From 579b176e686d1b30cc8ecde55c5a8a31310c5938 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 25 Nov 2019 16:45:51 -0500
Subject: email-print-mime-structure: handle one-part PKCS#7 signature objects

PKCS#7 offers a signed-only mode which is distinct from
multipart/signed.  This mode is more robust to breakage by
transforming MTAs, but it is also unreadable *unless* the receiver
knows how to cope with S/MIME.

See https://tools.ietf.org/html/rfc8551#section-3.5 for more details
about the different formats.

email-print-mime-structure should now be able to handle these messages
and display the structure of their content as well.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
---
 email-print-mime-structure | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'email-print-mime-structure')

diff --git a/email-print-mime-structure b/email-print-mime-structure
index 6d7b0af..b7646e0 100755
--- a/email-print-mime-structure
+++ b/email-print-mime-structure
@@ -103,6 +103,19 @@ class MimePrinter(object):
             newprefix = prefix[:-3] + ' '
             print(f'{newprefix}↧ (decrypts to)')
             self.print_tree(cryptopayload, newprefix + '└', z, 0)
+        else:
+            if z.get_content_type().lower() == 'application/pkcs7-mime' and \
+               str(z.get_param('smime-type')).lower() == 'signed-data':
+                bodypart:Union[List[Message],str,bytes,None] = z.get_payload(decode=True)
+                if isinstance(bodypart, bytes):
+                    unwrapped = self.pipe_transform(bodypart, ['certtool', '--p7-show-data', '--p7-info', '--inder'])
+                    if unwrapped:
+                        newprefix = prefix[:-3] + ' '
+                        print(f'{newprefix}⇩ (unwraps to)')
+                        self.print_tree(unwrapped, newprefix + '└', z, 0)
+                    else:
+                        logging.warning(f'Unable to unwrap one-part PKCS#7 signed message (maybe try "apt install gnutls-bin")')
+
 
     def decrypt_part(self, msg:Message, flavor:EncType) -> Optional[Message]:
         ciphertext:Union[List[Message],str,bytes,None] = msg.get_payload(decode=True)
-- 
cgit v1.2.3