[Rt-commit] rt branch, 4.4/smime-expired, created. rt-4.4.1-319-g88df267

Shawn Moore shawn at bestpractical.com
Mon Apr 3 17:14:12 EDT 2017 

The branch, 4.4/smime-expired has been created
        at  88df26705e9e5b627a17cb92e40852b444f28bbd (commit)

- Log -----------------------------------------------------------------
commit 88df26705e9e5b627a17cb92e40852b444f28bbd
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Mon Apr 3 21:10:30 2017 +0000

    Filter out expired SMIME keys
    
    Without this, we don't show an error in the UI that there is no SMIME
    key usable for encryption. Instead we only get an error later when we
    finally go to generate encrypted email, at which point it's far too late
    to ask the user to decide how to handle the invalid key.
    
    This change mirrors what RT::Crypt::GnuPG::GetKeysForEncryption does
    (specifically its Capabilities =~ /e/ check).
    
    Fixes: T#180049

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 244f0aa..758653e 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -802,7 +802,31 @@ sub CheckIfProtected {
 sub GetKeysForEncryption {
     my $self = shift;
     my %args = (Recipient => undef, @_);
-    return $self->GetKeysInfo( Key => delete $args{'Recipient'}, %args, Type => 'public' );
+    my $recipient = delete $args{'Recipient'};
+    my %res = $self->GetKeysInfo( Key => $recipient, %args, Type => 'public' );
+    return %res unless $res{'info'};
+
+    foreach my $key ( splice @{ $res{'info'} } ) {
+        if ( not $key->{'Expire'} ) {
+            # we continue here as it's most probably a problem with the key,
+            # so later during encryption we'll get verbose errors
+            $RT::Logger->error(
+                "Trying to send an encrypted message to ". $recipient
+                .", but we couldn't get expiration date of the key."
+            );
+        }
+        elsif ( $key->{'Expire'}->Diff( time ) < 0 ) {
+            $RT::Logger->info(
+                "Trying to send an encrypted message to ". $recipient
+                .", but ignoring expired key " . $key->{Fingerprint}
+            );
+            next;
+        }
+        push @{ $res{'info'} }, $key;
+    }
+    delete $res{'info'} unless @{ $res{'info'} };
+
+    return %res;
 }
 
 sub GetKeysForSigning {

-----------------------------------------------------------------------

More information about the rt-commit mailing list