# HG changeset patch

# User Kai Engert <kaie@kuix.de>

# Date 1664378971 0

#      Wed Sep 28 15:29:31 2022 +0000

# Node ID 98bde42cf14e966da1cdf098e2d0917032c0f327

# Parent  af0b1f5e4c7710f824c6141103e516ca60bc78aa

Bug 1791195 - Adjust OpenPGP signature handling for RNP >= 0.16.2. r=mkmelin

Differential Revision: https://phabricator.services.mozilla.com/D158270

diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm

--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm

+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm

@@ -1150,22 +1150,25 @@ var RNP = {

     result.exitCode = RNPLib.rnp_op_verify_execute(verify_op);

     let rnpCannotDecrypt = false;

     let queryAllEncryptionRecipients = false;

+    let stillUndecidedIfSignatureIsBad = false;

     let useDecodedData;

     let processSignature;

     switch (result.exitCode) {

       case RNPLib.RNP_SUCCESS:

         useDecodedData = true;

         processSignature = true;

         break;

       case RNPLib.RNP_ERROR_SIGNATURE_INVALID:

-        result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;

+        // Either the signing key is unavailable, or the signature is

+        // indeed bad. Must check signature status below.

+        stillUndecidedIfSignatureIsBad = true;

         useDecodedData = true;

-        processSignature = false;

+        processSignature = true;

         break;

       case RNPLib.RNP_ERROR_SIGNATURE_EXPIRED:

         useDecodedData = true;

         processSignature = false;

         result.statusFlags |= EnigmailConstants.EXPIRED_SIGNATURE;

@@ -1320,13 +1323,30 @@ var RNP = {

           options.fromAddr,

           options.msgDate,

           verify_op,

           result

         );

+

+        if (

+          (result.statusFlags &

+            (EnigmailConstants.GOOD_SIGNATURE |

+              EnigmailConstants.UNCERTAIN_SIGNATURE |

+              EnigmailConstants.EXPIRED_SIGNATURE |

+              EnigmailConstants.BAD_SIGNATURE)) !=

+          0

+        ) {

+          // A decision was already made.

+          stillUndecidedIfSignatureIsBad = false;

+        }

       }

     }

+    if (stillUndecidedIfSignatureIsBad) {

+      // We didn't find more details above, so conclude it's bad.

+      result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;

+    }

+

     RNPLib.rnp_input_destroy(input_from_memory);

     RNPLib.rnp_output_destroy(output_to_memory);

     RNPLib.rnp_op_verify_destroy(verify_op);

     if (

@@ -1458,10 +1478,12 @@ var RNP = {

     let have_signer_key = false;

     let use_signer_key = false;

     if (query_signer) {

       if (RNPLib.rnp_op_verify_signature_get_key(sig, signer_key.address())) {

+        // If sig_status isn't RNP_ERROR_KEY_NOT_FOUND then we must

+        // be able to obtain the signer key.

         throw new Error("rnp_op_verify_signature_get_key");

       }

       have_signer_key = true;

       use_signer_key = !this.isBadKey(signer_key);