[gmime] Replace get/set_always_trust() and get/set_retrieve_session_key() with flags
- From: Jeffrey Stedfast <fejj src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gmime] Replace get/set_always_trust() and get/set_retrieve_session_key() with flags
- Date: Sun, 19 Feb 2017 15:19:49 +0000 (UTC)
commit c630d9b1f9a7b7a9aeec31fff608ef2b336d45b1
Author: Jeffrey Stedfast <jestedfa microsoft com>
Date: Sat Feb 18 18:08:20 2017 -0500
Replace get/set_always_trust() and get/set_retrieve_session_key() with flags
gmime/gmime-application-pkcs7-mime.c | 15 ++-
gmime/gmime-application-pkcs7-mime.h | 11 ++-
gmime/gmime-crypto-context.c | 171 +++++---------------------------
gmime/gmime-crypto-context.h | 85 +++++++++++------
gmime/gmime-gpg-context.c | 180 ++++++++--------------------------
gmime/gmime-gpg-context.h | 4 -
gmime/gmime-multipart-encrypted.c | 15 ++-
gmime/gmime-multipart-encrypted.h | 4 +-
gmime/gmime-multipart-signed.c | 5 +-
gmime/gmime-multipart-signed.h | 2 +-
gmime/gmime-pkcs7-context.c | 141 ++++++++-------------------
gmime/gmime-pkcs7-context.h | 3 -
12 files changed, 197 insertions(+), 439 deletions(-)
---
diff --git a/gmime/gmime-application-pkcs7-mime.c b/gmime/gmime-application-pkcs7-mime.c
index 2416fc6..dc6b45b 100644
--- a/gmime/gmime-application-pkcs7-mime.c
+++ b/gmime/gmime-application-pkcs7-mime.c
@@ -255,6 +255,7 @@ g_mime_application_pkcs7_mime_decompress (GMimeApplicationPkcs7Mime *pkcs7_mime,
* g_mime_application_pkcs7_mime_encrypt:
* @ctx: a #GMimePkcs7Context
* @entity: a #GMimeObject to encrypt
+ * @flags: a #GMimeEncryptFlags
* @recipients: the list of recipients to encrypt to
* @err: a #GError
*
@@ -263,7 +264,7 @@ g_mime_application_pkcs7_mime_decompress (GMimeApplicationPkcs7Mime *pkcs7_mime,
* Returns: The encrypted @entity.
**/
GMimeApplicationPkcs7Mime *
-g_mime_application_pkcs7_mime_encrypt (GMimePkcs7Context *ctx, GMimeObject *entity, GPtrArray *recipients,
GError **err)
+g_mime_application_pkcs7_mime_encrypt (GMimePkcs7Context *ctx, GMimeObject *entity, GMimeEncryptFlags flags,
GPtrArray *recipients, GError **err)
{
GMimeStream *filtered_stream, *ciphertext, *stream;
GMimeApplicationPkcs7Mime *pkcs7_mime;
@@ -292,7 +293,7 @@ g_mime_application_pkcs7_mime_encrypt (GMimePkcs7Context *ctx, GMimeObject *enti
/* encrypt the content stream */
ciphertext = g_mime_stream_mem_new ();
- if (g_mime_crypto_context_encrypt ((GMimeCryptoContext *) ctx, FALSE, NULL,
GMIME_DIGEST_ALGO_DEFAULT, recipients, stream, ciphertext, err) == -1) {
+ if (g_mime_crypto_context_encrypt ((GMimeCryptoContext *) ctx, FALSE, NULL,
GMIME_DIGEST_ALGO_DEFAULT, flags, recipients, stream, ciphertext, err) == -1) {
g_object_unref (ciphertext);
g_object_unref (stream);
return NULL;
@@ -342,6 +343,7 @@ g_mime_data_wrapper_get_decoded_stream (GMimeDataWrapper *wrapper)
* g_mime_application_pkcs7_mime_decrypt:
* @pkcs7_mime: a #GMimeApplicationPkcs7Mime
* @ctx: a #GMimePkcs7Context
+ * @flags: a #GMimeDecryptFlags
* @session_key: session key to use or %NULL
* @result: the decryption result
* @err: a #GError
@@ -364,8 +366,8 @@ g_mime_data_wrapper_get_decoded_stream (GMimeDataWrapper *wrapper)
**/
GMimeObject *
g_mime_application_pkcs7_mime_decrypt (GMimeApplicationPkcs7Mime *pkcs7_mime, GMimePkcs7Context *ctx,
- const char *session_key, GMimeDecryptResult **result,
- GError **err)
+ GMimeDecryptFlags flags, const char *session_key,
+ GMimeDecryptResult **result, GError **err)
{
GMimeStream *filtered_stream, *ciphertext, *stream;
GMimeDataWrapper *wrapper;
@@ -392,7 +394,7 @@ g_mime_application_pkcs7_mime_decrypt (GMimeApplicationPkcs7Mime *pkcs7_mime, GM
g_object_unref (crlf_filter);
/* decrypt the content stream */
- if (!(res = g_mime_crypto_context_decrypt ((GMimeCryptoContext *) ctx, session_key, ciphertext,
filtered_stream, err))) {
+ if (!(res = g_mime_crypto_context_decrypt ((GMimeCryptoContext *) ctx, flags, session_key,
ciphertext, filtered_stream, err))) {
g_object_unref (filtered_stream);
g_object_unref (ciphertext);
g_object_unref (stream);
@@ -496,6 +498,7 @@ g_mime_application_pkcs7_mime_sign (GMimePkcs7Context *ctx, GMimeObject *entity,
* g_mime_application_pkcs7_mime_verify:
* @pkcs7_mime: a #GMimeApplicationPkcs7Mime
* @ctx: a #GMimePkcs7Context
+ * @flags: a #GMimeVerifyFlags
* @entity: the extracted entity
* @err: a #GError
*
@@ -504,7 +507,7 @@ g_mime_application_pkcs7_mime_sign (GMimePkcs7Context *ctx, GMimeObject *entity,
* Returns: the list of signers.
**/
GMimeSignatureList *
-g_mime_application_pkcs7_mime_verify (GMimeApplicationPkcs7Mime *pkcs7_mime, GMimePkcs7Context *ctx,
GMimeObject **entity, GError **err)
+g_mime_application_pkcs7_mime_verify (GMimeApplicationPkcs7Mime *pkcs7_mime, GMimePkcs7Context *ctx,
GMimeVerifyFlags flags, GMimeObject **entity, GError **err)
{
g_return_val_if_fail (GMIME_IS_APPLICATION_PKCS7_MIME (pkcs7_mime), NULL);
g_return_val_if_fail (GMIME_IS_PKCS7_CONTEXT (ctx), NULL);
diff --git a/gmime/gmime-application-pkcs7-mime.h b/gmime/gmime-application-pkcs7-mime.h
index 661246d..c197d48 100644
--- a/gmime/gmime-application-pkcs7-mime.h
+++ b/gmime/gmime-application-pkcs7-mime.h
@@ -85,16 +85,19 @@ GMimeSecureMimeType g_mime_application_pkcs7_mime_get_smime_type (GMimeApplicati
/*GMimeObject *g_mime_application_pkcs7_mime_decompress (GMimeApplicationPkcs7Mime *pkcs7_mime,
GMimePkcs7Context *ctx);*/
GMimeApplicationPkcs7Mime *g_mime_application_pkcs7_mime_encrypt (GMimePkcs7Context *ctx, GMimeObject
*entity,
- GPtrArray *recipients, GError **err);
+ GMimeEncryptFlags flags, GPtrArray
*recipients,
+ GError **err);
+
GMimeObject *g_mime_application_pkcs7_mime_decrypt (GMimeApplicationPkcs7Mime *pkcs7_mime, GMimePkcs7Context
*ctx,
- const char *session_key, GMimeDecryptResult **result,
- GError **err);
+ GMimeDecryptFlags flags, const char *session_key,
+ GMimeDecryptResult **result, GError **err);
GMimeApplicationPkcs7Mime *g_mime_application_pkcs7_mime_sign (GMimePkcs7Context *ctx, GMimeObject *entity,
const char *userid, GMimeDigestAlgo digest,
GError **err);
+
GMimeSignatureList *g_mime_application_pkcs7_mime_verify (GMimeApplicationPkcs7Mime *pkcs7_mime,
GMimePkcs7Context *ctx,
- GMimeObject **entity, GError **err);
+ GMimeVerifyFlags flags, GMimeObject **entity,
GError **err);
G_END_DECLS
diff --git a/gmime/gmime-crypto-context.c b/gmime/gmime-crypto-context.c
index f0f4692..54d8d1e 100644
--- a/gmime/gmime-crypto-context.c
+++ b/gmime/gmime-crypto-context.c
@@ -53,29 +53,24 @@ static const char *crypto_get_signature_protocol (GMimeCryptoContext *ctx);
static const char *crypto_get_encryption_protocol (GMimeCryptoContext *ctx);
static const char *crypto_get_key_exchange_protocol (GMimeCryptoContext *ctx);
-static int crypto_set_retrieve_session_key (GMimeCryptoContext *ctx, gboolean retrieve_session_key, GError
**err);
-static gboolean crypto_get_retrieve_session_key (GMimeCryptoContext *ctx);
-
-static void crypto_set_always_trust (GMimeCryptoContext *ctx, gboolean always_trust);
-static gboolean crypto_get_always_trust (GMimeCryptoContext *ctx);
-
static int crypto_sign (GMimeCryptoContext *ctx, gboolean detach,
const char *userid, GMimeDigestAlgo digest,
GMimeStream *istream, GMimeStream *ostream,
GError **err);
-static GMimeSignatureList *crypto_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
- GMimeStream *istream, GMimeStream *sigstream,
- GError **err);
+static GMimeSignatureList *crypto_verify (GMimeCryptoContext *ctx, GMimeVerifyFlags flags,
+ GMimeDigestAlgo digest, GMimeStream *istream,
+ GMimeStream *sigstream, GError **err);
static int crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign,
const char *userid, GMimeDigestAlgo digest,
- GPtrArray *recipients, GMimeStream *istream,
- GMimeStream *ostream, GError **err);
+ GMimeEncryptFlags flags, GPtrArray *recipients,
+ GMimeStream *istream, GMimeStream *ostream,
+ GError **err);
-static GMimeDecryptResult *crypto_decrypt (GMimeCryptoContext *ctx, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err);
+static GMimeDecryptResult *crypto_decrypt (GMimeCryptoContext *ctx, GMimeDecryptFlags flags,
+ const char *session_key, GMimeStream *istream,
+ GMimeStream *ostream, GError **err);
static int crypto_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream,
GError **err);
@@ -136,10 +131,6 @@ g_mime_crypto_context_class_init (GMimeCryptoContextClass *klass)
klass->get_signature_protocol = crypto_get_signature_protocol;
klass->get_encryption_protocol = crypto_get_encryption_protocol;
klass->get_key_exchange_protocol = crypto_get_key_exchange_protocol;
- klass->get_retrieve_session_key = crypto_get_retrieve_session_key;
- klass->set_retrieve_session_key = crypto_set_retrieve_session_key;
- klass->get_always_trust = crypto_get_always_trust;
- klass->set_always_trust = crypto_set_always_trust;
}
static void
@@ -399,8 +390,8 @@ g_mime_crypto_context_sign (GMimeCryptoContext *ctx, gboolean detach, const char
static GMimeSignatureList *
-crypto_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest, GMimeStream *istream,
- GMimeStream *sigstream, GError **err)
+crypto_verify (GMimeCryptoContext *ctx, GMimeVerifyFlags flags, GMimeDigestAlgo digest,
+ GMimeStream *istream, GMimeStream *sigstream, GError **err)
{
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
"Verifying is not supported by this crypto context");
@@ -412,6 +403,7 @@ crypto_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest, GMimeStream *ist
/**
* g_mime_crypto_context_verify:
* @ctx: a #GMimeCryptoContext
+ * @flags: a #GMimeVerifyFlags
* @digest: digest algorithm used, if known
* @istream: input stream
* @sigstream: optional detached-signature stream
@@ -426,19 +418,20 @@ crypto_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest, GMimeStream *ist
* the status of each signature or %NULL on error.
**/
GMimeSignatureList *
-g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest, GMimeStream *istream,
- GMimeStream *sigstream, GError **err)
+g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeVerifyFlags flags, GMimeDigestAlgo digest,
+ GMimeStream *istream, GMimeStream *sigstream, GError **err)
{
g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), NULL);
g_return_val_if_fail (GMIME_IS_STREAM (istream), NULL);
- return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->verify (ctx, digest, istream, sigstream, err);
+ return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->verify (ctx, flags, digest, istream, sigstream, err);
}
static int
crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeDigestAlgo digest,
- GPtrArray *recipients, GMimeStream *istream, GMimeStream *ostream, GError **err)
+ GMimeEncryptFlags flags, GPtrArray *recipients, GMimeStream *istream, GMimeStream *ostream,
+ GError **err)
{
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
"Encryption is not supported by this crypto context");
@@ -453,6 +446,7 @@ crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMim
* @sign: sign as well as encrypt
* @userid: key id (or email address) to use when signing (assuming @sign is %TRUE)
* @digest: digest algorithm to use when signing
+ * @flags: a #GMimeEncryptFlags
* @recipients: (element-type utf8): an array of recipient key ids
* and/or email addresses
* @istream: cleartext input stream
@@ -466,20 +460,20 @@ crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMim
**/
int
g_mime_crypto_context_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeDigestAlgo
digest,
- GPtrArray *recipients, GMimeStream *istream, GMimeStream *ostream, GError
**err)
+ GMimeEncryptFlags flags, GPtrArray *recipients, GMimeStream *istream,
GMimeStream *ostream,
+ GError **err)
{
g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), -1);
g_return_val_if_fail (GMIME_IS_STREAM (istream), -1);
g_return_val_if_fail (GMIME_IS_STREAM (ostream), -1);
- return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->encrypt (ctx, sign, userid, digest, recipients, istream,
ostream, err);
+ return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->encrypt (ctx, sign, userid, digest, flags, recipients,
istream, ostream, err);
}
static GMimeDecryptResult *
-crypto_decrypt (GMimeCryptoContext *ctx, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err)
+crypto_decrypt (GMimeCryptoContext *ctx, GMimeDecryptFlags flags, const char *session_key,
+ GMimeStream *istream, GMimeStream *ostream, GError **err)
{
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
"Decryption is not supported by this crypto context");
@@ -491,6 +485,7 @@ crypto_decrypt (GMimeCryptoContext *ctx, const char *session_key,
/**
* g_mime_crypto_context_decrypt:
* @ctx: a #GMimeCryptoContext
+ * @flags: a #GMimeDecryptFlags
* @session_key: session key to use or %NULL
* @istream: input/ciphertext stream
* @ostream: output/cleartext stream
@@ -520,15 +515,14 @@ crypto_decrypt (GMimeCryptoContext *ctx, const char *session_key,
* on error.
**/
GMimeDecryptResult *
-g_mime_crypto_context_decrypt (GMimeCryptoContext *ctx, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err)
+g_mime_crypto_context_decrypt (GMimeCryptoContext *ctx, GMimeDecryptFlags flags, const char *session_key,
+ GMimeStream *istream, GMimeStream *ostream, GError **err)
{
g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), NULL);
g_return_val_if_fail (GMIME_IS_STREAM (istream), NULL);
g_return_val_if_fail (GMIME_IS_STREAM (ostream), NULL);
- return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->decrypt (ctx, session_key, istream, ostream, err);
+ return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->decrypt (ctx, flags, session_key, istream, ostream, err);
}
@@ -600,117 +594,6 @@ g_mime_crypto_context_export_keys (GMimeCryptoContext *ctx, const char *keys[],
}
-static gboolean
-crypto_get_retrieve_session_key (GMimeCryptoContext *ctx)
-{
- return FALSE;
-}
-
-/**
- * g_mime_crypto_context_get_retrieve_session_key:
- * @ctx: a #GMimeCryptoContext
- *
- * Gets whether or not the @ctx is configured to retrieve a session
- * key during decryption (see g_mime_decrypt_result_get_session_key()).
- *
- * Returns: %TRUE if the @ctx is configured to retrieve a session key
- * or %FALSE otherwise.
- **/
-gboolean
-g_mime_crypto_context_get_retrieve_session_key (GMimeCryptoContext *ctx)
-{
- g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), FALSE);
-
- return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->get_retrieve_session_key (ctx);
-}
-
-static int
-crypto_set_retrieve_session_key (GMimeCryptoContext *ctx, gboolean retrieve_session_key,
- GError **err)
-{
- if (!retrieve_session_key)
- return 0;
-
- g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
- "Session key retrieval is not supported by this crypto context");
-
- return -1;
-}
-
-/**
- * g_mime_crypto_context_set_retrieve_session_key:
- * @ctx: a #GMimeCryptoContext
- * @retrieve_session_key: whether to retrieve session keys during decryption
- * @err: a #GError
- *
- * Configures whether @ctx should produce a session key during future
- * decryption operations (see
- * g_mime_decrypt_result_get_session_key()).
- *
- * Returns: %0 on success or %-1 on fail.
- **/
-int
-g_mime_crypto_context_set_retrieve_session_key (GMimeCryptoContext *ctx,
- gboolean retrieve_session_key,
- GError **err)
-{
- if (!GMIME_IS_CRYPTO_CONTEXT (ctx)) {
- g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
- "Not a GMimeCryptoContext, can't set retrieve_session_key");
- return -1;
- }
-
- return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->set_retrieve_session_key (ctx, retrieve_session_key,
err);
-}
-
-
-static gboolean
-crypto_get_always_trust (GMimeCryptoContext *ctx)
-{
- return FALSE;
-}
-
-
-/**
- * g_mime_crypto_context_get_always_trust:
- * @ctx: a #GMimeCryptoContext
- *
- * Gets whther or not keys should always be trusted when encrypting.
- *
- * Returns: %TRUE if keys should always be trusted when encrypting or
- * %FALSE otherwise.
- **/
-gboolean
-g_mime_crypto_context_get_always_trust (GMimeCryptoContext *ctx)
-{
- g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), FALSE);
-
- return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->get_always_trust (ctx);
-}
-
-
-static void
-crypto_set_always_trust (GMimeCryptoContext *ctx, gboolean always_trust)
-{
-}
-
-
-/**
- * g_mime_crypto_context_set_always_trust:
- * @ctx: a #GMimeCryptoContext
- * @always_trust: %TRUE if keys should always be trusted when encrypting
- *
- * Sets whether or not key should always be trusted when encrypting.
- **/
-void
-g_mime_crypto_context_set_always_trust (GMimeCryptoContext *ctx, gboolean always_trust)
-{
- g_return_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx));
-
- GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->set_always_trust (ctx, always_trust);
-}
-
-
static void g_mime_decrypt_result_class_init (GMimeDecryptResultClass *klass);
static void g_mime_decrypt_result_init (GMimeDecryptResult *cert, GMimeDecryptResultClass *klass);
diff --git a/gmime/gmime-crypto-context.h b/gmime/gmime-crypto-context.h
index 4ff3790..6051527 100644
--- a/gmime/gmime-crypto-context.h
+++ b/gmime/gmime-crypto-context.h
@@ -77,6 +77,45 @@ typedef GMimeCryptoContext * (* GMimeCryptoContextNewFunc) (void);
/**
+ * GMimeDecryptFlags:
+ * @GMIME_DECRYPT_FLAGS_NONE: No flags specified.
+ * @GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY: Export the decryption session-key
+ *
+ * Decryption flags.
+ **/
+typedef enum {
+ GMIME_DECRYPT_FLAGS_NONE = 0,
+ GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY = 1 << 0,
+} GMimeDecryptFlags;
+
+
+/**
+ * GMimeEncryptFlags:
+ * @GMIME_ENCRYPT_FLAGS_NONE: No flags specified.
+ * @GMIME_ENCRYPT_FLAGS_ALWAYS_TRUST: Always trust the specified keys.
+ *
+ * Encryption flags.
+ **/
+typedef enum {
+ GMIME_ENCRYPT_FLAGS_NONE = 0,
+ GMIME_ENCRYPT_FLAGS_ALWAYS_TRUST = 1 << 0,
+} GMimeEncryptFlags;
+
+
+/**
+ * GMimeVerifyFlags:
+ * @GMIME_VERIFY_FLAGS_NONE: No flags specified.
+ * @GMIME_VERIFY_FLAGS_AUTO_KEY_RETRIEVE: Automatically retrieve keys from a keyserver.
+ *
+ * Signature verification flags.
+ **/
+typedef enum {
+ GMIME_VERIFY_FLAGS_NONE = 0,
+ GMIME_VERIFY_FLAGS_AUTO_KEY_RETRIEVE = 1 << 0,
+} GMimeVerifyFlags;
+
+
+/**
* GMimeCryptoContext:
* @parent_object: parent #GObject
* @request_passwd: a callback for requesting a password
@@ -104,30 +143,25 @@ struct _GMimeCryptoContextClass {
GMimeStream *istream, GMimeStream *ostream,
GError **err);
- GMimeSignatureList * (* verify) (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
- GMimeStream *istream, GMimeStream *sigstream,
- GError **err);
+ GMimeSignatureList * (* verify) (GMimeCryptoContext *ctx, GMimeVerifyFlags flags,
+ GMimeDigestAlgo digest, GMimeStream *istream,
+ GMimeStream *sigstream, GError **err);
int (* encrypt) (GMimeCryptoContext *ctx, gboolean sign,
const char *userid, GMimeDigestAlgo digest,
- GPtrArray *recipients, GMimeStream *istream,
- GMimeStream *ostream, GError **err);
-
- GMimeDecryptResult * (* decrypt) (GMimeCryptoContext *ctx, const char *session_key,
+ GMimeEncryptFlags flags, GPtrArray *recipients,
GMimeStream *istream, GMimeStream *ostream,
GError **err);
+ GMimeDecryptResult * (* decrypt) (GMimeCryptoContext *ctx, GMimeDecryptFlags flags,
+ const char *session_key, GMimeStream *istream,
+ GMimeStream *ostream, GError **err);
+
int (* import_keys) (GMimeCryptoContext *ctx, GMimeStream *istream,
GError **err);
int (* export_keys) (GMimeCryptoContext *ctx, const char *keys[],
GMimeStream *ostream, GError **err);
-
- gboolean (* get_retrieve_session_key) (GMimeCryptoContext *ctx);
-
- int (* set_retrieve_session_key) (GMimeCryptoContext *ctx,
- gboolean retrieve_session_key,
- GError **err);
gboolean (* get_always_trust) (GMimeCryptoContext *ctx);
void (* set_always_trust) (GMimeCryptoContext *ctx, gboolean always_trust);
@@ -156,18 +190,19 @@ int g_mime_crypto_context_sign (GMimeCryptoContext *ctx, gboolean detach,
GMimeStream *istream, GMimeStream *ostream,
GError **err);
-GMimeSignatureList *g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
- GMimeStream *istream, GMimeStream *sigstream,
- GError **err);
+GMimeSignatureList *g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeVerifyFlags flags,
+ GMimeDigestAlgo digest, GMimeStream *istream,
+ GMimeStream *sigstream, GError **err);
int g_mime_crypto_context_encrypt (GMimeCryptoContext *ctx, gboolean sign,
const char *userid, GMimeDigestAlgo digest,
- GPtrArray *recipients, GMimeStream *istream,
- GMimeStream *ostream, GError **err);
+ GMimeEncryptFlags flags, GPtrArray *recipients,
+ GMimeStream *istream, GMimeStream *ostream,
+ GError **err);
-GMimeDecryptResult *g_mime_crypto_context_decrypt (GMimeCryptoContext *ctx, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err);
+GMimeDecryptResult *g_mime_crypto_context_decrypt (GMimeCryptoContext *ctx, GMimeDecryptFlags flags,
+ const char *session_key, GMimeStream *istream,
+ GMimeStream *ostream, GError **err);
/* key/certificate routines */
int g_mime_crypto_context_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream, GError **err);
@@ -175,14 +210,6 @@ int g_mime_crypto_context_import_keys (GMimeCryptoContext *ctx, GMimeStream *ist
int g_mime_crypto_context_export_keys (GMimeCryptoContext *ctx, const char *keys[],
GMimeStream *ostream, GError **err);
-gboolean g_mime_crypto_context_get_retrieve_session_key (GMimeCryptoContext *ctx);
-int g_mime_crypto_context_set_retrieve_session_key (GMimeCryptoContext *ctx,
- gboolean retrieve_session_key,
- GError **err);
-
-gboolean g_mime_crypto_context_get_always_trust (GMimeCryptoContext *ctx);
-void g_mime_crypto_context_set_always_trust (GMimeCryptoContext *ctx, gboolean always_trust);
-
/**
* GMimeCipherAlgo:
diff --git a/gmime/gmime-gpg-context.c b/gmime/gmime-gpg-context.c
index da86e0b..58ff76c 100644
--- a/gmime/gmime-gpg-context.c
+++ b/gmime/gmime-gpg-context.c
@@ -69,8 +69,6 @@ struct _GMimeGpgContext {
GMimeCryptoContext parent_object;
#ifdef ENABLE_CRYPTO
- gpgme_encrypt_flags_t encrypt_flags;
- gboolean auto_key_retrieve;
gpgme_ctx_t ctx;
#endif
};
@@ -88,13 +86,6 @@ static void g_mime_gpg_context_finalize (GObject *object);
static GMimeDigestAlgo gpg_digest_id (GMimeCryptoContext *ctx, const char *name);
static const char *gpg_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest);
-static gboolean gpg_get_retrieve_session_key (GMimeCryptoContext *context);
-static int gpg_set_retrieve_session_key (GMimeCryptoContext *ctx, gboolean retrieve_session_key,
- GError **err);
-
-static gboolean gpg_get_always_trust (GMimeCryptoContext *context);
-static void gpg_set_always_trust (GMimeCryptoContext *ctx, gboolean always_trust);
-
static int gpg_sign (GMimeCryptoContext *ctx, gboolean detach,
const char *userid, GMimeDigestAlgo digest,
GMimeStream *istream, GMimeStream *ostream,
@@ -104,20 +95,18 @@ static const char *gpg_get_signature_protocol (GMimeCryptoContext *ctx);
static const char *gpg_get_encryption_protocol (GMimeCryptoContext *ctx);
static const char *gpg_get_key_exchange_protocol (GMimeCryptoContext *ctx);
-static GMimeSignatureList *gpg_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
- GMimeStream *istream, GMimeStream *sigstream,
- GError **err);
+static GMimeSignatureList *gpg_verify (GMimeCryptoContext *ctx, GMimeVerifyFlags flags,
+ GMimeDigestAlgo digest, GMimeStream *istream,
+ GMimeStream *sigstream, GError **err);
-static int gpg_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid,
- GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
- GMimeStream *ostream, GError **err);
+static int gpg_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeDigestAlgo digest,
+ GMimeEncryptFlags flags, GPtrArray *recipients, GMimeStream *istream, GMimeStream
*ostream,
+ GError **err);
-static GMimeDecryptResult *gpg_decrypt (GMimeCryptoContext *ctx, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err);
+static GMimeDecryptResult *gpg_decrypt (GMimeCryptoContext *ctx, GMimeDecryptFlags flags, const char
*session_key,
+ GMimeStream *istream, GMimeStream *ostream, GError **err);
-static int gpg_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream,
- GError **err);
+static int gpg_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream, GError **err);
static int gpg_export_keys (GMimeCryptoContext *ctx, const char *keys[],
GMimeStream *ostream, GError **err);
@@ -172,18 +161,12 @@ g_mime_gpg_context_class_init (GMimeGpgContextClass *klass)
crypto_class->get_signature_protocol = gpg_get_signature_protocol;
crypto_class->get_encryption_protocol = gpg_get_encryption_protocol;
crypto_class->get_key_exchange_protocol = gpg_get_key_exchange_protocol;
- crypto_class->get_retrieve_session_key = gpg_get_retrieve_session_key;
- crypto_class->set_retrieve_session_key = gpg_set_retrieve_session_key;
- crypto_class->get_always_trust = gpg_get_always_trust;
- crypto_class->set_always_trust = gpg_set_always_trust;
}
static void
g_mime_gpg_context_init (GMimeGpgContext *gpg, GMimeGpgContextClass *klass)
{
#ifdef ENABLE_CRYPTO
- gpg->auto_key_retrieve = FALSE;
- gpg->encrypt_flags = 0;
gpg->ctx = NULL;
#endif
}
@@ -611,9 +594,8 @@ gpg_get_signatures (GMimeGpgContext *gpg, gboolean verify)
#endif /* ENABLE_CRYPTO */
static GMimeSignatureList *
-gpg_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
- GMimeStream *istream, GMimeStream *sigstream,
- GError **err)
+gpg_verify (GMimeCryptoContext *context, GMimeVerifyFlags flags, GMimeDigestAlgo digest,
+ GMimeStream *istream, GMimeStream *sigstream, GError **err)
{
#ifdef ENABLE_CRYPTO
GMimeGpgContext *gpg = (GMimeGpgContext *) context;
@@ -636,6 +618,8 @@ gpg_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
signature = NULL;
}
+ // FIXME: enable auto-key-retrieve
+
if ((error = gpgme_op_verify (gpg->ctx, signature, message, NULL)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not verify gpg signature"));
if (signature)
@@ -675,18 +659,22 @@ key_list_free (gpgme_key_t *keys)
#endif /* ENABLE_CRYPTO */
static int
-gpg_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
- GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
- GMimeStream *ostream, GError **err)
+gpg_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid, GMimeDigestAlgo digest,
+ GMimeEncryptFlags flags, GPtrArray *recipients, GMimeStream *istream, GMimeStream *ostream,
+ GError **err)
{
#ifdef ENABLE_CRYPTO
GMimeGpgContext *gpg = (GMimeGpgContext *) context;
+ gpgme_encrypt_flags_t encrypt_flags = 0;
gpgme_data_t input, output;
gpgme_error_t error;
gpgme_key_t *rcpts;
gpgme_key_t key;
guint i;
+ if (flags & GMIME_ENCRYPT_FLAGS_ALWAYS_TRUST)
+ encrypt_flags |= GPGME_ENCRYPT_ALWAYS_TRUST;
+
/* create an array of recipient keys for GpgMe */
rcpts = g_new0 (gpgme_key_t, recipients->len + 1);
for (i = 0; i < recipients->len; i++) {
@@ -720,11 +708,11 @@ gpg_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
return -1;
}
- error = gpgme_op_encrypt_sign (gpg->ctx, rcpts, gpg->encrypt_flags, input, output);
+ error = gpgme_op_encrypt_sign (gpg->ctx, rcpts, encrypt_flags, input, output);
gpgme_signers_clear (gpg->ctx);
} else {
- error = gpgme_op_encrypt (gpg->ctx, rcpts, gpg->encrypt_flags, input, output);
+ error = gpgme_op_encrypt (gpg->ctx, rcpts, encrypt_flags, input, output);
}
gpgme_data_release (output);
@@ -781,9 +769,8 @@ gpg_get_decrypt_result (GMimeGpgContext *gpg)
#endif /* ENABLE_CRYPTO */
static GMimeDecryptResult *
-gpg_decrypt (GMimeCryptoContext *context, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err)
+gpg_decrypt (GMimeCryptoContext *context, GMimeDecryptFlags flags, const char *session_key,
+ GMimeStream *istream, GMimeStream *ostream, GError **err)
{
#ifdef ENABLE_CRYPTO
GMimeGpgContext *gpg = (GMimeGpgContext *) context;
@@ -803,18 +790,33 @@ gpg_decrypt (GMimeCryptoContext *context, const char *session_key,
return NULL;
}
- gpgme_set_ctx_flag (gpg->ctx, "override-session-key", session_key);
+ if (flags & GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY)
+ gpgme_set_ctx_flag (gpg->ctx, "export-session-key", "1");
+
+ if (session_key)
+ gpgme_set_ctx_flag (gpg->ctx, "override-session-key", session_key);
/* decrypt the input stream */
if ((error = gpgme_op_decrypt_verify (gpg->ctx, input, output)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Decryption failed"));
- gpgme_set_ctx_flag (gpg->ctx, "override-session-key", NULL);
+
+ if (flags & GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY)
+ gpgme_set_ctx_flag (gpg->ctx, "export-session-key", "0");
+
+ if (session_key)
+ gpgme_set_ctx_flag (gpg->ctx, "override-session-key", NULL);
+
gpgme_data_release (output);
gpgme_data_release (input);
return NULL;
}
- gpgme_set_ctx_flag (gpg->ctx, "override-session-key", NULL);
+ if (flags & GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY)
+ gpgme_set_ctx_flag (gpg->ctx, "export-session-key", "0");
+
+ if (session_key)
+ gpgme_set_ctx_flag (gpg->ctx, "override-session-key", NULL);
+
gpgme_data_release (output);
gpgme_data_release (input);
@@ -888,68 +890,6 @@ gpg_export_keys (GMimeCryptoContext *context, const char *keys[], GMimeStream *o
#endif /* ENABLE_CRYPTO */
}
-static gboolean
-gpg_get_retrieve_session_key (GMimeCryptoContext *context)
-{
-#ifdef ENABLE_CRYPTO
- GMimeGpgContext *ctx = (GMimeGpgContext *) context;
- const char *value;
-
- value = gpgme_get_ctx_flag (ctx->ctx, "export-session-key");
-
- return value && *value && *value != '0';
-#else
- return FALSE;
-#endif /* ENABLE_CRYPTO */
-}
-
-
-static int
-gpg_set_retrieve_session_key (GMimeCryptoContext *context, gboolean retrieve_session_key, GError **err)
-{
-#ifdef ENABLE_CRYPTO
- GMimeGpgContext *ctx = (GMimeGpgContext *) context;
- gpgme_error_t error;
-
- if ((error = gpgme_set_ctx_flag (ctx->ctx, "export-session-key", retrieve_session_key ? "1" : "0"))
!= 0) {
- g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
- _("Session key retrieval is not supported by this crypto context"));
- return -1;
- }
-
- return 0;
-#else
- g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
- _("Session key retrieval is not supported by this crypto context"));
- return -1;
-#endif /* ENABLE_CRYPTO */
-}
-
-static gboolean
-gpg_get_always_trust (GMimeCryptoContext *context)
-{
-#ifdef ENABLE_CRYPTO
- GMimeGpgContext *gpg = (GMimeGpgContext *) context;
-
- return (gpg->encrypt_flags & GPGME_ENCRYPT_ALWAYS_TRUST) != 0;
-#else
- return FALSE;
-#endif /* ENABLE_CRYPTO */
-}
-
-static void
-gpg_set_always_trust (GMimeCryptoContext *context, gboolean always_trust)
-{
-#ifdef ENABLE_CRYPTO
- GMimeGpgContext *gpg = (GMimeGpgContext *) context;
-
- if (always_trust)
- gpg->encrypt_flags |= GPGME_ENCRYPT_ALWAYS_TRUST;
- else
- gpg->encrypt_flags &= ~GPGME_ENCRYPT_ALWAYS_TRUST;
-#endif /* ENABLE_CRYPTO */
-}
-
/**
* g_mime_gpg_context_new:
@@ -984,39 +924,3 @@ g_mime_gpg_context_new (void)
return NULL;
#endif /* ENABLE_CRYPTO */
}
-
-
-/**
- * g_mime_gpg_context_get_auto_key_retrieve:
- * @ctx: a #GMimeGpgContext
- *
- * Gets whether or not gpg should auto-retrieve keys from a keyserver
- * when verifying signatures.
- *
- * Returns: %TRUE if gpg should auto-retrieve keys from a keyserver or
- * %FALSE otherwise.
- **/
-gboolean
-g_mime_gpg_context_get_auto_key_retrieve (GMimeGpgContext *ctx)
-{
- g_return_val_if_fail (GMIME_IS_GPG_CONTEXT (ctx), FALSE);
-
- return ctx->auto_key_retrieve;
-}
-
-
-/**
- * g_mime_gpg_context_set_auto_key_retrieve:
- * @ctx: a #GMimeGpgContext
- * @auto_key_retrieve: %TRUE if gpg should auto-retrieve keys from a keys server
- *
- * Sets whether or not gpg should auto-retrieve keys from a keyserver
- * when verifying signatures.
- **/
-void
-g_mime_gpg_context_set_auto_key_retrieve (GMimeGpgContext *ctx, gboolean auto_key_retrieve)
-{
- g_return_if_fail (GMIME_IS_GPG_CONTEXT (ctx));
-
- ctx->auto_key_retrieve = auto_key_retrieve;
-}
diff --git a/gmime/gmime-gpg-context.h b/gmime/gmime-gpg-context.h
index 6b255d6..bf1b2dd 100644
--- a/gmime/gmime-gpg-context.h
+++ b/gmime/gmime-gpg-context.h
@@ -39,12 +39,8 @@ typedef struct _GMimeGpgContextClass GMimeGpgContextClass;
GType g_mime_gpg_context_get_type (void);
-
GMimeCryptoContext *g_mime_gpg_context_new (void);
-gboolean g_mime_gpg_context_get_auto_key_retrieve (GMimeGpgContext *ctx);
-void g_mime_gpg_context_set_auto_key_retrieve (GMimeGpgContext *ctx, gboolean auto_key_retrieve);
-
G_END_DECLS
#endif /* __GMIME_GPG_CONTEXT_H__ */
diff --git a/gmime/gmime-multipart-encrypted.c b/gmime/gmime-multipart-encrypted.c
index f0765a7..4125b45 100644
--- a/gmime/gmime-multipart-encrypted.c
+++ b/gmime/gmime-multipart-encrypted.c
@@ -144,6 +144,7 @@ g_mime_multipart_encrypted_new (void)
* @sign: %TRUE if the content should also be signed or %FALSE otherwise
* @userid: user id to use for signing (only used if @sign is %TRUE)
* @digest: digest algorithm to use when signing
+ * @flags: a #GMimeEncryptFlags
* @recipients: (element-type utf8): an array of recipients to encrypt to
* @err: a #GError
*
@@ -158,8 +159,8 @@ g_mime_multipart_encrypted_new (void)
**/
int
g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *content,
- GMimeCryptoContext *ctx, gboolean sign,
- const char *userid, GMimeDigestAlgo digest,
+ GMimeCryptoContext *ctx, gboolean sign, const char *userid,
+ GMimeDigestAlgo digest, GMimeEncryptFLags flags,
GPtrArray *recipients, GError **err)
{
GMimeParserOptions *options = g_mime_parser_options_get_default ();
@@ -196,7 +197,7 @@ g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *c
/* encrypt the content stream */
ciphertext = g_mime_stream_mem_new ();
- if (g_mime_crypto_context_encrypt (ctx, sign, userid, digest, recipients, stream, ciphertext, err) ==
-1) {
+ if (g_mime_crypto_context_encrypt (ctx, sign, userid, digest, flags, recipients, stream, ciphertext,
err) == -1) {
g_object_unref (ciphertext);
g_object_unref (stream);
return -1;
@@ -272,6 +273,7 @@ g_mime_data_wrapper_get_decoded_stream (GMimeDataWrapper *wrapper)
/**
* g_mime_multipart_encrypted_decrypt:
* @mpe: multipart/encrypted object
+ * @flags: a #GMimeDecryptFlags
* @session_key: session key to use or %NULL
* @result: a #GMimeDecryptionResult
* @err: a #GError
@@ -294,8 +296,9 @@ g_mime_data_wrapper_get_decoded_stream (GMimeDataWrapper *wrapper)
* @err to provide information as to why the failure occured.
**/
GMimeObject *
-g_mime_multipart_encrypted_decrypt (GMimeMultipartEncrypted *mpe, const char *session_key,
- GMimeDecryptResult **result, GError **err)
+g_mime_multipart_encrypted_decrypt (GMimeMultipartEncrypted *mpe, GMimeDecryptFLags flags,
+ const char *session_key, GMimeDecryptResult **result,
+ GError **err)
{
GMimeObject *decrypted, *version, *encrypted;
GMimeStream *stream, *ciphertext;
@@ -379,7 +382,7 @@ g_mime_multipart_encrypted_decrypt (GMimeMultipartEncrypted *mpe, const char *se
g_object_unref (crlf_filter);
/* get the cleartext */
- if (!(res = g_mime_crypto_context_decrypt (ctx, session_key, ciphertext, filtered_stream, err))) {
+ if (!(res = g_mime_crypto_context_decrypt (ctx, flags, session_key, ciphertext, filtered_stream,
err))) {
g_object_unref (filtered_stream);
g_object_unref (ciphertext);
g_object_unref (stream);
diff --git a/gmime/gmime-multipart-encrypted.h b/gmime/gmime-multipart-encrypted.h
index ebbe7b3..4a7f6d9 100644
--- a/gmime/gmime-multipart-encrypted.h
+++ b/gmime/gmime-multipart-encrypted.h
@@ -67,9 +67,11 @@ GMimeMultipartEncrypted *g_mime_multipart_encrypted_new (void);
int g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *content,
GMimeCryptoContext *ctx, gboolean sign,
const char *userid, GMimeDigestAlgo digest,
- GPtrArray *recipients, GError **err);
+ GMimeEncryptFlags flags, GPtrArray *recipients,
+ GError **err);
GMimeObject *g_mime_multipart_encrypted_decrypt (GMimeMultipartEncrypted *mpe,
+ GMimeDecryptFlags flags,
const char *session_key,
GMimeDecryptResult **result,
GError **err);
diff --git a/gmime/gmime-multipart-signed.c b/gmime/gmime-multipart-signed.c
index e667351..9ffaf74 100644
--- a/gmime/gmime-multipart-signed.c
+++ b/gmime/gmime-multipart-signed.c
@@ -359,6 +359,7 @@ check_protocol_supported (const char *protocol, const char *supported)
/**
* g_mime_multipart_signed_verify:
* @mps: multipart/signed object
+ * @flags: a #GMimeVerifyFlags
* @err: exception
*
* Attempts to verify the signed MIME part contained within the
@@ -370,7 +371,7 @@ check_protocol_supported (const char *protocol, const char *supported)
* occured.
**/
GMimeSignatureList *
-g_mime_multipart_signed_verify (GMimeMultipartSigned *mps, GError **err)
+g_mime_multipart_signed_verify (GMimeMultipartSigned *mps, GMimeVerifyFlags flags, GError **err)
{
const char *supported, *protocol, *micalg;
GMimeObject *content, *signature;
@@ -469,7 +470,7 @@ g_mime_multipart_signed_verify (GMimeMultipartSigned *mps, GError **err)
/* verify the signature */
digest = g_mime_crypto_context_digest_id (ctx, micalg);
- signatures = g_mime_crypto_context_verify (ctx, digest, stream, sigstream, err);
+ signatures = g_mime_crypto_context_verify (ctx, flags, digest, stream, sigstream, err);
d(printf ("attempted to verify:\n----- BEGIN SIGNED PART -----\n%.*s----- END SIGNED PART -----\n",
(int) GMIME_STREAM_MEM (stream)->buffer->len, GMIME_STREAM_MEM (stream)->buffer->data));
diff --git a/gmime/gmime-multipart-signed.h b/gmime/gmime-multipart-signed.h
index 5ccd1cc..4cfbb55 100644
--- a/gmime/gmime-multipart-signed.h
+++ b/gmime/gmime-multipart-signed.h
@@ -68,7 +68,7 @@ int g_mime_multipart_signed_sign (GMimeMultipartSigned *mps, GMimeObject *conten
GMimeCryptoContext *ctx, const char *userid,
GMimeDigestAlgo digest, GError **err);
-GMimeSignatureList *g_mime_multipart_signed_verify (GMimeMultipartSigned *mps, GError **err);
+GMimeSignatureList *g_mime_multipart_signed_verify (GMimeMultipartSigned *mps, GMimeVerifyFlags flags,
GError **err);
G_END_DECLS
diff --git a/gmime/gmime-pkcs7-context.c b/gmime/gmime-pkcs7-context.c
index 86f860d..4e5f751 100644
--- a/gmime/gmime-pkcs7-context.c
+++ b/gmime/gmime-pkcs7-context.c
@@ -69,7 +69,6 @@ struct _GMimePkcs7Context {
GMimeCryptoContext parent_object;
#ifdef ENABLE_CRYPTO
- gpgme_encrypt_flags_t encrypt_flags;
gpgme_ctx_t ctx;
#endif
};
@@ -86,13 +85,6 @@ static void g_mime_pkcs7_context_finalize (GObject *object);
static GMimeDigestAlgo pkcs7_digest_id (GMimeCryptoContext *ctx, const char *name);
static const char *pkcs7_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest);
-static gboolean pkcs7_get_retrieve_session_key (GMimeCryptoContext *context);
-static int pkcs7_set_retrieve_session_key (GMimeCryptoContext *ctx, gboolean retrieve_session_key,
- GError **err);
-
-static gboolean pkcs7_get_always_trust (GMimeCryptoContext *context);
-static void pkcs7_set_always_trust (GMimeCryptoContext *ctx, gboolean always_trust);
-
static const char *pkcs7_get_signature_protocol (GMimeCryptoContext *ctx);
static const char *pkcs7_get_encryption_protocol (GMimeCryptoContext *ctx);
static const char *pkcs7_get_key_exchange_protocol (GMimeCryptoContext *ctx);
@@ -102,20 +94,18 @@ static int pkcs7_sign (GMimeCryptoContext *ctx, gboolean detach,
GMimeStream *istream, GMimeStream *ostream,
GError **err);
-static GMimeSignatureList *pkcs7_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
- GMimeStream *istream, GMimeStream *sigstream,
- GError **err);
+static GMimeSignatureList *pkcs7_verify (GMimeCryptoContext *ctx, GMimeVerifyFlags flags,
+ GMimeDigestAlgo digest, GMimeStream *istream,
+ GMimeStream *sigstream, GError **err);
-static int pkcs7_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid,
- GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
+static int pkcs7_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeDigestAlgo digest,
+ GMimeEncryptFlags flags, GPtrArray *recipients, GMimeStream *istream,
GMimeStream *ostream, GError **err);
-static GMimeDecryptResult *pkcs7_decrypt (GMimeCryptoContext *ctx, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err);
+static GMimeDecryptResult *pkcs7_decrypt (GMimeCryptoContext *ctx, GMimeDecryptFlags flags, const char
*session_key,
+ GMimeStream *istream, GMimeStream *ostream, GError **err);
-static int pkcs7_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream,
- GError **err);
+static int pkcs7_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream, GError **err);
static int pkcs7_export_keys (GMimeCryptoContext *ctx, const char *keys[],
GMimeStream *ostream, GError **err);
@@ -170,17 +160,12 @@ g_mime_pkcs7_context_class_init (GMimePkcs7ContextClass *klass)
crypto_class->get_signature_protocol = pkcs7_get_signature_protocol;
crypto_class->get_encryption_protocol = pkcs7_get_encryption_protocol;
crypto_class->get_key_exchange_protocol = pkcs7_get_key_exchange_protocol;
- crypto_class->get_retrieve_session_key = pkcs7_get_retrieve_session_key;
- crypto_class->set_retrieve_session_key = pkcs7_set_retrieve_session_key;
- crypto_class->get_always_trust = pkcs7_get_always_trust;
- crypto_class->set_always_trust = pkcs7_set_always_trust;
}
static void
g_mime_pkcs7_context_init (GMimePkcs7Context *pkcs7, GMimePkcs7ContextClass *klass)
{
#ifdef ENABLE_CRYPTO
- pkcs7->encrypt_flags = 0;
pkcs7->ctx = NULL;
#endif
}
@@ -603,9 +588,8 @@ pkcs7_get_signatures (GMimePkcs7Context *pkcs7, gboolean verify)
#endif /* ENABLE_CRYPTO */
static GMimeSignatureList *
-pkcs7_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
- GMimeStream *istream, GMimeStream *sigstream,
- GError **err)
+pkcs7_verify (GMimeCryptoContext *context, GMimeVerifyFlags flags, GMimeDigestAlgo digest,
+ GMimeStream *istream, GMimeStream *sigstream, GError **err)
{
#ifdef ENABLE_CRYPTO
GMimePkcs7Context *pkcs7 = (GMimePkcs7Context *) context;
@@ -628,6 +612,8 @@ pkcs7_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
signature = NULL;
}
+ // FIXME: enable auto-key-retrieve
+
if ((error = gpgme_op_verify (pkcs7->ctx, signature, message, NULL)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not verify pkcs7 signature"));
if (signature)
@@ -667,12 +653,13 @@ key_list_free (gpgme_key_t *keys)
#endif /* ENABLE_CRYPTO */
static int
-pkcs7_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
- GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
- GMimeStream *ostream, GError **err)
+pkcs7_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid, GMimeDigestAlgo digest,
+ GMimeEncryptFlags flags, GPtrArray *recipients, GMimeStream *istream, GMimeStream *ostream,
+ GError **err)
{
#ifdef ENABLE_CRYPTO
GMimePkcs7Context *pkcs7 = (GMimePkcs7Context *) context;
+ gpgme_encrypt_flags_t encrypt_flags = 0;
gpgme_data_t input, output;
gpgme_error_t error;
gpgme_key_t *rcpts;
@@ -685,6 +672,9 @@ pkcs7_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
return -1;
}
+ if (flags & GMIME_ENCRYPT_FLAGS_ALWAYS_TRUST)
+ encrypt_flags |= GPGME_ENCRYPT_ALWAYS_TRUST;
+
/* create an array of recipient keys for GpgMe */
rcpts = g_new0 (gpgme_key_t, recipients->len + 1);
for (i = 0; i < recipients->len; i++) {
@@ -710,7 +700,7 @@ pkcs7_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
}
/* encrypt the input stream */
- error = gpgme_op_encrypt (pkcs7->ctx, rcpts, pkcs7->encrypt_flags, input, output);
+ error = gpgme_op_encrypt (pkcs7->ctx, rcpts, encrypt_flags, input, output);
gpgme_data_release (output);
gpgme_data_release (input);
key_list_free (rcpts);
@@ -765,9 +755,8 @@ pkcs7_get_decrypt_result (GMimePkcs7Context *pkcs7)
#endif /* ENABLE_CRYPTO */
static GMimeDecryptResult *
-pkcs7_decrypt (GMimeCryptoContext *context, const char *session_key,
- GMimeStream *istream, GMimeStream *ostream,
- GError **err)
+pkcs7_decrypt (GMimeCryptoContext *context, GMimeDecryptFlags flags, const char *session_key,
+ GMimeStream *istream, GMimeStream *ostream, GError **err)
{
#ifdef ENABLE_CRYPTO
GMimePkcs7Context *pkcs7 = (GMimePkcs7Context *) context;
@@ -787,18 +776,33 @@ pkcs7_decrypt (GMimeCryptoContext *context, const char *session_key,
return NULL;
}
- gpgme_set_ctx_flag (pkcs7->ctx, "override-session-key", session_key);
+ if (flags & GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY)
+ gpgme_set_ctx_flag (pkcs7->ctx, "export-session-key", "1");
+
+ if (session_key)
+ gpgme_set_ctx_flag (pkcs7->ctx, "override-session-key", session_key);
/* decrypt the input stream */
if ((error = gpgme_op_decrypt_verify (pkcs7->ctx, input, output)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Decryption failed"));
- gpgme_set_ctx_flag (pkcs7->ctx, "override-session-key", NULL);
+
+ if (flags & GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY)
+ gpgme_set_ctx_flag (pkcs7->ctx, "export-session-key", "0");
+
+ if (session_key)
+ gpgme_set_ctx_flag (pkcs7->ctx, "override-session-key", NULL);
+
gpgme_data_release (output);
gpgme_data_release (input);
return NULL;
}
- gpgme_set_ctx_flag (pkcs7->ctx, "override-session-key", NULL);
+ if (flags & GMIME_DECRYPT_FLAGS_EXPORT_SESSION_KEY)
+ gpgme_set_ctx_flag (pkcs7->ctx, "export-session-key", "0");
+
+ if (session_key)
+ gpgme_set_ctx_flag (pkcs7->ctx, "override-session-key", NULL);
+
gpgme_data_release (output);
gpgme_data_release (input);
@@ -873,71 +877,6 @@ pkcs7_export_keys (GMimeCryptoContext *context, const char *keys[], GMimeStream
}
-static gboolean
-pkcs7_get_retrieve_session_key (GMimeCryptoContext *context)
-{
-#ifdef ENABLE_CRYPTO
- GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
- const char *value;
-
- value = gpgme_get_ctx_flag (ctx->ctx, "export-session-key");
-
- return value && *value && *value != '0';
-#else
- return FALSE;
-#endif /* ENABLE_CRYPTO */
-}
-
-
-static int
-pkcs7_set_retrieve_session_key (GMimeCryptoContext *context, gboolean retrieve_session_key, GError **err)
-{
-#ifdef ENABLE_CRYPTO
- GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
- gpgme_error_t error;
-
- if ((error = gpgme_set_ctx_flag (ctx->ctx, "export-session-key", retrieve_session_key ? "1" : "0"))
!= 0) {
- g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
- _("Session key retrieval is not supported by this crypto context"));
- return -1;
- }
-
- return 0;
-#else
- g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
- _("Session key retrieval is not supported by this crypto context"));
- return -1;
-#endif /* ENABLE_CRYPTO */
-}
-
-
-static gboolean
-pkcs7_get_always_trust (GMimeCryptoContext *context)
-{
-#ifdef ENABLE_CRYPTO
- GMimePkcs7Context *pkcs7 = (GMimePkcs7Context *) context;
-
- return (pkcs7->encrypt_flags & GPGME_ENCRYPT_ALWAYS_TRUST) != 0;
-#else
- return FALSE;
-#endif /* ENABLE_CRYPTO */
-}
-
-
-static void
-pkcs7_set_always_trust (GMimeCryptoContext *context, gboolean always_trust)
-{
-#ifdef ENABLE_CRYPTO
- GMimePkcs7Context *pkcs7 = (GMimePkcs7Context *) context;
-
- if (always_trust)
- pkcs7->encrypt_flags |= GPGME_ENCRYPT_ALWAYS_TRUST;
- else
- pkcs7->encrypt_flags &= ~GPGME_ENCRYPT_ALWAYS_TRUST;
-#endif /* ENABLE_CRYPTO */
-}
-
-
/**
* g_mime_pkcs7_context_new:
*
diff --git a/gmime/gmime-pkcs7-context.h b/gmime/gmime-pkcs7-context.h
index 34a2352..54b045d 100644
--- a/gmime/gmime-pkcs7-context.h
+++ b/gmime/gmime-pkcs7-context.h
@@ -40,9 +40,6 @@ GType g_mime_pkcs7_context_get_type (void);
GMimeCryptoContext *g_mime_pkcs7_context_new (void);
-gboolean g_mime_pkcs7_context_get_always_trust (GMimePkcs7Context *ctx);
-void g_mime_pkcs7_context_set_always_trust (GMimePkcs7Context *ctx, gboolean always_trust);
-
G_END_DECLS
#endif /* __GMIME_PKCS7_CONTEXT_H__ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
