diff options
Diffstat (limited to 'rt/share/html/Ticket/Elements/ShowGnuPGStatus')
| -rw-r--r-- | rt/share/html/Ticket/Elements/ShowGnuPGStatus | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/rt/share/html/Ticket/Elements/ShowGnuPGStatus b/rt/share/html/Ticket/Elements/ShowGnuPGStatus new file mode 100644 index 000000000..08814aafc --- /dev/null +++ b/rt/share/html/Ticket/Elements/ShowGnuPGStatus @@ -0,0 +1,177 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC +%# <jesse@bestpractical.com> +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +<table class="crypt-runs"> +<tr><td align="right" class="labeltop" rowspan="<% scalar @messages %>">GnuPG:</td> +<td><% shift @messages %></td></tr> + +% foreach my $msg( @messages ) { +<tr><td><% $msg %></td></tr> +% } +</table> +<%ARGS> +$Attachment +$WarnUnsigned => undef +$Reverify => 1 +</%ARGS> +<%INIT> +my @runs; +my $needs_unsigned_warning = $WarnUnsigned; + +foreach ( $Attachment->SplitHeaders ) { + if ( s/^X-RT-GnuPG-Status:\s*//i ) { + require RT::Crypt::GnuPG; + push @runs, [ RT::Crypt::GnuPG::ParseStatus( $_ ) ]; + } + + $needs_unsigned_warning = 0 if /^X-RT-Incoming-Signature:/; + + # if this is not set, then the email is generated by RT, and so we don't + # need "email is unsigned" warnings + $needs_unsigned_warning = 0 if not /^Received:/; +} + +return unless @runs or $needs_unsigned_warning; + +my $reverify_cb = sub { + my $top = shift; + + my $txn = $top->TransactionObj; + unless ( $txn && $txn->id ) { + return (0, "Couldn't get transaction of attachment #". $top->id); + } + + my $attachments = $txn->Attachments->Clone; + $attachments->Limit( FIELD => 'ContentType', VALUE => 'application/x-rt-original-message' ); + my $original = $attachments->First; + unless ( $original ) { + return (0, "Couldn't find attachment with original email of transaction #". $txn->id); + } + + my $parser = RT::EmailParser->new(); + $parser->SmartParseMIMEEntityFromScalar( + Message => $original->Content, + Decode => 0, + Exact => 1, + ); + my $entity = $parser->Entity; + unless ( $entity ) { + return (0, "Couldn't parse content of attachment #". $original->id); + } + + use RT::Interface::Email::Auth::GnuPG; + my ($status, @res) = RT::Interface::Email::Auth::GnuPG::VerifyDecrypt( Entity => $entity ); + if ( $status && !@res ) { + # imposible in this situation + return (0, "Content of attachment #". $original->id ." is not signed and/or encrypted"); + } + elsif ( @res ) { + require RT::Crypt::GnuPG; + + $top->DelHeader('X-RT-GnuPG-Status'); + $top->AddHeader(map { ('X-RT-GnuPG-Status' => $_->{'status'} ) } @res); + $top->SetHeader('X-RT-Privacy' => 'PGP' ); + $top->DelHeader('X-RT-Incoming-Signature'); + + my @status = RT::Crypt::GnuPG::ParseStatus( $res[0]->{'status'} ); + for ( @status ) { + if ( $_->{'Operation'} eq 'Verify' && $_->{'Status'} eq 'DONE' ) { + $top->AddHeader( 'X-RT-Incoming-Signature' => $_->{'UserString'} ); + $needs_unsigned_warning = 0; + } + } + } + return (1, "Reverified original message"); +}; + +my @messages; +foreach my $run ( @runs ) { + foreach my $line ( @$run ) { + if ( $line->{'Operation'} eq 'KeyCheck' ) { + next unless $Reverify; + # if a public key was missing during verification then we want try again + next unless $line->{'KeyType'} eq 'public' && $line->{'Status'} eq 'MISSING'; + + # but only if we have key + my %key = RT::Crypt::GnuPG::GetPublicKeyInfo( $line->{'Key'} ); + if ( $key{'info'} ) { + my ($status, $msg) = $reverify_cb->($Attachment); + unless ($status) { + $RT::Logger->error($msg); + } else { + return $m->comp('SELF', %ARGS, Reverify => 0); + } + } + else { + push @messages, loc( "Public key '0x[_1]' is required to verify signature", $line->{'Key'} ); + } + } + elsif ( $line->{'Operation'} eq 'PassphraseCheck' ) { + next if $line->{'Status'} eq 'DONE'; + push @messages, loc( $line->{'Message'} ); + } + elsif ( $line->{'Operation'} eq 'Decrypt' ) { + push @messages, loc( $line->{'Message'} ); + } + elsif ( $line->{'Operation'} eq 'Verify' ) { + push @messages, loc( $line->{'Message'} ); + } + else { + next if $line->{'Status'} eq 'DONE'; + push @messages, loc( $line->{'Message'} ); + } + } +} + +push @messages, loc('Warning! This is NOT signed!') + if $needs_unsigned_warning; +return unless @messages; + +my %seen; +@messages = grep !$seen{$_}++, @messages; + +</%INIT> |