WIP SMIME:

- Override extractSignedContents in order to get content from signed message
This commit is contained in:
Hadi Nategh 2017-06-09 12:12:31 +02:00
parent dd412dc071
commit 276671a516
2 changed files with 17 additions and 58 deletions

View File

@ -172,28 +172,14 @@ class Smime extends Horde_Crypt_Smime
} }
/** /**
* Verify a signature using via S/MIME. * Extract the contents from signed S/MIME data.
* *
* @param string $text The multipart/signed data to be verified. * @param string $data The signed S/MIME data.
* @param mixed $certs Either a single or array of root certificates.
* *
* @return stdClass Object with the following elements: * @return string The contents embedded in the signed data.
* <pre>
* cert - (string) The certificate of the signer stored in the message (in
* PEM format).
* email - (string) The email of the signing person.
* msg - (string) Status string.
* verify - (boolean) True if certificate was verified.
* </pre>
* @throws Horde_Crypt_Exception * @throws Horde_Crypt_Exception
*
*
* @TODO: This method is overridden in order to extract content
* from the signed message. There's a pull request opened for this
* modification on horde github, https://github.com/horde/horde/pull/218
* which in case that gets merged we need to remove this implementation.
*/ */
public function verify($text, $certs) public function extractSignedContents($data)
{ {
/* Check for availability of OpenSSL PHP extension. */ /* Check for availability of OpenSSL PHP extension. */
$this->checkForOpenSSL(); $this->checkForOpenSSL();
@ -201,49 +187,22 @@ class Smime extends Horde_Crypt_Smime
/* Create temp files for input/output. */ /* Create temp files for input/output. */
$input = $this->_createTempFile('horde-smime'); $input = $this->_createTempFile('horde-smime');
$output = $this->_createTempFile('horde-smime'); $output = $this->_createTempFile('horde-smime');
$content = $this->_createTempFile('horde-smime'); $certs = $this->_createTempFile('horde-smime');
/* Write text to file */
file_put_contents($input, $text);
unset($text);
$root_certs = array(); /* Write text to file. */
if (!is_array($certs)) { file_put_contents($input, $data);
$certs = array($certs); unset($data);
}
foreach ($certs as $file) { if (openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $certs) === true &&
if (file_exists($file)) { openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $certs, array(), $certs, $output) === true) {
$root_certs[] = $file; $ret = file_get_contents($output);
if ($ret) {
return $ret;
} }
} }
$ob = new \stdClass(); throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("Could not extract data from signed S/MIME part."));
if (!empty($root_certs) &&
(openssl_pkcs7_verify($input, 0, $output) === true)) {
/* Message verified */
$ob->msg = Horde_Crypt_Translation::t("Message verified successfully.");
$ob->verify = true;
} else {
/* Try again without verfying the signer's cert */
$result = openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output);
if ($result === -1) {
throw new \Horde_Crypt_Exception(\Horde_Crypt_Translation::t("Verification failed - an unknown error has occurred."));
} elseif ($result === false) {
throw new \Horde_Crypt_Exception(\Horde_Crypt_Translation::t("Verification failed - this message may have been tampered with."));
} }
$ob->msg = \Horde_Crypt_Translation::t("Message verified successfully but the signer's certificate could not be verified.");
$ob->verify = false;
}
if (openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output, array(), $output, $content))
{
$ob->content = file_get_contents($content);
}
$ob->cert = file_get_contents($output);
$ob->email = $this->getEmailFromKey($ob->cert);
return $ob;
}
} }

View File

@ -2311,7 +2311,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
'certHtml' => $this->smime->certToHTML($cert->cert), 'certHtml' => $this->smime->certToHTML($cert->cert),
'partID' => $attachment['partID'], 'partID' => $attachment['partID'],
'signed' => true, 'signed' => true,
'message' => $cert->content != "" ? $cert->content : $message 'message' => $this->smime->extractSignedContents($message)
); );
} catch (Exception $ex) { } catch (Exception $ex) {