Upgrade to 4.0.8 with mod of ExternalAuth + absolute paths to ticket-menu.
[usit-rt.git] / share / html / Ticket / Elements / ShowGnuPGStatus
CommitLineData
84fb5b46
MKG
1%# BEGIN BPS TAGGED BLOCK {{{
2%#
3%# COPYRIGHT:
4%#
5%# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
6%# <sales@bestpractical.com>
7%#
8%# (Except where explicitly superseded by other copyright notices)
9%#
10%#
11%# LICENSE:
12%#
13%# This work is made available to you under the terms of Version 2 of
14%# the GNU General Public License. A copy of that license should have
15%# been provided with this software, but in any event can be snarfed
16%# from www.gnu.org.
17%#
18%# This work is distributed in the hope that it will be useful, but
19%# WITHOUT ANY WARRANTY; without even the implied warranty of
20%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21%# General Public License for more details.
22%#
23%# You should have received a copy of the GNU General Public License
24%# along with this program; if not, write to the Free Software
25%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26%# 02110-1301 or visit their web page on the internet at
27%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
28%#
29%#
30%# CONTRIBUTION SUBMISSION POLICY:
31%#
32%# (The following paragraph is not intended to limit the rights granted
33%# to you to modify and distribute this software under the terms of
34%# the GNU General Public License and is only of importance to you if
35%# you choose to contribute your changes and enhancements to the
36%# community by submitting them to Best Practical Solutions, LLC.)
37%#
38%# By intentionally submitting any modifications, corrections or
39%# derivatives to this work, or any other work intended for use with
40%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
41%# you are the copyright holder for those contributions and you grant
42%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43%# royalty-free, perpetual, license to use, copy, create derivative
44%# works based on those contributions, and sublicense and distribute
45%# those contributions and any derivatives thereof.
46%#
47%# END BPS TAGGED BLOCK }}}
48<table class="crypt-runs">
49<tr><td align="right" class="labeltop" rowspan="<% scalar @messages %>">GnuPG:</td>
50<td><% shift @messages %></td></tr>
51
52% foreach my $msg( @messages ) {
53<tr><td><% $msg %></td></tr>
54% }
55</table>
56<%ARGS>
57$Attachment
58$WarnUnsigned => undef
59$Reverify => 1
60</%ARGS>
61<%INIT>
62my @runs;
63my $needs_unsigned_warning = $WarnUnsigned;
64
65foreach ( $Attachment->SplitHeaders ) {
66 if ( s/^X-RT-GnuPG-Status:\s*//i ) {
67 require RT::Crypt::GnuPG;
68 push @runs, [ RT::Crypt::GnuPG::ParseStatus( $_ ) ];
69 }
70
71 $needs_unsigned_warning = 0 if /^X-RT-Incoming-Signature:/;
72
73 # if this is not set, then the email is generated by RT, and so we don't
74 # need "email is unsigned" warnings
75 $needs_unsigned_warning = 0 if not /^Received:/;
76}
77
78return unless @runs or $needs_unsigned_warning;
79
80my $reverify_cb = sub {
81 my $top = shift;
82
83 my $txn = $top->TransactionObj;
84 unless ( $txn && $txn->id ) {
85 return (0, "Couldn't get transaction of attachment #". $top->id);
86 }
87
88 my $attachments = $txn->Attachments->Clone;
89 $attachments->Limit( FIELD => 'ContentType', VALUE => 'application/x-rt-original-message' );
90 my $original = $attachments->First;
91 unless ( $original ) {
92 return (0, "Couldn't find attachment with original email of transaction #". $txn->id);
93 }
94
95 my $parser = RT::EmailParser->new();
96 $parser->SmartParseMIMEEntityFromScalar(
97 Message => $original->Content,
98 Decode => 0,
99 Exact => 1,
100 );
101 my $entity = $parser->Entity;
102 unless ( $entity ) {
103 return (0, "Couldn't parse content of attachment #". $original->id);
104 }
105
106 use RT::Interface::Email::Auth::GnuPG;
107 my ($status, @res) = RT::Interface::Email::Auth::GnuPG::VerifyDecrypt( Entity => $entity );
108 if ( $status && !@res ) {
109 # imposible in this situation
110 return (0, "Content of attachment #". $original->id ." is not signed and/or encrypted");
111 }
112 elsif ( @res ) {
113 require RT::Crypt::GnuPG;
114
115 $top->DelHeader('X-RT-GnuPG-Status');
116 $top->AddHeader(map { ('X-RT-GnuPG-Status' => $_->{'status'} ) } @res);
117 $top->SetHeader('X-RT-Privacy' => 'PGP' );
118 $top->DelHeader('X-RT-Incoming-Signature');
119
120 my @status = RT::Crypt::GnuPG::ParseStatus( $res[0]->{'status'} );
121 for ( @status ) {
122 if ( $_->{'Operation'} eq 'Verify' && $_->{'Status'} eq 'DONE' ) {
123 $top->AddHeader( 'X-RT-Incoming-Signature' => $_->{'UserString'} );
124 $needs_unsigned_warning = 0;
125 }
126 }
127 }
128 return (1, "Reverified original message");
129};
130
131my @messages;
132foreach my $run ( @runs ) {
133 foreach my $line ( @$run ) {
134 if ( $line->{'Operation'} eq 'KeyCheck' ) {
135 next unless $Reverify;
136 # if a public key was missing during verification then we want try again
137 next unless $line->{'KeyType'} eq 'public' && $line->{'Status'} eq 'MISSING';
138
139 # but only if we have key
140 my %key = RT::Crypt::GnuPG::GetPublicKeyInfo( $line->{'Key'} );
141 if ( $key{'info'} ) {
142 my ($status, $msg) = $reverify_cb->($Attachment);
143 unless ($status) {
144 $RT::Logger->error($msg);
145 } else {
146 return $m->comp('SELF', %ARGS, Reverify => 0);
147 }
148 }
149 else {
150 push @messages, loc( "Public key '0x[_1]' is required to verify signature", $line->{'Key'} );
151 }
152 }
153 elsif ( $line->{'Operation'} eq 'PassphraseCheck' ) {
154 next if $line->{'Status'} eq 'DONE';
155 push @messages, loc( $line->{'Message'} );
156 }
157 elsif ( $line->{'Operation'} eq 'Decrypt' ) {
158 push @messages, loc( $line->{'Message'} );
159 }
160 elsif ( $line->{'Operation'} eq 'Verify' ) {
161 push @messages, loc( $line->{'Message'} );
162 }
163 else {
164 next if $line->{'Status'} eq 'DONE';
165 push @messages, loc( $line->{'Message'} );
166 }
167 }
168}
169
170push @messages, loc('Warning! This is NOT signed!')
171 if $needs_unsigned_warning;
172return unless @messages;
173
174my %seen;
175@messages = grep !$seen{$_}++, @messages;
176
177</%INIT>