X-Git-Url: http://cgit.sxemacs.org/?a=blobdiff_plain;f=lisp%2Fmml-smime.el;h=3f0809edbe8ffee4eac529f6e3ce00fb8911f473;hb=91bfdfbc3e77a244efc8af47a47b30b10f48ec87;hp=62e742f93a152a873aac30b3b4e106e1b1a46a33;hpb=a07fef39c45c3c3c77cafef422daca2460f34882;p=gnus

diff --git a/lisp/mml-smime.el b/lisp/mml-smime.el
index 62e742f93..3f0809edb 100644
--- a/lisp/mml-smime.el
+++ b/lisp/mml-smime.el
@@ -1,7 +1,6 @@
 ;;; mml-smime.el --- S/MIME support for MML
 
-;; Copyright (C) 2000, 2001, 2002, 2003, 2004,
-;;   2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+;; Copyright (C) 2000-2015 Free Software Foundation, Inc.
 
 ;; Author: Simon Josefsson <simon@josefsson.org>
 ;; Keywords: Gnus, MIME, S/MIME, MML
@@ -25,10 +24,6 @@
 
 ;;; Code:
 
-;; For Emacs < 22.2.
-(eval-and-compile
-  (unless (fboundp 'declare-function) (defmacro declare-function (&rest r))))
-
 (eval-when-compile (require 'cl))
 
 (require 'smime)
@@ -37,7 +32,12 @@
 (autoload 'message-narrow-to-headers "message")
 (autoload 'message-fetch-field "message")
 
-(defvar mml-smime-use 'openssl)
+(defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl)
+  "Whether to use OpenSSL or EPG to decrypt S/MIME messages.
+Defaults to EPG if it's loaded."
+  :group 'mime-security
+  :type '(choice (const :tag "EPG" epg)
+                 (const :tag "OpenSSL" openssl)))
 
 (defvar mml-smime-function-alist
   '((openssl mml-smime-openssl-sign
@@ -70,6 +70,18 @@ Whether the passphrase is cached at all is controlled by
   :group 'mime-security
   :type '(repeat (string :tag "Key ID")))
 
+(defcustom mml-smime-sign-with-sender nil
+  "If t, use message sender so find a key to sign with."
+  :group 'mime-security
+  :version "24.4"
+  :type 'boolean)
+
+(defcustom mml-smime-encrypt-to-self nil
+  "If t, add your own key ID to recipient list when encryption."
+  :group 'mime-security
+  :version "24.4"
+  :type 'boolean)
+
 (defun mml-smime-sign (cont)
   (let ((func (nth 1 (assq mml-smime-use mml-smime-function-alist))))
     (if func
@@ -162,7 +174,7 @@ Whether the passphrase is cached at all is controlled by
 		(and from (smime-get-key-by-email from)))
 	      (smime-get-key-by-email
 	       (gnus-completing-read "Sign this part with what signature"
-                                     smime-keys nil nil
+                                     (mapcar 'car smime-keys) nil nil nil
                                      (and (listp (car-safe smime-keys))
                                           (caar smime-keys))))))))
 
@@ -221,7 +233,7 @@ Whether the passphrase is cached at all is controlled by
     (while (not done)
       (ecase (read (gnus-completing-read
 		    "Fetch certificate from"
-		    '(("dns") ("ldap") ("file")) t nil nil
+		    '("dns" "ldap" "file") t nil nil
                     "ldap"))
 	(dns (setq certs (append certs
 				 (mml-smime-get-dns-cert))))
@@ -305,23 +317,25 @@ Whether the passphrase is cached at all is controlled by
 (defvar inhibit-redisplay)
 (defvar password-cache-expiry)
 
-(eval-when-compile
-  (autoload 'epg-make-context "epg")
-  (autoload 'epg-context-set-armor "epg")
-  (autoload 'epg-context-set-signers "epg")
-  (autoload 'epg-context-result-for "epg")
-  (autoload 'epg-new-signature-digest-algorithm "epg")
-  (autoload 'epg-verify-result-to-string "epg")
-  (autoload 'epg-list-keys "epg")
-  (autoload 'epg-decrypt-string "epg")
-  (autoload 'epg-verify-string "epg")
-  (autoload 'epg-sign-string "epg")
-  (autoload 'epg-encrypt-string "epg")
-  (autoload 'epg-passphrase-callback-function "epg")
-  (autoload 'epg-context-set-passphrase-callback "epg")
-  (autoload 'epg-configuration "epg-config")
-  (autoload 'epg-expand-group "epg-config")
-  (autoload 'epa-select-keys "epa"))
+(autoload 'epg-make-context "epg")
+(autoload 'epg-passphrase-callback-function "epg")
+(declare-function epg-context-set-signers "epg" (context signers))
+(declare-function epg-context-result-for "epg" (context name))
+(declare-function epg-new-signature-digest-algorithm "epg" (cl-x) t)
+(declare-function epg-verify-result-to-string "epg" (verify-result))
+(declare-function epg-list-keys "epg" (context &optional name mode))
+(declare-function epg-verify-string "epg"
+		  (context signature &optional signed-text))
+(declare-function epg-sign-string "epg" (context plain &optional mode))
+(declare-function epg-encrypt-string "epg"
+		  (context plain recipients &optional sign always-trust))
+(declare-function epg-context-set-passphrase-callback "epg"
+		  (context passphrase-callback))
+(declare-function epg-sub-key-fingerprint "epg" (cl-x) t)
+(declare-function epg-configuration "epg-config" ())
+(declare-function epg-expand-group "epg-config" (config group))
+(declare-function epa-select-keys "epa"
+		  (context prompt &optional names secret))
 
 (defvar mml-smime-epg-secret-key-id-list nil)
 
@@ -346,9 +360,9 @@ Whether the passphrase is cached at all is controlled by
 	      (cons key-id mml-smime-epg-secret-key-id-list))
 	(copy-sequence passphrase)))))
 
-(declare-function epg-key-sub-key-list   "ext:epg" (key))
-(declare-function epg-sub-key-capability "ext:epg" (sub-key))
-(declare-function epg-sub-key-validity   "ext:epg" (sub-key))
+(declare-function epg-key-sub-key-list   "epg" (key) t)
+(declare-function epg-sub-key-capability "epg" (sub-key) t)
+(declare-function epg-sub-key-validity   "epg" (sub-key) t)
 
 (defun mml-smime-epg-find-usable-key (keys usage)
   (catch 'found
@@ -362,6 +376,24 @@ Whether the passphrase is cached at all is controlled by
 	  (setq pointer (cdr pointer))))
       (setq keys (cdr keys)))))
 
+;; XXX: since gpg --list-secret-keys does not return validity of each
+;; key, `mml-smime-epg-find-usable-key' defined above is not enough for
+;; secret keys.  The function `mml-smime-epg-find-usable-secret-key'
+;; below looks at appropriate public keys to check usability.
+(defun mml-smime-epg-find-usable-secret-key (context name usage)
+  (let ((secret-keys (epg-list-keys context name t))
+	secret-key)
+    (while (and (not secret-key) secret-keys)
+      (if (mml-smime-epg-find-usable-key
+	   (epg-list-keys context (epg-sub-key-fingerprint
+				   (car (epg-key-sub-key-list
+					 (car secret-keys)))))
+	   usage)
+	  (setq secret-key (car secret-keys)
+		secret-keys nil)
+	(setq secret-keys (cdr secret-keys))))
+    secret-key))
+
 (autoload 'mml-compute-boundary "mml")
 
 ;; We require mm-decode, which requires mm-bodies, which autoloads
@@ -372,29 +404,36 @@ Whether the passphrase is cached at all is controlled by
   (let* ((inhibit-redisplay t)
 	 (context (epg-make-context 'CMS))
 	 (boundary (mml-compute-boundary cont))
+	 (sender (message-options-get 'message-sender))
+	 (signer-names (or mml-smime-signers
+			   (if (and mml-smime-sign-with-sender sender)
+			       (list (concat "<" sender ">")))))
 	 signer-key
 	 (signers
 	  (or (message-options-get 'mml-smime-epg-signers)
 	      (message-options-set
-	      'mml-smime-epg-signers
-	      (if (eq mm-sign-option 'guided)
-		  (epa-select-keys context "\
+	       'mml-smime-epg-signers
+	       (if (eq mm-sign-option 'guided)
+		   (epa-select-keys context "\
 Select keys for signing.
 If no one is selected, default secret key is used.  "
-				   mml-smime-signers t)
-		(if mml-smime-signers
-		    (mapcar
-		     (lambda (signer)
-		       (setq signer-key (mml-smime-epg-find-usable-key
-					 (epg-list-keys context signer t)
-					 'sign))
-		       (unless (or signer-key
-				   (y-or-n-p
-				    (format "No secret key for %s; skip it? "
+				    signer-names
+				    t)
+		 (if (or sender mml-smime-signers)
+		     (delq nil
+			   (mapcar
+			    (lambda (signer)
+			      (setq signer-key
+				    (mml-smime-epg-find-usable-secret-key
+				     context signer 'sign))
+			      (unless (or signer-key
+					  (y-or-n-p
+					   (format
+					    "No secret key for %s; skip it? "
 					    signer)))
-			 (error "No secret key for %s" signer))
-		       signer-key)
-		     mml-smime-signers))))))
+				(error "No secret key for %s" signer))
+			      signer-key)
+			    signer-names)))))))
 	 signature micalg)
     (epg-context-set-signers context signers)
     (if mml-smime-cache-passphrase
@@ -439,13 +478,17 @@ Content-Disposition: attachment; filename=smime.p7s
     (goto-char (point-max))))
 
 (defun mml-smime-epg-encrypt (cont)
-  (let ((inhibit-redisplay t)
-	(context (epg-make-context 'CMS))
-	(config (epg-configuration))
-	(recipients (message-options-get 'mml-smime-epg-recipients))
-	cipher signers
-	(boundary (mml-compute-boundary cont))
-	recipient-key)
+  (let* ((inhibit-redisplay t)
+	 (context (epg-make-context 'CMS))
+	 (config (epg-configuration))
+	 (recipients (message-options-get 'mml-smime-epg-recipients))
+	 cipher signers
+	 (sender (message-options-get 'message-sender))
+	 (signer-names (or mml-smime-signers
+			   (if (and mml-smime-sign-with-sender sender)
+			       (list (concat "<" sender ">")))))
+	 (boundary (mml-compute-boundary cont))
+	 recipient-key)
     (unless recipients
       (setq recipients
 	    (apply #'nconc
@@ -458,6 +501,10 @@ Content-Disposition: attachment; filename=smime.p7s
 			 (message-options-set 'message-recipients
 					      (read-string "Recipients: ")))
 		     "[ \f\t\n\r\v,]+"))))
+      (when mml-smime-encrypt-to-self
+	(unless signer-names
+	  (error "Neither message sender nor mml-smime-signers are set"))
+	(setq recipients (nconc recipients signer-names)))
       (if (eq mm-encrypt-option 'guided)
 	  (setq recipients
 		(epa-select-keys context "\
@@ -527,7 +574,7 @@ Content-Disposition: attachment; filename=smime.p7m
 	(mm-set-handle-multipart-parameter
 	 mm-security-handle 'gnus-info "Corrupted")
 	(throw 'error handle))
-      (setq part (mm-replace-in-string part "\n" "\r\n" t)
+      (setq part (mm-replace-in-string part "\n" "\r\n")
 	    context (epg-make-context 'CMS))
       (condition-case error
 	  (setq plain (epg-verify-string context (mm-get-part signature) part))