extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-28 01:29:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

W.I.P. smime support:

Browse Source 
- Override verify method, in order to extract content
This commit is contained in:
Hadi Nategh 2017-04-11 14:24:22 +02:00
parent 9eaf1f20ef
commit fff5543d3d
2 changed files with 95 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
api/src/Mail/Smime.php
View File

@ -170,4 +170,80 @@ class Smime extends Horde_Crypt_Smime
return false; return false;
} }
} }
/**
* Verify a signature using via S/MIME.
*
* @param string $text The multipart/signed data to be verified.
* @param mixed $certs Either a single or array of root certificates.
*
* @return stdClass Object with the following elements:
* <pre>
* cert - (string) The certificate of the signer stored in the message (in
* PEM format).
* email - (string) The email of the signing person.
* msg - (string) Status string.
* verify - (boolean) True if certificate was verified.
* </pre>
* @throws Horde_Crypt_Exception
*
*
* @TODO: This method is overridden in order to extract content
* from the signed message. There's a pull request opened for this
* modification on horde github, https://github.com/horde/horde/pull/218
* which in case that gets merged we need to remove this implementation.
*/
public function verify($text, $certs)
{
/* Check for availability of OpenSSL PHP extension. */
$this->checkForOpenSSL();
/* Create temp files for input/output. */
$input = $this->_createTempFile('horde-smime');
$output = $this->_createTempFile('horde-smime');
$content = $this->_createTempFile('horde-smime');
/* Write text to file */
file_put_contents($input, $text);
unset($text);
$root_certs = array();
if (!is_array($certs)) {
$certs = array($certs);
}
foreach ($certs as $file) {
if (file_exists($file)) {
$root_certs[] = $file;
}
}
$ob = new stdClass;
if (!empty($root_certs) &&
(openssl_pkcs7_verify($input, 0, $output) === true)) {
/* Message verified */
$ob->msg = Horde_Crypt_Translation::t("Message verified successfully.");
$ob->verify = true;
} else {
/* Try again without verfying the signer's cert */
$result = openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output);
if ($result === -1) {
throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("Verification failed - an unknown error has occurred."));
} elseif ($result === false) {
throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("Verification failed - this message may have been tampered with."));
}
$ob->msg = Horde_Crypt_Translation::t("Message verified successfully but the signer's certificate could not be verified.");
$ob->verify = false;
}
if (openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output, array(), $output, $content))
{
$ob->content = file_get_contents($content);
}
$ob->cert = file_get_contents($output);
$ob->email = $this->getEmailFromKey($ob->cert);
return $ob;
}
} }

22
mail/inc/class.mail_ui.inc.php
View File

@ -2012,7 +2012,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
if ($htmlOptions !='always_display') $fetchEmbeddedImages = true; if ($htmlOptions !='always_display') $fetchEmbeddedImages = true;
$attachments = $this->mail_bo->getMessageAttachments($uid, $partID, null, $fetchEmbeddedImages,true,true,$mailbox); $attachments = $this->mail_bo->getMessageAttachments($uid, $partID, null, $fetchEmbeddedImages,true,true,$mailbox);
$smimeData = $this->resolveSmimeAttachment ($attachments, $uid, $partID, $mailbox, $rowID); $smimeData = $this->resolveSmimeAttachment ($attachments, $uid, $partID, $mailbox, '', $rowID);
if (is_array($smimeData)) if (is_array($smimeData))
{ {
$error_msg[] = $smimeData['msg']; $error_msg[] = $smimeData['msg'];
@ -2104,6 +2104,22 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
$etpl->exec('mail.mail_ui.displayMessage',$content,$sel_options,$readonlys,$preserv,2); $etpl->exec('mail.mail_ui.displayMessage',$content,$sel_options,$readonlys,$preserv,2);
} }
/**
* Parse SMIME signed message
*
* @param string $_message signed message
* @param type $_mailbox mailbox
* @return array
*/
function parseSmimeSignedMessage ($_message, $_mailbox)
{
$structure = Horde_Mime_Part::parseMessage($_message, array('forcemime'=>true));
return array (
'attachments' => $this->mail_bo->getMessageAttachments('',null,$structure,true, false,true,$_mailbox),
'body' => $this->mail_bo->getMessageBody('', '', null, $structure, false, $_mailbox, $calendar_part = null)
);
}
/** /**
* decrypt given smime encrypted message * decrypt given smime encrypted message
* *
@ -2143,7 +2159,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
* @param string $_passphrase * @param string $_passphrase
* @return array * @return array
*/ */
function resolveSmimeAttachment (&$attachments, $_uid, $_partID, $_mailbox, $_passphrase='') function resolveSmimeAttachment (&$attachments, $_uid, $_partID, $_mailbox, $_passphrase='', $_rowID)
{ {
$this->smime = new Mail\Smime; $this->smime = new Mail\Smime;
@ -2170,7 +2186,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
'certHtml' => $this->smime->certToHTML($cert->cert), 'certHtml' => $this->smime->certToHTML($cert->cert),
'partID' => $attachment['partID'], 'partID' => $attachment['partID'],
'signed' => true, 'signed' => true,
'message' => $message 'message' => $cert->content != "" ? $cert->content : $message
); );
} catch (Exception $ex) { } catch (Exception $ex) {