From 9fff809d906dcf6d588461e7228d6a4ab326a25c Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 10 Apr 2018 13:15:09 +0200 Subject: [PATCH] * EMail/sMime: allow non-admin users to upload their keys --- admin/inc/class.admin_mail.inc.php | 82 +++++++++++++++--------- admin/js/app.js | 2 +- admin/templates/default/mailaccount.xet | 12 ++-- admin/templates/default/smimeCertGen.xet | 39 +++++++++++ mail/inc/class.mail_ui.inc.php | 6 +- mail/templates/default/smimeCertGen.xet | 5 +- 6 files changed, 102 insertions(+), 44 deletions(-) create mode 100644 admin/templates/default/smimeCertGen.xet diff --git a/admin/inc/class.admin_mail.inc.php b/admin/inc/class.admin_mail.inc.php index db183ed356..54003c46d4 100644 --- a/admin/inc/class.admin_mail.inc.php +++ b/admin/inc/class.admin_mail.inc.php @@ -1,13 +1,12 @@ - * @copyright (c) 2013-16 by Ralf Becker + * @author Ralf Becker + * @copyright (c) 2013-18 by Ralf Becker * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License - * @version $Id$ */ use EGroupware\Api; @@ -1031,30 +1030,7 @@ class admin_mail // SMIME SAVE if (isset($content['smimeKeyUpload'])) { - $smime = new Mail\Smime; - $content['acc_smime_username'] = $smime->getEmailFromKey($content['smime_cert']); - $AB_bo = new addressbook_bo(); - if (($pkcs12 = file_get_contents($content['smimeKeyUpload']['tmp_name']))) - { - $cert_info = Mail\Smime::extractCertPKCS12($pkcs12, $content['smime_pkcs12_password']); - if (is_array($cert_info)) - { - $content['acc_smime_password'] = $pkcs12; - $content['smime_cert'] = $cert_info['cert']; - if ($content['smime_cert']) - { - $content['acc_smime_username'] = $smime->getEmailFromKey($content['smime_cert']); - $AB_bo = new addressbook_bo(); - $AB_bo->set_smime_keys(array( - $content['acc_smime_username'] => $content['smime_cert'] - )); - } - } - else - { - $tpl->set_validation_error('smimeKeyUpload', lang('Could not extract private key from given p12 file. Either the p12 file is broken or password is wrong!')); - } - } + self::save_smime_key($content, $tpl, $content['called_for']); } self::fix_account_id_0($content['account_id'], true); $content = Mail\Account::write($content, $content['called_for'] || !$this->is_admin ? @@ -1117,6 +1093,11 @@ class admin_mail $content['mailForwardingAddress'], $content['forwardOnly'] ? null : 'yes'); } + // smime (private) key uploaded by user himself + if (!empty($content['smimeKeyUpload'])) + { + self::save_smime_key($content, $tpl); + } } } catch (Horde_Imap_Client_Exception $e) @@ -1167,7 +1148,7 @@ class admin_mail } // SMIME UPLOAD/DELETE/EXPORT control $content['hide_smime_upload'] = false; - if (!empty($content['acc_smime_password'])) + if (isset($content['acc_smime_password'])) { if (!empty($content['smime_delete_p12']) && Mail\Credentials::delete ( @@ -1181,6 +1162,9 @@ class admin_mail } else { + // do NOT send smime private key to client side, it's unnecessary and binary blob breaks json encoding + $content['acc_smime_password'] = ''; + $content['hide_smime_upload'] = true; } } @@ -1203,8 +1187,10 @@ class admin_mail $readonlys['button[cancel]'] = false; // allow to edit notification-folders $readonlys['button[save]'] = $readonlys['button[apply]'] = - $readonlys['notify_folders'] = $readonlys['notify_use_default'] = - $readonlys['smimeKeyUpload'] = $readonlys['smime_pkcs12_password']= false; + $readonlys['notify_folders'] = $readonlys['notify_use_default'] = false; + // allow to edit sMime stuff + $readonlys['smimeGenerate'] = $readonlys['smimeKeyUpload'] = $readonlys['smime_pkcs12_password'] = + $readonlys['smime_export_p12'] = $readonlys['smime_delete_p12'] = false; } $sel_options['acc_imap_ssl'] = $sel_options['acc_sieve_ssl'] = @@ -1379,6 +1365,38 @@ class admin_mail $tpl->exec(static::APP_CLASS.'edit', $content, $sel_options, $readonlys, $content, 2); } + /** + * Saves the smime key + * + * @param array $content + * @param Etemplate $tpl + * @param int $account_id =null account to save smime key for, default current user + */ + private static function save_smime_key(array $content, Etemplate $tpl, $account_id=null) + { + if (($pkcs12 = file_get_contents($content['smimeKeyUpload']['tmp_name']))) + { + $cert_info = Mail\Smime::extractCertPKCS12($pkcs12, $content['smime_pkcs12_password']); + if (is_array($cert_info) && !empty($cert_info['cert'])) + { + // save public key + $smime = new Mail\Smime; + $email = $smime->getEmailFromKey($cert_info['cert']); + $AB_bo = new addressbook_bo(); + $AB_bo->set_smime_keys(array( + $email => $cert_info['cert'] + )); + // save private key + if (!isset($account_id)) $account_id = $GLOBALS['egw_info']['user']['account_id']; + Mail\Credentials::write($content['acc_id'], $email, $pkcs12, Mail\Credentials::SMIME, $account_id); + } + else + { + $tpl->set_validation_error('smimeKeyUpload', lang('Could not extract private key from given p12 file. Either the p12 file is broken or password is wrong!')); + } + } + } + /** * Replace 0 with '' or back * diff --git a/admin/js/app.js b/admin/js/app.js index 0c143e7f16..0539791cb3 100644 --- a/admin/js/app.js +++ b/admin/js/app.js @@ -1269,7 +1269,7 @@ app.classes.admin = AppJS.extend( content:{ value: '' }}, - template: egw.webserverUrl+'/mail/templates/default/smimeCertGen.xet', + template: egw.webserverUrl+'/mail/templates/default/smimeCertGen.xet?'+Date.now(), resizable: false, position: 'left top' }, et2_dialog._create_parent('mail')); diff --git a/admin/templates/default/mailaccount.xet b/admin/templates/default/mailaccount.xet index 53c37f0bf7..e06dfc0ebf 100644 --- a/admin/templates/default/mailaccount.xet +++ b/admin/templates/default/mailaccount.xet @@ -297,19 +297,21 @@ - + - + + - + diff --git a/admin/templates/default/smimeCertGen.xet b/admin/templates/default/smimeCertGen.xet new file mode 100644 index 0000000000..741a528a4a --- /dev/null +++ b/admin/templates/default/smimeCertGen.xet @@ -0,0 +1,39 @@ + + + + + + diff --git a/mail/inc/class.mail_ui.inc.php b/mail/inc/class.mail_ui.inc.php index 069ee89a58..5d0cff3063 100644 --- a/mail/inc/class.mail_ui.inc.php +++ b/mail/inc/class.mail_ui.inc.php @@ -2261,14 +2261,14 @@ $filter['before']= date("d-M-Y", $cutoffdate2); $smime = new Mail\Smime(); $response = Api\Json\Response::get(); // fields need to be excluded from data - $discards = array ('passphrase', 'passphraseConf', 'ca'); + $discards = array ('passphrase', 'passphraseConf', 'ca', 'validity'); $ca = $_data['ca']; $passphrase = $_data['passphrase']; - foreach ($_data as $key => $val) + foreach (array_keys($_data) as $key) { if (empty($_data[$key]) || in_array($key, $discards)) unset($_data[$key]); } - $response->data($smime->generate_certificate($_data, $ca, null, $passphrase)); + $response->data($smime->generate_certificate($_data, $ca, null, $passphrase, $_data['validity'])); } /** diff --git a/mail/templates/default/smimeCertGen.xet b/mail/templates/default/smimeCertGen.xet index 741a528a4a..53c90566d0 100644 --- a/mail/templates/default/smimeCertGen.xet +++ b/mail/templates/default/smimeCertGen.xet @@ -1,6 +1,5 @@ -