sup 0.19.0

data/lib/sup/colormap.rb

@@ -0,0 +1,239 @@
+module Ncurses
+  COLOR_DEFAULT = -1
+
+  NUM_COLORS = `tput colors`.to_i
+  MAX_PAIRS = `tput pairs`.to_i
+
+  def self.color! name, value
+    const_set "COLOR_#{name.to_s.upcase}", value
+  end
+
+  ## numeric colors
+  Ncurses::NUM_COLORS.times { |x| color! x, x }
+
+  if Ncurses::NUM_COLORS == 256
+    ## xterm 6x6x6 color cube
+    6.times { |x| 6.times { |y| 6.times { |z| color! "c#{x}#{y}#{z}", 16 + z + 6*y + 36*x } } }
+
+    ## xterm 24-shade grayscale
+    24.times { |x| color! "g#{x}", (16+6*6*6) + x }
+  end
+end
+
+module Redwood
+
+class Colormap
+  @@instance = nil
+
+  DEFAULT_COLORS = {
+    :text => { :fg => "white", :bg => "black" },
+    :status => { :fg => "white", :bg => "blue", :attrs => ["bold"] },
+    :index_old => { :fg => "white", :bg => "default" },
+    :index_new => { :fg => "white", :bg => "default", :attrs => ["bold"] },
+    :index_starred => { :fg => "yellow", :bg => "default", :attrs => ["bold"] },
+    :index_draft => { :fg => "red", :bg => "default", :attrs => ["bold"] },
+    :labellist_old => { :fg => "white", :bg => "default" },
+    :labellist_new => { :fg => "white", :bg => "default", :attrs => ["bold"] },
+    :twiddle => { :fg => "blue", :bg => "default" },
+    :label => { :fg => "yellow", :bg => "default" },
+    :message_patina => { :fg => "black", :bg => "green" },
+    :alternate_patina => { :fg => "black", :bg => "blue" },
+    :missing_message => { :fg => "black", :bg => "red" },
+    :attachment => { :fg => "cyan", :bg => "default" },
+    :cryptosig_valid => { :fg => "yellow", :bg => "default", :attrs => ["bold"] },
+    :cryptosig_valid_untrusted => { :fg => "yellow", :bg => "blue", :attrs => ["bold"] },
+    :cryptosig_unknown => { :fg => "cyan", :bg => "default" },
+    :cryptosig_invalid => { :fg => "yellow", :bg => "red", :attrs => ["bold"] },
+    :generic_notice_patina => { :fg => "cyan", :bg => "default" },
+    :quote_patina => { :fg => "yellow", :bg => "default" },
+    :sig_patina => { :fg => "yellow", :bg => "default" },
+    :quote => { :fg => "yellow", :bg => "default" },
+    :sig => { :fg => "yellow", :bg => "default" },
+    :to_me => { :fg => "green", :bg => "default" },
+    :with_attachment => { :fg => "green", :bg => "default" },
+    :starred => { :fg => "yellow", :bg => "default", :attrs => ["bold"] },
+    :starred_patina => { :fg => "yellow", :bg => "green", :attrs => ["bold"] },
+    :alternate_starred_patina => { :fg => "yellow", :bg => "blue", :attrs => ["bold"] },
+    :snippet => { :fg => "cyan", :bg => "default" },
+    :option => { :fg => "white", :bg => "default" },
+    :tagged => { :fg => "yellow", :bg => "default", :attrs => ["bold"] },
+    :draft_notification => { :fg => "red", :bg => "default", :attrs => ["bold"] },
+    :completion_character => { :fg => "white", :bg => "default", :attrs => ["bold"] },
+    :horizontal_selector_selected => { :fg => "yellow", :bg => "default", :attrs => ["bold"] },
+    :horizontal_selector_unselected => { :fg => "cyan", :bg => "default" },
+    :search_highlight => { :fg => "black", :bg => "yellow", :attrs => ["bold"] },
+    :system_buf => { :fg => "blue", :bg => "default" },
+    :regular_buf => { :fg => "white", :bg => "default" },
+    :modified_buffer => { :fg => "yellow", :bg => "default", :attrs => ["bold"] },
+    :date => { :fg => "white", :bg => "default"},
+    :size_widget => { :fg => "white", :bg => "default"},
+  }
+
+  def initialize
+    raise "only one instance can be created" if @@instance
+    @@instance = self
+    @color_pairs = {[Ncurses::COLOR_WHITE, Ncurses::COLOR_BLACK] => 0}
+    @users = []
+    @next_id = 0
+    reset
+    yield self if block_given?
+  end
+
+  def reset
+    @entries = {}
+    @highlights = { :none => highlight_sym(:none)}
+    @entries[highlight_sym(:none)] = highlight_for(Ncurses::COLOR_WHITE,
+                                                   Ncurses::COLOR_BLACK,
+                                                   []) + [nil]
+  end
+
+  def add sym, fg, bg, attr=nil, highlight=nil
+    raise ArgumentError, "color for #{sym} already defined" if @entries.member? sym
+    raise ArgumentError, "color '#{fg}' unknown" unless (-1...Ncurses::NUM_COLORS).include? fg
+    raise ArgumentError, "color '#{bg}' unknown" unless (-1...Ncurses::NUM_COLORS).include? bg
+    attrs = [attr].flatten.compact
+
+    @entries[sym] = [fg, bg, attrs, nil]
+
+    if not highlight
+      highlight = highlight_sym(sym)
+      @entries[highlight] = highlight_for(fg, bg, attrs) + [nil]
+    end
+
+    @highlights[sym] = highlight
+  end
+
+  def highlight_sym sym
+    "#{sym}_highlight".intern
+  end
+
+  def highlight_for fg, bg, attrs
+    hfg =
+      case fg
+      when Ncurses::COLOR_BLUE
+        Ncurses::COLOR_WHITE
+      when Ncurses::COLOR_YELLOW, Ncurses::COLOR_GREEN
+        fg
+      else
+        Ncurses::COLOR_BLACK
+      end
+
+    hbg =
+      case bg
+      when Ncurses::COLOR_CYAN
+        Ncurses::COLOR_YELLOW
+      when Ncurses::COLOR_YELLOW
+        Ncurses::COLOR_BLUE
+      else
+        Ncurses::COLOR_CYAN
+      end
+
+    attrs =
+      if fg == Ncurses::COLOR_WHITE && attrs.include?(Ncurses::A_BOLD)
+        [Ncurses::A_BOLD]
+      else
+        case hfg
+        when Ncurses::COLOR_BLACK
+          []
+        else
+          [Ncurses::A_BOLD]
+        end
+      end
+    [hfg, hbg, attrs]
+  end
+
+  def color_for sym, highlight=false
+    sym = @highlights[sym] if highlight
+    return Ncurses::COLOR_BLACK if sym == :none
+    raise ArgumentError, "undefined color #{sym}" unless @entries.member? sym
+
+    ## if this color is cached, return it
+    fg, bg, attrs, color = @entries[sym]
+    return color if color
+
+    if(cp = @color_pairs[[fg, bg]])
+      ## nothing
+    else ## need to get a new colorpair
+      @next_id = (@next_id + 1) % Ncurses::MAX_PAIRS
+      @next_id += 1 if @next_id == 0 # 0 is always white on black
+      id = @next_id
+      debug "colormap: for color #{sym}, using id #{id} -> #{fg}, #{bg}"
+      Ncurses.init_pair id, fg, bg or raise ArgumentError,
+        "couldn't initialize curses color pair #{fg}, #{bg} (key #{id})"
+
+      cp = @color_pairs[[fg, bg]] = Ncurses.COLOR_PAIR(id)
+      ## delete the old mapping, if it exists
+      if @users[cp]
+        @users[cp].each do |usym|
+          warn "dropping color #{usym} (#{id})"
+          @entries[usym][3] = nil
+        end
+        @users[cp] = []
+      end
+    end
+
+    ## by now we have a color pair
+    color = attrs.inject(cp) { |color, attr| color | attr }
+    @entries[sym][3] = color # fill the cache
+    (@users[cp] ||= []) << sym # record entry as a user of that color pair
+    color
+  end
+
+  def sym_is_defined sym
+      return sym if @entries.member? sym
+  end
+
+  ## Try to use the user defined colors, in case of an error fall back
+  ## to the default ones.
+  def populate_colormap
+    user_colors = if File.exists? Redwood::COLOR_FN
+      debug "loading user colors from #{Redwood::COLOR_FN}"
+      Redwood::load_yaml_obj Redwood::COLOR_FN
+    end
+
+    ## Set attachment sybmol to sane default for existing colorschemes
+    if user_colors and user_colors.has_key? :to_me 
+      user_colors[:with_attachment] = user_colors[:to_me] unless user_colors.has_key? :with_attachment
+    end
+
+    Colormap::DEFAULT_COLORS.merge(user_colors||{}).each_pair do |k, v|
+      fg = begin
+        Ncurses.const_get "COLOR_#{v[:fg].to_s.upcase}"
+      rescue NameError
+        warn "there is no color named \"#{v[:fg]}\""
+        Ncurses::COLOR_GREEN
+      end
+
+      bg = begin
+        Ncurses.const_get "COLOR_#{v[:bg].to_s.upcase}"
+      rescue NameError
+        warn "there is no color named \"#{v[:bg]}\""
+        Ncurses::COLOR_RED
+      end
+
+      attrs = (v[:attrs]||[]).map do |a|
+        begin
+          Ncurses.const_get "A_#{a.upcase}"
+        rescue NameError
+          warn "there is no attribute named \"#{a}\", using fallback."
+          nil
+        end
+      end.compact
+
+      highlight_symbol = v[:highlight] ? :"#{v[:highlight]}_color" : nil
+
+      symbol = (k.to_s + "_color").to_sym
+      add symbol, fg, bg, attrs, highlight_symbol
+    end
+  end
+
+  def self.instance; @@instance; end
+  def self.method_missing meth, *a
+    Colormap.new unless @@instance
+    @@instance.send meth, *a
+  end
+  # Performance shortcut
+  def self.color_for *a; @@instance.color_for *a; end
+end
+
+end

data/lib/sup/contact.rb

@@ -0,0 +1,67 @@
+# encoding: utf-8
+
+module Redwood
+
+class ContactManager
+  include Redwood::Singleton
+
+  def initialize fn
+    @fn = fn
+
+    ## maintain the mapping between people and aliases. for contacts without
+    ## aliases, there will be no @a2p entry, so @p2a.keys should be treated
+    ## as the canonical list of contacts.
+
+    @p2a = {} # person to alias
+    @a2p = {} # alias to person
+    @e2p = {} # email to person
+
+    if File.exists? fn
+      IO.foreach(fn) do |l|
+        l =~ /^([^:]*): (.*)$/ or raise "can't parse #{fn} line #{l.inspect}"
+        aalias, addr = $1, $2
+        update_alias Person.from_address(addr), aalias
+      end
+    end
+  end
+
+  def contacts; @p2a.keys end
+  def contacts_with_aliases; @a2p.values.uniq end
+
+  def update_alias person, aalias=nil
+    old_aalias = @p2a[person]
+    if(old_aalias != nil and old_aalias != "") # remove old alias
+      @a2p.delete old_aalias
+      @e2p.delete person.email
+    end
+    @p2a[person] = aalias
+    unless aalias.nil? || aalias.empty?
+      @a2p[aalias] = person
+      @e2p[person.email] = person
+    end
+  end
+
+  ## this may not actually be called anywhere, since we still keep contacts
+  ## around without aliases to override any fullname changes.
+  def drop_contact person
+    aalias = @p2a[person]
+    @p2a.delete person
+    @e2p.delete person.email
+    @a2p.delete aalias if aalias
+  end
+
+  def contact_for aalias; @a2p[aalias] end
+  def alias_for person; @p2a[person] end
+  def person_for email; @e2p[email] end
+  def is_aliased_contact? person; !@p2a[person].nil? end
+
+  def save
+    File.open(@fn, "w:UTF-8") do |f|
+      @p2a.sort_by { |(p, a)| [p.full_address, a] }.each do |(p, a)|
+        f.puts "#{a || ''}: #{p.full_address}"
+      end
+    end
+  end
+end
+
+end

data/lib/sup/crypto.rb

@@ -0,0 +1,461 @@
+begin
+  require 'gpgme'
+rescue LoadError
+end
+
+module Redwood
+
+class CryptoManager
+  include Redwood::Singleton
+
+  class Error < StandardError; end
+
+  OUTGOING_MESSAGE_OPERATIONS = OrderedHash.new(
+    [:sign, "Sign"],
+    [:sign_and_encrypt, "Sign and encrypt"],
+    [:encrypt, "Encrypt only"]
+  )
+
+  HookManager.register "gpg-options", <<EOS
+Runs before gpg is called, allowing you to modify the options (most
+likely you would want to add something to certain commands, like
+{:always_trust => true} to encrypting a message, but who knows).
+
+Variables:
+operation: what operation will be done ("sign", "encrypt", "decrypt" or "verify")
+options: a dictionary of values to be passed to GPGME
+
+Return value: a dictionary to be passed to GPGME
+EOS
+
+  HookManager.register "sig-output", <<EOS
+Runs when the signature output is being generated, allowing you to
+add extra information to your signatures if you want.
+
+Variables:
+signature: the signature object (class is GPGME::Signature)
+from_key: the key that generated the signature (class is GPGME::Key)
+
+Return value: an array of lines of output
+EOS
+
+  HookManager.register "gpg-expand-keys", <<EOS
+Runs when the list of encryption recipients is created, allowing you to
+replace a recipient with one or more GPGME recipients. For example, you could
+replace the email address of a mailing list with the key IDs that belong to
+the recipients of that list. This is essentially what GPG groups do, which
+are not supported by GPGME.
+
+Variables:
+recipients: an array of recipients of the current email
+
+Return value: an array of recipients (email address or GPG key ID) to encrypt
+the email for
+EOS
+
+  def initialize
+    @mutex = Mutex.new
+
+    @not_working_reason = nil
+
+    # test if the gpgme gem is available
+    @gpgme_present =
+      begin
+        begin
+          begin
+            GPGME.check_version({:protocol => GPGME::PROTOCOL_OpenPGP})
+          rescue TypeError
+            GPGME.check_version(nil)
+          end
+          true
+        rescue GPGME::Error
+          false
+        rescue ArgumentError
+          # gpgme 2.0.0 raises this due to the hash->string conversion
+          false
+        end
+      rescue NameError
+        false
+      end
+
+    unless @gpgme_present
+      @not_working_reason = ['gpgme gem not present',
+        'Install the gpgme gem in order to use signed and encrypted emails']
+      return
+    end
+
+    # if gpg2 is available, it will start gpg-agent if required
+    if (bin = `which gpg2`.chomp) =~ /\S/
+      if GPGME.respond_to?('set_engine_info')
+        GPGME.set_engine_info GPGME::PROTOCOL_OpenPGP, bin, nil
+      else
+        GPGME.gpgme_set_engine_info GPGME::PROTOCOL_OpenPGP, bin, nil
+      end
+    else
+      # check if the gpg-options hook uses the passphrase_callback
+      # if it doesn't then check if gpg agent is present
+      gpg_opts = HookManager.run("gpg-options",
+                               {:operation => "sign", :options => {}}) || {}
+      if gpg_opts[:passphrase_callback].nil?
+        if ENV['GPG_AGENT_INFO'].nil?
+          @not_working_reason = ["Environment variable 'GPG_AGENT_INFO' not set, is gpg-agent running?",
+                             "If gpg-agent is running, try $ export `cat ~/.gpg-agent-info`"]
+          return
+        end
+
+        gpg_agent_socket_file = ENV['GPG_AGENT_INFO'].split(':')[0]
+        unless File.exist?(gpg_agent_socket_file)
+          @not_working_reason = ["gpg-agent socket file #{gpg_agent_socket_file} does not exist"]
+          return
+        end
+
+        s = File.stat(gpg_agent_socket_file)
+        unless s.socket?
+          @not_working_reason = ["gpg-agent socket file #{gpg_agent_socket_file} is not a socket"]
+          return
+        end
+      end
+    end
+  end
+
+  def have_crypto?; @not_working_reason.nil? end
+  def not_working_reason; @not_working_reason end
+
+  def sign from, to, payload
+    return unknown_status(@not_working_reason) unless @not_working_reason.nil?
+
+    gpg_opts = {:protocol => GPGME::PROTOCOL_OpenPGP, :armor => true, :textmode => true}
+    gpg_opts.merge!(gen_sign_user_opts(from))
+    gpg_opts = HookManager.run("gpg-options",
+                               {:operation => "sign", :options => gpg_opts}) || gpg_opts
+    begin
+      if GPGME.respond_to?('detach_sign')
+        sig = GPGME.detach_sign(format_payload(payload), gpg_opts)
+      else
+        crypto = GPGME::Crypto.new
+        gpg_opts[:mode] = GPGME::SIG_MODE_DETACH
+        sig = crypto.sign(format_payload(payload), gpg_opts).read
+      end
+    rescue GPGME::Error => exc
+      raise Error, gpgme_exc_msg(exc.message)
+    end
+
+    # if the key (or gpg-agent) is not available GPGME does not complain
+    # but just returns a zero length string. Let's catch that
+    if sig.length == 0
+      raise Error, gpgme_exc_msg("GPG failed to generate signature: check that gpg-agent is running and your key is available.")
+    end
+
+    envelope = RMail::Message.new
+    envelope.header["Content-Type"] = 'multipart/signed; protocol=application/pgp-signature'
+
+    envelope.add_part payload
+    signature = RMail::Message.make_attachment sig, "application/pgp-signature", nil, "signature.asc"
+    envelope.add_part signature
+    envelope
+  end
+
+  def encrypt from, to, payload, sign=false
+    return unknown_status(@not_working_reason) unless @not_working_reason.nil?
+
+    gpg_opts = {:protocol => GPGME::PROTOCOL_OpenPGP, :armor => true, :textmode => true}
+    if sign
+      gpg_opts.merge!(gen_sign_user_opts(from))
+      gpg_opts.merge!({:sign => true})
+    end
+    gpg_opts = HookManager.run("gpg-options",
+                               {:operation => "encrypt", :options => gpg_opts}) || gpg_opts
+    recipients = to + [from]
+    recipients = HookManager.run("gpg-expand-keys", { :recipients => recipients }) || recipients
+    begin
+      if GPGME.respond_to?('encrypt')
+        cipher = GPGME.encrypt(recipients, format_payload(payload), gpg_opts)
+      else
+        crypto = GPGME::Crypto.new
+        gpg_opts[:recipients] = recipients
+        cipher = crypto.encrypt(format_payload(payload), gpg_opts).read
+      end
+    rescue GPGME::Error => exc
+      raise Error, gpgme_exc_msg(exc.message)
+    end
+
+    # if the key (or gpg-agent) is not available GPGME does not complain
+    # but just returns a zero length string. Let's catch that
+    if cipher.length == 0
+      raise Error, gpgme_exc_msg("GPG failed to generate cipher text: check that gpg-agent is running and your key is available.")
+    end
+
+    encrypted_payload = RMail::Message.new
+    encrypted_payload.header["Content-Type"] = "application/octet-stream"
+    encrypted_payload.header["Content-Disposition"] = 'inline; filename="msg.asc"'
+    encrypted_payload.body = cipher
+
+    control = RMail::Message.new
+    control.header["Content-Type"] = "application/pgp-encrypted"
+    control.header["Content-Disposition"] = "attachment"
+    control.body = "Version: 1\n"
+
+    envelope = RMail::Message.new
+    envelope.header["Content-Type"] = 'multipart/encrypted; protocol=application/pgp-encrypted'
+
+    envelope.add_part control
+    envelope.add_part encrypted_payload
+    envelope
+  end
+
+  def sign_and_encrypt from, to, payload
+    encrypt from, to, payload, true
+  end
+
+  def verified_ok? verify_result
+    valid = true
+    unknown = false
+    all_output_lines = []
+    all_trusted = true
+
+    verify_result.signatures.each do |signature|
+      output_lines, trusted = sig_output_lines signature
+      all_output_lines << output_lines
+      all_output_lines.flatten!
+      all_trusted &&= trusted
+
+      err_code = GPGME::gpgme_err_code(signature.status)
+      if err_code == GPGME::GPG_ERR_BAD_SIGNATURE
+        valid = false
+      elsif err_code != GPGME::GPG_ERR_NO_ERROR
+        valid = false
+        unknown = true
+      end
+    end
+
+    if valid || !unknown
+      summary_line = simplify_sig_line(verify_result.signatures[0].to_s, all_trusted)
+    end
+
+    if all_output_lines.length == 0
+      Chunk::CryptoNotice.new :valid, "Encrypted message wasn't signed", all_output_lines
+    elsif valid
+      if all_trusted
+        Chunk::CryptoNotice.new(:valid, summary_line, all_output_lines)
+      else
+        Chunk::CryptoNotice.new(:valid_untrusted, summary_line, all_output_lines)
+      end
+    elsif !unknown
+      Chunk::CryptoNotice.new(:invalid, summary_line, all_output_lines)
+    else
+      unknown_status all_output_lines
+    end
+  end
+
+  def verify payload, signature, detached=true # both RubyMail::Message objects
+    return unknown_status(@not_working_reason) unless @not_working_reason.nil?
+
+    gpg_opts = {:protocol => GPGME::PROTOCOL_OpenPGP}
+    gpg_opts = HookManager.run("gpg-options",
+                               {:operation => "verify", :options => gpg_opts}) || gpg_opts
+    ctx = GPGME::Ctx.new(gpg_opts)
+    sig_data = GPGME::Data.from_str signature.decode
+    if detached
+      signed_text_data = GPGME::Data.from_str(format_payload(payload))
+      plain_data = nil
+    else
+      signed_text_data = nil
+      if GPGME::Data.respond_to?('empty')
+        plain_data = GPGME::Data.empty
+      else
+        plain_data = GPGME::Data.empty!
+      end
+    end
+    begin
+      ctx.verify(sig_data, signed_text_data, plain_data)
+    rescue GPGME::Error => exc
+      return unknown_status [gpgme_exc_msg(exc.message)]
+    end
+    begin
+      self.verified_ok? ctx.verify_result
+    rescue ArgumentError => exc
+      return unknown_status [gpgme_exc_msg(exc.message)]
+    end
+  end
+
+  ## returns decrypted_message, status, desc, lines
+  def decrypt payload, armor=false # a RubyMail::Message object
+    return unknown_status(@not_working_reason) unless @not_working_reason.nil?
+
+    gpg_opts = {:protocol => GPGME::PROTOCOL_OpenPGP}
+    gpg_opts = HookManager.run("gpg-options",
+                               {:operation => "decrypt", :options => gpg_opts}) || gpg_opts
+    ctx = GPGME::Ctx.new(gpg_opts)
+    cipher_data = GPGME::Data.from_str(format_payload(payload))
+    if GPGME::Data.respond_to?('empty')
+      plain_data = GPGME::Data.empty
+    else
+      plain_data = GPGME::Data.empty!
+    end
+    begin
+      ctx.decrypt_verify(cipher_data, plain_data)
+    rescue GPGME::Error => exc
+      return Chunk::CryptoNotice.new(:invalid, "This message could not be decrypted", gpgme_exc_msg(exc.message))
+    end
+    begin
+      sig = self.verified_ok? ctx.verify_result
+    rescue ArgumentError => exc
+      sig = unknown_status [gpgme_exc_msg(exc.message)]
+    end
+    plain_data.seek(0, IO::SEEK_SET)
+    output = plain_data.read
+    output.transcode(Encoding::ASCII_8BIT, output.encoding)
+
+    ## TODO: test to see if it is still necessary to do a 2nd run if verify
+    ## fails.
+    #
+    ## check for a valid signature in an extra run because gpg aborts if the
+    ## signature cannot be verified (but it is still able to decrypt)
+    #sigoutput = run_gpg "#{payload_fn.path}"
+    #sig = self.old_verified_ok? sigoutput, $?
+
+    if armor
+      msg = RMail::Message.new
+      # Look for Charset, they are put before the base64 crypted part
+      charsets = payload.body.split("\n").grep(/^Charset:/)
+      if !charsets.empty? and charsets[0] =~ /^Charset: (.+)$/
+        output.transcode($encoding, $1)
+      end
+      msg.body = output
+    else
+      # It appears that some clients use Windows new lines - CRLF - but RMail
+      # splits the body and header on "\n\n". So to allow the parse below to
+      # succeed, we will convert the newlines to what RMail expects
+      output = output.gsub(/\r\n/, "\n")
+      # This is gross. This decrypted payload could very well be a multipart
+      # element itself, as opposed to a simple payload. For example, a
+      # multipart/signed element, like those generated by Mutt when encrypting
+      # and signing a message (instead of just clearsigning the body).
+      # Supposedly, decrypted_payload being a multipart element ought to work
+      # out nicely because Message::multipart_encrypted_to_chunks() runs the
+      # decrypted message through message_to_chunks() again to get any
+      # children. However, it does not work as intended because these inner
+      # payloads need not carry a MIME-Version header, yet they are fed to
+      # RMail as a top-level message, for which the MIME-Version header is
+      # required. This causes for the part not to be detected as multipart,
+      # hence being shown as an attachment. If we detect this is happening,
+      # we force the decrypted payload to be interpreted as MIME.
+      msg = RMail::Parser.read output
+      if msg.header.content_type =~ %r{^multipart/} && !msg.multipart?
+        output = "MIME-Version: 1.0\n" + output
+        output.fix_encoding!
+        msg = RMail::Parser.read output
+      end
+    end
+    notice = Chunk::CryptoNotice.new :valid, "This message has been decrypted for display"
+    [notice, sig, msg]
+  end
+
+private
+
+  def unknown_status lines=[]
+    Chunk::CryptoNotice.new :unknown, "Unable to determine validity of cryptographic signature", lines
+  end
+
+  def gpgme_exc_msg msg
+    err_msg = "Exception in GPGME call: #{msg}"
+    #info err_msg
+    err_msg
+  end
+
+  ## here's where we munge rmail output into the format that signed/encrypted
+  ## PGP/GPG messages should be
+  def format_payload payload
+    payload.to_s.gsub(/(^|[^\r])\n/, "\\1\r\n")
+  end
+
+  # remove the hex key_id and info in ()
+  def simplify_sig_line sig_line, trusted
+    sig_line.sub!(/from [0-9A-F]{16} /, "from ")
+    if !trusted
+      sig_line.sub!(/Good signature/, "Good (untrusted) signature")
+    end
+    sig_line
+  end
+
+  def sig_output_lines signature
+    # It appears that the signature.to_s call can lead to a EOFError if
+    # the key is not found. So start by looking for the key.
+    ctx = GPGME::Ctx.new
+    begin
+      from_key = ctx.get_key(signature.fingerprint)
+      if GPGME::gpgme_err_code(signature.status) == GPGME::GPG_ERR_GENERAL
+        first_sig = "General error on signature verification for #{signature.fingerprint}"
+      elsif signature.to_s
+        first_sig = signature.to_s.sub(/from [0-9A-F]{16} /, 'from "') + '"'
+      else
+        first_sig = "Unknown error or empty signature"
+      end
+    rescue EOFError
+      from_key = nil
+      first_sig = "No public key available for #{signature.fingerprint}"
+    end
+
+    time_line = "Signature made " + signature.timestamp.strftime("%a %d %b %Y %H:%M:%S %Z") +
+                " using " + key_type(from_key, signature.fingerprint) +
+                "key ID " + signature.fingerprint[-8..-1]
+    output_lines = [time_line, first_sig]
+
+    trusted = false
+    if from_key
+      # first list all the uids
+      if from_key.uids.length > 1
+        aka_list = from_key.uids[1..-1]
+        aka_list.each { |aka| output_lines << '                aka "' + aka.uid + '"' }
+      end
+
+      # now we want to look at the trust of that key
+      if signature.validity != GPGME::GPGME_VALIDITY_FULL && signature.validity != GPGME::GPGME_VALIDITY_MARGINAL
+        output_lines << "WARNING: This key is not certified with a trusted signature!"
+        output_lines << "There is no indication that the signature belongs to the owner"
+        output_lines << "Full fingerprint is: " + (0..9).map {|i| signature.fpr[(i*4),4]}.join(":")
+      else
+        trusted = true
+      end
+
+      # finally, run the hook
+      output_lines << HookManager.run("sig-output",
+                               {:signature => signature, :from_key => from_key})
+    end
+    return output_lines, trusted
+  end
+
+  def key_type key, fpr
+    return "" if key.nil?
+    subkey = key.subkeys.find {|subkey| subkey.fpr == fpr || subkey.keyid == fpr }
+    return "" if subkey.nil?
+
+    case subkey.pubkey_algo
+    when GPGME::PK_RSA then "RSA "
+    when GPGME::PK_DSA then "DSA "
+    when GPGME::PK_ELG then "ElGamel "
+    when GPGME::PK_ELG_E then "ElGamel "
+    end
+  end
+
+  # logic is:
+  # if    gpgkey set for this account, then use that
+  # elsif only one account,            then leave blank so gpg default will be user
+  # else                                    set --local-user from_email_address
+  # NOTE: multiple signers doesn't seem to work with gpgme (2.0.2, 1.0.8)
+  #       
+  def gen_sign_user_opts from
+    account = AccountManager.account_for from
+    account ||= AccountManager.default_account
+    if !account.gpgkey.nil?
+      opts = {:signer => account.gpgkey}
+    elsif AccountManager.user_emails.length == 1
+      # only one account
+      opts = {}
+    else
+      opts = {:signer => from}
+    end
+    opts
+  end
+end
+end