email-json: export md5sum of body

The body_md5 has been added and contain the value of the md5sum
of the body.

This patch is using the state PARSE_DONE on the MIME state to
detect when a message has been completely parsed.

diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c
index de8e2568b17c5065a4ddc97499fb6519871f6c87..17d4b0ec00e59bff0c8635cdd9c3d42ce5f41743 100644 (file)
--- a/src/output-json-email-common.c
+++ b/src/output-json-email-common.c
@@ -90,6 +90,20 @@ TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, F
             SCReturnInt(TM_ECODE_FAILED);
         }
 
+#ifdef HAVE_NSS
+        if (mime_state->md5_ctx && (mime_state->state_flag == PARSE_DONE)) {
+            size_t x;
+            int i;
+            char s[256];
+            if (likely(s != NULL)) {
+                for (i = 0, x = 0; x < sizeof(mime_state->md5); x++) {
+                    i += snprintf(s + i, 255-i, "%02x", mime_state->md5[x]);
+                }
+                json_object_set_new(sjs, "body_md5", json_string(s));
+            }
+        }
+#endif
+
         if ((entity->header_flags & HDR_IS_LOGGED) == 0) {
             MimeDecField *field;
             //printf("email LOG\n");