From a3562129b03b580fc42937cf6781d2b9f8600f74 Mon Sep 17 00:00:00 2001 From: Hadi Nategh Date: Thu, 19 Jan 2017 18:52:28 +0100 Subject: [PATCH] W.I.P of SMIME support for mail application: - Resolve smime p7b attachment and translate it to PEM format - Assign a button to show the message is signed plus handler for showing the certificate - Fix Smime class to only use php openssl extension --- api/src/Mail/Smime.php | 52 ++------------------ mail/inc/class.mail_ui.inc.php | 78 +++++++++++++++++++++++++++++- mail/js/app.js | 13 +++++ mail/templates/default/display.xet | 1 + mail/templates/default/index.xet | 5 ++ 5 files changed, 99 insertions(+), 50 deletions(-) diff --git a/api/src/Mail/Smime.php b/api/src/Mail/Smime.php index ec9ce15f64..92bd49e0fc 100644 --- a/api/src/Mail/Smime.php +++ b/api/src/Mail/Smime.php @@ -13,8 +13,6 @@ namespace EGroupware\Api\Mail; use EGroupware\Api; -use Horde_Crypt_Exception; -use Horde_Crypt_Translation; use Horde_Crypt_Smime; /** @@ -23,13 +21,6 @@ use Horde_Crypt_Smime; class Smime extends Horde_Crypt_Smime { - /** - * openssl binary path - * - * @var string - */ - protected $sslpath; - static $SMIME_TYPES = array ( 'application/pkcs8', 'application/pkcs7', @@ -37,7 +28,9 @@ class Smime extends Horde_Crypt_Smime 'application/pkcs8', 'multipart/signed', 'application/x-pkcs7-signature', - 'application/x-pkcs7-mime' + 'application/x-pkcs7-mime', + 'application/pkcs7-mime', + 'application/pkcs7-signature', ); /** * Constructor. @@ -47,8 +40,6 @@ class Smime extends Horde_Crypt_Smime public function __construct($params = array()) { parent::__construct($params); - $mailconfig = Api\Config::read('mail'); - $this->sslpath = $mailconfig['opensslpath']? $mailconfig['opensslpath']: ''; } /** @@ -78,41 +69,4 @@ class Smime extends Horde_Crypt_Smime } return true; } - - /** - * Extract Certificates from given PKCS7 data - * - * @param string $pkcs7 - * @return string returns - * @throws Horde_Crypt_Exception - */ - public function extractCerticatesFromPKCS7 ($pkcs7) - { - $this->checkForOpenSSL(); - - // Create temp file for input - $input = $this->_createTempFile('smime-pkcs7'); - $output = $this->_createTempFile('smime-pkcs7-out'); - /* Write text to file. */ - file_put_contents($input, $pkcs7); - - exec($this->sslpath . ' pkcs7 -print_certs -inform der -in ' . $input . ' -outform PEM -out ' . $output); - - $ret = file_get_contents($output); - - if ($ret) return $ret; - throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("OpenSSL error: Could not extract certificates from pkcs7 part.")); - } - - /** - * Extract the contents from signed S/MIME data. - * - * @param string $data The signed S/MIME data. - * - * @return string The contents embedded in the signed data. - * @throws Horde_Crypt_Exception - */ - public function extractSignedContents ($data) { - return parent::extractSignedContents($data, $this->sslpath); - } } diff --git a/mail/inc/class.mail_ui.inc.php b/mail/inc/class.mail_ui.inc.php index f1901fe5c5..23339ff9cf 100644 --- a/mail/inc/class.mail_ui.inc.php +++ b/mail/inc/class.mail_ui.inc.php @@ -1546,7 +1546,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2); if (empty($rowsFetched['messages'])) $rowsFetched['messages'] = $rowsFetched['rowsFetched']; //error_log(__METHOD__.__LINE__.' Rows fetched:'.$rowsFetched.' Data:'.array2string($sortResult)); - $cols = array('row_id','uid','status','attachments','subject','address','toaddress','fromaddress','ccaddress','additionaltoaddress','date','size','modified','bodypreview'); + $cols = array('row_id','uid','status','attachments','subject','address','toaddress','fromaddress','ccaddress','additionaltoaddress','date','size','modified','bodypreview', 'security'); if ($GLOBALS['egw_info']['user']['preferences']['common']['select_mode']=='EGW_SELECTMODE_TOGGLE') unset($cols[0]); $rows = $mail_ui->header2gridelements($sortResult['header'],$cols, $_folderName, $folderType=$toSchema); //error_log(__METHOD__.__LINE__.array2string($rows)); @@ -1878,6 +1878,16 @@ $filter['before']= date("d-M-Y", $cutoffdate2); { $data["bodypreview"] = $header['bodypreview']; } + if (is_array($data['attachmentsBlock'])) + { + foreach ($data['attachmentsBlock'] as &$attch) + { + if (Mail\Smime::isSmime($attch['mimetype'])) + { + $data['smimeSigUrl'] = $attch['mime_url']; + } + } + } $rv[] = $data; //error_log(__METHOD__.__LINE__.array2string($data)); } @@ -1996,6 +2006,22 @@ $filter['before']= date("d-M-Y", $cutoffdate2); // we do NOT want to see those, that are embedded in the list of attachments if ($htmlOptions !='always_display') $fetchEmbeddedImages = true; $attachments = $this->mail_bo->getMessageAttachments($uid, $partID, null, $fetchEmbeddedImages,true,true,$mailbox); + + $smimeData = $this->resolveSmimeAttachment ($attachments, $uid, $partID, $mailbox, $rowID); + if (is_array($smimeData)) + { + $error_msg[] = $smimeData['msg']; + $linkData = array + ( + 'menuaction' => 'mail.mail_ui.getAttachment', + 'id' => $rowID, + 'part' => $smimeData['partID'], + 'is_winmail' => false, + 'mailbox' => base64_encode($mailbox) + ); + $content['smimeSigUrl'] = Egw::link('/index.php',$linkData); + } + //error_log(__METHOD__.__LINE__.array2string($attachments)); $attachmentHTMLBlock = self::createAttachmentBlock($attachments, $rowID, $uid, $mailbox); @@ -2065,6 +2091,47 @@ $filter['before']= date("d-M-Y", $cutoffdate2); $etpl->exec('mail.mail_ui.displayMessage',$content,$sel_options,$readonlys,$preserv,2); } + /** + * Resolve certificate from smime attachment + * + * @param array &$attachments + * @param int $_uid + * @param int $_partID + * @param string $_mailbox + * @return array + */ + function resolveSmimeAttachment (&$attachments, $_uid, $_partID, $_mailbox) + { + $smime = new Mail\Smime; + + foreach ($attachments as $key => $attachment) + { + if (Mail\Smime::isSmime($attachment['mimeType'])) + { + $message = $this->mail_bo->getMessageRawBody($_uid,$_partID,$_mailbox); + $cert = $smime->verify($message); + $data = array ( + 'verify' => $cert->verify, + 'cert' => $cert->cert, + 'msg' => $cert->msg, + 'certHtml' => $smime->certToHTML($cert->cert), + 'partID' => $attachment['partID'] + ); + unset ($attachments[$key]); + } + } + + return $data; + } + + function getSmimeCert () + { + if (isset($_GET['id'])) $id = $_GET['id']; + if (isset($_GET['partID'])) $partID = $_GET['partid']; + $cert = $this->resolveSmimeAttachment($attachments, $id, $partID, $mailbox); + echo ($cert); + } + /** * Build actions for display toolbar */ @@ -2500,6 +2567,15 @@ $filter['before']= date("d-M-Y", $cutoffdate2); } //Import failed, download content anyway } + // Display smime certificate + if (Mail\Smime::isSmime($attachment['type'])) + { + $smimeAttachments = array ( array('mimeType' => $attachment['type'] )); + $smime = $this->resolveSmimeAttachment($smimeAttachments, $uid, 0, $mailbox); + Api\Header\Content::safe($smime['certHtml'], '', $attachment['type'], $size=0, false, true); + echo $smime['certHtml']; + exit(); + } } //error_log(__METHOD__.__LINE__.'->'.array2string($attachment)); $filename = ($attachment['name']?$attachment['name']:($attachment['filename']?$attachment['filename']:$mailbox.'_uid'.$uid.'_part'.$part)); diff --git a/mail/js/app.js b/mail/js/app.js index 7e690e3a61..b0f75ae9a6 100644 --- a/mail/js/app.js +++ b/mail/js/app.js @@ -5504,5 +5504,18 @@ app.classes.mail = AppJS.extend( }); }); + }, + + /** + * Open smime certificate + * + * @param {type} egw + * @param {type} widget + * @returns {undefined} + */ + smimeSigBtn: function (egw, widget) + { + var url = this.et2.getArrayMgr("content").getEntry('smimeSigUrl'); + window.egw.openPopup(url,'700','400'); } }); diff --git a/mail/templates/default/display.xet b/mail/templates/default/display.xet index ce85a64f9b..3f6b133d68 100644 --- a/mail/templates/default/display.xet +++ b/mail/templates/default/display.xet @@ -17,6 +17,7 @@ + diff --git a/mail/templates/default/index.xet b/mail/templates/default/index.xet index 7592623119..9d498ced4a 100644 --- a/mail/templates/default/index.xet +++ b/mail/templates/default/index.xet @@ -84,6 +84,7 @@ + @@ -96,6 +97,7 @@ + @@ -110,6 +112,9 @@ + + +