mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-20 12:58:46 +01:00
WIP SMIME:
- Override extractSignedContents in order to get content from signed message
This commit is contained in:
parent
dd412dc071
commit
276671a516
@ -172,28 +172,14 @@ class Smime extends Horde_Crypt_Smime
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify a signature using via S/MIME.
|
* Extract the contents from signed S/MIME data.
|
||||||
*
|
*
|
||||||
* @param string $text The multipart/signed data to be verified.
|
* @param string $data The signed S/MIME data.
|
||||||
* @param mixed $certs Either a single or array of root certificates.
|
|
||||||
*
|
*
|
||||||
* @return stdClass Object with the following elements:
|
* @return string The contents embedded in the signed data.
|
||||||
* <pre>
|
|
||||||
* cert - (string) The certificate of the signer stored in the message (in
|
|
||||||
* PEM format).
|
|
||||||
* email - (string) The email of the signing person.
|
|
||||||
* msg - (string) Status string.
|
|
||||||
* verify - (boolean) True if certificate was verified.
|
|
||||||
* </pre>
|
|
||||||
* @throws Horde_Crypt_Exception
|
* @throws Horde_Crypt_Exception
|
||||||
*
|
|
||||||
*
|
|
||||||
* @TODO: This method is overridden in order to extract content
|
|
||||||
* from the signed message. There's a pull request opened for this
|
|
||||||
* modification on horde github, https://github.com/horde/horde/pull/218
|
|
||||||
* which in case that gets merged we need to remove this implementation.
|
|
||||||
*/
|
*/
|
||||||
public function verify($text, $certs)
|
public function extractSignedContents($data)
|
||||||
{
|
{
|
||||||
/* Check for availability of OpenSSL PHP extension. */
|
/* Check for availability of OpenSSL PHP extension. */
|
||||||
$this->checkForOpenSSL();
|
$this->checkForOpenSSL();
|
||||||
@ -201,49 +187,22 @@ class Smime extends Horde_Crypt_Smime
|
|||||||
/* Create temp files for input/output. */
|
/* Create temp files for input/output. */
|
||||||
$input = $this->_createTempFile('horde-smime');
|
$input = $this->_createTempFile('horde-smime');
|
||||||
$output = $this->_createTempFile('horde-smime');
|
$output = $this->_createTempFile('horde-smime');
|
||||||
$content = $this->_createTempFile('horde-smime');
|
$certs = $this->_createTempFile('horde-smime');
|
||||||
|
|
||||||
/* Write text to file */
|
|
||||||
file_put_contents($input, $text);
|
|
||||||
unset($text);
|
|
||||||
|
|
||||||
$root_certs = array();
|
/* Write text to file. */
|
||||||
if (!is_array($certs)) {
|
file_put_contents($input, $data);
|
||||||
$certs = array($certs);
|
unset($data);
|
||||||
}
|
|
||||||
foreach ($certs as $file) {
|
if (openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $certs) === true &&
|
||||||
if (file_exists($file)) {
|
openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $certs, array(), $certs, $output) === true) {
|
||||||
$root_certs[] = $file;
|
$ret = file_get_contents($output);
|
||||||
|
if ($ret) {
|
||||||
|
return $ret;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$ob = new \stdClass();
|
throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("Could not extract data from signed S/MIME part."));
|
||||||
|
|
||||||
if (!empty($root_certs) &&
|
|
||||||
(openssl_pkcs7_verify($input, 0, $output) === true)) {
|
|
||||||
/* Message verified */
|
|
||||||
$ob->msg = Horde_Crypt_Translation::t("Message verified successfully.");
|
|
||||||
$ob->verify = true;
|
|
||||||
} else {
|
|
||||||
/* Try again without verfying the signer's cert */
|
|
||||||
$result = openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output);
|
|
||||||
|
|
||||||
if ($result === -1) {
|
|
||||||
throw new \Horde_Crypt_Exception(\Horde_Crypt_Translation::t("Verification failed - an unknown error has occurred."));
|
|
||||||
} elseif ($result === false) {
|
|
||||||
throw new \Horde_Crypt_Exception(\Horde_Crypt_Translation::t("Verification failed - this message may have been tampered with."));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$ob->msg = \Horde_Crypt_Translation::t("Message verified successfully but the signer's certificate could not be verified.");
|
|
||||||
$ob->verify = false;
|
|
||||||
}
|
|
||||||
if (openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output, array(), $output, $content))
|
|
||||||
{
|
|
||||||
$ob->content = file_get_contents($content);
|
|
||||||
}
|
|
||||||
$ob->cert = file_get_contents($output);
|
|
||||||
$ob->email = $this->getEmailFromKey($ob->cert);
|
|
||||||
|
|
||||||
return $ob;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -2311,7 +2311,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
|
|||||||
'certHtml' => $this->smime->certToHTML($cert->cert),
|
'certHtml' => $this->smime->certToHTML($cert->cert),
|
||||||
'partID' => $attachment['partID'],
|
'partID' => $attachment['partID'],
|
||||||
'signed' => true,
|
'signed' => true,
|
||||||
'message' => $cert->content != "" ? $cert->content : $message
|
'message' => $this->smime->extractSignedContents($message)
|
||||||
);
|
);
|
||||||
|
|
||||||
} catch (Exception $ex) {
|
} catch (Exception $ex) {
|
||||||
|
Loading…
Reference in New Issue
Block a user