[Rt-commit] r8807 - in rt/branches/3.7-EXPERIMENTAL: .
html/Ticket/Elements lib/RT/Crypt
ruz at bestpractical.com
ruz at bestpractical.com
Tue Aug 28 14:47:45 EDT 2007
Author: ruz
Date: Tue Aug 28 14:47:45 2007
New Revision: 8807
Modified:
rt/branches/3.7-EXPERIMENTAL/ (props changed)
rt/branches/3.7-EXPERIMENTAL/html/Ticket/Elements/ShowGnuPGStatus
rt/branches/3.7-EXPERIMENTAL/lib/RT/Crypt/GnuPG.pm
rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/GnuPG.pm
Log:
r8756 at cubic-pc (orig r8755): ruz | 2007-08-28 04:54:23 +0400
* remove operation 'Decrypt' with keyword ENC_TO from parsed GnuPG status
* make it subkey of 'Decrypt' operation with keyword DECRYPTION_*
* subkey is 'EncryptedTo'
* add KeyMissing to both public and private keys, so it's now PublicKeyMissing
and SecretKeyMissing keys.
* Final structure is:
{
Operation => 'Decrypt',
...
EncryptedTo => [
{
...
Key => ...,
User => {
...
# optional
SecretKeyMissing => 1,
PublicKeyMissing => 1,
}
}
],
}
Modified: rt/branches/3.7-EXPERIMENTAL/html/Ticket/Elements/ShowGnuPGStatus
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL/html/Ticket/Elements/ShowGnuPGStatus (original)
+++ rt/branches/3.7-EXPERIMENTAL/html/Ticket/Elements/ShowGnuPGStatus Tue Aug 28 14:47:45 2007
@@ -82,7 +82,6 @@
push @messages, loc( $line->{'Message'} );
}
elsif ( $line->{'Operation'} eq 'Decrypt' ) {
- next if $line->{'Keyword'} eq 'ENC_TO';
push @messages, loc( $line->{'Message'} );
}
elsif ( $line->{'Operation'} eq 'Verify' ) {
Modified: rt/branches/3.7-EXPERIMENTAL/lib/RT/Crypt/GnuPG.pm
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL/lib/RT/Crypt/GnuPG.pm (original)
+++ rt/branches/3.7-EXPERIMENTAL/lib/RT/Crypt/GnuPG.pm Tue Aug 28 14:47:45 2007
@@ -1280,7 +1280,6 @@
END_ENCRYPTION
DECRYPTION_FAILED DECRYPTION_OKAY
BAD_PASSPHRASE GOOD_PASSPHRASE
- ENC_TO
NO_SECKEY NO_PUBKEY
NO_RECP INV_RECP NODATA UNEXPECTED
);
@@ -1290,7 +1289,7 @@
my %ignore_keyword = map { $_ => 1 } qw(
NEED_PASSPHRASE MISSING_PASSPHRASE BEGIN_SIGNING PLAINTEXT PLAINTEXT_LENGTH
BEGIN_ENCRYPTION SIG_ID VALIDSIG
- BEGIN_DECRYPTION END_DECRYPTION GOODMDC
+ ENC_TO BEGIN_DECRYPTION END_DECRYPTION GOODMDC
TRUST_UNDEFINED TRUST_NEVER TRUST_MARGINAL TRUST_FULLY TRUST_ULTIMATE
);
@@ -1368,33 +1367,28 @@
}
push @res, \%res;
}
- elsif ( $keyword eq 'DECRYPTION_FAILED' ) {
- my %res = (
- Operation => 'Decrypt',
- Status => 'ERROR',
- Message => 'Decryption failed',
- );
- push @res, \%res;
- }
- elsif ( $keyword eq 'DECRYPTION_OKAY' ) {
- my %res = (
- Operation => 'Decrypt',
- Status => 'DONE',
- Message => 'Decryption process succeeded',
- );
- push @res, \%res;
- }
- elsif ( $keyword eq 'ENC_TO' ) {
- my ($key, $alg, $key_length) = split /\s+/, $args;
- my %res = (
- Operation => 'Decrypt',
- Status => 'DONE',
- Message => "The message is encrypted to '0x$key'",
- Key => $key,
- KeyLength => $key_length,
- Algorithm => $alg,
- );
- $res{'User'} = ( $user_hint{ $key } ||= {} );
+ elsif ( $keyword eq 'DECRYPTION_FAILED' || $keyword eq 'DECRYPTION_OKAY' ) {
+ my %res = ( Operation => 'Decrypt' );
+ @res{'Status', 'Message'} =
+ $keyword eq 'DECRYPTION_FAILED'
+ ? ('ERROR', 'Decryption failed')
+ : ('DONE', 'Decryption process succeeded');
+
+ foreach my $line ( reverse @status[ 0 .. $i-1 ] ) {
+ next unless $line =~ /^ENC_TO\s+(\S+)\s+(\S+)\s+(\S+)/;
+ my ($key, $alg, $key_length) = ($1, $2, $3);
+
+ my %encrypted_to = (
+ Message => "The message is encrypted to '0x$key'",
+ User => ( $user_hint{ $key } ||= {} ),
+ Key => $key,
+ KeyLength => $key_length,
+ Algorithm => $alg,
+ );
+
+ push @{ $res{'EncryptedTo'} ||= [] }, \%encrypted_to;
+ }
+
push @res, \%res;
}
elsif ( $keyword eq 'NO_SECKEY' || $keyword eq 'NO_PUBKEY' ) {
@@ -1408,13 +1402,7 @@
KeyType => $type,
);
$res{'User'} = ( $user_hint{ $key } ||= {} );
- if ( $type eq 'secret' ) {
- foreach ( reverse @res ) {
- next unless $_->{'Keyword'} eq 'ENC_TO' && $_->{'Key'} eq $key;
- $_->{'KeyMissing'} = 1;
- last;
- }
- }
+ $res{'User'}{ ucfirst( $type ). 'KeyMissing' } = 1;
push @res, \%res;
}
# GOODSIG, BADSIG, VALIDSIG, TRUST_*
Modified: rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/GnuPG.pm
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/GnuPG.pm (original)
+++ rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/GnuPG.pm Tue Aug 28 14:47:45 2007
@@ -165,9 +165,14 @@
my %args = (Message => undef, Status => [], @_ );
my @status = @{ $args{'Status'} };
- my @encrypted_to = grep $_->{'Keyword'} eq 'ENC_TO', @status;
- return 1 unless @encrypted_to;
- return 1 if grep !$_->{'KeyMissing'}, @encrypted_to;
+ my @decrypts = grep $_->{'Operation'} eq 'Decrypt', @status;
+ return 1 unless @decrypts;
+ foreach my $action ( @decrypts ) {
+ # if at least one secrete key exist then it's another error
+ return 1 if
+ grep !$_->{'User'}{'SecretKeyMissing'},
+ @{ $action->{'EncryptedTo'} };
+ }
$RT::Logger->error("Couldn't decrypt a message: have no private key");
More information about the Rt-commit
mailing list