action_mailer_x509 0.7.0

data/lib/models/notifier.rb

@@ -0,0 +1,12 @@
+require 'action_mailer_x509'
+
+class Notifier < ActionMailer::Base #:nodoc:
+  x509_configuration :test
+  self.prepend_view_path("#{File.dirname(__FILE__)}/../views/")
+
+  def fufu(email, from, subject = 'Empty subject')
+    mail(subject: subject, to: email, from: from) do |format|
+      format.text { render 'fufu' }
+    end
+  end
+end

data/lib/overrides/action_mailer/base.rb

@@ -0,0 +1,46 @@
+require 'action_mailer_x509'
+
+module ActionMailer #:nodoc:
+  class Base #:nodoc:
+    class_attribute :x509_configuration
+
+    class << self
+      def x509_configuration(name = nil)
+        @x509_configuration = name if name
+        @x509_configuration
+      end
+    end
+
+    alias_method :old_mail, :mail
+
+    def configuration
+      ActionMailerX509.get_configuration(x509_configuration)
+    end
+
+    def mail(headers = {}, &block)
+      self.class.x509_configuration(headers.delete(:x509_configuration)) if headers[:x509_configuration]
+      message = old_mail(headers, &block)
+      x509_smime(message) if configuration && (configuration.sign_require? || configuration.crypt_require?)
+    end
+
+    private
+      # X509 SMIME signing and\or crypting
+      def x509_smime(message)
+        #raise Exception.new('Configuration is nil') unless configuration
+        @coded = configuration.get_crypter.encode(message.content) if configuration.crypt_require?
+        @signed = configuration.get_signer.sign(@coded || message.content) if configuration.sign_require?
+
+        p = Mail.new(@signed || @coded)
+        p.header.fields.each {|field| (message.header[field.name] = field.value)}
+
+        if @signed
+          message.instance_variable_set :@body_raw, p.body.to_s
+        else
+          #PATCH: header field 'Content-Transfer-Encoding' is not copied by the some mystic reasons
+          message.header['Content-Transfer-Encoding'] = 'base64'
+          message.instance_variable_set :@body_raw, Base64.encode64(p.body.to_s)
+        end
+        message
+      end
+  end
+end

data/lib/overrides/mail/message.rb

@@ -0,0 +1,110 @@
+require 'action_mailer_x509'
+
+module Mail #:nodoc:
+  class Message #:nodoc:
+
+    def proceed(result_type = 'html', configuration = nil)
+      proceed_part(_proceed(configuration), result_type)
+    end
+
+    def method_missing(name, *args, &block)
+      elems = name.to_s.split('_as_')
+
+      if elems.size == 2
+        result = self.send(elems.first.to_sym, *args)
+        if result.is_a? String
+          convert(result, elems.last)
+        elsif result.respond_to? :to_a
+          result.to_a.map {|item| convert(item.to_s, elems.last)}
+        else
+          convert(result.to_s, elems.last)
+        end
+      end
+    end
+
+    def content
+      parts.empty? ? to_part : body.encoded
+    end
+
+    protected
+      # Returns true if the message is a multipart/alternative
+      def alternative?(part)
+        part.sub_type.downcase == 'alternative'
+      end
+
+
+      def _proceed(configuration = nil)
+        config = ActionMailerX509.get_configuration(configuration)
+        if (signed = is_signed?) || is_crypted?
+          raise Exception.new('Configuration is nil') unless config
+          result = if signed
+                     config.get_signer.verify(patched_encoded)
+                   else
+                     config.get_crypter.decode(body.to_s)
+                   end
+          if result && (mail = Mail.new(result)).valid?
+            mail._proceed(configuration)
+          end || result
+        end || self
+      end
+
+      def proceed_part(part, result_type = 'html')
+        if part.multipart?
+          if alternative?(part)
+            variants = part.parts.each_with_object({}) {|p, res| res.update(p.sub_type => p)}
+            @new_part = variants[result_type] || variants['html'] || variants['plain'] || part.first
+          end
+
+          _decode_body(result_type, @new_part || part)
+        else
+          part.decoded.to_s unless part.attachment?
+        end
+      end
+
+    # we need manually split body on parts and decode each part separate
+      def _decode_body(result_type, obj = self)
+        obj.body.split(obj.boundary) if obj.parts.blank? && obj.boundary.present?
+
+        if obj.parts.present?
+          obj.parts.map {|part| proceed_part(part, result_type)}.join(break_line(result_type))
+        else
+          obj.decoded
+        end
+      end
+
+      def break_line(content_type)
+        content_type == 'html' ? '<br>' : "\r\n"
+      end
+
+      def convert(text, encoding)
+        text.force_encoding(encoding.dasherize)
+      end
+
+      def to_part
+        part = Mail::Part.new((text = body.encoded))
+        part.header[:content_type] = 'text/html' if text.index(/<\w+>/)
+        part.header['Content-Transfer-Encoding'] = '8bit'
+        part.encoded
+      end
+
+      def valid?
+        header['Content-Type'].present? && body.encoded.length > 0
+      end
+
+      #PATCH: body.encoded return wrong result in encoded func
+      def patched_encoded
+        buffer = header.encoded
+        buffer << "\r\n"
+        buffer << body.to_s
+        buffer
+      end
+
+      def is_crypted?
+        (header['Content-Type'].encoded =~ /application\/(x-)?pkcs[0-9]+-mime/).present?
+      end
+
+      def is_signed?
+        (header['Content-Type'].encoded =~ /application\/(x-)?pkcs[0-9]+-signature/).present?
+      end
+  end
+end

data/lib/tasks/action_mailer_x509.rake

@@ -0,0 +1,184 @@
+require 'rake'
+require 'rake/testtask'
+require 'rdoc/task'
+require 'models/notifier'
+require 'action_mailer_x509/x509'
+
+namespace :action_mailer_x509 do
+  desc 'Run all checks'
+  task :all do
+    puts '*' * 20 << 'SIGN VERIFICATION'
+    Rake::Task['action_mailer_x509:verify_signature'].invoke
+    puts '*' * 20 << 'OPENSSL SIGN VERIFICATION'
+    Rake::Task['action_mailer_x509:verify_signature_by_openssl'].invoke
+    puts '*' * 20 << 'CRYPT VERIFICATION'
+    Rake::Task['action_mailer_x509:verify_crypt'].invoke
+    puts '*' * 20 << 'OPENSSL CRYPT VERIFICATION'
+    Rake::Task['action_mailer_x509:verify_crypt_by_openssl'].invoke
+    puts '*' * 20 << 'SIGN AND CRYPT VERIFICATION'
+    Rake::Task['action_mailer_x509:verify_sign_and_crypt'].invoke
+    puts '*' * 20
+    #Rake::Task['action_mailer_x509:verify_sign_and_crypt_by_openssl'].invoke
+    #puts '*' * 20
+  end
+
+  desc 'Generates a signed mail in a file.'
+  task(:generate_signed_mail => :environment) do
+    add_config(true, false)
+    mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+    path = ENV['mail'] || Rails.root.join('certs/signed_mail.txt')
+    File.open(path, 'wb') do |f|
+      f.write mail.body
+    end
+    puts "Signed mail is at #{path}"
+    puts 'You can use mail=filename as argument to change it.' if ENV['mail'].nil?
+  end
+
+  desc 'Check if signature is valid.'
+  task(:verify_signature => :environment) do
+    add_config(false, false)
+    raw_mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+    add_config(true, false)
+    mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+    verified = mail.proceed('html', Notifier.x509_configuration)
+    puts "Verification is #{(verified) == raw_mail.body.to_s}"
+  end
+
+  desc 'Check if signature is valid by openssl.'
+  task(:verify_signature_by_openssl => :environment) do
+    require 'tempfile'
+
+    add_config(true, false)
+    mail = Notifier.fufu("<destination@foobar.com>", "<demo@foobar.com>")
+
+    tf = Tempfile.new('actionmailer_x509')
+    tf.write mail.encoded
+    tf.flush
+    configuration = ActionMailerX509.get_configuration(Notifier.x509_configuration)
+
+    comm = "openssl smime -verify -in #{tf.path} -CAfile #{configuration.sign_cert} > /dev/null"
+
+    puts 'Using openssl command to verify signature...'
+    system(comm)
+  end
+
+  desc 'Generates a crypted mail in a file.'
+  task(:generate_crypted_mail => :environment) do
+    add_config(false, true)
+    mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+    path = ENV['mail'] || Rails.root.join('certs/cripted_mail.txt')
+
+    File.open(path, 'wb') do |f|
+      f.write mail.body
+    end
+
+    p "Crypted mail is at #{path}"
+    p 'You can use mail=filename as argument to change it.' if ENV['mail'].nil?
+  end
+
+  desc 'Check crypt.'
+  task(:verify_crypt => :environment) do
+    add_config(false, false)
+    raw_mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+    add_config(false, true)
+    mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+    decrypted = mail.proceed('html', Notifier.x509_configuration)
+    puts "Crypt verification is #{decrypted.to_s == raw_mail.body.decoded}"
+  end
+
+  desc 'Check if crypt text is valid by openssl.'
+  task(:verify_crypt_by_openssl => :environment) do
+    require 'tempfile'
+
+    add_config(false, true)
+    mail = Notifier.fufu("<destination@foobar.com>", "<demo@foobar.com>")
+
+    tf = Tempfile.new('actionmailer_x509')
+    tf.write mail.encoded
+    tf.flush
+    configuration = ActionMailerX509.get_configuration(Notifier.x509_configuration)
+
+    comm = "openssl smime -decrypt -passin pass:#{configuration.crypt_passphrase} -in #{tf.path} -recip #{configuration.crypt_cert} -inkey #{configuration.crypt_key} > /dev/null"
+    puts 'Using openssl command to verify crypted code...'
+    puts "Crypt verification is #{system(comm)}"
+  end
+
+  desc 'Check sign and crypt.'
+  task(:verify_sign_and_crypt => :environment) do
+    add_config(false, false)
+    raw_mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+    add_config
+    mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+    decrypted = mail.proceed('html', Notifier.x509_configuration)
+    puts "Verification is #{decrypted.to_s == raw_mail.body.decoded}"
+  end
+
+  #desc 'Check if crypt text is valid by openssl.'
+  #task(:verify_sign_and_crypt_by_openssl => :environment) do
+  #  require 'tempfile'
+  #
+  #  add_config
+  #  mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+  #
+  #  tf = Tempfile.new('actionmailer_x509')
+  #  tf.write mail.encoded
+  #  tf.flush
+  #  configuration = ActionMailerX509.get_configuration(Notifier.x509_configuration)
+  #
+  #  comm = "openssl smime -verify -in #{tf.path} -CAfile #{configuration.sign_cert} 2>&1 | openssl smime -decrypt -passin pass:#{configuration.crypt_passphrase} -in #{tf.path} -recip #{configuration.crypt_cert} -inkey #{configuration.crypt_key}"
+  #  puts "Crypt and sign verification is #{system(comm)}"
+  #end
+
+  desc 'Performance test.'
+  task(:performance_test => :environment) do
+    require 'benchmark'
+
+    n = 100
+    Benchmark.bm do |x|
+      add_config(false, false)
+      x.report("#{n} raw mails: ".ljust(40)) {
+        n.times { Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>') }
+      }
+      add_config(true)
+      x.report("#{n} mails with signature: ".ljust(40)) {
+        n.times { Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>') }
+      }
+
+      add_config(false, true)
+      x.report("#{n} crypted mails: ".ljust(40)) {
+        n.times { Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>') }
+      }
+
+      add_config
+      x.report("#{n} crypted and signed mails: ".ljust(40)) {
+        n.times { Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>') }
+      }
+    end
+  end
+end
+
+private
+def add_config(sign = true, crypt = true)
+  ActionMailerX509.add_configuration :test,
+                           {
+                               sign_enable: sign,
+                               crypt_enable: crypt,
+                               cert: 'ca.crt',
+                               key: 'ca.key',
+                               passphrase: 'hisp',
+                               certs_path: Rails.root.join('certs/stock')
+                           }
+end
+
+def Boolean(string)
+  return true if string == true || string =~ /^true$/i
+  return false if string == false || string.nil? || string =~ /^false$/i
+  raise ArgumentError.new("invalid value for Boolean: \"#{string}\"")
+end
+

data/lib/views/notifier/fufu.erb

@@ -0,0 +1,3 @@
+This is the first line
+
+This is the 3rd line, to make sure...

data/spec/ops_spec.rb

@@ -0,0 +1,129 @@
+require 'spec_helper'
+
+describe 'Test basic functions' do
+  describe 'Correct' do
+    describe 'Signature' do
+      before do
+        add_config(false, false)
+        @raw_mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+        add_config(true, false)
+        @mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+      end
+
+      it 'Must generate signature' do
+        @mail.body.to_s.should_not eql @raw_mail.body.to_s
+      end
+
+      it 'Verification check' do
+        verified = @mail.proceed(Notifier.x509_configuration)
+        verified.should eql @raw_mail.body.to_s
+      end
+    end
+
+    describe 'Crypting' do
+      before do
+        add_config(false, false)
+        @raw_mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+        add_config(false, true)
+        @mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+      end
+
+      it 'Must generate crypted text' do
+        @mail.body.decoded.should_not eql @raw_mail.body.decoded
+      end
+
+      it 'Must generate crypted text' do
+        decrypted = @mail.proceed(Notifier.x509_configuration)
+        decrypted.to_s.should eql @raw_mail.body.decoded
+      end
+    end
+
+    it 'Crypting and Signature' do
+      add_config(false, false)
+      raw_mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+      add_config
+      mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+      decrypted = mail.proceed(Notifier.x509_configuration)
+      decrypted.to_s.should eql raw_mail.body.decoded
+    end
+
+    it 'Crypting and Signature by p12_certificate' do
+      add_config(false, false)
+      raw_mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+      add_config(true, true, true)
+      mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+
+      decrypted = mail.proceed(Notifier.x509_configuration)
+      decrypted.to_s.should eql raw_mail.body.decoded
+    end
+  end
+
+  describe 'Incorrect' do
+    it 'sign incorrect key' do
+      add_config(true, false)
+
+      mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+      mail.body.to_s.should_not be_empty
+
+      set_config_param(sign_passphrase: 'wrong')
+      -> { mail.proceed(Notifier.x509_configuration) }.should raise_error OpenSSL::PKey::RSAError
+    end
+
+    describe 'incorrect text' do
+      it 'sign' do
+        add_config(true, false)
+        mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+        mail.body = mail.body.to_s.gsub(/[0-9]/, 'g')
+        -> { mail.proceed(Notifier.x509_configuration) }.should raise_error VerificationError
+      end
+
+      it 'crypt' do
+        add_config(false, true)
+        mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+        mail.body = mail.body.to_s.gsub(/[0-9]/, 'g')
+        -> { mail.proceed(Notifier.x509_configuration) }.should raise_error DecodeError
+      end
+    end
+
+    describe 'incorrect certs' do
+      it 'sign' do
+        add_config(true, false)
+        set_config_param(crypt_cert: 'cert.crt',
+                         crypt_key: 'cert.key')
+        mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
+        mail.body = mail.body.to_s.gsub(/[0-9]/, 'g')
+        -> { mail.proceed(Notifier.x509_configuration) }.should raise_error VerificationError
+      end
+
+      it 'crypt' do
+        add_config(false, true)
+        set_config_param(crypt_cert: 'cert.crt',
+                         crypt_key: 'cert.key')
+        -> { Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>') }.should raise_error OpenSSL::PKey::RSAError
+      end
+    end
+
+    describe 'valid func' do
+      it 'must return true on non crypted and not signed' do
+        add_config(false, false)
+        get_config.valid?.should eql true
+      end
+
+      it 'must return false on wrong passphrase' do
+        add_config
+        set_config_param(sign_passphrase: 'wrong')
+        get_config.valid?.should eql false
+      end
+
+      it 'must return false on wrong certificate' do
+        add_usual_cert_as_p12_config
+        get_config.valid?.should eql false
+      end
+    end
+  end
+end