2 * Claws Mail -- a GTK based, lightweight, and fast e-mail client
3 * Copyright (C) 1999-2024 the Claws Mail team and Colin Leroy
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "claws-features.h"
30 #include <glib/gi18n.h>
37 #include <plugins/pgpcore/sgpgme.h>
38 #include <plugins/pgpcore/prefs_gpg.h>
39 #include <plugins/pgpcore/pgp_utils.h>
40 #include <plugins/pgpcore/passphrase.h>
42 #include "alertpanel.h"
43 #include "prefs_common.h"
45 #include "file-utils.h"
47 typedef struct _PrivacyDataPGP PrivacyDataPGP;
49 struct _PrivacyDataPGP
53 gboolean done_sigtest;
55 gboolean inserted_mimeinfo;
58 typedef struct _PKCS7MimeTaskData {
60 EncodingType encoding;
61 gboolean create_mimeinfo;
64 static PrivacySystem smime_system;
66 static PrivacyDataPGP *smime_new_privacydata()
70 data = g_new0(PrivacyDataPGP, 1);
71 data->data.system = &smime_system;
76 static void smime_free_privacydata(PrivacyData *data)
81 static gint check_pkcs7_mime_sig(MimeInfo *, GCancellable *, GAsyncReadyCallback, gpointer);
83 static gboolean smime_is_signed(MimeInfo *mimeinfo)
87 const gchar *protocol, *tmpstr;
88 PrivacyDataPGP *data = NULL;
90 cm_return_val_if_fail(mimeinfo != NULL, FALSE);
91 if (mimeinfo->privacy != NULL) {
92 data = (PrivacyDataPGP *) mimeinfo->privacy;
93 if (data->done_sigtest)
94 return data->is_signed;
97 if (!g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime") ||
98 !g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime")) {
99 tmpstr = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
100 if (tmpstr && !g_ascii_strcasecmp(tmpstr, "signed-data")) {
102 data = smime_new_privacydata();
105 mimeinfo->privacy = (PrivacyData *) data;
108 data->done_sigtest = TRUE;
109 data->is_signed = TRUE;
110 check_pkcs7_mime_sig(mimeinfo, NULL, NULL, NULL);
116 parent = procmime_mimeinfo_parent(mimeinfo);
120 if ((parent->type != MIMETYPE_MULTIPART) ||
121 g_ascii_strcasecmp(parent->subtype, "signed"))
123 protocol = procmime_mimeinfo_get_parameter(parent, "protocol");
124 if ((protocol == NULL) ||
125 (g_ascii_strcasecmp(protocol, "application/pkcs7-signature") &&
126 g_ascii_strcasecmp(protocol, "application/x-pkcs7-signature")))
129 /* check if mimeinfo is the first child */
130 if (parent->node->children->data != mimeinfo)
134 /* check signature */
135 signature = parent->node->children->next != NULL ?
136 (MimeInfo *) parent->node->children->next->data : NULL;
137 if (signature == NULL)
139 if ((signature->type != MIMETYPE_APPLICATION) ||
140 (g_ascii_strcasecmp(signature->subtype, "pkcs7-signature") &&
141 g_ascii_strcasecmp(signature->subtype, "x-pkcs7-signature")))
145 data = smime_new_privacydata();
148 mimeinfo->privacy = (PrivacyData *) data;
151 data->done_sigtest = TRUE;
152 data->is_signed = TRUE;
157 static gchar *get_canonical_content(FILE *fp, const gchar *boundary)
160 guint boundary_len = 0;
164 boundary_len = strlen(boundary);
165 while (claws_fgets(buf, sizeof(buf), fp) != NULL)
166 if (IS_BOUNDARY(buf, boundary, boundary_len))
170 textbuffer = g_string_new("");
171 while (claws_fgets(buf, sizeof(buf), fp) != NULL) {
174 if (boundary && IS_BOUNDARY(buf, boundary, boundary_len))
177 buf2 = canonicalize_str(buf);
178 g_string_append(textbuffer, buf2);
181 g_string_truncate(textbuffer, textbuffer->len - 2);
183 return g_string_free(textbuffer, FALSE);
186 static void free_pkcs7_mime_task_data(gpointer data)
188 PKCS7MimeTaskData *task_data = (PKCS7MimeTaskData *)data;
190 g_free(task_data->textstr);
194 static gboolean create_mimeinfo_for_plaintext(const GString *verified, MimeInfo **created)
197 MimeInfo *newinfo = NULL;
198 MimeInfo *decinfo = NULL;
200 tmpfile = get_tmp_file();
202 str_write_to_file(verified->str, tmpfile, TRUE);
203 newinfo = procmime_scan_file(tmpfile);
205 decinfo = g_node_first_child(newinfo->node) != NULL ?
206 g_node_first_child(newinfo->node)->data : NULL;
211 g_node_unlink(decinfo->node);
212 procmime_mimeinfo_free_all(&newinfo);
219 static void check_pkcs7_mime_sig_task(GTask *task,
220 gpointer source_object,
222 GCancellable *cancellable)
224 PKCS7MimeTaskData *task_data = (PKCS7MimeTaskData *)_task_data;
228 gpgme_data_t sigdata = NULL;
230 gpgme_verify_result_t gpgme_res;
232 gboolean return_err = TRUE;
233 gboolean cancelled = FALSE;
234 SigCheckTaskResult *task_result = NULL;
235 MimeInfo *created = NULL;
238 char err_str[GPGERR_BUFSIZE] = "";
240 domain = g_quark_from_static_string("claws_smime");
242 err = gpgme_new(&ctx);
243 if (err != GPG_ERR_NO_ERROR) {
244 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
245 g_warning("couldn't initialize GPG context: %s", err_str);
249 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
250 if (err != GPG_ERR_NO_ERROR) {
251 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
252 g_warning("couldn't set GPG protocol: %s", err_str);
256 err = gpgme_data_new_from_mem(&sigdata,
258 task_data->textstr ? strlen(task_data->textstr) : 0,
260 if (err != GPG_ERR_NO_ERROR) {
261 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
262 g_warning("gpgme_data_new_from_mem failed: %s", err_str);
266 if (task_data->encoding == ENC_BASE64) {
267 err = gpgme_data_set_encoding (sigdata, GPGME_DATA_ENCODING_BASE64);
268 if (err != GPG_ERR_NO_ERROR) {
269 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
270 g_warning("gpgme_data_set_encoding failed: %s\n", err_str);
275 err = gpgme_data_new(&plain);
276 if (err != GPG_ERR_NO_ERROR) {
277 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
278 g_warning("gpgme_data_new failed: %s", err_str);
282 if (g_task_return_error_if_cancelled(task)) {
283 debug_print("task was cancelled, aborting task:%p\n", task);
288 err = gpgme_op_verify(ctx, sigdata, NULL, plain);
289 if (err != GPG_ERR_NO_ERROR) {
290 gpgme_strerror_r(err, err_str, GPGERR_BUFSIZE);
291 g_warning("gpgme_op_verify failed: %s\n", err_str);
295 if (g_task_return_error_if_cancelled(task)) {
296 debug_print("task was cancelled, aborting task:%p\n", task);
301 gpgme_res = gpgme_op_verify_result(ctx);
302 if (gpgme_res && gpgme_res->signatures == NULL) {
303 err = GPG_ERR_SYSTEM_ERROR;
304 g_warning("no signature found");
305 g_snprintf(err_str, GPGERR_BUFSIZE, "No signature found");
309 if (task_data->create_mimeinfo) {
310 tmp = gpgme_data_release_and_get_mem(plain, &len);
312 debug_print("S/MIME signed message had no plaintext\n");
316 verified = g_string_new_len(tmp, len);
319 if (!create_mimeinfo_for_plaintext(verified, &created)) {
320 g_warning("Failed to create new mimeinfo from plaintext");
321 g_string_free(verified, TRUE);
325 g_string_free(verified, TRUE);
327 gpgme_data_release(plain);
330 task_result = g_new0(SigCheckTaskResult, 1);
331 task_result->sig_data = g_new0(SignatureData, 1);
333 task_result->sig_data->status = sgpgme_sigstat_gpgme_to_privacy(ctx, gpgme_res);
334 task_result->sig_data->info_short = sgpgme_sigstat_info_short(ctx, gpgme_res);
335 task_result->sig_data->info_full = sgpgme_sigstat_info_full(ctx, gpgme_res);
337 task_result->newinfo = created;
343 gpgme_data_release(plain);
345 gpgme_data_release(sigdata);
353 g_task_return_new_error(task, domain, err, "%s", err_str);
355 g_task_return_pointer(task, task_result, privacy_free_sig_check_task_result);
358 /* Check PKCS7-MIME signed-data type signature either synchronously or asynchronously.
359 * Check it asynchronously if the caller provides a callback.
360 * If the caller does not provide a callback, and we have not already done so, create
361 * and insert a new MimeInfo for the plaintext data returned by the sig verification.
363 static gint check_pkcs7_mime_sig(MimeInfo *mimeinfo,
364 GCancellable *_cancellable,
365 GAsyncReadyCallback callback,
370 EncodingType real_enc;
371 gchar *textstr = NULL;
372 PrivacyDataPGP *privacy_data;
373 GCancellable *cancellable;
375 PKCS7MimeTaskData *task_data;
376 SigCheckTaskResult *task_result;
377 GError *error = NULL;
378 gboolean unref_cancellable = FALSE;
380 debug_print("Checking pkcs7-mime signature\n");
382 parent = procmime_mimeinfo_parent(mimeinfo);
383 tmp = g_hash_table_lookup(parent->typeparameters, "boundary");
385 g_warning("Unexpected S/MIME message format subtype:%s boundary:%s",
386 mimeinfo->subtype, tmp);
390 if (g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime") &&
391 g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime"))
393 g_warning("Unexpected S/MIME subtype:%s", mimeinfo->subtype);
397 tmp = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
398 if (!tmp || g_ascii_strcasecmp(tmp, "signed-data")) {
399 g_warning("Unexpected S/MIME smime-type parameter:%s", tmp);
403 real_enc = mimeinfo->encoding_type;
404 mimeinfo->encoding_type = ENC_BINARY;
405 textstr = procmime_get_part_as_string(mimeinfo, TRUE);
406 mimeinfo->encoding_type = real_enc;
408 g_warning("Failed to get PKCS7-Mime signature data");
412 privacy_data = (PrivacyDataPGP *)mimeinfo->privacy;
414 task_data = g_new0(PKCS7MimeTaskData, 1);
415 task_data->textstr = textstr;
416 task_data->encoding = mimeinfo->encoding_type;
418 if (!callback && !privacy_data->inserted_mimeinfo)
419 task_data->create_mimeinfo = TRUE;
421 if (_cancellable != NULL) {
422 cancellable = _cancellable;
424 cancellable = g_cancellable_new();
425 unref_cancellable = TRUE;
428 task = g_task_new(NULL, cancellable, callback, user_data);
429 mimeinfo->last_sig_check_task = task;
431 g_task_set_task_data(task, task_data, free_pkcs7_mime_task_data);
432 g_task_set_return_on_cancel(task, TRUE);
435 debug_print("creating check sig async task:%p task_data:%p\n", task, task_data);
436 g_task_run_in_thread(task, check_pkcs7_mime_sig_task);
437 g_object_unref(task);
441 debug_print("creating check sig sync task:%p task_data:%p\n", task, task_data);
442 g_task_run_in_thread_sync(task, check_pkcs7_mime_sig_task);
443 mimeinfo->last_sig_check_task = NULL;
445 task_result = g_task_propagate_pointer(task, &error);
446 if (unref_cancellable)
447 g_object_unref(cancellable);
449 if (mimeinfo->sig_data) {
450 privacy_free_signature_data(mimeinfo->sig_data);
451 mimeinfo->sig_data = NULL;
454 if (task_result == NULL) {
455 debug_print("sig check task propagated NULL task: %p GError: domain: %s code: %d message: \"%s\"\n",
456 task, g_quark_to_string(error->domain), error->code, error->message);
457 g_object_unref(task);
461 g_object_unref(task);
463 mimeinfo->sig_data = task_result->sig_data;
465 if (task_result->newinfo) {
466 if (parent->type == MIMETYPE_MESSAGE && !strcmp(parent->subtype, "rfc822")) {
467 if (parent->content == MIMECONTENT_MEM) {
468 gint newlen = (gint)(strstr(parent->data.mem, "\n\n") - parent->data.mem);
470 parent->length = newlen;
474 g_node_prepend(parent->node, task_result->newinfo->node);
475 privacy_data->inserted_mimeinfo = TRUE;
478 /* Only free the task result struct, not the SigData and MimeInfo */
484 static gint smime_check_sig_async(MimeInfo *mimeinfo,
485 GCancellable *cancellable,
486 GAsyncReadyCallback callback,
492 /* Detached signature with a boundary */
493 if (g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime") &&
494 g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime"))
496 parent = procmime_mimeinfo_parent(mimeinfo);
497 boundary = g_hash_table_lookup(parent->typeparameters, "boundary");
499 if (boundary == NULL) {
500 g_warning("Unexpected S/MIME format subtype:%s without a boundary",
505 return cm_check_detached_sig_async(mimeinfo,
510 get_canonical_content);
512 /* Opaque pkcs7-mime blob with smime-type=signed-data */
514 return check_pkcs7_mime_sig(mimeinfo, cancellable, callback, user_data);
518 static gboolean smime_is_encrypted(MimeInfo *mimeinfo)
522 if (mimeinfo->type != MIMETYPE_APPLICATION)
524 if (!g_ascii_strcasecmp(mimeinfo->subtype, "pkcs7-mime")) {
525 tmpstr = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
526 if (tmpstr && g_ascii_strcasecmp(tmpstr, "enveloped-data"))
531 } else if (!g_ascii_strcasecmp(mimeinfo->subtype, "x-pkcs7-mime")) {
532 tmpstr = procmime_mimeinfo_get_parameter(mimeinfo, "smime-type");
533 if (tmpstr && g_ascii_strcasecmp(tmpstr, "enveloped-data"))
541 static MimeInfo *smime_decrypt(MimeInfo *mimeinfo)
543 MimeInfo *encinfo, *decinfo, *parseinfo;
544 gpgme_data_t cipher = NULL, plain = NULL;
548 gpgme_verify_result_t sigstat = NULL;
549 PrivacyDataPGP *data = NULL;
554 SignatureData *sig_data = NULL;
556 cm_return_val_if_fail(smime_is_encrypted(mimeinfo), NULL);
558 if ((err = gpgme_new(&ctx)) != GPG_ERR_NO_ERROR) {
559 privacy_set_error(_("Couldn't initialize GPG context, %s"), gpgme_strerror(err));
563 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
565 debug_print ("gpgme_set_protocol failed: %s\n",
566 gpgme_strerror (err));
567 privacy_set_error(_("Couldn't set GPG protocol, %s"), gpgme_strerror(err));
571 gpgme_set_armor(ctx, TRUE);
575 cipher = sgpgme_data_from_mimeinfo(encinfo);
577 plain = sgpgme_decrypt_verify(cipher, &sigstat, ctx);
579 if (sigstat != NULL && sigstat->signatures != NULL) {
580 sig_data = g_new0(SignatureData, 1);
581 sig_data->status = sgpgme_sigstat_gpgme_to_privacy(ctx, sigstat);
582 sig_data->info_short = sgpgme_sigstat_info_short(ctx, sigstat);
583 sig_data->info_full = sgpgme_sigstat_info_full(ctx, sigstat);
587 gpgme_data_release(cipher);
589 debug_print("plain is null!\n");
591 privacy_free_signature_data(sig_data);
595 fname = g_strdup_printf("%s%cplaintext.%08x",
596 get_mime_tmp_dir(), G_DIR_SEPARATOR, ++id);
598 if ((dstfp = claws_fopen(fname, "wb")) == NULL) {
599 FILE_OP_ERROR(fname, "claws_fopen");
601 gpgme_data_release(plain);
602 debug_print("can't open!\n");
603 privacy_set_error(_("Couldn't open temporary file"));
605 privacy_free_signature_data(sig_data);
609 if (fprintf(dstfp, "MIME-Version: 1.0\n") < 0) {
610 FILE_OP_ERROR(fname, "fprintf");
613 gpgme_data_release(plain);
614 debug_print("can't close!\n");
615 privacy_set_error(_("Couldn't write to temporary file"));
617 privacy_free_signature_data(sig_data);
621 chars = sgpgme_data_release_and_get_mem(plain, &len);
624 if (claws_fwrite(chars, 1, len, dstfp) < len) {
625 FILE_OP_ERROR(fname, "claws_fwrite");
629 gpgme_data_release(plain);
630 debug_print("can't write!\n");
631 privacy_set_error(_("Couldn't write to temporary file"));
633 privacy_free_signature_data(sig_data);
637 if (claws_safe_fclose(dstfp) == EOF) {
638 FILE_OP_ERROR(fname, "claws_fclose");
641 gpgme_data_release(plain);
642 debug_print("can't close!\n");
643 privacy_set_error(_("Couldn't close temporary file"));
645 privacy_free_signature_data(sig_data);
650 parseinfo = procmime_scan_file(fname);
652 if (parseinfo == NULL) {
653 privacy_set_error(_("Couldn't parse decrypted file."));
655 privacy_free_signature_data(sig_data);
658 decinfo = g_node_first_child(parseinfo->node) != NULL ?
659 g_node_first_child(parseinfo->node)->data : NULL;
660 if (decinfo == NULL) {
661 privacy_set_error(_("Couldn't parse decrypted file parts."));
663 privacy_free_signature_data(sig_data);
667 g_node_unlink(decinfo->node);
668 procmime_mimeinfo_free_all(&parseinfo);
672 if (sig_data != NULL) {
673 if (decinfo->privacy != NULL) {
674 data = (PrivacyDataPGP *) decinfo->privacy;
676 data = smime_new_privacydata();
680 decinfo->privacy = (PrivacyData *) data;
684 data->done_sigtest = TRUE;
685 data->is_signed = TRUE;
686 decinfo->sig_data = sig_data;
693 gboolean smime_sign(MimeInfo *mimeinfo, PrefsAccount *account, const gchar *from_addr)
695 MimeInfo *msgcontent, *sigmultipart, *newinfo;
696 gchar *textstr, *micalg = NULL;
698 gchar *boundary = NULL;
701 gpgme_data_t gpgtext, gpgsig;
704 struct passphrase_cb_info_s info;
705 gpgme_sign_result_t result = NULL;
707 gchar *real_content = NULL;
711 perror("my_tmpfile");
714 procmime_write_mimeinfo(mimeinfo, fp);
717 /* read temporary file into memory */
718 test_msg = file_read_stream_to_str(fp);
721 memset (&info, 0, sizeof info);
723 /* remove content node from message */
724 msgcontent = (MimeInfo *) mimeinfo->node->children->data;
725 g_node_unlink(msgcontent->node);
727 /* create temporary multipart for content */
728 sigmultipart = procmime_mimeinfo_new();
729 sigmultipart->type = MIMETYPE_MULTIPART;
730 sigmultipart->subtype = g_strdup("signed");
735 boundary = generate_mime_boundary("Sig");
736 } while (strstr(test_msg, boundary) != NULL);
740 g_hash_table_insert(sigmultipart->typeparameters, g_strdup("boundary"),
742 g_hash_table_insert(sigmultipart->typeparameters, g_strdup("protocol"),
743 g_strdup("application/pkcs7-signature"));
744 g_node_append(sigmultipart->node, msgcontent->node);
745 g_node_append(mimeinfo->node, sigmultipart->node);
747 /* write message content to temporary file */
750 perror("my_tmpfile");
754 procmime_write_mimeinfo(sigmultipart, fp);
757 /* read temporary file into memory */
758 textstr = get_canonical_content(fp, boundary);
764 gpgme_data_new_from_mem(&gpgtext, textstr, textstr?strlen(textstr):0, 0);
765 gpgme_data_new(&gpgsig);
767 gpgme_set_armor(ctx, TRUE);
768 gpgme_signers_clear (ctx);
770 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
773 debug_print ("gpgme_set_protocol failed: %s\n",
774 gpgme_strerror (err));
775 gpgme_data_release(gpgtext);
780 if (!sgpgme_setup_signers(ctx, account, from_addr)) {
781 debug_print("setup_signers failed\n");
782 gpgme_data_release(gpgtext);
788 prefs_gpg_enable_agent(TRUE);
789 gpgme_set_passphrase_cb (ctx, NULL, &info);
791 err = gpgme_op_sign(ctx, gpgtext, gpgsig, GPGME_SIG_MODE_DETACH);
792 if (err != GPG_ERR_NO_ERROR) {
793 alertpanel_error("S/MIME : Cannot sign, %s (%d)", gpg_strerror(err), gpg_err_code(err));
794 gpgme_data_release(gpgtext);
798 result = gpgme_op_sign_result(ctx);
799 if (result && result->signatures) {
800 if (gpgme_get_protocol(ctx) == GPGME_PROTOCOL_OpenPGP) {
801 gchar *down_algo = g_ascii_strdown(gpgme_hash_algo_name(
802 result->signatures->hash_algo), -1);
803 micalg = g_strdup_printf("pgp-%s", down_algo);
806 micalg = g_strdup(gpgme_hash_algo_name(
807 result->signatures->hash_algo));
810 /* can't get result (maybe no signing key?) */
811 debug_print("gpgme_op_sign_result error\n");
816 sigcontent = sgpgme_data_release_and_get_mem(gpgsig, &len);
817 gpgme_data_release(gpgtext);
825 real_content = sigcontent+strlen("-----BEGIN SIGNED MESSAGE-----\n");
826 if (!strstr(real_content, "-----END SIGNED MESSAGE-----")) {
827 debug_print("missing end\n");
832 *strstr(real_content, "-----END SIGNED MESSAGE-----") = '\0';
834 g_hash_table_insert(sigmultipart->typeparameters, g_strdup("micalg"),
837 newinfo = procmime_mimeinfo_new();
838 newinfo->type = MIMETYPE_APPLICATION;
839 newinfo->subtype = g_strdup("pkcs7-signature");
840 g_hash_table_insert(newinfo->typeparameters, g_strdup("name"),
841 g_strdup("smime.p7s"));
842 newinfo->content = MIMECONTENT_MEM;
843 newinfo->disposition = DISPOSITIONTYPE_ATTACHMENT;
844 g_hash_table_insert(newinfo->dispositionparameters, g_strdup("filename"),
845 g_strdup("smime.p7s"));
846 newinfo->data.mem = g_malloc(len + 1);
848 memmove(newinfo->data.mem, real_content, len);
849 newinfo->data.mem[len] = '\0';
850 newinfo->encoding_type = ENC_BASE64;
851 g_node_append(sigmultipart->node, newinfo->node);
857 gchar *smime_get_encrypt_data(GSList *recp_names)
859 return sgpgme_get_encrypt_data(recp_names, GPGME_PROTOCOL_CMS);
862 static const gchar *smime_get_encrypt_warning(void)
864 if (prefs_gpg_should_skip_encryption_warning(smime_system.id))
867 return _("Please note that email headers, like Subject, "
868 "are not encrypted by the S/MIME system.");
871 static void smime_inhibit_encrypt_warning(gboolean inhibit)
874 prefs_gpg_add_skip_encryption_warning(smime_system.id);
876 prefs_gpg_remove_skip_encryption_warning(smime_system.id);
879 gboolean smime_encrypt(MimeInfo *mimeinfo, const gchar *encrypt_data)
881 MimeInfo *msgcontent, *encmultipart;
885 gchar *textstr = NULL;
886 gpgme_data_t gpgtext = NULL, gpgenc = NULL;
887 gpgme_ctx_t ctx = NULL;
888 gpgme_key_t *kset = NULL;
889 gchar **fprs = g_strsplit(encrypt_data, " ", -1);
892 gchar *tmpfile = NULL;
894 while (fprs[i] && strlen(fprs[i])) {
898 if ((err = gpgme_new(&ctx)) != GPG_ERR_NO_ERROR) {
899 debug_print ("gpgme_new failed: %s\n", gpgme_strerror(err));
904 err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
907 debug_print ("gpgme_set_protocol failed: %s\n",
908 gpgme_strerror (err));
913 kset = g_malloc(sizeof(gpgme_key_t)*(i+1));
914 memset(kset, 0, sizeof(gpgme_key_t)*(i+1));
917 while (fprs[i] && strlen(fprs[i])) {
920 err = gpgme_get_key(ctx, fprs[i], &key, 0);
922 debug_print("can't add key '%s'[%d] (%s)\n", fprs[i],i, gpgme_strerror(err));
925 debug_print("found %s at %d\n", fprs[i], i);
931 debug_print("Encrypting message content\n");
933 /* remove content node from message */
934 msgcontent = (MimeInfo *) mimeinfo->node->children->data;
935 g_node_unlink(msgcontent->node);
938 /* create temporary multipart for content */
939 encmultipart = procmime_mimeinfo_new();
940 encmultipart->type = MIMETYPE_APPLICATION;
941 encmultipart->subtype = g_strdup("x-pkcs7-mime");
942 g_hash_table_insert(encmultipart->typeparameters, g_strdup("name"),
943 g_strdup("smime.p7m"));
944 g_hash_table_insert(encmultipart->typeparameters,
945 g_strdup("smime-type"),
946 g_strdup("enveloped-data"));
948 encmultipart->disposition = DISPOSITIONTYPE_ATTACHMENT;
949 g_hash_table_insert(encmultipart->dispositionparameters, g_strdup("filename"),
950 g_strdup("smime.p7m"));
952 g_node_append(encmultipart->node, msgcontent->node);
954 /* write message content to temporary file */
955 tmpfile = get_tmp_file();
956 fp = claws_fopen(tmpfile, "wb");
958 FILE_OP_ERROR(tmpfile, "create");
959 for (gint x = 0; x < i; x++)
960 gpgme_key_unref(kset[x]);
965 procmime_decode_content(msgcontent);
966 procmime_write_mime_header(msgcontent, fp);
967 procmime_write_mimeinfo(msgcontent, fp);
968 claws_safe_fclose(fp);
969 canonicalize_file_replace(tmpfile);
970 fp = claws_fopen(tmpfile, "rb");
972 FILE_OP_ERROR(tmpfile, "open");
973 for (gint x = 0; x < i; x++)
974 gpgme_key_unref(kset[x]);
981 /* read temporary file into memory */
982 textstr = file_read_stream_to_str_no_recode(fp);
987 gpgme_data_new_from_mem(&gpgtext, textstr, textstr?strlen(textstr):0, 0);
988 gpgme_data_new(&gpgenc);
989 cm_gpgme_data_rewind(gpgtext);
991 gpgme_op_encrypt(ctx, kset, GPGME_ENCRYPT_ALWAYS_TRUST, gpgtext, gpgenc);
994 for (gint x = 0; x < i; x++)
995 gpgme_key_unref(kset[x]);
997 enccontent = sgpgme_data_release_and_get_mem(gpgenc, &len);
1000 g_warning("no enccontent");
1004 tmpfile = get_tmp_file();
1005 fp = claws_fopen(tmpfile, "wb");
1007 if (claws_fwrite(enccontent, 1, len, fp) < len) {
1008 FILE_OP_ERROR(tmpfile, "claws_fwrite");
1010 claws_unlink(tmpfile);
1012 if (fp != NULL && claws_safe_fclose(fp) == EOF) {
1013 FILE_OP_ERROR(tmpfile, "claws_fclose");
1014 claws_unlink(tmpfile);
1020 FILE_OP_ERROR(tmpfile, "create");
1025 gpgme_data_release(gpgtext);
1028 /* create encrypted multipart */
1029 procmime_mimeinfo_free_all(&msgcontent);
1030 g_node_append(mimeinfo->node, encmultipart->node);
1032 encmultipart->content = MIMECONTENT_FILE;
1033 encmultipart->data.filename = tmpfile;
1034 encmultipart->tmp = TRUE;
1035 procmime_encode_content(encmultipart, ENC_BASE64);
1042 static PrivacySystem smime_system = {
1044 "S-MIME", /* name */
1046 smime_free_privacydata, /* free_privacydata */
1048 smime_is_signed, /* is_signed(MimeInfo *) */
1049 smime_check_sig_async,
1051 smime_is_encrypted, /* is_encrypted(MimeInfo *) */
1052 smime_decrypt, /* decrypt(MimeInfo *) */
1058 smime_get_encrypt_data,
1060 smime_get_encrypt_warning,
1061 smime_inhibit_encrypt_warning,
1062 prefs_gpg_auto_check_signatures,
1067 privacy_register_system(&smime_system);
1072 privacy_unregister_system(&smime_system);
1075 struct PluginFeature *plugin_provides(void)
1077 static struct PluginFeature features[] =
1078 { {PLUGIN_PRIVACY, N_("S/MIME")},
1079 {PLUGIN_NOTHING, NULL}};
1082 #endif /* USE_GPGME */