[balsa: 1/2] refactoring of crypto flags




commit 6c12ec406ec290d64b13ebbd46c00957a4adf353
Author: Albrecht Dreß <albrecht dress netcologne de>
Date:   Wed Apr 6 17:42:49 2022 +0000

    refactoring of crypto flags

 libbalsa/body.c                | 133 +++++++++++++++++++++++++++++++++++++----
 libbalsa/body.h                |   5 +-
 libbalsa/identity.c            |  22 +++----
 libbalsa/identity.h            |   2 +-
 libbalsa/message.c             |  72 +++++++++++-----------
 libbalsa/message.h             |  59 ++++++++++++------
 libbalsa/rfc3156.c             |  99 +-----------------------------
 libbalsa/rfc3156.h             |  26 --------
 libbalsa/send.c                |  16 ++---
 src/balsa-message.c            |  52 ++++++++--------
 src/balsa-mime-widget-crypto.c |  16 ++---
 src/balsa-mime-widget-crypto.h |   2 +-
 src/sendmsg-window.c           |  75 +++++++++++------------
 src/sendmsg-window.h           |   3 +-
 14 files changed, 297 insertions(+), 285 deletions(-)
---
diff --git a/libbalsa/body.c b/libbalsa/body.c
index d2c732305..11da495d6 100644
--- a/libbalsa/body.c
+++ b/libbalsa/body.c
@@ -303,7 +303,7 @@ libbalsa_message_body_type(LibBalsaMessageBody * body)
 }
 
 gchar *
-libbalsa_message_body_get_parameter(LibBalsaMessageBody * body,
+libbalsa_message_body_get_parameter(const LibBalsaMessageBody * body,
                                    const gchar * param)
 {
     GMimeContentType *type;
@@ -941,21 +941,130 @@ libbalsa_message_body_mp_related_root(LibBalsaMessageBody *body)
     return root_body;
 }
 
-LibBalsaMsgProtectState
-libbalsa_message_body_protect_state(const LibBalsaMessageBody *body)
+/** Basic requirements for a multipart crypto: protocol is not NULL, exactly two body parts */
+#define MP_CRYPT_STRUCTURE(part, protocol)                                                                   
          \
+       (((protocol) != NULL) && ((body)->parts != NULL) &&                                             \
+        ((body)->parts->next != NULL) && ((body)->parts->next->next == NULL))
+
+/** Check if protocol is application/subtype, and that part has the same MIME type */
+#define IS_PROT_PART(part, protocol, subtype)                                                                
  \
+       ((g_ascii_strcasecmp("application/" subtype, protocol) == 0) &&                         \
+        body_is_type(part, "application", subtype))
+
+static inline gboolean
+body_is_type(const LibBalsaMessageBody *body,
+                        const gchar               *type,
+                        const gchar               *sub_type)
+{
+       gboolean retval;
+       GMimeContentType *content_type;
+
+       if (body->mime_part) {
+               content_type = g_mime_object_get_content_type(body->mime_part);
+               retval = g_mime_content_type_is_type(content_type, type, sub_type);
+       } else {
+               content_type = g_mime_content_type_parse(libbalsa_parser_options(), body->content_type);
+               retval = g_mime_content_type_is_type(content_type, type, sub_type);
+               g_object_unref(content_type);
+       }
+
+       return retval;
+}
+
+/** @brief Get the basic protection mode of a body
+ *
+ * @param body message body
+ * @return a bit mask indicating the protection state of the body
+ *
+ * Check the structure and parameters of the passed body, and return a bit mask indicating if it is signed 
or encrypted, and which
+ * protocol is used.  @ref LIBBALSA_PROTECT_ERROR indicates obvious errors.  The bit mask does @em not 
include the validity of a
+ * signature (see libbalsa_message_body_signature_state() for this purpose).
+ */
+guint
+libbalsa_message_body_protect_mode(const LibBalsaMessageBody * body)
+{
+       guint result;
+
+       g_return_val_if_fail(body != NULL, 0);
+       g_return_val_if_fail(body->content_type != NULL, 0);
+
+       if (body_is_type(body, "multipart", "signed")) {
+               /* multipart/signed (PGP/MIME, S/MIME) must have a protocol and a micalg parameter */
+               gchar *protocol = libbalsa_message_body_get_parameter(body, "protocol");
+               gchar *micalg = libbalsa_message_body_get_parameter(body, "micalg");
+
+               result = LIBBALSA_PROTECT_SIGN;
+               if (MP_CRYPT_STRUCTURE(body, protocol)) {
+                       if (IS_PROT_PART(body->parts->next, protocol, "pkcs7-signature") ||
+                               IS_PROT_PART(body->parts->next, protocol, "x-pkcs7-signature")) {
+                               result |= LIBBALSA_PROTECT_SMIME;
+                               if (micalg == NULL) {
+                                       result |= LIBBALSA_PROTECT_ERROR;
+                               }
+                       } else if (IS_PROT_PART(body->parts->next, protocol, "pgp-signature")) {
+                               result |= LIBBALSA_PROTECT_RFC3156;
+                               if ((micalg == NULL) || (g_ascii_strncasecmp("pgp-", micalg, 4) != 0)) {
+                                       result |= LIBBALSA_PROTECT_ERROR;
+                               }
+                       } else {
+                               result |= LIBBALSA_PROTECT_ERROR;
+                       }
+               } else {
+                       result |= LIBBALSA_PROTECT_ERROR;
+               }
+               g_free(micalg);
+               g_free(protocol);
+       } else if (body_is_type(body, "multipart", "encrypted")) {
+               /* multipart/signed (PGP/MIME, S/MIME) must have a protocol parameter */
+               gchar *protocol = libbalsa_message_body_get_parameter(body, "protocol");
+
+               result = LIBBALSA_PROTECT_ENCRYPT | LIBBALSA_PROTECT_RFC3156;
+               if (!MP_CRYPT_STRUCTURE(body, protocol) ||
+                       !IS_PROT_PART(body->parts, protocol, "pgp-encrypted") ||
+                       !body_is_type(body->parts->next, "application", "octet-stream")) {
+                       result |= LIBBALSA_PROTECT_ERROR;
+               }
+               g_free(protocol);
+       } else if (body_is_type(body, "application", "pkcs7-mime") ||
+                          body_is_type(body, "application", "x-pkcs7-mime")) {
+               /* multipart/pkcs7-mime (S/MIME) must have a smime-type parameter */
+               gchar *smime_type = libbalsa_message_body_get_parameter(body, "smime-type");
+
+               result = LIBBALSA_PROTECT_SMIME;
+               if ((g_ascii_strcasecmp("enveloped-data", smime_type) == 0) ||
+                       (g_ascii_strcasecmp("signed-data", smime_type) == 0)) {
+                       result |= LIBBALSA_PROTECT_ENCRYPT;
+               } else {
+                       result |= LIBBALSA_PROTECT_ERROR;
+               }
+               g_free(smime_type);
+       } else {
+               result = LIBBALSA_PROTECT_NONE;
+       }
+
+       return result;
+}
+
+/** @brief Get the cryptographic signature state of a body
+ *
+ * @param body message body
+ * @return a value indicating the cryptographic signature state of the body
+ */
+guint
+libbalsa_message_body_signature_state(const LibBalsaMessageBody *body)
 {
-       LibBalsaMsgProtectState state;
+       guint state;
 
        if ((body == NULL) || (body->sig_info == NULL) ||
                (g_mime_gpgme_sigstat_status(body->sig_info) == GPG_ERR_NOT_SIGNED) ||
                (g_mime_gpgme_sigstat_status(body->sig_info) == GPG_ERR_CANCELED)) {
-               state = LIBBALSA_MSG_PROTECT_NONE;
+               state = LIBBALSA_PROTECT_NONE;
        } else if (g_mime_gpgme_sigstat_status(body->sig_info) != GPG_ERR_NO_ERROR) {
-               state = LIBBALSA_MSG_PROTECT_SIGN_BAD;
+               state = LIBBALSA_PROTECT_SIGN_BAD;
        } else if ((g_mime_gpgme_sigstat_summary(body->sig_info) & GPGME_SIGSUM_VALID) == GPGME_SIGSUM_VALID) 
{
-               state = LIBBALSA_MSG_PROTECT_SIGN_GOOD;
+               state = LIBBALSA_PROTECT_SIGN_GOOD;
        } else {
-               state = LIBBALSA_MSG_PROTECT_SIGN_NOTRUST;
+               state = LIBBALSA_PROTECT_SIGN_NOTRUST;
        }
 
        return state;
@@ -977,10 +1086,10 @@ libbalsa_message_body_multipart_signed(const LibBalsaMessageBody *body)
                        (body->content_type != NULL) &&
                        (g_ascii_strcasecmp(body->content_type, "multipart/signed") == 0) &&
                        (body->parts != NULL) &&                                        /* must have children 
*/
-                   (body->parts->next != NULL) &&                              /* must have *two* child 
parts... */
-                   (body->parts->next->next == NULL) &&                /* ...but not more */
-                   (body->parts->next->sig_info != NULL) &&
-                   (g_mime_gpgme_sigstat_status(body->parts->next->sig_info) != GPG_ERR_NOT_SIGNED);
+                       (body->parts->next != NULL) &&                          /* must have *two* child 
parts... */
+                       (body->parts->next->next == NULL) &&            /* ...but not more */
+                       (body->parts->next->sig_info != NULL) &&
+                       (g_mime_gpgme_sigstat_status(body->parts->next->sig_info) != GPG_ERR_NOT_SIGNED);
 }
 
 
diff --git a/libbalsa/body.h b/libbalsa/body.h
index 08098aa28..d201ed120 100644
--- a/libbalsa/body.h
+++ b/libbalsa/body.h
@@ -118,7 +118,7 @@ gboolean libbalsa_message_body_save_vfs(LibBalsaMessageBody * body,
 gboolean libbalsa_message_body_save_temporary(LibBalsaMessageBody * body,
                                               GError **err);
 
-gchar *libbalsa_message_body_get_parameter(LibBalsaMessageBody * body,
+gchar *libbalsa_message_body_get_parameter(const LibBalsaMessageBody * body,
                                           const gchar * param);
 gchar *libbalsa_message_body_get_mime_type(LibBalsaMessageBody * body);
 
@@ -132,7 +132,8 @@ LibBalsaMessageBody *libbalsa_message_body_get_by_id(LibBalsaMessageBody *
                                                      const gchar * id);
 LibBalsaMessageBody *libbalsa_message_body_mp_related_root(LibBalsaMessageBody *body);
 
-LibBalsaMsgProtectState libbalsa_message_body_protect_state(const LibBalsaMessageBody *body);
+guint libbalsa_message_body_protect_mode(const LibBalsaMessageBody * body);
+guint libbalsa_message_body_signature_state(const LibBalsaMessageBody *body);
 gboolean libbalsa_message_body_multipart_signed(const LibBalsaMessageBody *body);
 gboolean libbalsa_message_body_inline_signed(const LibBalsaMessageBody *body);
 gboolean libbalsa_message_body_has_crypto_content(const LibBalsaMessageBody *body);
diff --git a/libbalsa/identity.c b/libbalsa/identity.c
index 037711ab0..9e72dbe27 100644
--- a/libbalsa/identity.c
+++ b/libbalsa/identity.c
@@ -71,7 +71,7 @@ struct _LibBalsaIdentity {
     gboolean gpg_encrypt;
     gboolean always_trust;
     gboolean warn_send_plain;
-    gint crypt_protocol;
+    guint crypt_protocol;
     gchar *force_gpg_key_id;
     gchar *force_smime_key_id;
 #ifdef ENABLE_AUTOCRYPT
@@ -544,7 +544,7 @@ static void add_show_menu(const char *label, gpointer data,
 static void ident_dialog_free_values(GPtrArray * values);
 
 static void display_frame_set_gpg_mode(GObject * dialog,
-                                       const gchar * key, gint * value);
+                                       const gchar * key, guint * value);
 
 static void ident_dialog_add_smtp_menu(GtkWidget * grid, gint row,
                                        GtkDialog * dialog,
@@ -1427,7 +1427,7 @@ ident_dialog_update(GObject * dlg)
     id->gpg_encrypt     = ident_dialog_get_bool(dlg, "identity-gpgencrypt");
     id->always_trust    = ident_dialog_get_bool(dlg, "identity-trust-always");
     id->warn_send_plain = ident_dialog_get_bool(dlg, "identity-warn-send-plain");
-    id->crypt_protocol  = GPOINTER_TO_INT(ident_dialog_get_value
+    id->crypt_protocol  = GPOINTER_TO_UINT(ident_dialog_get_value
                                           (dlg, "identity-crypt-protocol"));
     g_free(id->force_gpg_key_id);
     id->force_gpg_key_id = g_strstrip(ident_dialog_get_text(dlg, "identity-keyid"));
@@ -1916,7 +1916,7 @@ libbalsa_identity_new_from_config(const gchar* name)
     ident->gpg_encrypt = libbalsa_conf_get_bool("GpgEncrypt");
     ident->always_trust = libbalsa_conf_get_bool("GpgTrustAlways");
     ident->warn_send_plain = libbalsa_conf_get_bool("GpgWarnSendPlain=true");
-    ident->crypt_protocol = libbalsa_conf_get_int("CryptProtocol=16");
+    ident->crypt_protocol = (guint) libbalsa_conf_get_int("CryptProtocol=16");
     ident->force_gpg_key_id = libbalsa_conf_get_string("ForceKeyID");
     ident->force_smime_key_id = libbalsa_conf_get_string("ForceKeyIDSMime");
 #ifdef ENABLE_AUTOCRYPT
@@ -1965,7 +1965,7 @@ libbalsa_identity_save(LibBalsaIdentity* ident, const gchar* group)
     libbalsa_conf_set_bool("GpgEncrypt", ident->gpg_encrypt);
     libbalsa_conf_set_bool("GpgTrustAlways", ident->always_trust);
     libbalsa_conf_set_bool("GpgWarnSendPlain", ident->warn_send_plain);
-    libbalsa_conf_set_int("CryptProtocol", ident->crypt_protocol);
+    libbalsa_conf_set_int("CryptProtocol", (gint) ident->crypt_protocol);
     libbalsa_conf_set_string("ForceKeyID", ident->force_gpg_key_id);
     libbalsa_conf_set_string("ForceKeyIDSMime", ident->force_smime_key_id);
 #ifdef ENABLE_AUTOCRYPT
@@ -1980,7 +1980,7 @@ libbalsa_identity_save(LibBalsaIdentity* ident, const gchar* group)
 
 
 static void
-display_frame_set_gpg_mode(GObject * dialog, const gchar* key, gint * value)
+display_frame_set_gpg_mode(GObject * dialog, const gchar* key, guint * value)
 {
     GtkComboBox *opt_menu = g_object_get_data(G_OBJECT(dialog), key);
 
@@ -1989,7 +1989,7 @@ display_frame_set_gpg_mode(GObject * dialog, const gchar* key, gint * value)
         case LIBBALSA_PROTECT_OPENPGP:
            gtk_combo_box_set_active(opt_menu, 1);
             break;
-        case LIBBALSA_PROTECT_SMIMEV3:
+        case LIBBALSA_PROTECT_SMIME:
            gtk_combo_box_set_active(opt_menu, 2);
             break;
         case LIBBALSA_PROTECT_RFC3156:
@@ -2073,11 +2073,11 @@ ident_dialog_add_gpg_menu(GtkWidget * grid, gint row, GtkDialog * dialog,
     g_object_set_data(G_OBJECT(dialog), menu_key, opt_menu);
 
     add_show_menu(_("GnuPG MIME mode"),
-                  GINT_TO_POINTER(LIBBALSA_PROTECT_RFC3156), opt_menu);
+                  GUINT_TO_POINTER(LIBBALSA_PROTECT_RFC3156), opt_menu);
     add_show_menu(_("GnuPG OpenPGP mode"),
-                  GINT_TO_POINTER(LIBBALSA_PROTECT_OPENPGP), opt_menu);
+                  GUINT_TO_POINTER(LIBBALSA_PROTECT_OPENPGP), opt_menu);
     add_show_menu(_("GpgSM S/MIME mode"),
-                  GINT_TO_POINTER(LIBBALSA_PROTECT_SMIMEV3), opt_menu);
+                  GUINT_TO_POINTER(LIBBALSA_PROTECT_SMIME), opt_menu);
 }
 
 /* add_show_menu: helper function */
@@ -2329,7 +2329,7 @@ libbalsa_identity_get_sig_separator(LibBalsaIdentity *ident)
     return ident->sig_separator;
 }
 
-gint
+guint
 libbalsa_identity_get_crypt_protocol(LibBalsaIdentity *ident)
 {
     g_return_val_if_fail(LIBBALSA_IS_IDENTITY(ident), 0);
diff --git a/libbalsa/identity.h b/libbalsa/identity.h
index a2a429046..d6036227e 100644
--- a/libbalsa/identity.h
+++ b/libbalsa/identity.h
@@ -88,7 +88,7 @@ gboolean     libbalsa_identity_get_gpg_sign(LibBalsaIdentity *ident);
 gboolean     libbalsa_identity_get_gpg_encrypt(LibBalsaIdentity *ident);
 gboolean     libbalsa_identity_get_sig_executable(LibBalsaIdentity *ident);
 gboolean     libbalsa_identity_get_sig_separator(LibBalsaIdentity *ident);
-gint         libbalsa_identity_get_crypt_protocol(LibBalsaIdentity *ident);
+guint        libbalsa_identity_get_crypt_protocol(LibBalsaIdentity *ident);
 gchar* libbalsa_identity_get_signature(LibBalsaIdentity *ident, GError **error);
 const gchar *libbalsa_identity_get_identity_name(LibBalsaIdentity *ident);
 const gchar *libbalsa_identity_get_force_gpg_key_id(LibBalsaIdentity *ident);
diff --git a/libbalsa/message.c b/libbalsa/message.c
index d9ff792ab..a3d210f70 100644
--- a/libbalsa/message.c
+++ b/libbalsa/message.c
@@ -88,15 +88,15 @@ struct _LibBalsaMessage {
     /* message ID */
     gchar *message_id;
 
-    /* GPG sign and/or encrypt message (sending) */
-    guint gpg_mode;
+    /* GnuPG or S/MIME sign and/or encrypt message (sending), or status of received message */
+    guint crypt_mode;
+
+    /* Indicate that uid's should always be trusted when signing a message */
+    gboolean always_trust;
 
     /* attach the GnuPG public key to the message (sending) */
     gboolean att_pubkey;
 
-    /* protection (i.e. sign/encrypt) status (received message) */
-    LibBalsaMsgProtectState prot_state;
-
     /* sender identity, required for choosing a forced GnuPG or S/MIME key */
     LibBalsaIdentity *ident;
 
@@ -145,7 +145,7 @@ libbalsa_message_init(LibBalsaMessage * message)
     message->body_ref = 0;
     message->body_list = NULL;
     message->has_all_headers = 0;
-    message->prot_state = LIBBALSA_MSG_PROTECT_NONE;
+    message->crypt_mode = LIBBALSA_PROTECT_NONE;
     message->ident = NULL;
 }
 
@@ -644,19 +644,19 @@ libbalsa_message_get_attach_icon(LibBalsaMessage * message)
 
     if (libbalsa_message_is_encrypted(message)) {
        attach_icon = LIBBALSA_MESSAGE_ATTACH_ENCR;
-    } else if (message->prot_state != LIBBALSA_MSG_PROTECT_NONE ||
+    } else if (message->crypt_mode != LIBBALSA_PROTECT_NONE ||
        libbalsa_message_is_signed(message)) {
-       switch (message->prot_state) {
-       case LIBBALSA_MSG_PROTECT_SIGN_GOOD:
+       switch (message->crypt_mode) {
+       case LIBBALSA_PROTECT_SIGN_GOOD:
            attach_icon = LIBBALSA_MESSAGE_ATTACH_GOOD;
             break;
-       case LIBBALSA_MSG_PROTECT_SIGN_NOTRUST:
+       case LIBBALSA_PROTECT_SIGN_NOTRUST:
            attach_icon = LIBBALSA_MESSAGE_ATTACH_NOTRUST;
             break;
-       case LIBBALSA_MSG_PROTECT_SIGN_BAD:
+       case LIBBALSA_PROTECT_SIGN_BAD:
            attach_icon = LIBBALSA_MESSAGE_ATTACH_BAD;
             break;
-       case LIBBALSA_MSG_PROTECT_CRYPT:
+       case LIBBALSA_PROTECT_ENCRYPT:
            attach_icon = LIBBALSA_MESSAGE_ATTACH_ENCR;
             break;
        default:
@@ -1667,11 +1667,20 @@ libbalsa_message_get_subtype(LibBalsaMessage *message)
 
 
 guint
-libbalsa_message_get_gpg_mode(LibBalsaMessage *message)
+libbalsa_message_get_crypt_mode(LibBalsaMessage *message)
 {
     g_return_val_if_fail(LIBBALSA_IS_MESSAGE(message), 0);
 
-    return message->gpg_mode;
+    return message->crypt_mode;
+}
+
+
+gboolean
+libbalsa_message_get_always_trust(LibBalsaMessage *message)
+{
+    g_return_val_if_fail(LIBBALSA_IS_MESSAGE(message), FALSE);
+
+    return message->always_trust;
 }
 
 
@@ -1693,15 +1702,6 @@ libbalsa_message_get_attach_pubkey(LibBalsaMessage *message)
 }
 
 
-LibBalsaMsgProtectState
-libbalsa_message_get_protect_state(LibBalsaMessage *message)
-{
-    g_return_val_if_fail(LIBBALSA_IS_MESSAGE(message), 0);
-
-    return message->prot_state;
-}
-
-
 gboolean
 libbalsa_message_has_crypto_content(LibBalsaMessage *message)
 {
@@ -1811,16 +1811,6 @@ libbalsa_message_set_message_id(LibBalsaMessage *message,
 }
 
 
-void
-libbalsa_message_set_protect_state(LibBalsaMessage        *message,
-                                LibBalsaMsgProtectState prot_state)
-{
-    g_return_if_fail(LIBBALSA_IS_MESSAGE(message));
-
-    message->prot_state = prot_state;
-}
-
-
 void
 libbalsa_message_set_request_dsn(LibBalsaMessage *message,
                                  gboolean         request_dsn)
@@ -1877,12 +1867,22 @@ libbalsa_message_set_in_reply_to(LibBalsaMessage *message,
 
 
 void
-libbalsa_message_set_gpg_mode(LibBalsaMessage *message,
-                              guint            mode)
+libbalsa_message_set_crypt_mode(LibBalsaMessage *message,
+                                guint            mode)
+{
+    g_return_if_fail(LIBBALSA_IS_MESSAGE(message));
+
+    message->crypt_mode = mode;
+}
+
+
+void
+libbalsa_message_set_always_trust(LibBalsaMessage *message,
+                                  gboolean         mode)
 {
     g_return_if_fail(LIBBALSA_IS_MESSAGE(message));
 
-    message->gpg_mode = mode;
+    message->always_trust = mode;
 }
 
 
diff --git a/libbalsa/message.h b/libbalsa/message.h
index c0a7449ac..8c20e3f5b 100644
--- a/libbalsa/message.h
+++ b/libbalsa/message.h
@@ -71,18 +71,6 @@ enum _LibBalsaMessageStatus {
     LIBBALSA_MESSAGE_STATUS_ICONS_NUM
 };
 
-
-typedef enum _LibBalsaMsgProtectState LibBalsaMsgProtectState;
-
-enum _LibBalsaMsgProtectState {
-    LIBBALSA_MSG_PROTECT_NONE,
-    LIBBALSA_MSG_PROTECT_SIGN_UNKNOWN,
-    LIBBALSA_MSG_PROTECT_SIGN_GOOD,
-    LIBBALSA_MSG_PROTECT_SIGN_NOTRUST,
-    LIBBALSA_MSG_PROTECT_SIGN_BAD,
-    LIBBALSA_MSG_PROTECT_CRYPT
-};
-
 typedef enum _LibBalsaMessageAttach LibBalsaMessageAttach;
 enum _LibBalsaMessageAttach {
     LIBBALSA_MESSAGE_ATTACH_ATTACH,
@@ -175,6 +163,41 @@ struct _LibBalsaMessageHeaders {
 #define LIBBALSA_MESSAGE_GET_NO(m)      libbalsa_message_get_msgno(m)
 #define LIBBALSA_MESSAGE_GET_LENGTH(m)  libbalsa_message_get_length(m)
 
+
+/** @brief Message cryptographic protection flags
+ *
+ * Bit flags for reporting the cryptographic state of received messages and message bodies, and for creating 
new messages.  Uses by
+ * - _LibBalsaMessage::crypt_mode, _BalsaSendmsg::crypt_mode
+ * - libbalsa_message_set_crypt_mode(), libbalsa_message_get_crypt_mode()
+ * - libbalsa_message_body_protect_mode(), libbalsa_message_body_signature_state()
+ *
+ * @{
+ */
+/* no protection */
+#define LIBBALSA_PROTECT_NONE          0x0000U
+
+/* bits to define the protection mode: signed or encrypted */
+#define LIBBALSA_PROTECT_SIGN          0x0001U
+#define LIBBALSA_PROTECT_ENCRYPT       0x0002U
+#define LIBBALSA_PROTECT_MODE          (LIBBALSA_PROTECT_SIGN | LIBBALSA_PROTECT_ENCRYPT)
+
+/* bits to define the protection method */
+#define LIBBALSA_PROTECT_OPENPGP       0x0004U /* RFC 2440 (OpenPGP) */
+#define LIBBALSA_PROTECT_SMIME         0x0008U /* RFC 8551 (S/MIME v4 or earlier) */
+#define LIBBALSA_PROTECT_RFC3156       0x0010U /* RFC 3156 (PGP/MIME) */
+#define LIBBALSA_PROTECT_PROTOCOL      (LIBBALSA_PROTECT_OPENPGP | LIBBALSA_PROTECT_SMIME | 
LIBBALSA_PROTECT_RFC3156)
+
+/* indicate broken structure */
+#define LIBBALSA_PROTECT_ERROR         0x0020U
+
+/* cryptographic signature state of a received message - note that the signature state is not really a bit 
mask, and must be sorted
+ * in ascending order, i.e. the best state must have the lowest and the worst the highest value */
+#define LIBBALSA_PROTECT_SIGN_GOOD     0x0100U
+#define LIBBALSA_PROTECT_SIGN_NOTRUST  0x0200U
+#define LIBBALSA_PROTECT_SIGN_BAD      0x0300U
+/** @} */
+
+
 /*
  * message headers
  */
@@ -286,10 +309,10 @@ GList                  *libbalsa_message_get_references(LibBalsaMessage *message
 LibBalsaIdentity       *libbalsa_message_get_identity(LibBalsaMessage *message);
 GList                  *libbalsa_message_get_parameters(LibBalsaMessage *message);
 const gchar            *libbalsa_message_get_subtype(LibBalsaMessage *message);
-guint                   libbalsa_message_get_gpg_mode(LibBalsaMessage *message);
+guint                   libbalsa_message_get_crypt_mode(LibBalsaMessage *message);
+gboolean                libbalsa_message_get_always_trust(LibBalsaMessage *message);
 GList                  *libbalsa_message_get_in_reply_to(LibBalsaMessage *message);
 gboolean                libbalsa_message_get_attach_pubkey(LibBalsaMessage *message);
-LibBalsaMsgProtectState libbalsa_message_get_protect_state(LibBalsaMessage *message);
 guint                   libbalsa_message_get_body_ref(LibBalsaMessage *message);
 gboolean                               libbalsa_message_has_crypto_content(LibBalsaMessage *message);
 
@@ -317,8 +340,6 @@ void libbalsa_message_set_sender(LibBalsaMessage     *message,
                                  InternetAddressList *sender);
 void libbalsa_message_set_message_id(LibBalsaMessage *message,
                                      const gchar     *message_id);
-void libbalsa_message_set_protect_state(LibBalsaMessage        *message,
-                                     LibBalsaMsgProtectState prot_state);
 void libbalsa_message_set_request_dsn(LibBalsaMessage *message,
                                       gboolean         request_dsn);
 void libbalsa_message_set_subtype(LibBalsaMessage *message,
@@ -329,8 +350,10 @@ void libbalsa_message_set_references(LibBalsaMessage *message,
                                      GList           *references);
 void libbalsa_message_set_in_reply_to(LibBalsaMessage *message,
                                       GList           *in_reply_to);
-void libbalsa_message_set_gpg_mode(LibBalsaMessage *message,
-                                   guint            mode);
+void libbalsa_message_set_crypt_mode(LibBalsaMessage *message,
+                                     guint            mode);
+void libbalsa_message_set_always_trust(LibBalsaMessage *message,
+                                       gboolean         mode);
 void libbalsa_message_set_attach_pubkey(LibBalsaMessage *message,
                                      gboolean         att_pubkey);
 void libbalsa_message_set_identity(LibBalsaMessage  *message,
diff --git a/libbalsa/rfc3156.c b/libbalsa/rfc3156.c
index 1aec1a5ce..63a0febfd 100644
--- a/libbalsa/rfc3156.c
+++ b/libbalsa/rfc3156.c
@@ -56,27 +56,6 @@ static gboolean have_pub_key_for(gpgme_ctx_t gpgme_ctx,
 
 
 /* ==== public functions =================================================== */
-static gboolean
-body_is_type(LibBalsaMessageBody * body, const gchar * type,
-            const gchar * sub_type)
-{
-    gboolean retval;
-
-    if (body->mime_part) {
-       GMimeContentType *content_type =
-           g_mime_object_get_content_type(body->mime_part);
-       retval = g_mime_content_type_is_type(content_type, type, sub_type);
-    } else {
-       GMimeContentType *content_type =
-           g_mime_content_type_parse(libbalsa_parser_options(), body->content_type);
-       retval = g_mime_content_type_is_type(content_type, type, sub_type);
-       g_object_unref(content_type);
-    }
-
-    return retval;
-}
-
-
 /* return TRUE if we can encrypt for every recipient in the recipients list
  * using protocol */
 gboolean
@@ -108,82 +87,6 @@ libbalsa_can_encrypt_for_all(InternetAddressList * recipients,
 }
 
 
-/*
- * Check if body (and eventually its subparts) are RFC 2633 or RFC 3156 signed
- * or encrypted.
- */
-gint
-libbalsa_message_body_protection(LibBalsaMessageBody * body)
-{
-    gint result = 0;
-
-    g_return_val_if_fail(body != NULL, 0);
-    g_return_val_if_fail(body->content_type != NULL, 0);
-
-    if (body_is_type(body, "multipart", "signed")) {
-       gchar *protocol =
-           libbalsa_message_body_get_parameter(body, "protocol");
-       gchar *micalg =
-           libbalsa_message_body_get_parameter(body, "micalg");
-
-       result = LIBBALSA_PROTECT_SIGN;
-       if (protocol && body->parts && body->parts->next) {
-           if ((!g_ascii_strcasecmp("application/pkcs7-signature",
-                                    protocol)
-                && body_is_type(body->parts->next, "application", 
-                                "pkcs7-signature")) ||
-               (!g_ascii_strcasecmp("application/x-pkcs7-signature",
-                                    protocol)
-                && body_is_type(body->parts->next, "application",
-                                "x-pkcs7-signature"))) {
-               result |= LIBBALSA_PROTECT_SMIMEV3;
-               if (!micalg)
-                   result |= LIBBALSA_PROTECT_ERROR;
-           } else
-               if (!g_ascii_strcasecmp
-                   ("application/pgp-signature", protocol)
-                   && body_is_type(body->parts->next, "application",
-                                   "pgp-signature")) {
-               result |= LIBBALSA_PROTECT_RFC3156;
-               if (!micalg || g_ascii_strncasecmp("pgp-", micalg, 4))
-                   result |= LIBBALSA_PROTECT_ERROR;
-           } else
-               result |= LIBBALSA_PROTECT_ERROR;
-       } else
-           result |= LIBBALSA_PROTECT_ERROR;
-       g_free(micalg);
-       g_free(protocol);
-    } else if (body_is_type(body, "multipart", "encrypted")) {
-       gchar *protocol =
-           libbalsa_message_body_get_parameter(body, "protocol");
-
-       result = LIBBALSA_PROTECT_ENCRYPT | LIBBALSA_PROTECT_RFC3156;
-       if (!protocol ||
-           g_ascii_strcasecmp("application/pgp-encrypted", protocol) ||
-           !body->parts || !body->parts->next ||
-           !body_is_type(body->parts, "application", "pgp-encrypted") ||
-           !body_is_type(body->parts->next, "application",
-                         "octet-stream"))
-           result |= LIBBALSA_PROTECT_ERROR;
-       g_free(protocol);
-    } else if (body_is_type(body, "application", "pkcs7-mime") ||
-           body_is_type(body, "application", "x-pkcs7-mime")) {
-       gchar *smime_type =
-           libbalsa_message_body_get_parameter(body, "smime-type");
-
-       result = LIBBALSA_PROTECT_SMIMEV3;
-       if (!g_ascii_strcasecmp("enveloped-data", smime_type) ||
-           !g_ascii_strcasecmp("signed-data", smime_type))
-           result |= LIBBALSA_PROTECT_ENCRYPT;
-       else
-           result |= LIBBALSA_PROTECT_ERROR;
-       g_free(smime_type);
-    }
-
-    return result;
-}
-
-
 /* === RFC 2633/ RFC 3156 crypto routines === */
 /*
  * Signs the MIME object *content with the private key of rfc822_for using
@@ -457,7 +360,7 @@ libbalsa_body_decrypt(LibBalsaMessageBody *body, gpgme_protocol_t protocol, GtkW
        body->was_encrypted = smime_encrypted;
     }
     if (body->was_encrypted)
-        libbalsa_message_set_protect_state(body->message, LIBBALSA_MSG_PROTECT_CRYPT);
+        libbalsa_message_set_crypt_mode(body->message, LIBBALSA_PROTECT_ENCRYPT);
 
     libbalsa_message_body_set_mime_body(body, mime_obj);
     if (sig_state) {
diff --git a/libbalsa/rfc3156.h b/libbalsa/rfc3156.h
index aeb07de18..715fe69f2 100644
--- a/libbalsa/rfc3156.h
+++ b/libbalsa/rfc3156.h
@@ -20,38 +20,12 @@
 #ifndef __RFC3156_H__
 #define __RFC3156_H__
 
-#ifndef BALSA_VERSION
-# error "Include config.h before this file."
-#endif
-
-/* bits to define the protection method; needed even when we don't
- * HAVE_GPGME */
-#define LIBBALSA_PROTECT_OPENPGP       (1 << 2)        /* RFC 2440 (OpenPGP) */
-#define LIBBALSA_PROTECT_SMIMEV3       (1 << 3)        /* RFC 2633 (S/MIME v3) */
-#define LIBBALSA_PROTECT_RFC3156       (1 << 4)        /* RFC 3156 (PGP/MIME) */
-
 #include <gpgme.h>
 #include "libbalsa.h"
 #include "misc.h"
 #include "gmime-gpgme-signature.h"
 
 
-/* bits to define the protection mode: signed or encrypted */
-#define LIBBALSA_PROTECT_SIGN          (1 << 0)
-#define LIBBALSA_PROTECT_ENCRYPT       (1 << 1)
-#define LIBBALSA_PROTECT_MODE          (3 << 0)
-
-/* bits to define the protection method */
-#define LIBBALSA_PROTECT_PROTOCOL      (7 << 2)
-
-/* indicate broken structure */
-#define LIBBALSA_PROTECT_ERROR         (1 << 5)
-
-/* indicate that uid's should always be trusted */
-#define LIBBALSA_PROTECT_ALWAYS_TRUST  (1 << 6)
-
-
-gint libbalsa_message_body_protection(LibBalsaMessageBody * body);
 gboolean libbalsa_can_encrypt_for_all(InternetAddressList * recipients,
                                      gpgme_protocol_t protocol);
 
diff --git a/libbalsa/send.c b/libbalsa/send.c
index eb145bfba..97339479a 100644
--- a/libbalsa/send.c
+++ b/libbalsa/send.c
@@ -1207,7 +1207,7 @@ create_mime_message(LibBalsaMessage *message,
     /* attach the public key only if we send the message, not if we just postpone it */
     if (!postponing &&
         libbalsa_message_get_attach_pubkey(message) &&
-        ((libbalsa_message_get_gpg_mode(message) & LIBBALSA_PROTECT_PROTOCOL) != 0)) {
+        ((libbalsa_message_get_crypt_mode(message) & LIBBALSA_PROTECT_PROTOCOL) != 0)) {
        attach_pubkey = TRUE;
     }
 
@@ -1362,7 +1362,7 @@ create_mime_message(LibBalsaMessage *message,
             /* in '2440 mode, touch *only* the first body! */
             if (!postponing &&
                 (body == libbalsa_message_get_body_list(body->message)) &&
-                ((gpg_mode = libbalsa_message_get_gpg_mode(message)) > 0) &&
+                ((gpg_mode = libbalsa_message_get_crypt_mode(message)) != 0) &&
                 ((gpg_mode & LIBBALSA_PROTECT_OPENPGP) != 0)) {
                 use_gpg_mode = gpg_mode;
             } else {
@@ -1801,8 +1801,8 @@ libbalsa_create_rfc2440_buffer(LibBalsaMessage *message,
                                GtkWindow       *parent,
                                GError         **error)
 {
-    gint mode = libbalsa_message_get_gpg_mode(message);
-    gboolean always_trust = (mode & LIBBALSA_PROTECT_ALWAYS_TRUST) != 0;
+    guint mode = libbalsa_message_get_crypt_mode(message);
+    gboolean always_trust = libbalsa_message_get_always_trust(message);
 
     switch (mode & LIBBALSA_PROTECT_MODE) {
     case LIBBALSA_PROTECT_SIGN:       /* sign only */
@@ -1883,7 +1883,7 @@ do_multipart_crypto(LibBalsaMessage *message,
     gpgme_protocol_t protocol;
     gboolean always_trust;
 
-    mode = libbalsa_message_get_gpg_mode(message);
+    mode = libbalsa_message_get_crypt_mode(message);
 
     /* check if we shall do any protection */
     if ((mode & LIBBALSA_PROTECT_MODE) == 0) {
@@ -1893,14 +1893,14 @@ do_multipart_crypto(LibBalsaMessage *message,
     /* check which protocol should be used */
     if (mode & LIBBALSA_PROTECT_RFC3156) {
         protocol = GPGME_PROTOCOL_OpenPGP;
-    } else if (mode & LIBBALSA_PROTECT_SMIMEV3) {
+    } else if (mode & LIBBALSA_PROTECT_SMIME) {
         protocol = GPGME_PROTOCOL_CMS;
     } else if (mode & LIBBALSA_PROTECT_OPENPGP) {
         return LIBBALSA_MESSAGE_CREATE_OK;  /* already done... */
     } else {
         return LIBBALSA_MESSAGE_ENCRYPT_ERROR;  /* hmmm.... */
     }
-    always_trust = (mode & LIBBALSA_PROTECT_ALWAYS_TRUST) != 0;
+    always_trust = libbalsa_message_get_always_trust(message);
     /* sign and/or encrypt */
     switch (mode & LIBBALSA_PROTECT_MODE) {
     case LIBBALSA_PROTECT_SIGN:       /* sign message */
@@ -1940,7 +1940,7 @@ do_multipart_crypto(LibBalsaMessage *message,
                              (headers->bcc_list)));
         }
 
-        if ((libbalsa_message_get_gpg_mode(message) & LIBBALSA_PROTECT_SIGN) != 0) {
+        if ((libbalsa_message_get_crypt_mode(message) & LIBBALSA_PROTECT_SIGN) != 0) {
             success =
                 libbalsa_sign_encrypt_mime_object(mime_root,
                                                   lb_send_from(message, protocol),
diff --git a/src/balsa-message.c b/src/balsa-message.c
index e388e7d11..dc4bcd980 100644
--- a/src/balsa-message.c
+++ b/src/balsa-message.c
@@ -141,7 +141,7 @@ static BalsaPartInfo* balsa_part_info_new(LibBalsaMessageBody* body);
 static void balsa_part_info_dispose(GObject * object);
 static void balsa_part_info_finalize(GObject * object);
 
-static LibBalsaMsgProtectState bm_scan_signatures(LibBalsaMessageBody *body,
+static guint bm_scan_signatures(LibBalsaMessageBody *body,
                                                             LibBalsaMessage * message);
 static GdkPixbuf * get_crypto_content_icon(LibBalsaMessageBody * body,
                                           const gchar * content_type,
@@ -1104,7 +1104,7 @@ balsa_message_set(BalsaMessage * balsa_message, LibBalsaMailbox * mailbox, guint
     BalsaPartInfo *info;
     gboolean has_focus;
     LibBalsaMessage *message;
-    LibBalsaMsgProtectState prot_state;
+    guint prot_state;
 
     g_return_val_if_fail(balsa_message != NULL, FALSE);
     has_focus = balsa_message->focus_state != BALSA_MESSAGE_FOCUS_STATE_NO;
@@ -1155,13 +1155,13 @@ balsa_message_set(BalsaMessage * balsa_message, LibBalsaMailbox * mailbox, guint
                                 libbalsa_mailbox_get_crypto_mode(mailbox),
                                 FALSE, 1);
     /* calculate the signature summary state if not set earlier */
-    prot_state = libbalsa_message_get_protect_state(message);
-    if (prot_state == LIBBALSA_MSG_PROTECT_NONE) {
-        LibBalsaMsgProtectState new_prot_state =
+    prot_state = libbalsa_message_get_crypt_mode(message);
+    if (prot_state == LIBBALSA_PROTECT_NONE) {
+        guint new_prot_state =
             bm_scan_signatures(libbalsa_message_get_body_list(message), message);
         /* update the icon if necessary */
         if (prot_state != new_prot_state)
-            libbalsa_message_set_protect_state(message, new_prot_state);
+            libbalsa_message_set_crypt_mode(message, new_prot_state);
     }
 
     /* may update the icon */
@@ -2688,17 +2688,17 @@ balsa_message_zoom(BalsaMessage * balsa_message, gint in_out)
  * Calculate and return a "worst case" summary of all checked signatures in a
  * message.
  */
-static LibBalsaMsgProtectState
+static guint
 bm_scan_signatures(LibBalsaMessageBody *body,
                               LibBalsaMessage * message)
 {
-    LibBalsaMsgProtectState result = LIBBALSA_MSG_PROTECT_NONE;
+    guint result = LIBBALSA_PROTECT_NONE;
 
     g_return_val_if_fail(libbalsa_message_get_headers(message) != NULL, result);
 
     while (body) {
-       LibBalsaMsgProtectState this_part_state =
-           libbalsa_message_body_protect_state(body);
+       guint this_part_state =
+           libbalsa_message_body_signature_state(body);
 
        /* remember: greater means worse... */
        if (this_part_state > result)
@@ -2706,10 +2706,10 @@ bm_scan_signatures(LibBalsaMessageBody *body,
 
         /* scan embedded messages */
         if (body->parts) {
-            LibBalsaMsgProtectState sub_result =
+            guint sub_result =
                 bm_scan_signatures(body->parts, message);
 
-            if (sub_result >= result)
+            if (sub_result > result)
                 result = sub_result;
         }
 
@@ -2733,12 +2733,12 @@ get_crypto_content_icon(LibBalsaMessageBody * body, const gchar * content_type,
     gchar * new_title;
     const gchar * icon_name;
 
-    if ((libbalsa_message_body_protection(body) &
+    if ((libbalsa_message_body_protect_mode(body) &
          (LIBBALSA_PROTECT_ENCRYPT | LIBBALSA_PROTECT_ERROR)) ==
         LIBBALSA_PROTECT_ENCRYPT)
         return NULL;
 
-    icon_name = balsa_mime_widget_signature_icon_name(libbalsa_message_body_protect_state(body));
+    icon_name = balsa_mime_widget_signature_icon_name(libbalsa_message_body_signature_state(body));
     if (!icon_name)
         return NULL;
     icon =
@@ -2800,7 +2800,7 @@ libbalsa_msg_try_decrypt(LibBalsaMessage * message, LibBalsaMessageBody * body,
     while (strcmp(mime_type, "multipart/encrypted") == 0 ||
           strcmp(mime_type, "application/pkcs7-mime") == 0 ||
           strcmp(mime_type, "application/x-pkcs7-mime") == 0) {
-       gint encrres;
+       guint encrres;
 
        /* FIXME: not checking for body_ref > 1 (or > 2 when re-checking, which
         * adds an extra ref) leads to a crash if we have both the encrypted and
@@ -2839,7 +2839,7 @@ libbalsa_msg_try_decrypt(LibBalsaMessage * message, LibBalsaMessageBody * body,
             }
        }
 
-       encrres = libbalsa_message_body_protection(this_body);
+       encrres = libbalsa_message_body_protect_mode(this_body);
 
        if (encrres & LIBBALSA_PROTECT_ENCRYPT) {
            if (encrres & LIBBALSA_PROTECT_ERROR) {
@@ -2862,7 +2862,7 @@ libbalsa_msg_try_decrypt(LibBalsaMessage * message, LibBalsaMessageBody * body,
                     this_body =
                         libbalsa_body_decrypt(this_body,
                                               GPGME_PROTOCOL_OpenPGP, NULL);
-            } else if (encrres & LIBBALSA_PROTECT_SMIMEV3) {
+            } else if (encrres & LIBBALSA_PROTECT_SMIME) {
                 if (!balsa_app.has_smime)
                     libbalsa_information
                         (chk_crypto->chk_mode == LB_MAILBOX_CHK_CRYPT_ALWAYS ?
@@ -2900,7 +2900,7 @@ static void
 libbalsa_msg_try_mp_signed(LibBalsaMessage * message, LibBalsaMessageBody *body,
                           chk_crypto_t * chk_crypto)
 {
-    gint signres;
+    guint signres;
 
     if (chk_crypto->no_mp_signed)
        return;
@@ -2925,7 +2925,7 @@ libbalsa_msg_try_mp_signed(LibBalsaMessage * message, LibBalsaMessageBody *body,
     }
 
     /* check which type of protection we've got */
-    signres = libbalsa_message_body_protection(body);
+    signres = libbalsa_message_body_protect_mode(body);
     if (!(signres & LIBBALSA_PROTECT_SIGN))
        return;
 
@@ -2943,7 +2943,7 @@ libbalsa_msg_try_mp_signed(LibBalsaMessage * message, LibBalsaMessageBody *body,
 
     /* check for an unsupported protocol */
     if (((signres & LIBBALSA_PROTECT_RFC3156) && !balsa_app.has_openpgp) ||
-       ((signres & LIBBALSA_PROTECT_SMIMEV3) && !balsa_app.has_smime)) {
+       ((signres & LIBBALSA_PROTECT_SMIME) && !balsa_app.has_smime)) {
        libbalsa_information
            (chk_crypto->chk_mode == LB_MAILBOX_CHK_CRYPT_ALWAYS ?
             LIBBALSA_INFORMATION_WARNING : LIBBALSA_INFORMATION_MESSAGE,
@@ -2971,11 +2971,11 @@ libbalsa_msg_try_mp_signed(LibBalsaMessage * message, LibBalsaMessageBody *body,
                       GUINT_TO_POINTER(TRUE));
 
     if (body->parts->next->sig_info) {
-       switch (libbalsa_message_body_protect_state(body->parts->next)) {
-       case LIBBALSA_MSG_PROTECT_SIGN_GOOD:
+       switch (libbalsa_message_body_signature_state(body->parts->next)) {
+       case LIBBALSA_PROTECT_SIGN_GOOD:
            g_debug("Detected a good signature");
            break;
-       case LIBBALSA_MSG_PROTECT_SIGN_NOTRUST:
+       case LIBBALSA_PROTECT_SIGN_NOTRUST:
            if (g_mime_gpgme_sigstat_protocol(body->parts->next->sig_info) == GPGME_PROTOCOL_CMS)
                libbalsa_information_may_hide
                    (LIBBALSA_INFORMATION_MESSAGE, "SIG_NOTRUST",
@@ -2987,7 +2987,7 @@ libbalsa_msg_try_mp_signed(LibBalsaMessage * message, LibBalsaMessageBody *body,
                     _("Detected a good signature with insufficient "
                       "validity/trust"));
            break;
-       case LIBBALSA_MSG_PROTECT_SIGN_BAD: {
+       case LIBBALSA_PROTECT_SIGN_BAD: {
                gchar *status;
 
                status = 
libbalsa_gpgme_sig_stat_to_gchar(g_mime_gpgme_sigstat_status(body->parts->next->sig_info));
@@ -3227,7 +3227,7 @@ void
 balsa_message_recheck_crypto(BalsaMessage *balsa_message)
 {
     LibBalsaMessageBody *body_list;
-    LibBalsaMsgProtectState prot_state;
+    guint prot_state;
     LibBalsaMessage * message;
     GtkTreeIter iter;
     BalsaPartInfo * info;
@@ -3251,7 +3251,7 @@ balsa_message_recheck_crypto(BalsaMessage *balsa_message)
     prot_state = bm_scan_signatures(body_list, message);
 
     /* update the icon if necessary */
-    libbalsa_message_set_protect_state(message, prot_state);
+    libbalsa_message_set_crypt_mode(message, prot_state);
 
     /* may update the icon */
     libbalsa_mailbox_msgno_update_attach(libbalsa_message_get_mailbox(balsa_message->message),
diff --git a/src/balsa-mime-widget-crypto.c b/src/balsa-mime-widget-crypto.c
index a871a3204..23546327e 100644
--- a/src/balsa-mime-widget-crypto.c
+++ b/src/balsa-mime-widget-crypto.c
@@ -205,7 +205,7 @@ balsa_mime_widget_crypto_frame(LibBalsaMessageBody * mime_body, GtkWidget * chil
         gtk_box_pack_start(GTK_BOX(icon_box), icon, FALSE, FALSE, 0);
     }
     if (!no_signature) {
-       LibBalsaMsgProtectState sig_state = libbalsa_message_body_protect_state(mime_body);
+       guint sig_state = libbalsa_message_body_signature_state(mime_body);
        const gchar *icon_name = balsa_mime_widget_signature_icon_name(sig_state);
 
        if (icon_name == NULL) {
@@ -213,13 +213,13 @@ balsa_mime_widget_crypto_frame(LibBalsaMessageBody * mime_body, GtkWidget * chil
        }
                icon = gtk_image_new_from_icon_name(balsa_icon_id(icon_name), GTK_ICON_SIZE_MENU);
        switch (sig_state) {
-       case LIBBALSA_MSG_PROTECT_SIGN_GOOD:
+       case LIBBALSA_PROTECT_SIGN_GOOD:
                gtk_widget_set_tooltip_text(icon, _("trusted signature"));
                break;
-       case LIBBALSA_MSG_PROTECT_SIGN_NOTRUST:
+       case LIBBALSA_PROTECT_SIGN_NOTRUST:
                gtk_widget_set_tooltip_text(icon, _("low trust signature"));
                break;
-       case LIBBALSA_MSG_PROTECT_SIGN_BAD:
+       case LIBBALSA_PROTECT_SIGN_BAD:
                gtk_widget_set_tooltip_text(icon, _("bad signature"));
                break;
        default:
@@ -244,14 +244,14 @@ balsa_mime_widget_crypto_frame(LibBalsaMessageBody * mime_body, GtkWidget * chil
  * get the proper icon name for a given protection state
  */
 const gchar *
-balsa_mime_widget_signature_icon_name(LibBalsaMsgProtectState protect_state)
+balsa_mime_widget_signature_icon_name(guint protect_state)
 {
     switch (protect_state) {
-    case LIBBALSA_MSG_PROTECT_SIGN_GOOD:
+    case LIBBALSA_PROTECT_SIGN_GOOD:
         return BALSA_PIXMAP_SIGN_GOOD;
-    case LIBBALSA_MSG_PROTECT_SIGN_NOTRUST:
+    case LIBBALSA_PROTECT_SIGN_NOTRUST:
         return BALSA_PIXMAP_SIGN_NOTRUST;
-    case LIBBALSA_MSG_PROTECT_SIGN_BAD:
+    case LIBBALSA_PROTECT_SIGN_BAD:
         return BALSA_PIXMAP_SIGN_BAD;
     default:
         return NULL;
diff --git a/src/balsa-mime-widget-crypto.h b/src/balsa-mime-widget-crypto.h
index bd125ea9a..ebc63166e 100644
--- a/src/balsa-mime-widget-crypto.h
+++ b/src/balsa-mime-widget-crypto.h
@@ -43,7 +43,7 @@ GtkWidget * balsa_mime_widget_signature_widget(LibBalsaMessageBody * mime_body,
 GtkWidget * balsa_mime_widget_crypto_frame(LibBalsaMessageBody * mime_body, GtkWidget * child,
                                           gboolean was_encrypted, gboolean no_signature,
                                           GtkWidget * signature);
-const gchar *balsa_mime_widget_signature_icon_name(LibBalsaMsgProtectState protect_state);
+const gchar *balsa_mime_widget_signature_icon_name(guint protect_state);
 
 
 G_END_DECLS
diff --git a/src/sendmsg-window.c b/src/sendmsg-window.c
index e5c47c41f..c9adcf805 100644
--- a/src/sendmsg-window.c
+++ b/src/sendmsg-window.c
@@ -100,7 +100,7 @@ static void init_menus(BalsaSendmsg *);
 static void bsmsg_setup_gpg_ui(BalsaSendmsg *bsmsg);
 static void bsmsg_update_gpg_ui_on_ident_change(BalsaSendmsg *bsmsg,
                                                 LibBalsaIdentity *new_ident);
-static void bsmsg_setup_gpg_ui_by_mode(BalsaSendmsg *bsmsg, gint mode);
+static void bsmsg_setup_gpg_ui_by_mode(BalsaSendmsg *bsmsg, guint mode);
 
 #if !HAVE_GSPELL && !HAVE_GTKSPELL
 static void sw_spell_check_weak_notify(BalsaSendmsg * bsmsg);
@@ -5023,13 +5023,15 @@ bsmsg2message(BalsaSendmsg * bsmsg)
 
     headers->date = time(NULL);
     if (balsa_app.has_openpgp || balsa_app.has_smime) {
-        libbalsa_message_set_gpg_mode(message,
-            (bsmsg->gpg_mode & LIBBALSA_PROTECT_MODE) != 0 ? bsmsg->gpg_mode : 0);
+        libbalsa_message_set_crypt_mode(message,
+            (bsmsg->crypt_mode & LIBBALSA_PROTECT_MODE) != 0 ? bsmsg->crypt_mode : LIBBALSA_PROTECT_NONE);
         libbalsa_message_set_attach_pubkey(message, bsmsg->attach_pubkey);
+        libbalsa_message_set_always_trust(message, bsmsg->always_trust);
         libbalsa_message_set_identity(message, ident);
     } else {
-        libbalsa_message_set_gpg_mode(message, 0);
+        libbalsa_message_set_crypt_mode(message, LIBBALSA_PROTECT_NONE);
         libbalsa_message_set_attach_pubkey(message, FALSE);
+        libbalsa_message_set_always_trust(message, FALSE);
     }
 
     /* remember the parent window */
@@ -5169,7 +5171,7 @@ run_check_encrypt_dialog(BalsaSendmsg *bsmsg, const gchar *secondary_msg, gint d
        choice = gtk_dialog_run(GTK_DIALOG(dialog));
        gtk_widget_destroy(dialog);
        if (choice == GTK_RESPONSE_YES) {
-           bsmsg_setup_gpg_ui_by_mode(bsmsg, bsmsg->gpg_mode | LIBBALSA_PROTECT_ENCRYPT);
+           bsmsg_setup_gpg_ui_by_mode(bsmsg, bsmsg->crypt_mode | LIBBALSA_PROTECT_ENCRYPT);
        } else if ((choice == GTK_RESPONSE_CANCEL) || (choice == GTK_RESPONSE_DELETE_EVENT)) {
            result = FALSE;
     } else {
@@ -5194,7 +5196,7 @@ check_suggest_encryption(BalsaSendmsg * bsmsg)
        return TRUE;
 
     /* nothing to do if encryption is already enabled */
-    if ((bsmsg->gpg_mode & LIBBALSA_PROTECT_ENCRYPT) != 0)
+    if ((bsmsg->crypt_mode & LIBBALSA_PROTECT_ENCRYPT) != 0)
        return TRUE;
 
     /* we can not encrypt if we have bcc recipients */
@@ -5205,7 +5207,7 @@ check_suggest_encryption(BalsaSendmsg * bsmsg)
         return TRUE;
 
     /* collect all to and cc recipients */
-    protocol = (bsmsg->gpg_mode & LIBBALSA_PROTECT_SMIMEV3) ?
+    protocol = (bsmsg->crypt_mode & LIBBALSA_PROTECT_SMIME) ?
        GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP;
 
     ia_list = libbalsa_address_view_get_list(bsmsg->recipient_view, "To:");
@@ -5278,7 +5280,7 @@ check_autocrypt_recommendation(BalsaSendmsg *bsmsg)
     }
 
     /* nothing to do if encryption is already enabled or if S/MIME mode is selected */
-    if ((bsmsg->gpg_mode & (LIBBALSA_PROTECT_ENCRYPT | LIBBALSA_PROTECT_SMIMEV3)) != 0) {
+    if ((bsmsg->crypt_mode & (LIBBALSA_PROTECT_ENCRYPT | LIBBALSA_PROTECT_SMIME)) != 0) {
        return TRUE;
     }
 
@@ -5324,7 +5326,7 @@ check_autocrypt_recommendation(BalsaSendmsg *bsmsg)
        if (((autocrypt_mode == AUTOCRYPT_ENCR_AVAIL_MUTUAL) &&
              (libbalsa_identity_get_autocrypt_mode(bsmsg->ident) == AUTOCRYPT_PREFER_ENCRYPT)) ||
             ((bsmsg->parent_message != NULL) &&
-             (libbalsa_message_get_protect_state(bsmsg->parent_message) == LIBBALSA_MSG_PROTECT_CRYPT))) {
+             (libbalsa_message_get_crypt_mode(bsmsg->parent_message) == LIBBALSA_PROTECT_ENCRYPT))) {
                default_choice = GTK_RESPONSE_YES;
        } else if (autocrypt_mode == AUTOCRYPT_ENCR_AVAIL) {
                default_choice = GTK_RESPONSE_NO;
@@ -5359,12 +5361,12 @@ check_autocrypt_recommendation(BalsaSendmsg *bsmsg)
        /* run the dialog */
        result = run_check_encrypt_dialog(bsmsg, message, default_choice);
 
-       if (result && ((bsmsg->gpg_mode & LIBBALSA_PROTECT_ENCRYPT) != 0)) {
+       if (result && ((bsmsg->crypt_mode & LIBBALSA_PROTECT_ENCRYPT) != 0)) {
                /* make sure the message is also signed as required by the Autocrypt standard, and that a 
protocol is selected */
-               if ((bsmsg->gpg_mode & LIBBALSA_PROTECT_PROTOCOL) == 0) {
-                       bsmsg_setup_gpg_ui_by_mode(bsmsg, bsmsg->gpg_mode | (LIBBALSA_PROTECT_RFC3156 + 
LIBBALSA_PROTECT_SIGN));
+               if ((bsmsg->crypt_mode & LIBBALSA_PROTECT_PROTOCOL) == 0) {
+                       bsmsg_setup_gpg_ui_by_mode(bsmsg, bsmsg->crypt_mode | (LIBBALSA_PROTECT_RFC3156 | 
LIBBALSA_PROTECT_SIGN));
                } else {
-                       bsmsg_setup_gpg_ui_by_mode(bsmsg, bsmsg->gpg_mode | LIBBALSA_PROTECT_SIGN);
+                       bsmsg_setup_gpg_ui_by_mode(bsmsg, bsmsg->crypt_mode | LIBBALSA_PROTECT_SIGN);
                }
 
                /* import any missing keys */
@@ -5415,14 +5417,14 @@ send_message_handler(BalsaSendmsg * bsmsg, gboolean queue_only)
     }
 #endif /* ENABLE_AUTOCRYPT */
 
-    if ((bsmsg->gpg_mode & LIBBALSA_PROTECT_OPENPGP) != 0) {
+    if ((bsmsg->crypt_mode & LIBBALSA_PROTECT_OPENPGP) != 0) {
         gboolean warn_mp;
         gboolean warn_html_sign;
 
-        warn_mp = (bsmsg->gpg_mode & LIBBALSA_PROTECT_MODE) != 0 &&
+        warn_mp = (bsmsg->crypt_mode & LIBBALSA_PROTECT_MODE) != 0 &&
             bsmsg->tree_view &&
             gtk_tree_model_get_iter_first(BALSA_MSG_ATTACH_MODEL(bsmsg), &iter);
-        warn_html_sign = (bsmsg->gpg_mode & LIBBALSA_PROTECT_MODE) == LIBBALSA_PROTECT_SIGN &&
+        warn_html_sign = (bsmsg->crypt_mode & LIBBALSA_PROTECT_MODE) == LIBBALSA_PROTECT_SIGN &&
             bsmsg->send_mp_alt;
 
         if (warn_mp || warn_html_sign) {
@@ -5469,7 +5471,7 @@ send_message_handler(BalsaSendmsg * bsmsg, gboolean queue_only)
     balsa_information_parented(GTK_WINDOW(bsmsg->window),
                                LIBBALSA_INFORMATION_DEBUG,
                                _("sending message with GPG mode %d"),
-                               libbalsa_message_get_gpg_mode(message));
+                               libbalsa_message_get_crypt_mode(message));
 
     if(queue_only)
        result = libbalsa_message_queue(message, balsa_app.outbox, fcc,
@@ -5578,7 +5580,7 @@ message_postpone(BalsaSendmsg * bsmsg)
     g_ptr_array_add(headers, g_strdup("X-Balsa-DSN"));
     g_ptr_array_add(headers, g_strdup_printf("%d", bsmsg->req_dsn));
     g_ptr_array_add(headers, g_strdup("X-Balsa-Crypto"));
-    g_ptr_array_add(headers, g_strdup_printf("%d", bsmsg->gpg_mode));
+    g_ptr_array_add(headers, g_strdup_printf("%u", bsmsg->crypt_mode));
     g_ptr_array_add(headers, g_strdup("X-Balsa-Att-Pubkey"));
     g_ptr_array_add(headers, g_strdup_printf("%d", bsmsg->attach_pubkey));
 
@@ -6199,11 +6201,11 @@ sw_gpg_helper(GSimpleAction  * action,
 
     butval = g_variant_get_boolean(state);
     if (butval)
-        bsmsg->gpg_mode |= mask;
+        bsmsg->crypt_mode |= mask;
     else
-        bsmsg->gpg_mode &= ~mask;
+        bsmsg->crypt_mode &= ~mask;
 
-    radio_on = (bsmsg->gpg_mode & LIBBALSA_PROTECT_MODE) > 0;
+    radio_on = (bsmsg->crypt_mode & LIBBALSA_PROTECT_MODE) != 0;
     sw_action_set_enabled(bsmsg, "gpg-mode", radio_on);
 
     g_simple_action_set_state(action, state);
@@ -6245,14 +6247,14 @@ sw_gpg_mode_change_state(GSimpleAction  * action,
     else if (strcmp(mode, "open-pgp") == 0)
         rfc_flag = LIBBALSA_PROTECT_OPENPGP;
     else if (strcmp(mode, "smime") == 0)
-        rfc_flag = LIBBALSA_PROTECT_SMIMEV3;
+        rfc_flag = LIBBALSA_PROTECT_SMIME;
     else {
         g_warning("%s unknown mode “%s”", __func__, mode);
         return;
     }
 
-    bsmsg->gpg_mode =
-        (bsmsg->gpg_mode & ~LIBBALSA_PROTECT_PROTOCOL) | rfc_flag;
+    bsmsg->crypt_mode =
+        (bsmsg->crypt_mode & ~LIBBALSA_PROTECT_PROTOCOL) | rfc_flag;
 
     g_simple_action_set_state(action, state);
 }
@@ -6648,30 +6650,29 @@ bsmsg_update_gpg_ui_on_ident_change(BalsaSendmsg * bsmsg,
     action = sw_get_action(bsmsg, "gpg-mode");
 
     /* preset according to identity */
-    bsmsg->gpg_mode = 0;
-    if (libbalsa_identity_get_always_trust(ident))
-        bsmsg->gpg_mode |= LIBBALSA_PROTECT_ALWAYS_TRUST;
+    bsmsg->crypt_mode = LIBBALSA_PROTECT_NONE;
+    bsmsg->always_trust = libbalsa_identity_get_always_trust(ident);
 
     sw_action_set_active(bsmsg, "sign", libbalsa_identity_get_gpg_sign(ident));
     if (libbalsa_identity_get_gpg_sign(ident))
-        bsmsg->gpg_mode |= LIBBALSA_PROTECT_SIGN;
+        bsmsg->crypt_mode |= LIBBALSA_PROTECT_SIGN;
 
     sw_action_set_active(bsmsg, "encrypt", libbalsa_identity_get_gpg_encrypt(ident));
     if (libbalsa_identity_get_gpg_encrypt(ident))
-        bsmsg->gpg_mode |= LIBBALSA_PROTECT_ENCRYPT;
+        bsmsg->crypt_mode |= LIBBALSA_PROTECT_ENCRYPT;
 
     switch (libbalsa_identity_get_crypt_protocol(ident)) {
     case LIBBALSA_PROTECT_OPENPGP:
-        bsmsg->gpg_mode |= LIBBALSA_PROTECT_OPENPGP;
+        bsmsg->crypt_mode |= LIBBALSA_PROTECT_OPENPGP;
         g_action_change_state(action, g_variant_new_string("open-pgp"));
         break;
-    case LIBBALSA_PROTECT_SMIMEV3:
-        bsmsg->gpg_mode |= LIBBALSA_PROTECT_SMIMEV3;
+    case LIBBALSA_PROTECT_SMIME:
+        bsmsg->crypt_mode |= LIBBALSA_PROTECT_SMIME;
         g_action_change_state(action, g_variant_new_string("smime"));
         break;
     case LIBBALSA_PROTECT_RFC3156:
     default:
-        bsmsg->gpg_mode |= LIBBALSA_PROTECT_RFC3156;
+        bsmsg->crypt_mode |= LIBBALSA_PROTECT_RFC3156;
         g_action_change_state(action, g_variant_new_string("mime"));
     }
 }
@@ -6686,7 +6687,7 @@ bsmsg_setup_gpg_ui(BalsaSendmsg *bsmsg)
 }
 
 static void
-bsmsg_setup_gpg_ui_by_mode(BalsaSendmsg *bsmsg, gint mode)
+bsmsg_setup_gpg_ui_by_mode(BalsaSendmsg *bsmsg, guint mode)
 {
     GAction *action;
 
@@ -6694,12 +6695,12 @@ bsmsg_setup_gpg_ui_by_mode(BalsaSendmsg *bsmsg, gint mode)
     if (!balsa_app.has_openpgp && !balsa_app.has_smime)
        return;
 
-    bsmsg->gpg_mode = mode;
+    bsmsg->crypt_mode = mode;
     sw_action_set_active(bsmsg, "sign", mode & LIBBALSA_PROTECT_SIGN);
     sw_action_set_active(bsmsg, "encrypt", mode & LIBBALSA_PROTECT_ENCRYPT);
 
     action = sw_get_action(bsmsg, "gpg-mode");
-    if (mode & LIBBALSA_PROTECT_SMIMEV3)
+    if (mode & LIBBALSA_PROTECT_SMIME)
         g_action_change_state(action, g_variant_new_string("smime"));
     else if (mode & LIBBALSA_PROTECT_OPENPGP)
         g_action_change_state(action, g_variant_new_string("open-pgp"));
@@ -6814,7 +6815,7 @@ sendmsg_window_new()
 #if !HAVE_GTKSPELL && !HAVE_GSPELL
     bsmsg->spell_checker = NULL;
 #endif                          /* HAVE_GTKSPELL */
-    bsmsg->gpg_mode = LIBBALSA_PROTECT_RFC3156;
+    bsmsg->crypt_mode = LIBBALSA_PROTECT_RFC3156;
     bsmsg->attach_pubkey = FALSE;
     bsmsg->autosave_timeout_id = /* autosave every 5 minutes */
         g_timeout_add_seconds(60*5, (GSourceFunc)sw_autosave_timeout_cb, bsmsg);
diff --git a/src/sendmsg-window.h b/src/sendmsg-window.h
index b42c53a8c..d8d248983 100644
--- a/src/sendmsg-window.h
+++ b/src/sendmsg-window.h
@@ -91,7 +91,8 @@ G_BEGIN_DECLS
        gboolean send_mp_alt;   /* send multipart/alternative (plain and html) */ 
        gboolean req_mdn;        /* send a MDN */
        gboolean req_dsn;        /* send a delivery status notification */
-       guint gpg_mode;
+       guint crypt_mode;
+       gboolean always_trust;
        gboolean attach_pubkey;
 
 #if !HAVE_GTKSOURCEVIEW


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]