg_warning = FALSE;
427                 }
428         }
429 }
430
431 void sgpgme_done()
432 {
433         gpgmegtk_free_passphrase();
434 }
435
436 #endif /* USE_GPGME */