]>
Commit | Line | Data |
---|---|---|
84fb5b46 MKG |
1 | %# BEGIN BPS TAGGED BLOCK {{{ |
2 | %# | |
3 | %# COPYRIGHT: | |
4 | %# | |
5 | %# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC | |
6 | %# <sales@bestpractical.com> | |
7 | %# | |
8 | %# (Except where explicitly superseded by other copyright notices) | |
9 | %# | |
10 | %# | |
11 | %# LICENSE: | |
12 | %# | |
13 | %# This work is made available to you under the terms of Version 2 of | |
14 | %# the GNU General Public License. A copy of that license should have | |
15 | %# been provided with this software, but in any event can be snarfed | |
16 | %# from www.gnu.org. | |
17 | %# | |
18 | %# This work is distributed in the hope that it will be useful, but | |
19 | %# WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | %# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
21 | %# General Public License for more details. | |
22 | %# | |
23 | %# You should have received a copy of the GNU General Public License | |
24 | %# along with this program; if not, write to the Free Software | |
25 | %# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
26 | %# 02110-1301 or visit their web page on the internet at | |
27 | %# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. | |
28 | %# | |
29 | %# | |
30 | %# CONTRIBUTION SUBMISSION POLICY: | |
31 | %# | |
32 | %# (The following paragraph is not intended to limit the rights granted | |
33 | %# to you to modify and distribute this software under the terms of | |
34 | %# the GNU General Public License and is only of importance to you if | |
35 | %# you choose to contribute your changes and enhancements to the | |
36 | %# community by submitting them to Best Practical Solutions, LLC.) | |
37 | %# | |
38 | %# By intentionally submitting any modifications, corrections or | |
39 | %# derivatives to this work, or any other work intended for use with | |
40 | %# Request Tracker, to Best Practical Solutions, LLC, you confirm that | |
41 | %# you are the copyright holder for those contributions and you grant | |
42 | %# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, | |
43 | %# royalty-free, perpetual, license to use, copy, create derivative | |
44 | %# works based on those contributions, and sublicense and distribute | |
45 | %# those contributions and any derivatives thereof. | |
46 | %# | |
47 | %# END BPS TAGGED BLOCK }}} | |
48 | <table class="crypt-runs"> | |
49 | <tr><td align="right" class="labeltop" rowspan="<% scalar @messages %>">GnuPG:</td> | |
50 | <td><% shift @messages %></td></tr> | |
51 | ||
52 | % foreach my $msg( @messages ) { | |
53 | <tr><td><% $msg %></td></tr> | |
54 | % } | |
55 | </table> | |
56 | <%ARGS> | |
57 | $Attachment | |
58 | $WarnUnsigned => undef | |
59 | $Reverify => 1 | |
60 | </%ARGS> | |
61 | <%INIT> | |
62 | my @runs; | |
63 | my $needs_unsigned_warning = $WarnUnsigned; | |
64 | ||
65 | foreach ( $Attachment->SplitHeaders ) { | |
66 | if ( s/^X-RT-GnuPG-Status:\s*//i ) { | |
67 | require RT::Crypt::GnuPG; | |
68 | push @runs, [ RT::Crypt::GnuPG::ParseStatus( $_ ) ]; | |
69 | } | |
70 | ||
71 | $needs_unsigned_warning = 0 if /^X-RT-Incoming-Signature:/; | |
72 | ||
73 | # if this is not set, then the email is generated by RT, and so we don't | |
74 | # need "email is unsigned" warnings | |
75 | $needs_unsigned_warning = 0 if not /^Received:/; | |
76 | } | |
77 | ||
78 | return unless @runs or $needs_unsigned_warning; | |
79 | ||
80 | my $reverify_cb = sub { | |
81 | my $top = shift; | |
82 | ||
83 | my $txn = $top->TransactionObj; | |
84 | unless ( $txn && $txn->id ) { | |
85 | return (0, "Couldn't get transaction of attachment #". $top->id); | |
86 | } | |
87 | ||
88 | my $attachments = $txn->Attachments->Clone; | |
89 | $attachments->Limit( FIELD => 'ContentType', VALUE => 'application/x-rt-original-message' ); | |
90 | my $original = $attachments->First; | |
91 | unless ( $original ) { | |
92 | return (0, "Couldn't find attachment with original email of transaction #". $txn->id); | |
93 | } | |
94 | ||
95 | my $parser = RT::EmailParser->new(); | |
96 | $parser->SmartParseMIMEEntityFromScalar( | |
97 | Message => $original->Content, | |
98 | Decode => 0, | |
99 | Exact => 1, | |
100 | ); | |
101 | my $entity = $parser->Entity; | |
102 | unless ( $entity ) { | |
103 | return (0, "Couldn't parse content of attachment #". $original->id); | |
104 | } | |
105 | ||
106 | use RT::Interface::Email::Auth::GnuPG; | |
107 | my ($status, @res) = RT::Interface::Email::Auth::GnuPG::VerifyDecrypt( Entity => $entity ); | |
108 | if ( $status && !@res ) { | |
109 | # imposible in this situation | |
110 | return (0, "Content of attachment #". $original->id ." is not signed and/or encrypted"); | |
111 | } | |
112 | elsif ( @res ) { | |
113 | require RT::Crypt::GnuPG; | |
114 | ||
115 | $top->DelHeader('X-RT-GnuPG-Status'); | |
116 | $top->AddHeader(map { ('X-RT-GnuPG-Status' => $_->{'status'} ) } @res); | |
117 | $top->SetHeader('X-RT-Privacy' => 'PGP' ); | |
118 | $top->DelHeader('X-RT-Incoming-Signature'); | |
119 | ||
120 | my @status = RT::Crypt::GnuPG::ParseStatus( $res[0]->{'status'} ); | |
121 | for ( @status ) { | |
122 | if ( $_->{'Operation'} eq 'Verify' && $_->{'Status'} eq 'DONE' ) { | |
123 | $top->AddHeader( 'X-RT-Incoming-Signature' => $_->{'UserString'} ); | |
124 | $needs_unsigned_warning = 0; | |
125 | } | |
126 | } | |
127 | } | |
128 | return (1, "Reverified original message"); | |
129 | }; | |
130 | ||
131 | my @messages; | |
132 | foreach my $run ( @runs ) { | |
133 | foreach my $line ( @$run ) { | |
134 | if ( $line->{'Operation'} eq 'KeyCheck' ) { | |
135 | next unless $Reverify; | |
136 | # if a public key was missing during verification then we want try again | |
137 | next unless $line->{'KeyType'} eq 'public' && $line->{'Status'} eq 'MISSING'; | |
138 | ||
139 | # but only if we have key | |
140 | my %key = RT::Crypt::GnuPG::GetPublicKeyInfo( $line->{'Key'} ); | |
141 | if ( $key{'info'} ) { | |
142 | my ($status, $msg) = $reverify_cb->($Attachment); | |
143 | unless ($status) { | |
144 | $RT::Logger->error($msg); | |
145 | } else { | |
146 | return $m->comp('SELF', %ARGS, Reverify => 0); | |
147 | } | |
148 | } | |
149 | else { | |
150 | push @messages, loc( "Public key '0x[_1]' is required to verify signature", $line->{'Key'} ); | |
151 | } | |
152 | } | |
153 | elsif ( $line->{'Operation'} eq 'PassphraseCheck' ) { | |
154 | next if $line->{'Status'} eq 'DONE'; | |
155 | push @messages, loc( $line->{'Message'} ); | |
156 | } | |
157 | elsif ( $line->{'Operation'} eq 'Decrypt' ) { | |
158 | push @messages, loc( $line->{'Message'} ); | |
159 | } | |
160 | elsif ( $line->{'Operation'} eq 'Verify' ) { | |
161 | push @messages, loc( $line->{'Message'} ); | |
162 | } | |
163 | else { | |
164 | next if $line->{'Status'} eq 'DONE'; | |
165 | push @messages, loc( $line->{'Message'} ); | |
166 | } | |
167 | } | |
168 | } | |
169 | ||
170 | push @messages, loc('Warning! This is NOT signed!') | |
171 | if $needs_unsigned_warning; | |
172 | return unless @messages; | |
173 | ||
174 | my %seen; | |
175 | @messages = grep !$seen{$_}++, @messages; | |
176 | ||
177 | </%INIT> |