[Rt-commit] r8755 - in rt/branches/3.7-EXPERIMENTAL-TUNIS: html/Ticket/Elements lib/RT/Crypt

ruz at bestpractical.com ruz at bestpractical.com
Mon Aug 27 20:54:25 EDT 2007


Author: ruz
Date: Mon Aug 27 20:54:23 2007
New Revision: 8755

Modified:
   rt/branches/3.7-EXPERIMENTAL-TUNIS/html/Ticket/Elements/ShowGnuPGStatus
   rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Crypt/GnuPG.pm
   rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Interface/Email/Auth/GnuPG.pm

Log:
* remove operation 'Decrypt' with keyword ENC_TO from parsed GnuPG status
* make it subkey of 'Decrypt' operation with keyword DECRYPTION_*
* subkey is 'EncryptedTo'
* add KeyMissing to both public and private keys, so it's now PublicKeyMissing
  and SecretKeyMissing keys.
* Final structure is:
{
    Operation => 'Decrypt',
    ...
    EncryptedTo => [
        {
            ...
            Key => ...,
            User => {
                ...
                # optional
                SecretKeyMissing => 1,
                PublicKeyMissing => 1,

            }
        }
    ],
}


Modified: rt/branches/3.7-EXPERIMENTAL-TUNIS/html/Ticket/Elements/ShowGnuPGStatus
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL-TUNIS/html/Ticket/Elements/ShowGnuPGStatus	(original)
+++ rt/branches/3.7-EXPERIMENTAL-TUNIS/html/Ticket/Elements/ShowGnuPGStatus	Mon Aug 27 20:54:23 2007
@@ -82,7 +82,6 @@
             push @messages, loc( $line->{'Message'} );
         }
         elsif ( $line->{'Operation'} eq 'Decrypt' ) {
-            next if $line->{'Keyword'} eq 'ENC_TO';
             push @messages, loc( $line->{'Message'} );
         }
         elsif ( $line->{'Operation'} eq 'Verify' ) {

Modified: rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Crypt/GnuPG.pm
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Crypt/GnuPG.pm	(original)
+++ rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Crypt/GnuPG.pm	Mon Aug 27 20:54:23 2007
@@ -1280,7 +1280,6 @@
     END_ENCRYPTION
     DECRYPTION_FAILED DECRYPTION_OKAY
     BAD_PASSPHRASE GOOD_PASSPHRASE
-    ENC_TO
     NO_SECKEY NO_PUBKEY
     NO_RECP INV_RECP NODATA UNEXPECTED
 );
@@ -1290,7 +1289,7 @@
 my %ignore_keyword = map { $_ => 1 } qw(
     NEED_PASSPHRASE MISSING_PASSPHRASE BEGIN_SIGNING PLAINTEXT PLAINTEXT_LENGTH
     BEGIN_ENCRYPTION SIG_ID VALIDSIG
-    BEGIN_DECRYPTION END_DECRYPTION GOODMDC
+    ENC_TO BEGIN_DECRYPTION END_DECRYPTION GOODMDC
     TRUST_UNDEFINED TRUST_NEVER TRUST_MARGINAL TRUST_FULLY TRUST_ULTIMATE
 );
 
@@ -1368,33 +1367,28 @@
             }
             push @res, \%res;
         }
-        elsif ( $keyword eq 'DECRYPTION_FAILED' ) {
-            my %res = (
-                Operation => 'Decrypt',
-                Status    => 'ERROR',
-                Message   => 'Decryption failed',
-            );
-            push @res, \%res;
-        }
-        elsif ( $keyword eq 'DECRYPTION_OKAY' ) {
-            my %res = (
-                Operation => 'Decrypt',
-                Status    => 'DONE',
-                Message   => 'Decryption process succeeded',
-            );
-            push @res, \%res;
-        }
-        elsif ( $keyword eq 'ENC_TO' ) {
-            my ($key, $alg, $key_length) = split /\s+/, $args;
-            my %res = (
-                Operation => 'Decrypt',
-                Status    => 'DONE',
-                Message   => "The message is encrypted to '0x$key'",
-                Key       => $key,
-                KeyLength => $key_length,
-                Algorithm => $alg,
-            );
-            $res{'User'} = ( $user_hint{ $key } ||= {} );
+        elsif ( $keyword eq 'DECRYPTION_FAILED' || $keyword eq 'DECRYPTION_OKAY' ) {
+            my %res = ( Operation => 'Decrypt' );
+            @res{'Status', 'Message'} = 
+                $keyword eq 'DECRYPTION_FAILED'
+                ? ('ERROR', 'Decryption failed')
+                : ('DONE',  'Decryption process succeeded');
+
+            foreach my $line ( reverse @status[ 0 .. $i-1 ] ) {
+                next unless $line =~ /^ENC_TO\s+(\S+)\s+(\S+)\s+(\S+)/;
+                my ($key, $alg, $key_length) = ($1, $2, $3);
+
+                my %encrypted_to = (
+                    Message   => "The message is encrypted to '0x$key'",
+                    User      => ( $user_hint{ $key } ||= {} ),
+                    Key       => $key,
+                    KeyLength => $key_length,
+                    Algorithm => $alg,
+                );
+
+                push @{ $res{'EncryptedTo'} ||= [] }, \%encrypted_to;
+            }
+
             push @res, \%res;
         }
         elsif ( $keyword eq 'NO_SECKEY' || $keyword eq 'NO_PUBKEY' ) {
@@ -1408,13 +1402,7 @@
                 KeyType   => $type,
             );
             $res{'User'} = ( $user_hint{ $key } ||= {} );
-            if ( $type eq 'secret' ) {
-                foreach ( reverse @res ) {
-                    next unless $_->{'Keyword'} eq 'ENC_TO' && $_->{'Key'} eq $key;
-                    $_->{'KeyMissing'} = 1;
-                    last;
-                }
-            }
+            $res{'User'}{ ucfirst( $type ). 'KeyMissing' } = 1;
             push @res, \%res;
         }
         # GOODSIG, BADSIG, VALIDSIG, TRUST_*

Modified: rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Interface/Email/Auth/GnuPG.pm
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Interface/Email/Auth/GnuPG.pm	(original)
+++ rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/Interface/Email/Auth/GnuPG.pm	Mon Aug 27 20:54:23 2007
@@ -165,9 +165,14 @@
     my %args = (Message => undef, Status => [], @_ );
     my @status = @{ $args{'Status'} };
 
-    my @encrypted_to = grep $_->{'Keyword'} eq 'ENC_TO', @status;
-    return 1 unless @encrypted_to;
-    return 1 if grep !$_->{'KeyMissing'}, @encrypted_to;
+    my @decrypts = grep $_->{'Operation'} eq 'Decrypt', @status;
+    return 1 unless @decrypts;
+    foreach my $action ( @decrypts ) {
+        # if at least one secrete key exist then it's another error
+        return 1 if
+            grep !$_->{'User'}{'SecretKeyMissing'},
+                @{ $action->{'EncryptedTo'} };
+    }
 
     $RT::Logger->error("Couldn't decrypt a message: have no private key");
 


More information about the Rt-commit mailing list