action_mailer_x509 0.7.0

data/certs/cert.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy4CCQCRPEJyfcZw0TANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJV
+QTETMBEGA1UECAwKU29tZS1TdGF0ZTEPMA0GA1UECgwGRmFjZUlUMQswCQYDVQQD
+DAJKQjEjMCEGCSqGSIb3DQEJARYUamV5Ym95MTk4NUBnbWFpbC5jb20wHhcNMTMw
+ODAxMDcwMzI2WhcNMTQwODAxMDcwMzI2WjBlMQswCQYDVQQGEwJVQTETMBEGA1UE
+CAwKU29tZS1TdGF0ZTEPMA0GA1UECgwGRmFjZUlUMQswCQYDVQQDDAJKQjEjMCEG
+CSqGSIb3DQEJARYUamV5Ym95MTk4NUBnbWFpbC5jb20wggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDPahdhMu4dNmuLs7od7Uoheqsb9mftZmyY8mgQyVjs
+qCVTfIP4+s1YypDdJDMHvS3EhF7LRNYmngI4o/ZEkc5R+mMjGM6OteBg8q2Oko77
+V+zQGo2mn+AcBEkqyQC81YBEy4RxC4J3gnbUCYLlzj/A6U7bNiINebq//Fx3/HrC
+JeI6VoYpUUm9a9u7LFNs3Pjk+sledTSGiTmxt9sIyrOixaVqnlx2KIKctMKLUkKd
+2gyvVMYsmQZ6iumnklhh3/u7KQZKKYxGXzvniGVXPk8GGVBtKrUK1rGiLTsrX20J
+mJYts2HH9MU7NrNLGqyrRNPjGI4r60BSeV/DGyK+Aoks1pYSpYOn4PAxuOuVGmla
+quFIErKyW78yrPARM9uTpaJfDu9Pmg8wrwXm1O5V8QOCdgi0371PM4N3ko4Mlydz
+zrWkSAf+xa0MHGT3BjXPXfTWqnfuWXAYiZM/dqlOoY8X6DWFkbjiG8v+Ujp7o9PA
+xGHhIM/PiZdGAlEhSaalCG2MdOal3krWby56SXOmL4mNLlgVNOLBzb3ZD6foLGTq
+OuxVLAabV3jSAozooJnhBSGibTerT+Pfrg6JDH5S5y3R7SaQrI/bjyrymankgBTr
+1VpzicPE3fp+r2m56iuAsXV74TJjtG8JB+IEFnqQsSCd0zSRPnhq4aKluijlcOEY
+PwIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQBUSVKFw/alKkSesrupcCTvG37oi4Mj
++pz0mUrc/zQZk/lFA2sXygTE0z5/qXgFvTmM18h9s80JovsaHxN3Zf+8WZ0TlQSu
+IXNwsl3/HryrIdB6oRK61agK8ysrSVBOOKPZS5/GnPNE3YILAiRSkWpVtsXnwOWu
+30ykO9l2dvK/tAcNBQWvhRbhRNXavjPsi/DSNa5WaVuijAaixv3LaqhWCmA5v2Ty
+FUsTdU63Zd3G4sTaRCQphpODlYvTqPlLKmsT9LOsgCEECxKlOPsjOP+SmBMy2tal
+4zrelvMnNdDS2dbGb7mIvFkMzgo7CoOzv4y3ug1wKby6CinHgGXwbV85NJ9/vf7q
+uPLKL0LAIy0KRwbE0Hz9bMov4GOd9w8woWEElbbG6j5PlTg+qeOV/drQO4N3O03F
+A//z9iDKO7V0dDQLqffqkU3yRCCkimCRQbphAVa0OfAtjQJesQUMR0HO6b5Of8W5
+5QxEcFVfuKtsvRfO4/McetoK55ipnOFXRf77yfx4g9+ynVFkmHJNscL0/uNi0UR9
+mUye2Eb+y+iPlHhWqkxTZZYQ1cCodo0BHyBJndYLdVVcpnwtXqlo5qksDSQmPOsV
+vvF/nioEhy08/a0zO9qtTQGX42UpkNANSrKnonWnnWLn7mDCw2SP9Sll3tYB2KqN
+JhyB/sSC3iIDgQ==
+-----END CERTIFICATE-----

data/certs/cert.key

@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6FD7F1FD57E45D6F
+
+2thmp9dtxSyi7Iu/dk0khMk53Ktmt4DKwmf57FeLNfG/Tp6poYM6k9rY9IDvU8Z2
+7tFdKjgMPu4bKlfcO/ouC6oBIuV6iGmf6rl4mK4WGPFQeicr58HFcmAhGFDK0Pwd
+N1UiecgKw0AzZDQa/a1E0YOik3s673XNvJSyQozRU1yFXPoz3SfDoAPeyk1CqF3F
+mfIVwD5hTfH+qZfPcF+aM0AfX1pb6NPdjoWbagpya/qNl1MbfW6pQSkJ3eWifnbJ
+K4WmRE1+2eU6B/u80qQ9mVd4IDrLw0PkxKgqXVITRk+DweQWB7MWRLDG44so5vQ8
+GLvzoH0UR6K1qhKWQVtVBzrIWnnWNRl04CveuRWXlgfybfbcKhWqzTejbYAnL2Sv
+w5bnGUTDE4ZC9FMGV0/75eNg0O+uSYzBQDTbeQKFXqa4J9POLiDksZU6Q6cHgrAC
+pPG1iYivnq7kDLVy7tVVrxND0dwJtS9sIJlFwL2JA1S0/kshgT5oIKsQ1pmC+i3+
+HG91id42te91RijucuEURy75Y4OZlNlYBtB3Iui94Sw/OdfI00bu27dQcv2IpqbB
+eMOWPbQ1vFw6jglpn7y9mlT3jU+Jw86tO9/YJuRMB0/sZ7ANtCaXmuMbqviBYE+o
+G1+w1FVngHa0sC7jXwYWNHQrF2I481lq4s6PE02idvwtcpuqY1bf+m+LLqQyp/Wr
+xVTIlA9fSItCXZjt0mnJmzYjDQLBkdfVNxpaWVoFBLAXD84yaD9q0gucAXQxpf7z
+Fq6MGxb80SOvW5P+E6LIoKalb6rAihNxhWlwrva3z2KpXmbMPMG7yq6SRH2ejpmb
+swms961RKqKeebfJFaPxrubxQYTbKjsLx8PAdRrXTxCRdDmJ6WKfe0ZdnClefAvO
+7j8SBr6jrYHD48Aa/Zefdwnn5Sz4/MlK2los8k3gQti3azx0wLFVCGOJ8Q6I4bvf
+qPmAreqXFtOIsax9QancdQPo12hInznJEcmm2JmGIkHmR/FOet5YF/u1lCXwgzKx
+ATP/V3bgQZSnIJ29biJvJmyNVUYpOOR5BvgNYQN/2Pwgme3waCuMDu9TJboqzamb
+qItd5bCOWmly5sSLnCAtDTR5ra/ENBmxGoUKOcPNY0CMDAN7DsBbN4M07ytVBQH6
+T5vq87flnWsOqqYICNS8v6JHVVY13Zwk9ZEq/UugjXHzrroPFwupKQTZA1US6zFF
+frCDZqFcsuZIVazsQ0stQQXL5svf5uo5mKEvIIStGgNK0w1qgw0af4gs6bzJW88j
+gjMBdeBE/Bo2xiX4cb8RJqu0DkTyyqdUHYkxcP1RQPRhQJP8JhY0eVK7Mx5evcod
+7KcApLCnVHEjmx3u9wc2mazsmJv/HlSJ9pzx24JMKjnRJRmZoFEieNdGiBiQGWr+
+SaHx+9M664c4ilaxToixsGLjWBXIBDQFJ2FOcKZNWta1d0+M1NFLRUtQK+5o5uM5
+2IfetA5zPnrsZpXmyrVSLRJNn3MmnH3/qBHjOYeA2OsdbxDOrbHsKf+2W4OhFTm4
+UuiyHo1vhccvp+5+bu0IEt7KZ/pf1CCoO7i8/uhvkDNAwP98jffay9Thyfh+fzqL
+3NqfiT/i4INTMqSE/0EQnJ4C6yIux4lh9N6di9Lafdbpvgx5kWtXQtIUebQt9n9Z
+iiXl1P9TDnGmkjUiGxkPlgFxdguzxylqsgtKsVALoPtcoviF9XqatKzZjQLxJ4xN
+4/iXlLywYfU/2NtdlInnFh/pN6J09m/r+8oJasbp7hwcoDAM0uK+ktkpk0DP7/r6
+z6i9de4qhfLO8kVtCzkfEhxR/aVkc4o1hfNYkodbZeTNGMmvjQeO/8RGg1cha2ds
+lxLbUXCCwAH4gEoa3vI3chk8DDvVlKsiVnqn9k3mLXW9VjWwdx0y1NJTJmnpXGFf
+4PKCPfbBeDBqGsxVhEtGCZXVTAG161FT76zo6nVhe+WiSXeW2yzER/PFoNDOPiww
+wMcO/Cj5qq/R3/OXJPtHfJPIbBkfp1ZiWHV8yISjg87tp9mlT4FHm0cxecJ/EKqA
+t3SIzmnkdTRazfXKX8+xlHekatAL0bgkgVOQnL9J+DwRBiW4HF4tZakgPAeumFqw
+6PIMBNVCMcmJKvhQoB6exCZaNQVSKwbPqgSa9Jh+qZg8dgOM/uc1yscElaxGhngB
+HC4HpVUzVhiiGtY2eEBTreDW+1jsWbcjiNDKnVol5apY7BaWyRUDr4w5nQOPJOid
+tYlHev5QD1y6Z4QTvYm+iLdc7g8Dv9IWnXSWY3pKPr4sXYGV3GkbRGiMN+plzZS3
+CXUqW7TVXm1vmkWTplO22PgRFFDBwIuIsCYhLrAjV8f5ofD24QEeQyMRU0jmromA
+QtK953j7cyzekCfoRPnghvBT8f0Zia2S3JciAN/aey/Hvqtr6imWUFuk1eibjwIk
+xGtQrqmOJEfxAxvRvVl2D7ettcaqsnpbITb5Ix7LAE2KnvAETCnxGyhmCCJgyhX7
+fK72NV1SsMaG/hRec5yk8ueO3ayTahTPYWiq1VLA8ImA1ue8vkcpqYHXxxMfmWbH
+SSwG5UBYc9xSGJPyUqJSu2cVeyKhAugH0Id9Bs2CAvt/WHwH7GQ0nzNi+ArBCbFc
+22nUTA7aSELuZtRHGpn6JrGP8XtRgqbNktpK+GJj7V/H9rEaXvXXtdLm8Mbm44k2
+zLLNNT3XGFYEa5wwIyv1lRuVXZsgmKSv3tYD/aeaCx+KjinQi56vPho0tgoXAiCU
+/jdU+/RkY1BSRH6Z0qUd7Z/BYFCwIaEyOKAECisVpahadP+QVIQF0dzzvbhu1qU1
+Ra/gsUyYdsgce7TK5EWYsEpeJXCUH3KRCJE2CLzOo+mcXlmRNo61EFC0+frgNzSf
+qOKEvf5ToI2JY9wDJ7j14lpGWt8CLZe3UGgWrWtBWB354MHF19/4iLQUfy6RBw6T
+EVw6vnyD+PjH9TB++DTiY5RktEyt4a8qmBHUD01+JtWi3VtKzIK3aQ2gYMkUfltm
+QgPq9yHwHcAc5fs3gg13IJHy+gG+W8AsysvAWKTmOCfA5lZyiLsqa+1Ub5s4TsDF
+ucA0/fPszsVV/PnJO4k/tBBfWP9ow39gbenuoddpZWjQyXAdpZa6C7QMfQugH/bR
+-----END RSA PRIVATE KEY-----

data/init.rb

@@ -0,0 +1,3 @@
+require File.dirname(__FILE__) + '/lib/action_mailer_x509'
+require File.dirname(__FILE__) + '/lib/models/notifier.rb'
+

data/lib/action_mailer_x509.rb

@@ -0,0 +1,36 @@
+require 'action_mailer_x509/railtie' if defined?(Rails)
+require 'action_mailer_x509/x509'
+require 'action_mailer_x509/configuration'
+require 'openssl'
+require 'overrides/action_mailer/base'
+require 'overrides/mail/message'
+
+module ActionMailerX509
+  mattr_reader :configurations
+
+  mattr_accessor :default_configuration
+
+  mattr_accessor :default_certs_path
+
+  class << self
+    def settings
+      yield self
+    end
+
+    def configurations
+      @configurations ||= {}
+    end
+
+    def add_configuration(name, params = {})
+      configurations[name.to_sym] = Configuration.new(params)
+    end
+
+    def get_configuration(name)
+      configurations[(name || ActionMailerX509.default_configuration).to_sym]
+    end
+
+    def default_certs_path=(path)
+      @@default_certs_path = Pathname.new(path)
+    end
+  end
+end

data/lib/action_mailer_x509/configuration.rb

@@ -0,0 +1,170 @@
+class Configuration
+  ATTRS = {     'C' => :country,
+                'ST' => :state,
+                'L' => :location,
+                'O' => :organization,
+                'OU' => :organizational_unit,
+                'CN' => :common_name,
+                'emailAddress' => :email}
+
+  def initialize(params = {})
+    params.symbolize_keys!
+    params.each_pair { |k, v| self.send("#{k}=".to_sym, v) }
+  end
+
+  class_attribute :sign_enable
+  self.sign_enable = false
+
+  class_attribute :crypt_enable
+  self.crypt_enable = false
+
+  class_attribute :crypt_cipher
+  self.crypt_cipher = 'des'
+
+  class_attribute :certs_path
+
+  class_attribute :sign_cert
+  class_attribute :sign_key
+  class_attribute :sign_passphrase
+  class_attribute :crypt_cert
+  class_attribute :crypt_key
+  class_attribute :crypt_passphrase
+
+  class_attribute :sign_cert_p12
+  class_attribute :crypt_cert_p12
+
+  def sign_require?
+    sign_enable == true
+  end
+
+  def crypt_require?
+    crypt_enable == true
+  end
+
+  def certs_path
+    @certs_path || ActionMailerX509.default_certs_path
+  end
+
+  def certs_path=(path)
+    @certs_path = Pathname.new(path)
+  end
+
+  def sign_cert
+    certs_path.join(@sign_cert)
+  end
+
+  def sign_cert_p12
+    certs_path.join(@sign_cert_p12)
+  end
+
+  def sign_key
+    certs_path.join(@sign_key)
+  end
+
+  def crypt_cert
+    certs_path.join(@crypt_cert)
+  end
+
+  def crypt_cert_p12
+    certs_path.join(@crypt_cert_p12)
+  end
+
+  def crypt_key
+    certs_path.join(@crypt_key)
+  end
+
+  def get_crypter
+    ActionMailerX509::X509.new(crypt_configuration)
+  end
+
+  def get_signer
+    ActionMailerX509::X509.new(sign_configuration)
+  end
+
+  def get_certificate_info
+    if valid?
+      if sign_require? || crypt_require?
+        worker = sign_require? ? get_signer : get_crypter
+
+        subject_attrs = worker.certificate.subject.to_a
+        subject_attrs = subject_attrs.each_with_object({}) do |attr, obj|
+          obj.update(ATTRS[attr.first] => attr[1])
+        end
+
+        {
+          from: worker.certificate.not_before,
+          to: worker.certificate.not_after,
+        }.reverse_merge!(subject_attrs)
+      end || {}
+    end || {}
+  end
+
+  def valid?
+    validate_sign && validate_crypt
+  end
+
+  protected
+    def validate_sign
+      if sign_require?
+        begin
+          get_signer.sign('test')
+        rescue
+          return false
+        end
+      end
+      true
+    end
+
+    def validate_crypt
+      if crypt_require?
+        begin
+          get_crypter.encode('test')
+        rescue
+          return false
+        end
+      end
+      true
+    end
+
+    def key=(key)
+      self.crypt_key = key
+      self.sign_key = key
+    end
+
+    def cert=(cert)
+      self.crypt_cert = cert
+      self.sign_cert = cert
+    end
+
+    def cert_p12=(cert)
+      self.crypt_cert_p12 = cert
+      self.sign_cert_p12 = cert
+    end
+
+    def passphrase=(pass)
+      self.crypt_passphrase = pass
+      self.sign_passphrase = pass
+    end
+
+  private
+    def sign_configuration
+      conf = {
+          pass_phrase: sign_passphrase
+      }
+
+      conf.merge!(certificate_p12: sign_cert_p12) if @sign_cert_p12
+      conf.merge!(certificate: sign_cert, rsa_key: sign_key) unless @sign_cert_p12
+      conf
+    end
+
+    def crypt_configuration
+      conf = {
+          cipher_type_str: crypt_cipher,
+          pass_phrase: crypt_passphrase
+      }
+
+      conf.merge!(certificate_p12: crypt_cert_p12) if @crypt_cert_p12
+      conf.merge!(certificate: crypt_cert, rsa_key: crypt_key) unless @crypt_cert_p12
+      conf
+    end
+end

data/lib/action_mailer_x509/railtie.rb

@@ -0,0 +1,9 @@
+require 'action_mailer_x509'
+require 'rails'
+module ActionMailerX509
+  class Railtie < Rails::Railtie
+    rake_tasks do
+      load 'tasks/action_mailer_x509.rake'
+    end
+  end
+end

data/lib/action_mailer_x509/x509.rb

@@ -0,0 +1,81 @@
+require 'openssl'
+
+class DecodeError < Exception; end
+class VerificationError < Exception; end
+
+module ActionMailerX509
+  class X509
+    attr_accessor :certificate, :cipher, :rsa_key, :certificate_store
+
+    # pass_phrase
+    # cipher_type_str
+    # certificate and rsa_key or certificate_p12
+    def initialize(attrs = {})
+      attrs.symbolize_keys!
+
+      attrs.reverse_merge!(pass_phrase: '', cipher_type_str: 'des')
+      if attrs[:certificate_p12]
+        p12 = OpenSSL::PKCS12.new(prepare_value(attrs[:certificate_p12]), attrs[:pass_phrase])
+        @certificate = p12.certificate
+        @rsa_key = p12.key
+      elsif attrs[:certificate] and attrs[:rsa_key]
+        @certificate = OpenSSL::X509::Certificate.new(prepare_value(attrs[:certificate]))
+        @rsa_key = OpenSSL::PKey::RSA.new(prepare_value(attrs[:rsa_key]), attrs[:pass_phrase])
+      else
+        raise Exception.new('Wrong configuration')
+      end
+
+      @cipher = OpenSSL::Cipher.new(attrs[:cipher_type_str])
+
+      @certificate_store = OpenSSL::X509::Store.new
+      @certificate_store.add_cert(certificate)
+    end
+
+    def encode(text)
+      write OpenSSL::PKCS7.encrypt([certificate], text, cipher)
+      #OpenSSL::PKCS7.encrypt([certificate], text, cipher, OpenSSL::PKCS7::BINARY)
+    end
+
+    def decode(encrypted_text)
+      pkcs7 = read(encrypted_text)
+      pkcs7.decrypt(@rsa_key, certificate)
+    rescue => e
+      raise DecodeError.new(e.message)
+    end
+
+    def sign(text)
+      write OpenSSL::PKCS7.sign(certificate, rsa_key, text, [], OpenSSL::PKCS7::DETACHED)
+      #OpenSSL::PKCS7.sign(certificate, rsa_key, text, [], OpenSSL::PKCS7::BINARY)
+    end
+
+    def verify(text)
+      result = read(text).verify(nil, @certificate_store, nil, nil)
+      #read(text).verify(nil, @certificate_store, nil, OpenSSL::PKCS7::NOVERIFY)
+      result ? read(text).data : raise(VerificationError.new('Wrong args'))
+    rescue => e
+      raise VerificationError.new(e.message)
+    end
+
+    protected
+      def write(pcks7)
+        OpenSSL::PKCS7::write_smime pcks7
+      end
+
+      def read(text)
+        OpenSSL::PKCS7.read_smime(text) rescue OpenSSL::PKCS7.new(text)
+      end
+
+    private
+      def prepare_value(attr)
+        case attr.class.name
+          when 'String'
+            attr
+          when 'Pathname'
+            File::read(attr)
+          when 'File'
+            attr.read
+          else raise Exception.new('Wrong param type')
+        end
+      end
+  end
+end

data/lib/generators/action_mailer_x509/install_generator.rb

@@ -0,0 +1,12 @@
+module ActionMailerX509
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('../', __FILE__)
+
+      desc 'Copy settings'
+      def copy_initializer
+        template 'templates/x509_settings.rb', 'config/initializers/x509_settings.rb'
+      end
+    end
+  end
+end

data/lib/generators/action_mailer_x509/templates/x509_settings.rb

@@ -0,0 +1,47 @@
+ActionMailerX509.settings do |config|
+
+  #Set collection of configurations for future use
+  #config.add_configuration :demo,
+  #                         {
+  #                             sign_enable: false,
+  #                             crypt_enable: true,
+  #                             sign_cert: 'cert.crt',
+  #                             sign_key: 'cert.key',
+  #                             sign_passphrase: 'demo',
+  #                             crypt_cert: 'other_cert.crt',
+  #                             crypt_key: 'other_cert.key',
+  #                             crypt_passphrase: 'demo',
+  #                             certs_path: Rails.root.join('certs')
+  #                         }
+  #
+  #config.add_configuration :hisp,
+  #                         {
+  #                             sign_enable: true,
+  #                             crypt_enable: true,
+  #                             sign_cert: 'ca.crt',
+  #                             sign_key: 'ca.key',
+  #                             sign_passphrase: 'hisp',
+  #                             crypt_cert: 'capa.crt',
+  #                             crypt_key: 'capa.key',
+  #                             crypt_passphrase: 'hisp',
+  #                             certs_path: Rails.root.join('certs')
+  #                         }
+  #
+  #config.add_configuration :common,
+  #                         {
+  #                             sign_enable: true,
+  #                             crypt_enable: true,
+  #                             cert: 'ca.crt',
+  #                             key: 'ca.key',
+  #                             passphrase: 'hisp'
+  #                             crypt_passphrase: 'hisp',
+  #                             certs_path: Rails.root.join('certs')
+  #                         }
+  #
+
+  # You may set configuration which will be use by default
+  #config.default_configuration = :hisp
+
+  #Also you may set default certs path and not set certs_path in configs
+  #config.default_certs_path = Rails.root.join('certs')
+end