diff options
Diffstat (limited to 'rt/share/html/Elements/Crypt')
| -rw-r--r-- | rt/share/html/Elements/Crypt/KeyIssues | 94 | ||||
| -rw-r--r-- | rt/share/html/Elements/Crypt/SelectKeyForEncryption | 80 | ||||
| -rw-r--r-- | rt/share/html/Elements/Crypt/SelectKeyForSigning | 67 | ||||
| -rw-r--r-- | rt/share/html/Elements/Crypt/SignEncryptWidget | 188 |
4 files changed, 429 insertions, 0 deletions
diff --git a/rt/share/html/Elements/Crypt/KeyIssues b/rt/share/html/Elements/Crypt/KeyIssues new file mode 100644 index 000000000..35c12641e --- /dev/null +++ b/rt/share/html/Elements/Crypt/KeyIssues @@ -0,0 +1,94 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC +%# <sales@bestpractical.com> +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +% if ( @$Issues || @$SignAddresses ) { +<div class="results"> +<&| /Widgets/TitleBox, title => loc('[_1] issues', RT->Config->Get('Crypt')->{'Outgoing'}) &> + +% if ( @$SignAddresses ) { +<% loc("The system is unable to sign outgoing email messages. This usually indicates that the passphrase was mis-set, or that GPG Agent is down. Please alert your system administrator immediately. The problem addresses are:") %> +<ul> +% for my $address (@$SignAddresses) { + <li><% $address %></li> +% } +</ul> +% } + +% if (@$Issues == 1) { +<% loc("You are going to encrypt outgoing email messages, but there is a problem with a recipient's public key/certificate. You have to fix the problem with the key/certificate, disable sending a message to that recipient, or disable encryption.") %> +% } elsif (@$Issues > 1) { +<% loc("You are going to encrypt outgoing email messages, but there are problems with recipients' public keys/certificates. You have to fix the problems with the keys/certificates, disable sending a message to the recipients with problems, or disable encryption.") %> +% } + +<ul> +% foreach my $issue ( @$Issues ) { +<li> +% if ( $issue->{'User'} ) { +User <a href="<% RT->Config->Get('WebPath') %>/Admin/Users/Modify.html?id=<% $issue->{'User'}->id %>"><&/Elements/ShowUser, User => $issue->{'User'} &></a> has a problem. +% } else { +There is a problem with key/certificate(s) for address <% $issue->{'EmailAddress'} %>, but there is no user in the DB for this address. +% } +<% $issue->{'Message'} %> +<br /> +Select a key/certificate you want to use for encryption: +<& /Elements/Crypt/SelectKeyForEncryption, + Name => 'UseKey-'. $issue->{'EmailAddress'}, + EmailAddress => $issue->{'EmailAddress'}, + Default => ( $issue->{'User'}? $issue->{'User'}->PreferredKey : undef ), +&> +</li> +% } +</ul> +</&> +</div> +% } + +<%ARGS> +$Issues => [] +$SignAddresses => [] +</%ARGS> + diff --git a/rt/share/html/Elements/Crypt/SelectKeyForEncryption b/rt/share/html/Elements/Crypt/SelectKeyForEncryption new file mode 100644 index 000000000..2bf79bc4d --- /dev/null +++ b/rt/share/html/Elements/Crypt/SelectKeyForEncryption @@ -0,0 +1,80 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC +%# <sales@bestpractical.com> +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +% if (!@keys) { +<% loc("No usable keys.") %> +% } else { +<select name="<% $Name %>"> +% foreach my $key (@keys) { +<option value="<% $key->{'Fingerprint'} %>"><% $key->{'Formatted'} %> <% loc("(trust: [_1])", $key->{'TrustTerse'}) %></option> +% } +</select> +% } + +<%INIT> +my $d; + +my %res = RT::Crypt->GetKeysForEncryption($EmailAddress); +# move the preferred key to the top of the list +my @keys = map { + $_->{'Fingerprint'} eq ( $Default || '' ) + ? do { $d = $_; () } + : $_ + } + @{ $res{'info'} }; + +@keys = sort { $b->{'TrustLevel'} <=> $a->{'TrustLevel'} } @keys; + +unshift @keys, $d if defined $d; + +</%INIT> +<%ARGS> +$Name => 'PreferredKey' +$EmailAddress => undef +$Default => undef +</%ARGS> + diff --git a/rt/share/html/Elements/Crypt/SelectKeyForSigning b/rt/share/html/Elements/Crypt/SelectKeyForSigning new file mode 100644 index 000000000..bbd9bda84 --- /dev/null +++ b/rt/share/html/Elements/Crypt/SelectKeyForSigning @@ -0,0 +1,67 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC +%# <sales@bestpractical.com> +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +% if ( $user_key ) { +<select name="<% $Name %>"> +<option value=""><% loc("Queue's key") %></option> +<option value="<% $user_key %>"><% $user_key %></option> +</select> +% } else { +<% loc("Queue's key") %> +% } +<%ARGS> +$Name => 'SignUsing', +$User => undef, +</%ARGS> +<%INIT> +return unless RT->Config->Get('Crypt')->{'Enable'}; + +# XXX: Only GnuPG at this moment supports user's private keys +my $user_key; +$user_key = $User->PrivateKey + if RT->Config->Get('Crypt')->{'Outgoing'} eq 'GnuPG'; +</%INIT> diff --git a/rt/share/html/Elements/Crypt/SignEncryptWidget b/rt/share/html/Elements/Crypt/SignEncryptWidget new file mode 100644 index 000000000..33136f968 --- /dev/null +++ b/rt/share/html/Elements/Crypt/SignEncryptWidget @@ -0,0 +1,188 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC +%# <sales@bestpractical.com> +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +<table><tr> +% my $columnsplit = "</td><td>"; +% if ( RT->Config->Get('Crypt')->{'Outgoing'} eq 'GnuPG' ) { +<td><% loc( 'Sign[_1][_2] using [_3]', + $columnsplit, + $m->scomp('/Widgets/Form/Boolean:InputOnly', + Name => 'Sign', CurrentValue => $self->{'Sign'} + ), + $m->scomp('SelectKeyForSigning', User => $session{'CurrentUser'}->UserObj ), +) |n %></td> +% } else { +<td><% loc( 'Sign[_1][_2]', + $columnsplit, + $m->scomp('/Widgets/Form/Boolean:InputOnly', + Name => 'Sign', CurrentValue => $self->{'Sign'} + ), +) |n %></td> +% } + +<td><% loc('Encrypt')%></td> +<td><& /Widgets/Form/Boolean:InputOnly, Name => 'Encrypt', CurrentValue => $self->{'Encrypt'} &></td> +</tr></table> +<%ARGS> +$self => undef, +</%ARGS> +<%INIT> +return unless $self; +</%INIT> + +<%METHOD new> +<%ARGS> +$Arguments => {} +</%ARGS> +<%INIT> +return undef unless RT->Config->Get('Crypt')->{'Enable'}; +return { %$Arguments }; +</%INIT> +</%METHOD> + +<%METHOD ShowIssues> +<%ARGS> +$self => undef, +</%ARGS> +<%INIT> +return unless $self; + +return $m->comp( '/Elements/Crypt/KeyIssues', + Issues => $self->{'GnuPGRecipientsKeyIssues'} || [], + SignAddresses => $self->{'GnuPGCanNotSignAs'} || [], +); +</%INIT> +</%METHOD> + + +<%METHOD Process> +<%ARGS> +$self => undef +$QueueObj => undef +$TicketObj => undef +</%ARGS> +<%INIT> +return unless $self; + +$QueueObj ||= $TicketObj->QueueObj if $TicketObj; + +foreach ( qw(Sign Encrypt) ) { + $self->{ $_ } = $m->comp( '/Widgets/Form/Boolean:Process', + Name => $_, + DefaultValue => $QueueObj->$_, + Arguments => $self, + ); +} +</%INIT> +</%METHOD> + +<%METHOD Check> +<%ARGS> +$self => undef +$Operation => 'Update' +$TicketObj => undef +$QueueObj => undef +</%ARGS> +<%INIT> +return 1 unless $self; + +my $checks_failure = 0; + +if ( $self->{'Sign'} ) { + $QueueObj ||= $TicketObj->QueueObj + if $TicketObj; + + my $private = $session{'CurrentUser'}->UserObj->PrivateKey || ''; + my $queue = ($self->{'UpdateType'} && $self->{'UpdateType'} eq "private") + ? ( $QueueObj->CommentAddress || RT->Config->Get('CommentAddress') ) + : ( $QueueObj->CorrespondAddress || RT->Config->Get('CorrespondAddress') ); + + my $address = $self->{'SignUsing'} || $queue; + if ($address ne $private and $address ne $queue) { + push @{ $self->{'GnuPGCanNotSignAs'} ||= [] }, $address; + $checks_failure = 1; + } elsif ( not RT::Crypt->DrySign( Signer => $address ) ) { + push @{ $self->{'GnuPGCanNotSignAs'} ||= [] }, $address; + $checks_failure = 1; + } else { + RT::Crypt->UseKeyForSigning( $self->{'SignUsing'} ) + if $self->{'SignUsing'}; + } +} + +if ( $self->{'Encrypt'} ) { + + my @recipients; + + if ( $Operation eq 'Update' ) { + @recipients = $TicketObj->DryRun(%$self)->Recipients; + } + elsif ( $Operation eq 'Create' ) { + $TicketObj = RT::Ticket->new( $session{'CurrentUser'} ); + @recipients = $TicketObj->DryRunCreate(%$self)->Recipients; + } + else { + $RT::Logger->crit('Incorrect operation: '. $Operation ); + } + + my %seen; + @recipients = grep !$seen{ lc $_ }++, @recipients; + + RT::Crypt->UseKeyForEncryption( + map { (/^UseKey-(.*)$/)[0] => $self->{ $_ } } + grep $self->{ $_ } && /^UseKey-/, + keys %$self + ); + + my ($status, @issues) = RT::Crypt->CheckRecipients( @recipients ); + push @{ $self->{'GnuPGRecipientsKeyIssues'} ||= [] }, @issues; + $checks_failure = 1 unless $status; +} + +return $checks_failure ? 0 : 1; +</%INIT> +</%METHOD> |