]>
Commit | Line | Data |
---|---|---|
af59614d MKG |
1 | %# BEGIN BPS TAGGED BLOCK {{{ |
2 | %# | |
3 | %# COPYRIGHT: | |
4 | %# | |
320f0092 | 5 | %# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC |
af59614d MKG |
6 | %# <sales@bestpractical.com> |
7 | %# | |
8 | %# (Except where explicitly superseded by other copyright notices) | |
9 | %# | |
10 | %# | |
11 | %# LICENSE: | |
12 | %# | |
13 | %# This work is made available to you under the terms of Version 2 of | |
14 | %# the GNU General Public License. A copy of that license should have | |
15 | %# been provided with this software, but in any event can be snarfed | |
16 | %# from www.gnu.org. | |
17 | %# | |
18 | %# This work is distributed in the hope that it will be useful, but | |
19 | %# WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | %# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
21 | %# General Public License for more details. | |
22 | %# | |
23 | %# You should have received a copy of the GNU General Public License | |
24 | %# along with this program; if not, write to the Free Software | |
25 | %# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
26 | %# 02110-1301 or visit their web page on the internet at | |
27 | %# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. | |
28 | %# | |
29 | %# | |
30 | %# CONTRIBUTION SUBMISSION POLICY: | |
31 | %# | |
32 | %# (The following paragraph is not intended to limit the rights granted | |
33 | %# to you to modify and distribute this software under the terms of | |
34 | %# the GNU General Public License and is only of importance to you if | |
35 | %# you choose to contribute your changes and enhancements to the | |
36 | %# community by submitting them to Best Practical Solutions, LLC.) | |
37 | %# | |
38 | %# By intentionally submitting any modifications, corrections or | |
39 | %# derivatives to this work, or any other work intended for use with | |
40 | %# Request Tracker, to Best Practical Solutions, LLC, you confirm that | |
41 | %# you are the copyright holder for those contributions and you grant | |
42 | %# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, | |
43 | %# royalty-free, perpetual, license to use, copy, create derivative | |
44 | %# works based on those contributions, and sublicense and distribute | |
45 | %# those contributions and any derivatives thereof. | |
46 | %# | |
47 | %# END BPS TAGGED BLOCK }}} | |
48 | <%ARGS> | |
49 | $Message | |
50 | $WarnUnsigned => undef | |
51 | $Reverify => 1 | |
52 | </%ARGS> | |
53 | <%INIT> | |
54 | my @runs; | |
55 | my $needs_unsigned_warning = $WarnUnsigned; | |
56 | ||
57 | my @protocols = RT::Crypt->EnabledProtocols; | |
58 | my $re_protocols = join '|', map "\Q$_\E", @protocols; | |
59 | ||
60 | foreach ( $Message->SplitHeaders ) { | |
61 | if ( s/^X-RT-($re_protocols)-Status:\s*//io ) { | |
62 | push @runs, [ $1, RT::Crypt->ParseStatus( Protocol => "$1", Status => $_ ) ]; | |
63 | } | |
64 | ||
65 | $needs_unsigned_warning = 0 if /^X-RT-Incoming-Signature:/; | |
66 | ||
67 | # if this is not set, then the email is generated by RT, and so we don't | |
68 | # need "email is unsigned" warnings | |
69 | $needs_unsigned_warning = 0 if not /^Received:/; | |
70 | } | |
71 | ||
72 | return unless @runs or $needs_unsigned_warning; | |
73 | ||
74 | my $reverify_cb = sub { | |
75 | my $top = shift; | |
76 | ||
77 | my $txn = $top->TransactionObj; | |
78 | unless ( $txn && $txn->id ) { | |
79 | return (0, "Couldn't get transaction of attachment #". $top->id); | |
80 | } | |
81 | ||
82 | my $attachments = $txn->Attachments->Clone; | |
83 | $attachments->Limit( FIELD => 'ContentType', VALUE => 'application/x-rt-original-message' ); | |
84 | my $original = $attachments->First; | |
85 | unless ( $original ) { | |
86 | return (0, "Couldn't find attachment with original email of transaction #". $txn->id); | |
87 | } | |
88 | ||
89 | my $parser = RT::EmailParser->new(); | |
90 | $parser->SmartParseMIMEEntityFromScalar( | |
91 | Message => $original->Content, | |
92 | Decode => 0, | |
93 | Exact => 1, | |
94 | ); | |
95 | my $entity = $parser->Entity; | |
96 | unless ( $entity ) { | |
97 | return (0, "Couldn't parse content of attachment #". $original->id); | |
98 | } | |
99 | ||
100 | my @res = RT::Crypt->VerifyDecrypt( Entity => $entity ); | |
101 | return (0, "Content of attachment #". $original->id ." is not signed and/or encrypted") | |
102 | unless @res; | |
103 | ||
104 | $top->DelHeader("X-RT-$_-Status") for RT::Crypt->Protocols; | |
105 | $top->AddHeader(map { ("X-RT-". $_->{Protocol} ."-Status" => $_->{'status'} ) } @res); | |
106 | $top->DelHeader("X-RT-Privacy"); | |
107 | my %protocols; $protocols{$_->{Protocol}}++ for @res; | |
108 | $top->AddHeader('X-RT-Privacy' => $_ ) for sort keys %protocols; | |
109 | ||
110 | $top->DelHeader('X-RT-Incoming-Signature'); | |
111 | my @status = RT::Crypt->ParseStatus( | |
112 | Protocol => $res[0]{'Protocol'}, | |
113 | Status => $res[0]{'status'}, | |
114 | ); | |
115 | for ( @status ) { | |
116 | if ( $_->{'Operation'} eq 'Verify' && $_->{'Status'} eq 'DONE' ) { | |
117 | $top->AddHeader( 'X-RT-Incoming-Signature' => $_->{'UserString'} ); | |
118 | $needs_unsigned_warning = 0; | |
119 | } | |
120 | } | |
121 | return (1, "Reverified original message"); | |
122 | }; | |
123 | ||
124 | my @messages; | |
125 | foreach my $run ( @runs ) { | |
126 | my $protocol = shift @$run; | |
127 | $protocol = $RT::Crypt::PROTOCOLS{lc $protocol}; | |
128 | foreach my $line ( @$run ) { | |
129 | if ( $line->{'Operation'} eq 'KeyCheck' ) { | |
130 | next unless $Reverify; | |
131 | # if a public key was missing during verification then we want try again | |
132 | next unless $line->{'KeyType'} eq 'public' && $line->{'Status'} eq 'MISSING'; | |
133 | ||
134 | # but only if we have key | |
135 | my %key = RT::Crypt->GetPublicKeyInfo( | |
136 | Protocol => $protocol, Key => $line->{'Key'} | |
137 | ); | |
138 | if ( $key{'info'} ) { | |
139 | my ($status, $msg) = $reverify_cb->($Message); | |
140 | unless ($status) { | |
141 | $RT::Logger->error($msg); | |
142 | } else { | |
143 | return $m->comp('SELF', %ARGS, Reverify => 0); | |
144 | } | |
145 | } | |
146 | else { | |
147 | push @messages, { | |
148 | Tag => $protocol, | |
149 | Classes => [qw/keycheck bad/], | |
150 | Value => loc( "Public key '0x[_1]' is required to verify signature", $line->{'Key'} ), | |
151 | }; | |
152 | } | |
153 | } | |
154 | elsif ( $line->{'Operation'} eq 'PassphraseCheck' ) { | |
155 | next if $line->{'Status'} eq 'DONE'; | |
156 | push @messages, { | |
157 | Tag => $protocol, | |
158 | Classes => ['passphrasecheck', lc $line->{Status}], | |
159 | Value => loc( $line->{'Message'} ), | |
160 | }; | |
161 | } | |
162 | elsif ( $line->{'Operation'} eq 'Decrypt' ) { | |
163 | push @messages, { | |
164 | Tag => $protocol, | |
165 | Classes => ['decrypt', lc $line->{Status}], | |
166 | Value => loc( $line->{'Message'} ), | |
167 | }; | |
168 | } | |
169 | elsif ( $line->{'Operation'} eq 'Verify' ) { | |
170 | push @messages, { | |
171 | Tag => $protocol, | |
172 | Classes => ['verify', lc $line->{Status}, 'trust-'.($line->{Trust} || 'UNKNOWN')], | |
173 | Value => loc( $line->{'Message'} ), | |
174 | }; | |
175 | } | |
176 | else { | |
177 | next if $line->{'Status'} eq 'DONE'; | |
178 | push @messages, { | |
179 | Tag => $protocol, | |
180 | Classes => [lc $line->{Operation}, lc $line->{Status}], | |
181 | Value => loc( $line->{'Message'} ), | |
182 | } | |
183 | } | |
184 | } | |
185 | } | |
186 | ||
187 | push @messages, { Tag => "Signing", Classes => ['verify', 'bad'], Value => loc('Warning! This is NOT signed!') } | |
188 | if $needs_unsigned_warning; | |
189 | return unless @messages; | |
190 | ||
191 | my %seen; | |
192 | @messages = grep !$seen{$_->{Value}}++, @messages; | |
193 | ||
194 | return @messages; | |
195 | </%INIT> |