+=head2 NiceHeaders
+
+Returns a multi-line string of the To, From, Cc, Date and Subject headers.
+
+=cut
+
+sub NiceHeaders {
+ my $self = shift;
+ my $hdrs = "";
+ my @hdrs = $self->_SplitHeaders;
+ while (my $str = shift @hdrs) {
+ next unless $str =~ /^(To|From|RT-Send-Cc|Cc|Bcc|Date|Subject):/i;
+ $hdrs .= $str . "\n";
+ $hdrs .= shift( @hdrs ) . "\n" while ($hdrs[0] =~ /^[ \t]+/);
+ }
+ return $hdrs;
+}
+
+=head2 Headers
+
+Returns this object's headers as a string. This method specifically
+removes the RT-Send-Bcc: header, so as to never reveal to whom RT sent a Bcc.
+We need to record the RT-Send-Cc and RT-Send-Bcc values so that we can actually send
+out mail. The mailing rules are separated from the ticket update code by
+an abstraction barrier that makes it impossible to pass this data directly.
+
+=cut
+
+sub Headers {
+ return join("\n", $_[0]->SplitHeaders);
+}
+
+=head2 EncodedHeaders
+
+Takes encoding as argument and returns the attachment's headers as octets in encoded
+using the encoding.
+
+This is not protection using quoted printable or base64 encoding.
+
+=cut
+
+sub EncodedHeaders {
+ my $self = shift;
+ my $encoding = shift || 'utf8';
+ return Encode::encode( $encoding, $self->Headers );
+}
+
+=head2 GetHeader $TAG
+
+Returns the value of the header Tag as a string. This bypasses the weeding out
+done in Headers() above.
+
+=cut
+
+sub GetHeader {
+ my $self = shift;
+ my $tag = shift;
+ foreach my $line ($self->_SplitHeaders) {
+ next unless $line =~ /^\Q$tag\E:\s+(.*)$/si;
+
+ #if we find the header, return its value
+ return ($1);
+ }
+
+ # we found no header. return an empty string
+ return undef;
+}
+
+=head2 DelHeader $TAG
+
+Delete a field from the attachment's headers.
+
+=cut
+
+sub DelHeader {
+ my $self = shift;
+ my $tag = shift;
+
+ my $newheader = '';
+ foreach my $line ($self->_SplitHeaders) {
+ next if $line =~ /^\Q$tag\E:\s+/i;
+ $newheader .= "$line\n";
+ }
+ return $self->__Set( Field => 'Headers', Value => $newheader);
+}
+
+=head2 AddHeader $TAG, $VALUE, ...
+
+Add one or many fields to the attachment's headers.
+
+=cut
+
+sub AddHeader {
+ my $self = shift;
+
+ my $newheader = $self->__Value( 'Headers' );
+ while ( my ($tag, $value) = splice @_, 0, 2 ) {
+ $value = $self->_CanonicalizeHeaderValue($value);
+ $newheader .= "$tag: $value\n";
+ }
+ return $self->__Set( Field => 'Headers', Value => $newheader);
+}
+
+=head2 SetHeader ( 'Tag', 'Value' )
+
+Replace or add a Header to the attachment's headers.
+
+=cut
+
+sub SetHeader {
+ my $self = shift;
+ my $tag = shift;
+ my $value = $self->_CanonicalizeHeaderValue(shift);
+
+ my $replaced = 0;
+ my $newheader = '';
+ foreach my $line ( $self->_SplitHeaders ) {
+ if ( $line =~ /^\Q$tag\E:\s+/i ) {
+ # replace first instance, skip all the rest
+ unless ($replaced) {
+ $newheader .= "$tag: $value\n";
+ $replaced = 1;
+ }
+ } else {
+ $newheader .= "$line\n";
+ }
+ }
+
+ $newheader .= "$tag: $value\n" unless $replaced;
+ $self->__Set( Field => 'Headers', Value => $newheader);
+}
+
+sub _CanonicalizeHeaderValue {
+ my $self = shift;
+ my $value = shift;
+
+ $value = '' unless defined $value;
+ $value =~ s/\s+$//s;
+ $value =~ s/\r*\n/\n /g;
+
+ return $value;
+}
+
+=head2 SplitHeaders
+
+Returns an array of this attachment object's headers, with one header
+per array entry. Multiple lines are folded.
+
+B<Never> returns C<RT-Send-Bcc> field.
+
+=cut
+
+sub SplitHeaders {
+ my $self = shift;
+ return (grep !/^RT-Send-Bcc/i, $self->_SplitHeaders(@_) );
+}
+
+=head2 _SplitHeaders
+
+Returns an array of this attachment object's headers, with one header
+per array entry. multiple lines are folded.
+
+
+=cut
+
+sub _SplitHeaders {
+ my $self = shift;
+ my $headers = (shift || $self->_Value('Headers'));
+ my @headers;
+ # XXX TODO: splitting on \n\w is _wrong_ as it treats \n[ as a valid
+ # continuation, which it isn't. The correct split pattern, per RFC 2822,
+ # is /\n(?=[^ \t]|\z)/. That is, only "\n " or "\n\t" is a valid
+ # continuation. Older values of X-RT-GnuPG-Status contain invalid
+ # continuations and rely on this bogus split pattern, however, so it is
+ # left as-is for now.
+ for (split(/\n(?=\w|\z)/,$headers)) {
+ push @headers, $_;
+
+ }
+ return(@headers);
+}
+
+
+sub Encrypt {
+ my $self = shift;
+
+ my $txn = $self->TransactionObj;
+ return (0, $self->loc('Permission Denied')) unless $txn->CurrentUserCanSee;
+ return (0, $self->loc('Permission Denied'))
+ unless $txn->TicketObj->CurrentUserHasRight('ModifyTicket');
+ return (0, $self->loc('GnuPG integration is disabled'))
+ unless RT->Config->Get('GnuPG')->{'Enable'};
+ return (0, $self->loc('Attachments encryption is disabled'))
+ unless RT->Config->Get('GnuPG')->{'AllowEncryptDataInDB'};
+
+ require RT::Crypt::GnuPG;
+
+ my $type = $self->ContentType;
+ if ( $type =~ /^x-application-rt\/gpg-encrypted/i ) {
+ return (1, $self->loc('Already encrypted'));
+ } elsif ( $type =~ /^multipart\//i ) {
+ return (1, $self->loc('No need to encrypt'));
+ } else {
+ $type = qq{x-application-rt\/gpg-encrypted; original-type="$type"};
+ }
+
+ my $queue = $txn->TicketObj->QueueObj;
+ my $encrypt_for;
+ foreach my $address ( grep $_,
+ $queue->CorrespondAddress,
+ $queue->CommentAddress,
+ RT->Config->Get('CorrespondAddress'),
+ RT->Config->Get('CommentAddress'),
+ ) {
+ my %res = RT::Crypt::GnuPG::GetKeysInfo( $address, 'private' );
+ next if $res{'exit_code'} || !$res{'info'};
+ %res = RT::Crypt::GnuPG::GetKeysForEncryption( $address );
+ next if $res{'exit_code'} || !$res{'info'};
+ $encrypt_for = $address;
+ }
+ unless ( $encrypt_for ) {
+ return (0, $self->loc('No key suitable for encryption'));
+ }
+
+ $self->__Set( Field => 'ContentType', Value => $type );
+ $self->SetHeader( 'Content-Type' => $type );
+
+ my $content = $self->Content;
+ my %res = RT::Crypt::GnuPG::SignEncryptContent(
+ Content => \$content,
+ Sign => 0,
+ Encrypt => 1,
+ Recipients => [ $encrypt_for ],
+ );
+ if ( $res{'exit_code'} ) {
+ return (0, $self->loc('GnuPG error. Contact with administrator'));
+ }
+
+ my ($status, $msg) = $self->__Set( Field => 'Content', Value => $content );
+ unless ( $status ) {
+ return ($status, $self->loc("Couldn't replace content with encrypted data: [_1]", $msg));
+ }
+ return (1, $self->loc('Successfuly encrypted data'));
+}
+
+sub Decrypt {
+ my $self = shift;
+
+ my $txn = $self->TransactionObj;
+ return (0, $self->loc('Permission Denied')) unless $txn->CurrentUserCanSee;
+ return (0, $self->loc('Permission Denied'))
+ unless $txn->TicketObj->CurrentUserHasRight('ModifyTicket');
+ return (0, $self->loc('GnuPG integration is disabled'))
+ unless RT->Config->Get('GnuPG')->{'Enable'};
+
+ require RT::Crypt::GnuPG;
+
+ my $type = $self->ContentType;
+ if ( $type =~ /^x-application-rt\/gpg-encrypted/i ) {
+ ($type) = ($type =~ /original-type="(.*)"/i);
+ $type ||= 'application/octet-stream';
+ } else {
+ return (1, $self->loc('Is not encrypted'));
+ }
+ $self->__Set( Field => 'ContentType', Value => $type );
+ $self->SetHeader( 'Content-Type' => $type );
+
+ my $content = $self->Content;
+ my %res = RT::Crypt::GnuPG::DecryptContent( Content => \$content, );
+ if ( $res{'exit_code'} ) {
+ return (0, $self->loc('GnuPG error. Contact with administrator'));
+ }
+
+ my ($status, $msg) = $self->__Set( Field => 'Content', Value => $content );
+ unless ( $status ) {
+ return ($status, $self->loc("Couldn't replace content with decrypted data: [_1]", $msg));
+ }
+ return (1, $self->loc('Successfuly decrypted data'));
+}
+
+=head2 _Value
+
+Takes the name of a table column.
+Returns its value as a string, if the user passes an ACL check
+
+=cut
+
+sub _Value {
+ my $self = shift;
+ my $field = shift;
+
+ #if the field is public, return it.
+ if ( $self->_Accessible( $field, 'public' ) ) {
+ return ( $self->__Value( $field, @_ ) );
+ }
+
+ return undef unless $self->TransactionObj->CurrentUserCanSee;
+ return $self->__Value( $field, @_ );
+}
+
+# Transactions don't change. by adding this cache congif directiove,
+# we don't lose pathalogically on long tickets.
+sub _CacheConfig {
+ {
+ 'cache_p' => 1,
+ 'fast_update_p' => 1,
+ 'cache_for_sec' => 180,
+ }
+}
+
+