[Rt-commit] rt branch, 4.4/provide-more-public-key-details, updated. rt-4.4.4-162-g0692dcc46d
Dianne Skoll
dianne at bestpractical.com
Fri Nov 13 12:14:19 EST 2020
The branch, 4.4/provide-more-public-key-details has been updated
via 0692dcc46dcf6e60aa2eb7ccff9415c57e608393 (commit)
via 0a7750c6e8b48fdf6d737b47822f88851a942a7c (commit)
from c0c5d651f7f25243db12223545dde51780b63bc4 (commit)
Summary of changes:
lib/RT/Crypt/SMIME.pm | 16 +++++++++++++---
share/html/Elements/CryptStatus | 29 +++++++++++++++++++++--------
t/web/crypt-gnupg.t | 2 +-
t/web/smime/outgoing.t | 5 +++++
4 files changed, 40 insertions(+), 12 deletions(-)
- Log -----------------------------------------------------------------
commit 0a7750c6e8b48fdf6d737b47822f88851a942a7c
Author: Dianne Skoll <dianne at bestpractical.com>
Date: Fri Nov 13 10:46:32 2020 -0500
(Again) fix the "signed by xxx" string. This will cause merge conflicts. :(
diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 5ea826327c..25c96db2c4 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -933,8 +933,11 @@ sub GetCertificateInfo {
my $method = $type . "_" . $USER_MAP{$_};
$data{$_} = $cert->$method if $cert->can($method);
}
- $data{String} = Email::Address->new( @data{'Name', 'EmailAddress'} )->format
- if $data{EmailAddress};
+ if ($data{EmailAddress}) {
+ $data{String} = Email::Address->new( @data{'Name', 'EmailAddress'} )->format
+ } else {
+ $data{String} = $data{Name};
+ }
return \%data;
};
commit 0692dcc46dcf6e60aa2eb7ccff9415c57e608393
Author: Dianne Skoll <dianne at bestpractical.com>
Date: Fri Nov 13 11:53:26 2020 -0500
Store and display additional info about S/MIME signatures.
Specifically, we track the certificate period of validity, and
display this, the signer and the issuer info in a tooltip.
diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 25c96db2c4..271055afbd 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -490,6 +490,8 @@ sub Verify {
Operation => "Verify", Status => "BAD",
Message => "The signing CA was not trusted",
UserString => $signer->{User}[0]{String},
+ ExpireTimestamp => $signer->{Expire}->Unix(),
+ CreatedTimestamp => $signer->{Created}->Unix(),
Trust => "NONE",
});
return %res;
@@ -520,6 +522,8 @@ sub Verify {
$res{'status'} = $self->FormatStatus({
Operation => "Verify", Status => "DONE",
Message => "The signature is good, unknown signer",
+ ExpireTimestamp => $signer->{Expire}->Unix(),
+ CreatedTimestamp => $signer->{Created}->Unix(),
Trust => "UNKNOWN",
});
return %res;
@@ -533,9 +537,12 @@ sub Verify {
$res{'status'} = $self->FormatStatus({
Operation => "Verify", Status => "DONE",
- Message => "The signature is good, signed by ".$signer->{User}[0]{String}.", trust is ".$signer->{TrustTerse},
+ Message => "The signature is good, signed by ".$signer->{User}[0]{String}.", assured by " . $signer->{Issuer}[0]{String} . ", trust is ".$signer->{TrustTerse},
UserString => $signer->{User}[0]{String},
Trust => uc($signer->{TrustTerse}),
+ Issuer => $signer->{Issuer}[0]{String},
+ ExpireTimestamp => $signer->{Expire}->Unix(),
+ CreatedTimestamp => $signer->{Created}->Unix(),
});
return %res;
diff --git a/share/html/Elements/CryptStatus b/share/html/Elements/CryptStatus
index 091305cb6e..020f2a7b73 100644
--- a/share/html/Elements/CryptStatus
+++ b/share/html/Elements/CryptStatus
@@ -81,18 +81,25 @@ sub DisplayDate {
# Generate a little tooltip with additional info about a signature
sub VerifyTooltip {
- my ($line) = @_;
+ my ($protocol, $line) = @_;
my $tooltip = '';
- $tooltip .= "\n" . loc('Fingerprint:') . ' ' . $line->{Fingerprint} if $line->{Fingerprint};
- $tooltip .= "\n" . loc('Signature Created:') . ' ' . DisplayDate($line->{Timestamp}) if $line->{Timestamp};
- $tooltip .= "\n" . loc('Key Expires:') . ' ';
+ $tooltip .= "\n" . loc('Fingerprint:') . ' ' . $line->{Fingerprint} if $line->{Fingerprint}; # GNUPG
+ $tooltip .= "\n" . loc('Signature Created:') . ' ' . DisplayDate($line->{Timestamp}) if $line->{Timestamp}; # GNUPG
+ $tooltip .= "\n" . loc('Signer:') . ' ' . $line->{UserString} if $line->{UserString}; # SMIME
+ $tooltip .= "\n" . loc('Issuer:') . ' ' . $line->{Issuer} if $line->{Issuer}; # SMIME
+ $tooltip .= "\n" . loc('Certificate Created:') . ' ' . DisplayDate($line->{CreatedTimestamp}) if $line->{CreatedTimestamp}; # SMIME
+ if ($protocol eq 'SMIME') {
+ $tooltip .= "\n" . loc('Certificate Expires:') . ' ';
+ } else {
+ $tooltip .= "\n" . loc('Key Expires:') . ' ';
+ }
if ($line->{ExpireTimestamp}) {
- $tooltip .= DisplayDate($line->{Timestamp});
+ $tooltip .= DisplayDate($line->{ExpireTimestamp});
} else {
$tooltip .= loc('Never');
}
- $tooltip .= "\n" . loc('Public Key Algorithm:') . ' ' . $line->{PubkeyAlgoName} if $line->{PubkeyAlgoName};
- $tooltip .= "\n" . loc('Hash Algorithm:') . ' ' . $line->{HashAlgoName} if $line->{HashAlgoName};
+ $tooltip .= "\n" . loc('Public Key Algorithm:') . ' ' . $line->{PubkeyAlgoName} if $line->{PubkeyAlgoName}; # GNUPG
+ $tooltip .= "\n" . loc('Hash Algorithm:') . ' ' . $line->{HashAlgoName} if $line->{HashAlgoName}; # GNUPG
$tooltip =~ s/^\s+//;
return $tooltip;
}
@@ -106,6 +113,11 @@ sub KeyDownloadLink {
$txt = '<a href="' . RT->Config->Get('WebPath') . '/Crypt/GetGPGPubkey.html?Fingerprint=' . $line->{Fingerprint} . '"> ' . loc('(Download Public Key)') . '</a>';
}
}
+
+ # There isn't really a feasible way to download the S/MIME
+ # certificate, unfortunately. However, since RT makes the
+ # original message available, the S/MIME cert could be
+ # extracted from that if necessary.
return $txt;
}
@@ -163,6 +175,7 @@ my @messages;
foreach my $run ( @runs ) {
my $protocol = shift @$run;
$protocol = $RT::Crypt::PROTOCOLS{lc $protocol};
+
foreach my $line ( @$run ) {
if ( $line->{'Operation'} eq 'KeyCheck' ) {
next unless $Reverify;
@@ -208,7 +221,7 @@ foreach my $run ( @runs ) {
push @messages, {
Tag => $protocol,
Classes => ['verify', lc $line->{Status}, 'trust-'.($line->{Trust} || 'UNKNOWN')],
- Value => '<span title="' . $m->interp->apply_escapes(VerifyTooltip($line)) . '">' . $m->interp->apply_escapes( loc( $line->{'Message'} ), 'h') . '</span>' . KeyDownloadLink($protocol, $line),
+ Value => '<span title="' . $m->interp->apply_escapes(VerifyTooltip($protocol, $line)) . '">' . $m->interp->apply_escapes( loc( $line->{'Message'} ), 'h') . '</span>' . KeyDownloadLink($protocol, $line),
};
}
else {
diff --git a/t/web/crypt-gnupg.t b/t/web/crypt-gnupg.t
index bf17c4c85e..4e34df9753 100644
--- a/t/web/crypt-gnupg.t
+++ b/t/web/crypt-gnupg.t
@@ -185,7 +185,7 @@ MAIL
like($attachments[0]->Content, qr/$RT::rtname/, "RT's mail includes this instance's name");
$m->get("$baseurl/Ticket/History.html?id=$id");
my $content = $m->content;
- like($content, qr/<span title="Fingerprint: EC1E81E7DC3DB42788FB0E4E9FA662C06DE22FC2\nSignature Created: .*\nKey Expires: Never\nPublic Key Algorithm: DSA\nHash Algorithm: SHA-1">/m, "Tooltip was added");
+ like($content, qr/<span title="Fingerprint: EC1E81E7DC3DB42788FB0E4E9FA662C06DE22FC2\nSignature Created: .*\nSigner: general <general\@example.com>\nKey Expires: Never\nPublic Key Algorithm: DSA\nHash Algorithm: SHA-1">/m, "Tooltip was added");
like($content, qr{<a href=".*/Crypt/GetGPGPubkey.html\?Fingerprint=EC1E81E7DC3DB42788FB0E4E9FA662C06DE22FC2">}m, "Download link for public key was added");
$m->get("$baseurl/Crypt/GetGPGPubkey.html?Fingerprint=EC1E81E7DC3DB42788FB0E4E9FA662C06DE22FC2");
$content = $m->content;
diff --git a/t/web/smime/outgoing.t b/t/web/smime/outgoing.t
index 2f80c7ec35..7043314aa4 100644
--- a/t/web/smime/outgoing.t
+++ b/t/web/smime/outgoing.t
@@ -215,6 +215,11 @@ foreach my $mail ( map cleanup_headers($_), @{ $mail{'signed_encrypted'} } ) {
my ($status, $id) = RT::Test->send_via_mailgate($mail);
is ($status >> 8, 0, "The mail gateway exited normally");
ok ($id, "got id of a newly created ticket - $id");
+ $m->get_ok("/Ticket/History.html?id=$id");
+
+ like($m->content, qr/The signature is good, signed by "sender" <sender\@example.com>, assured by "CA Owner" <ca.owner\@example.com>, trust is full/,
+ 'Signature status correctly displayed');
+ like($m->content, qr{<span title="Signer: "sender" <sender\@example.com>\nIssuer: "CA Owner" <ca.owner\@example.com>\nCertificate Created: .* 2013\nCertificate Expires: .* 2023">}m, 'Tooltip correctly displayed');
my $tick = RT::Ticket->new( $RT::SystemUser );
$tick->Load( $id );
-----------------------------------------------------------------------
More information about the rt-commit
mailing list