[Rt-commit] rt branch, 4.2/smime-v2, updated. rt-4.0.4-513-g81521f5

Ruslan Zakirov ruz at bestpractical.com
Mon Apr 30 15:07:34 EDT 2012 

The branch, 4.2/smime-v2 has been updated
       via  81521f5eae00c0beb518a19f6591459f59360e8a (commit)
       via  9e56f97e18a5f6eb78d5bf84c07fa41c4c82b774 (commit)
       via  94b972a6ba43339a64d007f94a7d0700ada7d0e8 (commit)
       via  9ded926e928ea595fbe8dc08abcf55be4c828974 (commit)
       via  fb5ae1d2754565576c8fa3c42f4105e98d73bbcd (commit)
       via  59a702f666b6a9942aed5eabf229e59e36124186 (commit)
       via  e7c0d0d1a65f2861f996122720b2d04756ebb4d1 (commit)
       via  78ff1d33f74bf8c2430237145b7e27a2b79b237c (commit)
       via  386cd724b7ff7139ce291726673893974f6f8726 (commit)
      from  b48dafb0098d98a0d3ef789d4e65093cb4837a3e (commit)

Summary of changes:
 lib/RT/Config.pm                                   |    9 ++++
 lib/RT/Crypt.pm                                    |    3 -
 lib/RT/Crypt/SMIME.pm                              |   48 ++++++++++++++-----
 share/html/Ticket/Elements/ShowCryptStatus         |    2 +-
 .../Ticket/Elements/ShowTransactionAttachments     |    2 +-
 5 files changed, 46 insertions(+), 18 deletions(-)

- Log -----------------------------------------------------------------
commit 59a702f666b6a9942aed5eabf229e59e36124186
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Fri Apr 20 23:29:02 2012 +0400

    don't load crypt implementations right away
    
    loading GnuPG module fails if you don't have required
    modules

diff --git a/lib/RT/Crypt.pm b/lib/RT/Crypt.pm
index c19bdee..8f348d1 100644
--- a/lib/RT/Crypt.pm
+++ b/lib/RT/Crypt.pm
@@ -4,9 +4,6 @@ use warnings;
 
 package RT::Crypt;
 
-require RT::Crypt::GnuPG;
-require RT::Crypt::SMIME;
-
 =head1 NAME
 
 RT::Crypt - encrypt/decrypt and sign/verify subsystem for RT

commit fb5ae1d2754565576c8fa3c42f4105e98d73bbcd
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Fri Apr 20 23:29:52 2012 +0400

    more protection, make sure crypt modules are laoded

diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index d4d4be7..ba11a12 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -619,6 +619,15 @@ our %META = (
             require RT::Crypt;
             my @enabled = RT::Crypt->EnabledProtocols;
 
+            foreach my $proto (splice @enabled) {
+                local $@;
+                eval "require RT::Crypt::$proto; 1" or do {
+                    $RT::Logger->error("You enabled $proto cryptography, but we couldn't load module RT::Crypt::$proto: $@");
+                    next;
+                };
+                push @enabled, $proto;
+            }
+
             my $opt = $self->Get('Crypt');
             $opt->{'Enable'} = scalar @enabled;;
             unless ( $opt->{'Incoming'} && @{ $opt->{'Incoming'} } ) {

commit 9ded926e928ea595fbe8dc08abcf55be4c828974
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Mon Apr 30 22:28:38 2012 +0400

    drop shift() call, shouldn't be there
    
    it was a typo, sometimes harmless, sometimes can shift
    defined value from @ARGV. Depends on web server environment.

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 2a26166..45c4eef 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -92,7 +92,7 @@ and passphrase pairs for keys in the keyring.
 
 =cut
 
-{ my $cache = shift;
+{ my $cache = '';
 sub OpenSSLPath {
     return $cache ||= RT->Config->Get('SMIME')->{'OpenSSL'};
 } }

commit 94b972a6ba43339a64d007f94a7d0700ada7d0e8
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Mon Apr 30 22:31:48 2012 +0400

    be double sure openssl path is set to something
    
    we do it in a few places, it's ok do it here as well

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 45c4eef..b875b8f 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -94,7 +94,7 @@ and passphrase pairs for keys in the keyring.
 
 { my $cache = '';
 sub OpenSSLPath {
-    return $cache ||= RT->Config->Get('SMIME')->{'OpenSSL'};
+    return $cache ||= RT->Config->Get('SMIME')->{'OpenSSL'} || 'openssl';
 } }
 
 sub SignEncrypt {

commit 9e56f97e18a5f6eb78d5bf84c07fa41c4c82b774
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Mon Apr 30 22:34:19 2012 +0400

    special case of how openssl prints SMIME certs
    
    It's possible to have the following structure:
    
        <key><separator>
            <value with separator>
    
    Fix is sort of workaround

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index b875b8f..e4d1291 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -830,7 +830,9 @@ sub ParseCertificateInfo {
         # Validity # no trailing ':'
         # Not After : XXXXXX # space before ':'
         # countryName=RU # '=' as separator
-        my ($prefix, $key, $value) = ($line =~ /^(\s*)(.*?)\s*(?:[:=]\s*(.*?)|)\s*$/);
+        # Serial Number:
+        #     he:xv:al:ue
+        my ($prefix, $key, $value) = ($line =~ /^(\s*)(.*?)\s*(?:(?:=\s*|:\s+)(\S.*?)|:|)\s*$/);
         if ( $first_line ) {
             $prefix{$prefix} = \%res;
             $first_line = 0;
@@ -854,6 +856,26 @@ sub ParseCertificateInfo {
         ($prev_prefix, $prev_key) = ($prefix, $key);
     }
 
+    my ($filter_out, $wfilter_out);
+    $filter_out = $wfilter_out = sub {
+        my $h = shift;
+        foreach my $e ( keys %$h ) {
+            next unless ref $h->{$e};
+            if ( 1 == keys %{$h->{$e}} ) {
+                my $sube = (keys %{$h->{$e}})[0];
+                if ( ref $h->{$e}{$sube} && !keys %{ $h->{$e}{$sube} } ) {
+                    $h->{$e} = $sube;
+                    next;
+                }
+            }
+
+            $filter_out->( $h->{$e} );
+        }
+    };
+    Scalar::Util::weaken($wfilter_out);
+
+    $filter_out->(\%res);
+
     return %res;
 }
 

commit 81521f5eae00c0beb518a19f6591459f59360e8a
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Mon Apr 30 22:37:43 2012 +0400

    special case of how openssl prints SMIME certs
    
    openssl 0.9.8 and openssl 1.0.1 print the same cert
    very differently. 1.0.1 prints the following thing:
    
        <key>:
            ... nested structure ...
        <otherkey>: <value>
            ... nested structure continues ...
    
    Example:
    
        Data:
            ...
            Serial Number: 9974010075738841110 (0x8a6acd51be94a016)
        Signature Algorithm: sha1WithRSAEncryption
            Issuer: ...
            ...
    
    So it's hard to say where Issuer belongs.
    
    Now "<key>: <value>" strings don't delete pointers to existing
    placeholders for nested structures. Hope output wouldn't get
    more messier.

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index e4d1291..7375594 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -848,12 +848,12 @@ sub ParseCertificateInfo {
         }
         else {
             $put_into->{$key} = {};
-        }
-        delete $prefix{$_} foreach
-            grep length($_) > length($prefix),
-            keys %prefix;
+            delete $prefix{$_} foreach
+                grep length($_) > length($prefix),
+                keys %prefix;
 
-        ($prev_prefix, $prev_key) = ($prefix, $key);
+            ($prev_prefix, $prev_key) = ($prefix, $key);
+        }
     }
 
     my ($filter_out, $wfilter_out);

-----------------------------------------------------------------------

More information about the Rt-commit mailing list