action_mailer_x509 0.7.0 → 0.7.2

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    action_mailer_x509 (0.6.2)
+    action_mailer_x509 (0.7.2)
       actionmailer
       mail
       rake
@@ -32,7 +32,7 @@ GEM
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    mime-types (1.23)
+    mime-types (1.25)
     minitest (4.7.5)
     multi_json (1.7.9)
     polyglot (0.3.3)
@@ -59,7 +59,7 @@ GEM
     thor (0.18.1)
     thread_safe (0.1.2)
       atomic
-    treetop (1.4.14)
+    treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
     tzinfo (0.3.37)

data/README.rdoc

@@ -79,7 +79,7 @@ Put this line in your Gemfile
 
     gem 'actionmailer_x509'
 
-== USING
+== SETTINGS
 
 First for all - run install generator, which adds configuration file
 
@@ -120,10 +120,42 @@ And you may also change the default configuration in any place of the program:
 
 2) Change only for decoding and verifyng if you use Mail object
 
-   Mail.new(encoded_text).proceed(configuration)
+   Mail.new(encoded_text).proceed(result_type, configuration)
 
 If you set configuration as nil in "proceed" func, "ActionMailerX509.default_configuration" will be used.
 
+
+== USING
+
+Encoding/Sign
+
+  You may set simpy set configuration for all funcs of mailer 
+  
+  class SendCrypted < ActionMailer::Base
+    x509_configuration :test
+  end
+  
+  or set it how param of 'mail' func for each mailer method
+  
+  class SendCrypted < ActionMailer::Base
+    def prepare_mail(from, to, subject, body, x509_configuration = ActionMailerX509.default_configuration)
+      mail(
+          from: from,
+          to: to,
+          subject: subject,
+          x509_configuration: x509_configuration
+      )do |format|
+        #format.text { render text: body }
+        format.html { render text: body }
+      end
+    end
+  end
+  
+Decoding/Verify
+
+  Mail.new(encoded_mail).proceed(result_type, configuration)
+  
+
 == HELPERS
 
 You may use some helpers for fast encoding in case when you proceed received email. Helper has the following signature:

data/actionmailer_x509.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'action_mailer_x509'
-  s.version = '0.7.0'
+  s.version = '0.7.2'
   s.authors = ['Jenua Boiko']
   s.email = 'jeyboy1985@gmail.com'
   s.files = `git ls-files`.split("\n")
@@ -14,6 +14,5 @@ Gem::Specification.new do |s|
   s.add_dependency 'rake'
   s.add_dependency 'actionmailer'
   s.add_dependency 'mail'
-  #s.add_development_dependency 'rspec'
 end
 

data/lib/action_mailer_x509/configuration.rb

@@ -1,12 +1,6 @@
-class Configuration
-  ATTRS = {     'C' => :country,
-                'ST' => :state,
-                'L' => :location,
-                'O' => :organization,
-                'OU' => :organizational_unit,
-                'CN' => :common_name,
-                'emailAddress' => :email}
+require 'action_mailer_x509/security_object'
 
+class Configuration
   def initialize(params = {})
     params.symbolize_keys!
     params.each_pair { |k, v| self.send("#{k}=".to_sym, v) }
@@ -88,7 +82,7 @@ class Configuration
 
         subject_attrs = worker.certificate.subject.to_a
         subject_attrs = subject_attrs.each_with_object({}) do |attr, obj|
-          obj.update(ATTRS[attr.first] => attr[1])
+          obj.update(SecurityObject::ATTRS[attr.first] => attr[1])
         end
 
         {

data/lib/action_mailer_x509/security_object.rb

@@ -0,0 +1,179 @@
+class SecurityObject
+  ATTRS = {     'C' => :country,
+                'ST' => :state,
+                'L' => :location,
+                'O' => :organization,
+                'OU' => :organizational_unit,
+                'CN' => :common_name,
+                'emailAddress' => :email}
+
+  IATTRS = ATTRS.invert
+
+  #params:  Hash
+    #key_length           int       - length of the rsa key
+    #password             string    - passphrase for key/certificate
+    #pack_key_with_pass   bool      - force repack rsa key with given password
+    #subject              Hash      - fields represented by ATTRS const
+    #time_from            Time      - certificate start time
+    #time_length          int       - certificate life time in seconds
+    #description          string    - p12 description
+    #file                 string    - file path - where have be save new certificate
+  class << self
+    private
+      def to_file(data, path)
+        File.open(path, 'wb') do |file|
+          file.write(data)
+        end
+      end
+
+      def subject(params)
+        params ||= {}
+        params.symbolize_keys!
+        subject = params.each_with_object('') do |attr, obj|
+          obj << "/#{IATTRS[attr.first]}=#{attr[1]}"
+        end
+        OpenSSL::X509::Name.parse subject
+      end
+
+      def repack_key(rsa_key, password)
+        cipher =  OpenSSL::Cipher::Cipher.new('des3')
+        private_key = rsa_key.to_pem(cipher, password)
+        public_key = rsa_key.public_key.to_pem
+        OpenSSL::PKey::RSA.new(private_key + public_key, password)
+      end
+
+      def rsa_key(params={})
+        key = OpenSSL::PKey::RSA.new(params[:key_length] || 4096) # the CA's public/private key
+        (repack_key(key, params[:password]) if params[:pack_key_with_pass]) || key
+      end
+
+      def certificate(params = {}, root_certificate = nil)
+        root_key = rsa_key(params)
+
+        root_ca = OpenSSL::X509::Certificate.new
+        root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+        root_ca.serial = 1
+        root_ca.subject = subject(params[:subject])
+        root_ca.issuer = (root_certificate || root_ca).subject # root CA's are "self-signed"
+        root_ca.public_key = root_key.public_key
+        root_ca.not_before = params[:time_from] || Time.now
+        root_ca.not_after = root_ca.not_before + (params[:time_length] || 1.year)  #2 * 365 * 24 * 60 * 60 # 2 years validity
+
+        [ root_key, root_ca ]
+      end
+    public
+
+    def self_signed_certificate(params = {})
+      params.symbolize_keys!
+
+      root_key, root_ca = certificate(params)
+      root_ca.serial = 1
+
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = root_ca
+      ef.issuer_certificate = root_ca
+      root_ca.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
+      root_ca.add_extension(ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true))
+      root_ca.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+      root_ca.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always', false))
+      root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+
+
+      [ root_key, root_ca ]
+
+
+#      key = OpenSSL::PKey::RSA.new(1024)
+#      public_key = key.public_key
+#
+#      subject = "/C=BE/O=Test/OU=Test/CN=Test"
+#
+#      cert = OpenSSL::X509::Certificate.new
+#      cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+#      cert.not_before = Time.now
+#      cert.not_after = Time.now + 365 * 24 * 60 * 60
+#      cert.public_key = public_key
+#      cert.serial = 0x0
+#      cert.version = 2
+#
+#      ef = OpenSSL::X509::ExtensionFactory.new
+#      ef.subject_certificate = cert
+#      ef.issuer_certificate = cert
+#      cert.extensions = [
+#          ef.create_extension("basicConstraints","CA:TRUE", true),
+#          ef.create_extension("subjectKeyIdentifier", "hash"),
+## ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
+#      ]
+#      cert.add_extension ef.create_extension("authorityKeyIdentifier",
+#                                             "keyid:always,issuer:always")
+#
+#      cert.sign key, OpenSSL::Digest::SHA1.new
+    end
+
+    def signed_certificate(params = {})
+      params.symbolize_keys!
+      root_key, root_ca = self_signed_certificate(params)
+      key, cert = certificate(params, root_ca)
+      cert.serial = 2
+
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = cert
+      ef.issuer_certificate = root_ca
+      cert.add_extension(ef.create_extension('keyUsage', 'digitalSignature', true))
+      cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+      cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+
+      [ key, cert ]
+    end
+
+
+    def p12_certificate(params = {})
+      params.symbolize_keys!
+
+      key, cert = signed_certificate(params)
+
+      #root_key = OpenSSL::PKey::RSA.new 4096 # the CA's public/private key
+      #root_ca = OpenSSL::X509::Certificate.new
+      #root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+      #root_ca.serial = 1
+      #root_ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby CA"
+      #root_ca.issuer = root_ca.subject # root CA's are "self-signed"
+      #root_ca.public_key = root_key.public_key
+      #root_ca.not_before = Time.now
+      #root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
+      #
+      #ef = OpenSSL::X509::ExtensionFactory.new
+      #ef.subject_certificate = root_ca
+      #ef.issuer_certificate = root_ca
+      #root_ca.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
+      #root_ca.add_extension(ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true))
+      #root_ca.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+      #root_ca.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always', false))
+      #root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+      #
+      ## The next step is to create the end-entity certificate using the root CA
+      ## certificate.
+      ##
+      #key = OpenSSL::PKey::RSA.new 4096
+      #cert = OpenSSL::X509::Certificate.new
+      #cert.version = 2
+      #cert.serial = 2
+      #cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby certificate"
+      #cert.issuer = root_ca.subject # root CA is the issuer
+      #cert.public_key = key.public_key
+      #cert.not_before = Time.now
+      #cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
+      #
+      #ef = OpenSSL::X509::ExtensionFactory.new
+      #ef.subject_certificate = cert
+      #ef.issuer_certificate = root_ca
+      #cert.add_extension(ef.create_extension('keyUsage', 'digitalSignature', true))
+      #cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+      #cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+
+      p12 = OpenSSL::PKCS12.create(params[:password], params[:description] || 'My Name', key, cert)
+      bytes = p12.to_der
+      to_file(bytes, path) if params[:file]
+      bytes
+    end
+  end
+end

data/lib/action_mailer_x509/x509.rb

@@ -44,14 +44,13 @@ module ActionMailerX509
     end
 
     def sign(text)
-      write OpenSSL::PKCS7.sign(certificate, rsa_key, text, [], OpenSSL::PKCS7::DETACHED)
-      #OpenSSL::PKCS7.sign(certificate, rsa_key, text, [], OpenSSL::PKCS7::BINARY)
+      write OpenSSL::PKCS7.sign(certificate, rsa_key, text, [], OpenSSL::PKCS7::DETACHED|OpenSSL::PKCS7::BINARY)
     end
 
     def verify(text)
-      result = read(text).verify(nil, @certificate_store, nil, nil)
-      #read(text).verify(nil, @certificate_store, nil, OpenSSL::PKCS7::NOVERIFY)
-      result ? read(text).data : raise(VerificationError.new('Wrong args'))
+      #set the signer's certificates are not chain verified.
+      result = read(text).verify(nil, @certificate_store, nil, OpenSSL::PKCS7::NOVERIFY)
+      result ? read(text).data : raise(VerificationError.new('Verification failed !!!'))
     rescue => e
       raise VerificationError.new(e.message)
     end

data/lib/overrides/mail/message.rb

@@ -3,6 +3,14 @@ require 'action_mailer_x509'
 module Mail #:nodoc:
   class Message #:nodoc:
 
+    #fix mail gem bug on decoding
+    def subject( val = nil )
+      val ||= header[:subject].default
+      val.gsub!(' ', '_') if val && val.start_with?('=?')
+      default( :subject, val )
+      header[:subject].default
+    end
+
     def proceed(result_type = 'html', configuration = nil)
       proceed_part(_proceed(configuration), result_type)
     end
@@ -26,6 +34,13 @@ module Mail #:nodoc:
       parts.empty? ? to_part : body.encoded
     end
 
+    def get_states
+      {
+          crypted: (body.to_s =~ /application\/(x-)?pkcs[0-9]+-mime/).present?,
+          signed: (body.to_s =~ /application\/(x-)?pkcs[0-9]+-signature/).present?
+      }
+    end
+
     protected
       # Returns true if the message is a multipart/alternative
       def alternative?(part)
@@ -57,16 +72,18 @@ module Mail #:nodoc:
 
           _decode_body(result_type, @new_part || part)
         else
-          part.decoded.to_s unless part.attachment?
+          part.decoded unless part.attachment?
         end
-      end
+      end.to_s
 
     # we need manually split body on parts and decode each part separate
       def _decode_body(result_type, obj = self)
-        obj.body.split(obj.boundary) if obj.parts.blank? && obj.boundary.present?
+        obj.body.split!(obj.boundary) if obj.parts.blank? && obj.boundary.present?
+
 
         if obj.parts.present?
-          obj.parts.map {|part| proceed_part(part, result_type)}.join(break_line(result_type))
+          proceed_parts = obj.parts.map {|part| proceed_part(part, result_type).force_encoding('utf-8')}
+          proceed_parts.join(break_line(result_type))
         else
           obj.decoded
         end
@@ -101,10 +118,14 @@ module Mail #:nodoc:
 
       def is_crypted?
         (header['Content-Type'].encoded =~ /application\/(x-)?pkcs[0-9]+-mime/).present?
+      rescue
+        false
       end
 
       def is_signed?
         (header['Content-Type'].encoded =~ /application\/(x-)?pkcs[0-9]+-signature/).present?
+      rescue
+        false
       end
   end
 end

data/spec/adds_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe 'Test additional functions' do
+  describe 'Correct' do
+    describe 'Certificate generation' do
+      it 'Must generate p12' do
+        p12_bytes = SecurityObject.p12_certificate({:password => 'demo'})
+        lambda { OpenSSL::PKCS12.new p12_bytes, 'demo' }.should_not raise_error
+      end
+    end
+  end
+
+  describe 'Incorrect' do
+    it 'Must dont open p12 with wrong pass' do
+      p12_bytes = SecurityObject.p12_certificate({:password => 'demo'})
+      lambda { OpenSSL::PKCS12.new p12_bytes, 'wrong' }.should raise_error
+    end
+  end
+end

data/spec/ops_spec.rb

@@ -16,7 +16,7 @@ describe 'Test basic functions' do
       end
 
       it 'Verification check' do
-        verified = @mail.proceed(Notifier.x509_configuration)
+        verified = @mail.proceed('plain', Notifier.x509_configuration)
         verified.should eql @raw_mail.body.to_s
       end
     end
@@ -35,7 +35,7 @@ describe 'Test basic functions' do
       end
 
       it 'Must generate crypted text' do
-        decrypted = @mail.proceed(Notifier.x509_configuration)
+        decrypted = @mail.proceed('plain', Notifier.x509_configuration)
         decrypted.to_s.should eql @raw_mail.body.decoded
       end
     end
@@ -47,7 +47,7 @@ describe 'Test basic functions' do
       add_config
       mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
 
-      decrypted = mail.proceed(Notifier.x509_configuration)
+      decrypted = mail.proceed('plain', Notifier.x509_configuration)
       decrypted.to_s.should eql raw_mail.body.decoded
     end
 
@@ -58,7 +58,7 @@ describe 'Test basic functions' do
       add_config(true, true, true)
       mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
 
-      decrypted = mail.proceed(Notifier.x509_configuration)
+      decrypted = mail.proceed('plain', Notifier.x509_configuration)
       decrypted.to_s.should eql raw_mail.body.decoded
     end
   end
@@ -71,7 +71,7 @@ describe 'Test basic functions' do
       mail.body.to_s.should_not be_empty
 
       set_config_param(sign_passphrase: 'wrong')
-      -> { mail.proceed(Notifier.x509_configuration) }.should raise_error OpenSSL::PKey::RSAError
+      -> { mail.proceed('plain', Notifier.x509_configuration) }.should raise_error OpenSSL::PKey::RSAError
     end
 
     describe 'incorrect text' do
@@ -79,14 +79,14 @@ describe 'Test basic functions' do
         add_config(true, false)
         mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
         mail.body = mail.body.to_s.gsub(/[0-9]/, 'g')
-        -> { mail.proceed(Notifier.x509_configuration) }.should raise_error VerificationError
+        -> { mail.proceed('plain', Notifier.x509_configuration) }.should raise_error VerificationError
       end
 
       it 'crypt' do
         add_config(false, true)
         mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
         mail.body = mail.body.to_s.gsub(/[0-9]/, 'g')
-        -> { mail.proceed(Notifier.x509_configuration) }.should raise_error DecodeError
+        -> { mail.proceed('plain', Notifier.x509_configuration) }.should raise_error DecodeError
       end
     end
 
@@ -97,7 +97,7 @@ describe 'Test basic functions' do
                          crypt_key: 'cert.key')
         mail = Notifier.fufu('<destination@foobar.com>', '<demo@foobar.com>')
         mail.body = mail.body.to_s.gsub(/[0-9]/, 'g')
-        -> { mail.proceed(Notifier.x509_configuration) }.should raise_error VerificationError
+        -> { mail.proceed('plain', Notifier.x509_configuration) }.should raise_error VerificationError
       end
 
       it 'crypt' do

data/spec/spec_helper.rb

@@ -4,6 +4,8 @@ require 'active_support/all'
 require 'action_mailer'
 require 'action_mailer_x509'
 require 'action_mailer_x509/x509'
+require 'action_mailer_x509/security_object'
+require 'action_mailer_x509/configuration'
 require 'models/notifier'
 
 RSpec.configure do |config|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: action_mailer_x509
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-28 00:00:00.000000000 Z
+date: 2013-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -82,6 +82,7 @@ files:
 - lib/action_mailer_x509.rb
 - lib/action_mailer_x509/configuration.rb
 - lib/action_mailer_x509/railtie.rb
+- lib/action_mailer_x509/security_object.rb
 - lib/action_mailer_x509/x509.rb
 - lib/generators/action_mailer_x509/install_generator.rb
 - lib/generators/action_mailer_x509/templates/x509_settings.rb
@@ -90,6 +91,7 @@ files:
 - lib/overrides/mail/message.rb
 - lib/tasks/action_mailer_x509.rake
 - lib/views/notifier/fufu.erb
+- spec/adds_spec.rb
 - spec/ops_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/jeyboy/action_mailer_x509
@@ -105,12 +107,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -205818147
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -205818147
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24