[usit-rt.git] / share / html / Elements / CryptStatus

%# BEGIN BPS TAGGED BLOCK {{{
%#
%# COPYRIGHT:
%#
%# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC
%#                                          <sales@bestpractical.com>
%#
%# (Except where explicitly superseded by other copyright notices)
%#
%#
%# LICENSE:
%#
%# This work is made available to you under the terms of Version 2 of
%# the GNU General Public License. A copy of that license should have
%# been provided with this software, but in any event can be snarfed
%# from www.gnu.org.
%#
%# This work is distributed in the hope that it will be useful, but
%# WITHOUT ANY WARRANTY; without even the implied warranty of
%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%# General Public License for more details.
%#
%# You should have received a copy of the GNU General Public License
%# along with this program; if not, write to the Free Software
%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
%# 02110-1301 or visit their web page on the internet at
%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
%#
%#
%# CONTRIBUTION SUBMISSION POLICY:
%#
%# (The following paragraph is not intended to limit the rights granted
%# to you to modify and distribute this software under the terms of
%# the GNU General Public License and is only of importance to you if
%# you choose to contribute your changes and enhancements to the
%# community by submitting them to Best Practical Solutions, LLC.)
%#
%# By intentionally submitting any modifications, corrections or
%# derivatives to this work, or any other work intended for use with
%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
%# you are the copyright holder for those contributions and you grant
%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
%# royalty-free, perpetual, license to use, copy, create derivative
%# works based on those contributions, and sublicense and distribute
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
<%ARGS>
$Message
$WarnUnsigned => undef
$Reverify     => 1
</%ARGS>
<%INIT>
my @runs;
my $needs_unsigned_warning = $WarnUnsigned;

my @protocols = RT::Crypt->EnabledProtocols;
my $re_protocols = join '|', map "\Q$_\E", @protocols;

foreach ( $Message->SplitHeaders ) {
    if ( s/^X-RT-($re_protocols)-Status:\s*//io ) {
        push @runs, [ $1, RT::Crypt->ParseStatus( Protocol => "$1", Status => $_ ) ];
    }

    $needs_unsigned_warning = 0 if /^X-RT-Incoming-Signature:/;

    # if this is not set, then the email is generated by RT, and so we don't
    # need "email is unsigned" warnings
    $needs_unsigned_warning = 0 if not /^Received:/;
}

return unless @runs or $needs_unsigned_warning;

my $reverify_cb = sub {
    my $top = shift;

    my $txn = $top->TransactionObj;
    unless ( $txn && $txn->id ) {
        return (0, "Couldn't get transaction of attachment #". $top->id);
    }

    my $attachments = $txn->Attachments->Clone;
    $attachments->Limit( FIELD => 'ContentType', VALUE => 'application/x-rt-original-message' );
    my $original = $attachments->First;
    unless ( $original ) {
        return (0, "Couldn't find attachment with original email of transaction #". $txn->id);
    }

    my $parser = RT::EmailParser->new();
    $parser->SmartParseMIMEEntityFromScalar(
        Message => $original->Content,
        Decode => 0,
        Exact => 1,
    );
    my $entity = $parser->Entity;
    unless ( $entity ) {
        return (0, "Couldn't parse content of attachment #". $original->id);
    }

    my @res = RT::Crypt->VerifyDecrypt( Entity => $entity );
    return (0, "Content of attachment #". $original->id ." is not signed and/or encrypted")
        unless @res;

    $top->DelHeader("X-RT-$_-Status") for RT::Crypt->Protocols;
    $top->AddHeader(map { ("X-RT-". $_->{Protocol} ."-Status" => $_->{'status'} ) } @res);
    $top->DelHeader("X-RT-Privacy");
    my %protocols; $protocols{$_->{Protocol}}++ for @res;
    $top->AddHeader('X-RT-Privacy' => $_ ) for sort keys %protocols;

    $top->DelHeader('X-RT-Incoming-Signature');
    my @status = RT::Crypt->ParseStatus(
        Protocol => $res[0]{'Protocol'},
        Status => $res[0]{'status'},
    );
    for ( @status ) {
        if ( $_->{'Operation'} eq 'Verify' && $_->{'Status'} eq 'DONE' ) {
            $top->AddHeader( 'X-RT-Incoming-Signature' => $_->{'UserString'} );
            $needs_unsigned_warning = 0;
        }
    }
    return (1, "Reverified original message");
};

my @messages;
foreach my $run ( @runs ) {
    my $protocol = shift @$run;
    $protocol = $RT::Crypt::PROTOCOLS{lc $protocol};
    foreach my $line ( @$run ) {
        if ( $line->{'Operation'} eq 'KeyCheck' ) {
            next unless $Reverify;
            # if a public key was missing during verification then we want try again
            next unless $line->{'KeyType'} eq 'public' && $line->{'Status'} eq 'MISSING';

            # but only if we have key
            my %key = RT::Crypt->GetPublicKeyInfo(
                Protocol => $protocol, Key => $line->{'Key'}
            );
            if ( $key{'info'} ) {
                my ($status, $msg) = $reverify_cb->($Message);
                unless ($status) {
                    $RT::Logger->error($msg);
                } else {
                    return $m->comp('SELF', %ARGS, Reverify => 0);
                }
            }
            else {
                push @messages, {
                    Tag     => $protocol,
                    Classes => [qw/keycheck bad/],
                    Value   => loc( "Public key '0x[_1]' is required to verify signature", $line->{'Key'} ),
                };
            }
        }
        elsif ( $line->{'Operation'} eq 'PassphraseCheck' ) {
            next if $line->{'Status'} eq 'DONE';
            push @messages, {
                Tag     => $protocol,
                Classes => ['passphrasecheck', lc $line->{Status}],
                Value   => loc( $line->{'Message'} ),
            };
        }
        elsif ( $line->{'Operation'} eq 'Decrypt' ) {
            push @messages, {
                Tag     => $protocol,
                Classes => ['decrypt', lc $line->{Status}],
                Value   => loc( $line->{'Message'} ),
            };
        }
        elsif ( $line->{'Operation'} eq 'Verify' ) {
            push @messages, {
                Tag     => $protocol,
                Classes => ['verify', lc $line->{Status}, 'trust-'.($line->{Trust} || 'UNKNOWN')],
                Value   => loc( $line->{'Message'} ),
            };
        }
        else {
            next if $line->{'Status'} eq 'DONE';
            push @messages, {
                Tag     => $protocol,
                Classes => [lc $line->{Operation}, lc $line->{Status}],
                Value   => loc( $line->{'Message'} ),
            }
        }
    }
}

push @messages, { Tag => "Signing", Classes => ['verify', 'bad'], Value => loc('Warning! This is NOT signed!') }
    if $needs_unsigned_warning;
return unless @messages;

my %seen;
@messages = grep !$seen{$_->{Value}}++, @messages;

return @messages;
</%INIT>
Commit	Line	Data
af59614d MKG	1	%# BEGIN BPS TAGGED BLOCK {{{
	2	%#
	3	%# COPYRIGHT:
	4	%#
320f0092	5	%# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC
af59614d MKG	6	%# <sales@bestpractical.com>
	7	%#
	8	%# (Except where explicitly superseded by other copyright notices)
	9	%#
	10	%#
	11	%# LICENSE:
	12	%#
	13	%# This work is made available to you under the terms of Version 2 of
	14	%# the GNU General Public License. A copy of that license should have
	15	%# been provided with this software, but in any event can be snarfed
	16	%# from www.gnu.org.
	17	%#
	18	%# This work is distributed in the hope that it will be useful, but
	19	%# WITHOUT ANY WARRANTY; without even the implied warranty of
	20	%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	21	%# General Public License for more details.
	22	%#
	23	%# You should have received a copy of the GNU General Public License
	24	%# along with this program; if not, write to the Free Software
	25	%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	26	%# 02110-1301 or visit their web page on the internet at
	27	%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
	28	%#
	29	%#
	30	%# CONTRIBUTION SUBMISSION POLICY:
	31	%#
	32	%# (The following paragraph is not intended to limit the rights granted
	33	%# to you to modify and distribute this software under the terms of
	34	%# the GNU General Public License and is only of importance to you if
	35	%# you choose to contribute your changes and enhancements to the
	36	%# community by submitting them to Best Practical Solutions, LLC.)
	37	%#
	38	%# By intentionally submitting any modifications, corrections or
	39	%# derivatives to this work, or any other work intended for use with
	40	%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
	41	%# you are the copyright holder for those contributions and you grant
	42	%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
	43	%# royalty-free, perpetual, license to use, copy, create derivative
	44	%# works based on those contributions, and sublicense and distribute
	45	%# those contributions and any derivatives thereof.
	46	%#
	47	%# END BPS TAGGED BLOCK }}}
	48	<%ARGS>
	49	$Message
	50	$WarnUnsigned => undef
	51	$Reverify => 1
	52	</%ARGS>
	53	<%INIT>
	54	my @runs;
	55	my $needs_unsigned_warning = $WarnUnsigned;
	56
	57	my @protocols = RT::Crypt->EnabledProtocols;
	58	my $re_protocols = join '\|', map "\Q$_\E", @protocols;
	59
	60	foreach ( $Message->SplitHeaders ) {
	61	if ( s/^X-RT-($re_protocols)-Status:\s*//io ) {
	62	push @runs, [ $1, RT::Crypt->ParseStatus( Protocol => "$1", Status => $_ ) ];
	63	}
	64
	65	$needs_unsigned_warning = 0 if /^X-RT-Incoming-Signature:/;
	66
	67	# if this is not set, then the email is generated by RT, and so we don't
	68	# need "email is unsigned" warnings
	69	$needs_unsigned_warning = 0 if not /^Received:/;
70	}
71
72	return unless @runs or $needs_unsigned_warning;
73
74	my $reverify_cb = sub {
75	my $top = shift;
76
77	my $txn = $top->TransactionObj;
78	unless ( $txn && $txn->id ) {
79	return (0, "Couldn't get transaction of attachment #". $top->id);
80	}
81
82	my $attachments = $txn->Attachments->Clone;
83	$attachments->Limit( FIELD => 'ContentType', VALUE => 'application/x-rt-original-message' );
84	my $original = $attachments->First;
85	unless ( $original ) {
86	return (0, "Couldn't find attachment with original email of transaction #". $txn->id);
87	}
88
89	my $parser = RT::EmailParser->new();
90	$parser->SmartParseMIMEEntityFromScalar(
91	Message => $original->Content,
92	Decode => 0,
93	Exact => 1,
94	);
95	my $entity = $parser->Entity;
96	unless ( $entity ) {
97	return (0, "Couldn't parse content of attachment #". $original->id);
98	}
99
100	my @res = RT::Crypt->VerifyDecrypt( Entity => $entity );
101	return (0, "Content of attachment #". $original->id ." is not signed and/or encrypted")
102	unless @res;
103
104	$top->DelHeader("X-RT-$_-Status") for RT::Crypt->Protocols;
105	$top->AddHeader(map { ("X-RT-". $_->{Protocol} ."-Status" => $_->{'status'} ) } @res);
106	$top->DelHeader("X-RT-Privacy");
107	my %protocols; $protocols{$_->{Protocol}}++ for @res;
108	$top->AddHeader('X-RT-Privacy' => $_ ) for sort keys %protocols;
109
110	$top->DelHeader('X-RT-Incoming-Signature');
111	my @status = RT::Crypt->ParseStatus(
112	Protocol => $res[0]{'Protocol'},
113	Status => $res[0]{'status'},
114	);
115	for ( @status ) {
116	if ( $_->{'Operation'} eq 'Verify' && $_->{'Status'} eq 'DONE' ) {
117	$top->AddHeader( 'X-RT-Incoming-Signature' => $_->{'UserString'} );
118	$needs_unsigned_warning = 0;
119	}
120	}
121	return (1, "Reverified original message");
122	};
123
124	my @messages;
125	foreach my $run ( @runs ) {
126	my $protocol = shift @$run;
127	$protocol = $RT::Crypt::PROTOCOLS{lc $protocol};
128	foreach my $line ( @$run ) {
129	if ( $line->{'Operation'} eq 'KeyCheck' ) {
130	next unless $Reverify;
131	# if a public key was missing during verification then we want try again
132	next unless $line->{'KeyType'} eq 'public' && $line->{'Status'} eq 'MISSING';
133
134	# but only if we have key
135	my %key = RT::Crypt->GetPublicKeyInfo(
136	Protocol => $protocol, Key => $line->{'Key'}
137	);
138	if ( $key{'info'} ) {
139	my ($status, $msg) = $reverify_cb->($Message);
140	unless ($status) {
141	$RT::Logger->error($msg);
142	} else {
143	return $m->comp('SELF', %ARGS, Reverify => 0);
144	}
145	}
146	else {
147	push @messages, {
148	Tag => $protocol,
149	Classes => [qw/keycheck bad/],
150	Value => loc( "Public key '0x[_1]' is required to verify signature", $line->{'Key'} ),
151	};
152	}
153	}
154	elsif ( $line->{'Operation'} eq 'PassphraseCheck' ) {
155	next if $line->{'Status'} eq 'DONE';
156	push @messages, {
157	Tag => $protocol,
158	Classes => ['passphrasecheck', lc $line->{Status}],
159	Value => loc( $line->{'Message'} ),
160	};
161	}
162	elsif ( $line->{'Operation'} eq 'Decrypt' ) {
163	push @messages, {
164	Tag => $protocol,
165	Classes => ['decrypt', lc $line->{Status}],
166	Value => loc( $line->{'Message'} ),
167	};
168	}
169	elsif ( $line->{'Operation'} eq 'Verify' ) {
170	push @messages, {
171	Tag => $protocol,
172	Classes => ['verify', lc $line->{Status}, 'trust-'.($line->{Trust} \|\| 'UNKNOWN')],
173	Value => loc( $line->{'Message'} ),
174	};
175	}
176	else {
177	next if $line->{'Status'} eq 'DONE';
178	push @messages, {
179	Tag => $protocol,
180	Classes => [lc $line->{Operation}, lc $line->{Status}],
181	Value => loc( $line->{'Message'} ),
182	}
183	}
184	}
185	}
186
187	push @messages, { Tag => "Signing", Classes => ['verify', 'bad'], Value => loc('Warning! This is NOT signed!') }
188	if $needs_unsigned_warning;
189	return unless @messages;
190
191	my %seen;
192	@messages = grep !$seen{$_->{Value}}++, @messages;
193
194	return @messages;
195	</%INIT>