[Rt-commit] rt branch, 4.4-trunk, updated. rt-4.4.3-99-gb98f6a72c

? sunnavy sunnavy at bestpractical.com
Fri Dec 14 09:23:18 EST 2018


The branch, 4.4-trunk has been updated
       via  b98f6a72c1219ca9121dca8c0dd3018befbf33e5 (commit)
      from  4ac30826ca5e2e47be8f2edc288d21505520c470 (commit)

Summary of changes:
 lib/RT/Crypt/SMIME.pm | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

- Log -----------------------------------------------------------------
commit b98f6a72c1219ca9121dca8c0dd3018befbf33e5
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Mon Apr 3 21:10:30 2017 +0000

    Filter out expired SMIME keys
    
    Without this, we don't show an error in the UI that there is no SMIME
    key usable for encryption. Instead we only get an error later when we
    finally go to generate encrypted email, at which point it's far too late
    to ask the user to decide how to handle the invalid key.
    
    This change mirrors what RT::Crypt::GnuPG::GetKeysForEncryption does
    (specifically its Capabilities =~ /e/ check).
    
    Fixes: T#180049

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index bcb792b66..9b485bdbd 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -802,7 +802,31 @@ sub CheckIfProtected {
 sub GetKeysForEncryption {
     my $self = shift;
     my %args = (Recipient => undef, @_);
-    return $self->GetKeysInfo( Key => delete $args{'Recipient'}, %args, Type => 'public' );
+    my $recipient = delete $args{'Recipient'};
+    my %res = $self->GetKeysInfo( Key => $recipient, %args, Type => 'public' );
+    return %res unless $res{'info'};
+
+    foreach my $key ( splice @{ $res{'info'} } ) {
+        if ( not $key->{'Expire'} ) {
+            # we continue here as it's most probably a problem with the key,
+            # so later during encryption we'll get verbose errors
+            $RT::Logger->error(
+                "Trying to send an encrypted message to ". $recipient
+                .", but we couldn't get expiration date of the key."
+            );
+        }
+        elsif ( $key->{'Expire'}->Diff( time ) < 0 ) {
+            $RT::Logger->info(
+                "Trying to send an encrypted message to ". $recipient
+                .", but ignoring expired key " . $key->{Fingerprint}
+            );
+            next;
+        }
+        push @{ $res{'info'} }, $key;
+    }
+    delete $res{'info'} unless @{ $res{'info'} };
+
+    return %res;
 }
 
 sub GetKeysForSigning {

-----------------------------------------------------------------------


More information about the rt-commit mailing list