mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 14:41:29 +01:00
W.I.P. SMIME:
- Override verify method in order to pass certs bundle for verification - Catch exception if decryption fails because encrypted message perhaps is not encrypted by receiver public key - Define different states for signature verification
This commit is contained in:
parent
c6bf51180f
commit
91fb816bb2
@ -5611,7 +5611,7 @@ class Mail
|
||||
if (is_object($mail))
|
||||
{
|
||||
$structure = $mail->getStructure();
|
||||
$isSmime = Mail\Smime::isSmime($structure->getType());
|
||||
$isSmime = Mail\Smime::isSmime($structure->getType()) || Mail\Smime::isSmimeSignatureOnly($structure->getType());
|
||||
if ($isSmime)
|
||||
{
|
||||
return $this->resolveSmimeMessage($structure, array(
|
||||
@ -7349,13 +7349,19 @@ class Mail
|
||||
$message = $this->getMessageRawBody($params['uid'], null, $params['mailbox']);
|
||||
if (!Mail\Smime::isSmimeSignatureOnly($params['mimeType']))
|
||||
{
|
||||
$message = $this->_decryptSmimeBody($message, $params['passphrase'] !='' ?
|
||||
$params['passphrase'] : Api\Cache::getSession('mail', 'smime_passphrase'));
|
||||
try{
|
||||
$message = $this->_decryptSmimeBody($message, $params['passphrase'] !='' ?
|
||||
$params['passphrase'] : Api\Cache::getSession('mail', 'smime_passphrase'));
|
||||
}
|
||||
catch(\Horde_Crypt_Exception $e)
|
||||
{
|
||||
throw new Mail\Smime\PassphraseMissing(lang('Could not decrypt S/MIME data. This message may not be encrypted by your public key.'));
|
||||
}
|
||||
$metadata['encrypted'] = true;
|
||||
}
|
||||
|
||||
try {
|
||||
$cert = $this->smime->verify($message);
|
||||
$cert = $this->smime->verifySignature($message);
|
||||
} catch (\Exception $ex) {
|
||||
// passphrase is required to decrypt the message
|
||||
if (isset($message['password_required']))
|
||||
|
@ -39,6 +39,7 @@ class Smime extends Horde_Crypt_Smime
|
||||
static $SMIME_SIGNATURE_ONLY_TYPES = array (
|
||||
'application/x-pkcs7-signature',
|
||||
'application/pkcs7-signature',
|
||||
'multipart/signed'
|
||||
);
|
||||
|
||||
/**
|
||||
@ -180,4 +181,20 @@ class Smime extends Horde_Crypt_Smime
|
||||
return Horde_Mime_Part::parseMessage(parent::extractSignedContents($data), array('forcemime' => true));
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify a signature
|
||||
*
|
||||
* @param type $message
|
||||
* @return type
|
||||
*/
|
||||
public function verifySignature($message)
|
||||
{
|
||||
$cert_locations = openssl_get_cert_locations();
|
||||
$certs = array();
|
||||
foreach (scandir($cert_locations['default_cert_dir']) as &$file)
|
||||
{
|
||||
if (!is_dir($cert_locations['default_cert_dir'].'/'.$file)) $certs[]= $cert_locations['default_cert_dir'].'/'.$file;
|
||||
}
|
||||
return $this->verify($message, $certs);
|
||||
}
|
||||
}
|
||||
|
@ -3070,7 +3070,12 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
|
||||
{
|
||||
if ($smimePassphrase)
|
||||
{
|
||||
Api\Cache::setSession('mail', 'smime_passphrase', $smimePassphrase);
|
||||
if ($this->mail_bo->mailPreferences['smime_pass_exp'] != $_POST['smime_pass_exp'])
|
||||
{
|
||||
$GLOBALS['egw']->preferences->add('mail', 'smime_pass_exp', $_POST['smime_pass_exp']);
|
||||
$GLOBALS['egw']->preferences->save_repository();
|
||||
}
|
||||
Api\Cache::setSession('mail', 'smime_passphrase', $smimePassphrase, $_POST['smime_pass_exp'] * 60);
|
||||
}
|
||||
$structure = $this->mail_bo->getStructure($uid, $partID, $mailbox, false);
|
||||
if (($smime = $structure->getMetadata('X-EGroupware-Smime')))
|
||||
@ -3092,7 +3097,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
|
||||
{
|
||||
self::callWizard($e->getMessage().' '.lang('Please configure your S/MIME private key in Encryption tab located at Edit Account dialog.'));
|
||||
}
|
||||
|
||||
Framework::message($e->getMessage());
|
||||
// do NOT include any default CSS
|
||||
$smimeHtml = $this->get_email_header().
|
||||
'<div class="smime-message">'.lang("This message is smime encrypted and password protected.").'</div>'.
|
||||
@ -3102,7 +3107,10 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
|
||||
'<input type="password" placeholder="'.lang("Please enter password").'" name="smime_passphrase"/>'.
|
||||
'<input type="submit" value="'.lang("submit").'"/>'.
|
||||
'</div>'.
|
||||
'</form>';
|
||||
'<div style="top:47%;margin-left:-15px;">'.
|
||||
lang("Remember the password for ").'<input name="smime_pass_exp" type="number" max="60" min="1" placeholder="10" value="'.$this->mail_bo->mailPreferences['smime_pass_exp'].'"/> '.lang("minutes.").
|
||||
'</div>'.
|
||||
'</form>';
|
||||
return $smimeHtml;
|
||||
}
|
||||
$calendar_part = null;
|
||||
|
@ -998,8 +998,10 @@ app.classes.mail = AppJS.extend(
|
||||
default:
|
||||
widget.set_disabled(true);
|
||||
}
|
||||
|
||||
this.smime_clear_flags([jQuery(widget.getDOMNode())]);
|
||||
}
|
||||
|
||||
this.smime_clear_flags([jQuery('#mail-index_mailPreviewContainer')]);
|
||||
// Blank first, so we don't show previous email while loading
|
||||
var IframeHandle = this.et2.getWidgetById('messageIFRAME');
|
||||
IframeHandle.set_src('about:blank');
|
||||
@ -5815,12 +5817,36 @@ app.classes.mail = AppJS.extend(
|
||||
if (attachmentArea) attachmentArea.getDOMNode().classList.remove('loading');
|
||||
var smime_signature = this.et2.getWidgetById('smime_signature');
|
||||
var smime_encryption = this.et2.getWidgetById('smime_encryption');
|
||||
var $mail_container = egw(window).is_popup() ?
|
||||
jQuery('.mailDisplayContainer'):
|
||||
jQuery(this.et2.getWidgetById('mailPreviewContainer').getDOMNode());
|
||||
|
||||
smime_signature.set_disabled(!_data.signed);
|
||||
smime_encryption.set_disabled(!_data.encrypted);
|
||||
if (!_data.signed)
|
||||
{
|
||||
this.smime_clear_flags([$mail_container]);
|
||||
}
|
||||
else if (_data.verify)
|
||||
{
|
||||
$mail_container.addClass('smime_cert_verified');
|
||||
smime_signature.set_class('smime_cert_verified');
|
||||
}
|
||||
else if (!_data.verify)
|
||||
{
|
||||
$mail_container.addClass('smime_cert_notverified');
|
||||
smime_signature.set_class('smime_cert_notverified');
|
||||
smime_signature.set_statustext(_data.msg);
|
||||
}
|
||||
},
|
||||
|
||||
smime_clear_flags: function (_nodes)
|
||||
{
|
||||
for(var i=0;i<_nodes.length;i++)
|
||||
{
|
||||
var smime_classes = 'smime_cert_verified smime_cert_notverified';
|
||||
_nodes[i].removeClass(smime_classes);
|
||||
}
|
||||
|
||||
smime_signature.set_disabled(!_data.signed);
|
||||
smime_encryption.set_disabled(!_data.encrypted);
|
||||
if (!_data.verify)
|
||||
{
|
||||
smime_signature.set_statustext(_data.msg);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
@ -911,4 +911,23 @@ div.mailComposeHeaderSection>table {
|
||||
#mail-compose_mailaccount {max-width: 100% !important;}
|
||||
|
||||
.header_row_right.vertical_splitter {float:left;}
|
||||
.header_row_right.vertical_splitter div#mail-index_mail-index-vacationnotice .et2_vbox {margin-right: 0;}
|
||||
.header_row_right.vertical_splitter div#mail-index_mail-index-vacationnotice .et2_vbox {margin-right: 0;}
|
||||
|
||||
div.smime_cert_notverified {
|
||||
border-top: 4px solid lightgreen !important;
|
||||
}
|
||||
img.smime_cert_notverified {
|
||||
background: lightgreen !important;
|
||||
}
|
||||
div.smime_cert_verified {
|
||||
border-top: 4px solid green;
|
||||
}
|
||||
img.smime_cert_verified {
|
||||
background: green;
|
||||
}
|
||||
div.smime_cert_notvalid {
|
||||
border-top: 4px solid red;
|
||||
}
|
||||
img.smime_cert_notvalid {
|
||||
background: red;
|
||||
}
|
@ -901,6 +901,24 @@ div.mailComposeHeaderSection > table {
|
||||
.header_row_right.vertical_splitter div#mail-index_mail-index-vacationnotice .et2_vbox {
|
||||
margin-right: 0;
|
||||
}
|
||||
div.smime_cert_notverified {
|
||||
border-top: 4px solid lightgreen !important;
|
||||
}
|
||||
img.smime_cert_notverified {
|
||||
background: lightgreen !important;
|
||||
}
|
||||
div.smime_cert_verified {
|
||||
border-top: 4px solid green;
|
||||
}
|
||||
img.smime_cert_verified {
|
||||
background: green;
|
||||
}
|
||||
div.smime_cert_notvalid {
|
||||
border-top: 4px solid red;
|
||||
}
|
||||
img.smime_cert_notvalid {
|
||||
background: red;
|
||||
}
|
||||
#popupMainDiv {
|
||||
padding: 5px;
|
||||
}
|
||||
|
@ -889,6 +889,24 @@ div.mailComposeHeaderSection > table {
|
||||
.header_row_right.vertical_splitter div#mail-index_mail-index-vacationnotice .et2_vbox {
|
||||
margin-right: 0;
|
||||
}
|
||||
div.smime_cert_notverified {
|
||||
border-top: 4px solid lightgreen !important;
|
||||
}
|
||||
img.smime_cert_notverified {
|
||||
background: lightgreen !important;
|
||||
}
|
||||
div.smime_cert_verified {
|
||||
border-top: 4px solid green;
|
||||
}
|
||||
img.smime_cert_verified {
|
||||
background: green;
|
||||
}
|
||||
div.smime_cert_notvalid {
|
||||
border-top: 4px solid red;
|
||||
}
|
||||
img.smime_cert_notvalid {
|
||||
background: red;
|
||||
}
|
||||
#popupMainDiv {
|
||||
padding: 5px;
|
||||
}
|
||||
|
@ -76,7 +76,7 @@ body {
|
||||
select {margin-top: 9px;}
|
||||
} // Ende Filter
|
||||
} // Ende Header
|
||||
|
||||
|
||||
// Bilder in den Listen
|
||||
tr.mail td img {
|
||||
max-height: 50px;
|
||||
|
Loading…
Reference in New Issue
Block a user