W.I.P. smime support:

- Override verify method, in order to extract content
2024-11-22 16:03:47 +01:00 · 2017-04-11 14:24:22 +02:00 · 2017-04-11 14:24:22 +02:00 · fff5543d3d
commit fff5543d3d
parent 9eaf1f20ef
2 changed files with 95 additions and 3 deletions
--- a/api/src/Mail/Smime.php
+++ b/api/src/Mail/Smime.php
@ -170,4 +170,80 @@ class Smime extends Horde_Crypt_Smime
 			return false;
 		}
 	}
+
+	/**
+     * Verify a signature using via S/MIME.
+     *
+     * @param string $text  The multipart/signed data to be verified.
+     * @param mixed $certs  Either a single or array of root certificates.
+     *
+     * @return stdClass  Object with the following elements:
+     * <pre>
+     * cert - (string) The certificate of the signer stored in the message (in
+     *        PEM format).
+     * email - (string) The email of the signing person.
+     * msg - (string) Status string.
+     * verify - (boolean) True if certificate was verified.
+     * </pre>
+     * @throws Horde_Crypt_Exception
+	 *
+	 * 
+	 * @TODO: This method is overridden in order to extract content
+	 * from the signed message. There's a pull request opened for this
+	 * modification on horde github, https://github.com/horde/horde/pull/218
+	 * which in case that gets merged we need to remove this implementation.
+     */
+    public function verify($text, $certs)
+    {
+        /* Check for availability of OpenSSL PHP extension. */
+        $this->checkForOpenSSL();
+
+        /* Create temp files for input/output. */
+        $input = $this->_createTempFile('horde-smime');
+        $output = $this->_createTempFile('horde-smime');
+		$content = $this->_createTempFile('horde-smime');
+
+        /* Write text to file */
+        file_put_contents($input, $text);
+        unset($text);
+
+        $root_certs = array();
+        if (!is_array($certs)) {
+            $certs = array($certs);
+        }
+        foreach ($certs as $file) {
+            if (file_exists($file)) {
+                $root_certs[] = $file;
+            }
+        }
+
+        $ob = new stdClass;
+
+        if (!empty($root_certs) &&
+            (openssl_pkcs7_verify($input, 0, $output) === true)) {
+            /* Message verified */
+            $ob->msg = Horde_Crypt_Translation::t("Message verified successfully.");
+            $ob->verify = true;
+        } else {
+            /* Try again without verfying the signer's cert */
+            $result = openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output);
+
+            if ($result === -1) {
+                throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("Verification failed - an unknown error has occurred."));
+            } elseif ($result === false) {
+                throw new Horde_Crypt_Exception(Horde_Crypt_Translation::t("Verification failed - this message may have been tampered with."));
+            }
+
+            $ob->msg = Horde_Crypt_Translation::t("Message verified successfully but the signer's certificate could not be verified.");
+            $ob->verify = false;
+        }
+		if (openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output, array(), $output, $content))
+		{
+			$ob->content = file_get_contents($content);
+		}
+        $ob->cert = file_get_contents($output);
+        $ob->email = $this->getEmailFromKey($ob->cert);
+
+        return $ob;
+    }
 }
--- a/mail/inc/class.mail_ui.inc.php
+++ b/mail/inc/class.mail_ui.inc.php
@ -2012,7 +2012,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
 		if ($htmlOptions !='always_display') $fetchEmbeddedImages = true;
 		$attachments	= $this->mail_bo->getMessageAttachments($uid, $partID, null, $fetchEmbeddedImages,true,true,$mailbox);

-			$smimeData = $this->resolveSmimeAttachment ($attachments, $uid, $partID, $mailbox, $rowID);
+		$smimeData = $this->resolveSmimeAttachment ($attachments, $uid, $partID, $mailbox, '', $rowID);
 		if (is_array($smimeData))
 		{
 			$error_msg[] = $smimeData['msg'];
@ -2104,6 +2104,22 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
 		$etpl->exec('mail.mail_ui.displayMessage',$content,$sel_options,$readonlys,$preserv,2);
 	}

+	/**
+	 * Parse SMIME signed message
+	 *
+	 * @param string $_message signed message
+	 * @param type $_mailbox mailbox
+	 * @return array
+	 */
+	function parseSmimeSignedMessage ($_message, $_mailbox)
+	{
+		$structure = Horde_Mime_Part::parseMessage($_message, array('forcemime'=>true));
+		return array (
+			'attachments' => $this->mail_bo->getMessageAttachments('',null,$structure,true, false,true,$_mailbox),
+			'body' => $this->mail_bo->getMessageBody('', '', null, $structure, false, $_mailbox, $calendar_part = null)
+		);
+	}
+
 	/**
 	 * decrypt given smime encrypted message
 	 *
@ -2143,7 +2159,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
 	 * @param string $_passphrase
 	 * @return array
 	 */
-	function resolveSmimeAttachment (&$attachments, $_uid, $_partID, $_mailbox, $_passphrase='')
+	function resolveSmimeAttachment (&$attachments, $_uid, $_partID, $_mailbox, $_passphrase='', $_rowID)
 	{
 		$this->smime = new Mail\Smime;

@ -2170,7 +2186,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
 						'certHtml' => $this->smime->certToHTML($cert->cert),
 						'partID'   => $attachment['partID'],
 						'signed'   => true,
-						'message'  => $message
+						'message'  => $cert->content != "" ? $cert->content : $message
 					);

 				} catch (Exception $ex) {