actionmailer_x509 0.3.0

data/.gitignore

@@ -0,0 +1,18 @@
+public/tmp/*
+tmp/*
+tags
+public/tmp/*
+log/*
+config/database.yml
+*.swp
+*.swo
+*.dump
+*~
+public/*/cache/*
+config/environments/development.rb
+.bundle
+db/*.sqlite3
+tmp/**/*
+rerun.txt
+.bundle\n
+.rvmrc

data/BSD-LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) 2008, Fabien Penso
+
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of the University of California, Berkeley nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.rdoc

@@ -0,0 +1,160 @@
+= ActionmailerX509
+
+petRUShka, Fabien Penso
+
+== DESCRIPTION
+
+This plugin allows you to send X509 signed mails with Rails 3 ActionMailer. If you want to sign mails with Rails 2, you should use original plugin: https://github.com/penso/actionmailer_x509
+
+It has been tested with Rails 3.0.3.
+
+== Creation of the certificates
+
+(1) Generate your own Certificate Authority (CA).
+
+  openssl genrsa -des3 -out ca.key 4096
+  openssl req -new -x509 -days 365 -key ca.key -out ca.crt
+
+(2) Generate a server key and request for signing (csr).
+
+  Note : use your email address for the Common Name (CN) field
+
+  openssl genrsa -des3 -out server.key 4096
+  openssl req -new -key server.key -out server.csr
+
+(3) Sign the certificate signing request (csr) with the self-created
+    certificate authority (CA) that you made earlier.
+
+  openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
+
+(3 bis) or self sign your certificate with the same key.
+
+  openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+
+(4) Compute all thoses files into a PCKS#12 file (so you can include it in your mailer):
+
+  openssl pkcs12 -export -in server.crt -inkey server.key -certfile ca.key -name "My Cert" -out name-cert.p12
+
+== Extracting the files from a PKCS#12 file
+
+If you have a PKCS#12 file, usualy named .p12, you can extract the required files with
+the following commands.
+
+(1) Extract the private key
+
+  openssl pkcs12 -in file_input.p12 -clcerts -nocerts -out file_out.key -nodes
+
+(2) Extract the certificate
+
+  openssl pkcs12 -in file_input.p12 -clcerts -nokeys -out file_out.crt -nodes
+
+Please note the -nodes to leave the private key uncrypted, use -des if you wish
+to protect it.
+
+== INSTALLING THE PLUGIN
+
+Put this line in your Gemfile
+
+    gem 'actionmailer_x509'
+
+== USING THE PLUGIN
+
+If you wish to send a signed email you just need to put new informations in
+your ActionMailer model.
+
+    class FooMailer < ActionMailer::Base
+
+      def sending_method(email, from , subject = "Empty subject for signed")
+        # If you want to sign the mail
+        x509_sign  true
+        x509_cert  "certs/yourwebsite.crt"
+        x509_key   "certs/yourwebsite.key"
+        # In case your certificate has a passphrase
+        x509_passphrase "my passphrase for the certificate"
+
+        mail(:subject => subject, :to => email, :from => from)
+      end
+
+You can also specify the certificate and key in your environment file:
+
+    ActionMailer::Base.default_x509_sign = true
+    ActionMailer::Base.default_x509_cert = "certs/server.crt"
+    ActionMailer::Base.default_x509_key  = "certs/server.key"
+
+== USING TEST
+
+You can benchmark the plugin with:
+
+  rake actionmailer_x509:performance_test
+
+Send yourself a signed mail with:
+
+  rake actionmailer_x509:send_test
+
+Verify the plugin generates valid signature
+
+  rake actionmailer_x509:verify_signature
+
+Generate a signed mail in a local file
+
+  rake actionmailer_x509:generate_mail
+
+== REQUIREMENTS
+
+ * Ruby 1.8 or later
+ * Rails 3.0 or later
+ * OpenSSL 0.9.8e or later and Ruby/OpenSSL 1.8.6.36 or later
+
+== Mail User Agent tested
+
+We checked with the following MUA for making sure the signed mails are
+readable.
+
+ * Mutt 1.5: OK
+ * Outlook 2007: OK
+ * iPhone: The message appears without the signature but no other problem
+ * Thunderbird 5.0: OK
+ * Evolution 2.12: OK
+ * Apple Mail.app: OK
+ * Google Mail: A file smime.p3s appears as attachment
+ * Yandex Mail: A file smime.p3s appears as attachment
+ * Opera Mail: A file smime.p3s appears as attachment
+
+== AUTHORS
+
+Porting to Rails 3\\Mail from Rails 2\\Tmail and wrap code in gem was done by petRUShka <petrushkin@yandex.ru>.
+
+Original development for Rails 2.0.1 was done by Fabien Penso <fabien.penso@conovae.com> from
+CONOVAE http://www.conovae.com for Dimelo http://www.dimelo.fr
+
+Special thanks to Geal[http://stackoverflow.com/users/203955/geal] for noticing on error.
+
+This code is under the BSD license.
+
+== LICENSE
+
+Copyright (c) 2011, petRUShka, 2008, Fabien Penso
+
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of the University of California, Berkeley nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/Rakefile

@@ -0,0 +1,10 @@
+require 'rake/gempackagetask'
+
+spec = Gem::Specification.load(Dir['*.gemspec'].first)
+gem = Rake::GemPackageTask.new(spec)
+gem.define
+
+desc "Push gem to rubygems.org"
+task :push => :gem do
+  sh "gem push #{gem.package_dir}/#{gem.gem_file}"
+end

data/actionmailer_x509.gemspec

@@ -0,0 +1,13 @@
+Gem::Specification.new do |s|
+  s.name = "actionmailer_x509"
+  s.version = "0.3.0"
+  s.authors = ["petRUShka", "Fabien Penso", "CONOVAE"]
+  s.email = "petrushkin@yandex.ru"
+  s.files = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.homepage = "http://github.com/petRUShka/actionmailer_x509"
+  s.require_path = "lib"
+  s.rubygems_version = "1.3.5"
+  s.summary = "This Rails 3 plugin allows you to send X509 signed mails."
+end
+

data/init.rb

@@ -0,0 +1,4 @@
+require File.dirname(__FILE__) + '/lib/actionmailer_x509'
+require File.dirname(__FILE__) + '/lib/models/notifier.rb'
+
+#ActionMailer::Base.send(:include, Conovae::ActionMailerX509)

data/lib/actionmailer_x509.rb

@@ -0,0 +1,181 @@
+# Copyright (c) 2007 Fabien Penso <fabien.penso@conovae.com>
+#
+# actionmailer_x509 is a rails plugin to allow X509 outgoing mail to be X509
+# signed.
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the University of California, Berkeley nor the
+#       names of its contributors may be used to endorse or promote products
+#       derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+require 'actionmailer_x509/railtie' if defined?(Rails)
+require "openssl"
+
+module ActionMailer #:nodoc:
+  class Base #:nodoc:
+    @@default_x509_sign = false
+    @@default_x509_crypt = false # not used, for later.
+    @@default_x509_cert = nil
+    @@default_x509_key = nil
+    @@default_x509_sign_method = :smime
+    @@default_x509_crypt_method = :smime # not used, for later.
+    @@default_x509_passphrase = nil
+
+    # Should we sign the outgoing mail?
+    adv_attr_accessor :x509_sign
+
+    # Should we crypt the outgoing mail?. NOTE: not used yet.
+    adv_attr_accessor :x509_crypt
+
+    # Which certificate will be used for signing.
+    adv_attr_accessor :x509_cert
+
+    # Which private key will be used for signing.
+    adv_attr_accessor :x509_key
+
+    # Which signing method is used. NOTE: For later, if needed.
+    adv_attr_accessor :x509_sign_method
+
+    # Which crypting method is used. NOTE: not used yet.
+    adv_attr_accessor :x509_crypt_method
+
+    # Passphrase for the key, if needed.
+    adv_attr_accessor :x509_passphrase
+
+
+
+    # We replace the create! methods and run a new method if signing is required
+    def initialize_with_sign(method_name, *parameters)
+      mail = initialize_without_sign(method_name, *parameters)
+
+      x509_initvar()
+
+      # If we need to sign the outgoing mail.
+      if should_sign?
+        if logger
+          logger.debug("actionmailer_x509: We should sign the mail with #{@x509_sign_method} method.")
+        end
+        __send__("x509_sign_#{@x509_sign_method}", mail)
+      end
+
+    end
+    alias_method_chain :initialize, :sign
+
+    # X509 SMIME signing
+    def x509_sign_smime(mail)
+      if logger
+        logger.debug("actionmailer_x509: X509 SMIME signing with cert #{@x509_cert} and key #{@x509_key}")
+      end
+
+      # We should set content_id, otherwise Mail will set content_id after signing and will broke sign
+      mail.content_id ||= nil
+
+      # We can remove the headers from the older mail we encapsulate.
+      # Leaving allows to have the headers signed too within the encapsulated
+      # email, but MUAs make no use of them... :(
+      #
+      # mail.subject = nil
+      # mail.to = nil
+      # mail.cc = nil
+      # mail.from = nil
+      # mail.date = nil
+      # headers.each { |k, v| mail[k] = nil }
+      # mail['Content-Type'] = 'text/plain'
+      # mail.mime_version = nil
+
+      # We load certificate and private key
+      cert = OpenSSL::X509::Certificate.new( File::read(@x509_cert) )
+      prv_key = OpenSSL::PKey::RSA.new( File::read(@x509_key), @x509_passphrase)
+
+      begin
+        # Sign the mail
+        # NOTE: the one following line is the slowest part of this code, signing is sloooow
+        p7sign = OpenSSL::PKCS7.sign(cert,prv_key,mail.encoded, [], OpenSSL::PKCS7::DETACHED)
+        smime0 = OpenSSL::PKCS7::write_smime(p7sign)
+
+        # Adding the signature part to the older mail
+        newm = Mail.new(smime0)
+
+        # We need to overwrite the content-type of the mail so MUA notices this is a signed mail
+#        newm.content_type = 'multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; '
+         newm.delivery_method(mail.delivery_method.class, mail.delivery_method.settings)
+         newm.subject = mail.subject
+         newm.to = mail.to
+         newm.cc = mail.cc
+         newm.from = mail.from
+         newm.mime_version = mail.mime_version
+         newm.date = mail.date
+#        newm.body = "This is an S/MIME signed message\n"
+#        headers.each { |k, v| m[k] = v } # that does nothing in general
+
+        # NOTE: We can not use this as we need a B64 encoded signature, and no
+        # methods provides it within the Ruby OpenSSL library... :(
+        #
+        # We add the signature
+        # signature = Mail.new
+        # signature.mime_version = '1.0'
+        # signature['Content-Type'] = 'application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m"'
+        # signature['Content-Transfer-Encoding'] = 'base64'
+        # signature['Content-Disposition']  = 'attachment; filename="smime.p7m"'
+        # signature.body = p7sign.to_s
+        # newm.parts << signature
+
+        @_message = newm
+      rescue Exception => detail
+        logger.error("Error while SMIME signing the mail : #{detail}")
+      end
+
+      ## logger.debug("x509_sign_smime, resulted email\n-------------( test X509 )----------\n#{m.encoded}\n-------------( test X509 )----------")
+
+    end
+
+    # X509 SMIME crypting
+    def x509_crypt_smime(mail)
+      logger.debug("X509 SMIME crypting")
+    end
+
+    protected
+
+    # Shall we sign the mail?
+    def should_sign?
+      if @x509_sign == true
+        if not @x509_cert.nil? and not @x509_key.nil?
+          return true
+        else
+          logger.info "X509 signing required, but no certificate and key files configured"
+        end
+      end
+      return false
+    end
+
+    # Initiate from the default class attributes
+    def x509_initvar
+      @x509_sign ||= @@default_x509_sign
+      @x509_crypt ||= @@default_x509_crypt
+      @x509_cert ||= @@default_x509_cert
+      @x509_key ||= @@default_x509_key
+      @x509_sign_method ||= @@default_x509_sign_method
+      @x509_crypt_method ||= @@default_x509_crypt_method
+      @x509_passphrase ||= @@default_x509_passphrase
+    end
+  end
+end

data/lib/actionmailer_x509/railtie.rb

@@ -0,0 +1,10 @@
+require 'actionmailer_x509'
+require 'rails'
+module ActionMailerX509
+  class Railtie < Rails::Railtie
+    rake_tasks do
+      load "tasks/actionmailer_x509.rake"
+      load "tasks/tiny_performance_test.rake"
+    end
+  end
+end

data/lib/certs/ca.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFXTCCA0WgAwIBAgIJAPl1qZNbDf/TMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTEwNzA2MDkxNjAzWhcNMTIwNzA1MDkxNjAzWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAtrRXDvD1ynBeIMBcAYobJMtCqHvJVHFKZ7B44zP/otUB3y02rpCYust8
+W6Dy+JF62M1+X1y/x13c8+/jkx+niGXheu5q5hVMQ3r643ZY7lWxnHg8cN6mKxQJ
++USQHF65zHeJM7pm2SpcJL6DSd8VUINpyucaQ7S0HEyuFPsu1b5y2RzdzMQva3+P
+zufij2hZz6gnacBg/nPq5ujFg0Xqynk6SVJZ3i/WGC5YLx+ZOl0eQd96ww3Qab+r
+zk05RVOqXxvnsexnQqf9a3rqjY/uks2pIYG4P4UAIA68L42VZNJarUORK0hmMBMY
+Qryrj+EIejCOvZAgkwoQ+x0idmuQClKh1Vy2sypsf17DaBnPdLHnHIYQjVqUwhbc
+2HrWChZGvZ3EazUbAPO1nCx601L9RWDG4Nd90MGpNefBHl6ycg8Y2b5KNcETDCEk
+1OjHnU69vOyO+3CxB9TJYPPTMtV27aIxm/8osE3anrT0Cpk+cV+VRm61TrJn8gMy
+pmfz9uxLXuUhsI+p0Ux7gDXMTSjLA+urls9I9HFWR4/SG0+2/htiFcTmAmxZTFI8
+IX6MGQTAgm+sAPOai9HqzwLbZ4IXbTTWk8akrgEBU/E94gd5gV+ZA5exNbtYma4/
+Ey4gBMasEfKEdaQMgGpv0k4A4XvTx3NbULkmy8SvigerV+CVuD0CAwEAAaNQME4w
+HQYDVR0OBBYEFLPHmzX5GySDNz58MsJjPoKB4dRTMB8GA1UdIwQYMBaAFLPHmzX5
+GySDNz58MsJjPoKB4dRTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggIB
+ADQs04X5cCpI2otnrShO8+2lF+D0uzLT2nAYl6ohxwHBgmQfn8tsHaA/e3eUg1Cm
+KwH8xFCd4602uJ97lhAclsVETL4m0QeJ8iTF4uOOdIJ7cLaNRaQUI5PrdquO7o+b
+wfbs7zsXfi3KwwIAVlKTfTrVWuU2+Hnf+rbyW0NIqVFgJ3XB6+dZldfkIPUDD3M6
+aEqT7VNt/y0HGzACNA6/b9KpXrJMJS84LFaI13Eeuc9X7olLEElx8qZXeq9cOZoh
+wwaUiofH5qBWTfqmR4+EIgfIOpfLeUaDqDRluQMTftyPR3Pow7/eB/KW2gGU8L/c
+16/5RbllERAQkSYLU9j/d8heW0/zRC7A1sNKImnTCLMotlZ1mnICFGh8AcKciScM
+ptC4tckzca5AV3JxXOMUBC3q9PjfMwKVPAPr2uZFIT4c4VniUmSg/RPLJOGqRaCW
+LlFD1dKE+jt1QHy0/rmk6GHnN0aff8PrGabKXQrL8KhvrI9LeEiWd8P2cWNXvVY6
++xiYwtE1atQpeblB/QWPkk6SX9njEf5iio5j979h/K9yJzpHmVrN8xOOep6UqPwB
+HPwKC1S+xbpR3v3G+wytl9gwi1yQHgYmi++ez2mKEEt85nKW3dm1Dvmg2FlOs2d9
+hQ+ishaBRUt9yRTb0uy065LuxCnKaD3/09vzRLPBeFRu
+-----END CERTIFICATE-----

data/lib/certs/ca.key

@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,20AB4C981735CF97
+
++LCkxer139nv7ZsiLIaZ5aMAdpAS81Sk30cDLWXqpetfPkFQiLC+clPpQ2VIhdYr
+PISY7igfeXWHOiC5TwDh4FZUprpUtEh9gdVo9M7XXGetwxdeh3ep4cjFwceASOIX
+Pi32R1cNfhTkTT204/QZUiUE6hvcdIpV+R5D7AQpzbVgH7M8KjOeE+QzfYixjgsR
+hSki6Sa4UkYw/wQlvs/qG5dxQQzBE0TAy9mbxvQcqmpdsscMvLKZGcRdsu0seofH
+HevvG1n3qAWJ5a2BkB/nKAAMWDOqMqItVfCA8D79SVzIau26VfSOmD4ZeolpsRH/
+/ma3RRSasYL4biQe2s4vnmb/pm16zYCLQ+hBLT5YA/IkUAM0RY3aMrOYNzDPq47K
+Q37gRzTQmDwhsBSssNWx4MWV9p7RtQ8ckeHRJu6eHtKRfAn8X9qQ+Qd3Gx0kyOj4
+ZkskCwlbqCC7bz/39n9MX9WNQv2/gPDWw3tzhTY3xDM8gtbhQQSv7NbE/7QznGHX
+d2Y2OqY4dwixN487GQpDzkhCf+3aMnJPi/zB/KE3XqVngcy+3oSuZp5molp7R3xE
+7Nt4KzaxqQ56ZGpTl9GFO3UpLeZPQRWP2/dkzbAboff4wnfkOUM+0BGx5Scn7NiU
+e0JrTsKGClbSbP4t78F1eJ61UtuSqFtd4nDkpAsQ/2XbuUidgcwlUJw85cpBn4yC
+yTH9c6M8ZD0uuJ4Q/iY4qkOPKIuO9WLYMTKk42+6wlWW1msXYUSCoydkdEcCM4it
++bqxJhAcO7P8thZ30YyZWqttVzAWuXVka5G/9Si4MDYjj8mhrcGrfL0QQudLHSDj
+WdiUdWw3SGe0YSeEeDoLwUG7opAnFCf55h1MPOeT69uLGJoAQysRPJRZ1hV9vy9I
+FXaEqKKvXr/4qA44SK6tVfURciJheE/roUtkR9NB+Lo2p72V/OmwA1SPz7RqAum8
+PZUdke6KKMsPJNEDsHJWZJ/Q/FLt+Uebqr7924Emn5oXvHuqkOfSt1mN3HStuQNa
+kAU2GFZS9LURFG8jrUILPTF3iVEtI6/VsbpNMVR8HNIbCcXuuOcWlH4JtHUIkTnK
+WfCJSemCa7X5jgDbQPDpVtBewpeboBThaiEhby73lv0I6SQ++MVLIAHTXg+/3duA
+rrAJtUITy8LDmvL+qgCQGZUl/PZPPqwe0q1zwxJmQvm4IITYhZ6DeXpPI1J8BgAz
+xjGnYJBeFNIaCyo5TfDySvepxjQqGkISIIhy5u2e1mKkUJQOQeAdN8ur0135FgiG
+YYck7kr/cl8n3GzUjI+mpdXWjTqpSVnPtrnYmPGumoxIzb+a86lkobJMa7haTUZ5
+imfir6A3YYzAiJOomFM9icpOCXocqJE3SP7/NXnjZ4K5DNWLC6z8KjeRzCf1KRtc
+0C+BD3PSPIkcAWcteHMfI8RkwngkQ5dS627gz5CmclDyV0sRnlbMHxuP4d8WaiEt
+Id532NHAxuGkNNS8k4zmAe/bCo1lxHnKudvEC9qwTkXrcOuUfJndkoEszm+2skwx
+5sECTDqZyA3RsVz1ZPXZzE7+9Cyc+S4GQmtGfi4GmUAdJCYiqlCzEQjWyckfGGUG
+bMtjZu5PXKSBDJGGihhIZZKaL4gZcyhkFdfMMgy9wEN/fQCpJ2LsCt2bzkyZDNLZ
+yu9xQx1vT25zv9nokZQI4omO+izxcn9zywe4kF87IWlpuAbBkztkF9/R9tPnJxS1
+oHsq+45dpzq3/JcWisMGx1a90R59QnDtfZXtprsWE+BF30IPPi5a739hj5EHRsGM
+PQ8OPhismvflcPkgP0N3XLOjdS3F9erIQnUfmnunqOSX3OBGWY2uqrjZN59e3J8Y
+shnxtqOV4HBFEYfKDbhtOJA33Gf6opp3A0TrTx76xt9RETEZReYJN0dUlOog/yvt
+MbLubzJWl4gvA3EJHS86tSpDj+nC6pUFEa0ZI8JzIqJWPFsErbLyOlJAC6m4u9sf
+MpWubsshCCKgfl1CacVye3hiY2VaZJ0CMrMNcKw/9BMI20gifd+X2FqyFi6+E9Ju
+iCuNkY95ROWG946vKzFNrFMTocTTpoFlsejSLyojM2mVus9nEbtfmLC9Bkty1Y29
+7xpl14G5S2yCRfdzrmkSvCxMaR1gztTf+jRjeSW4zTUA5F9+aGk6Bd+qrXXTHRgV
+tKz61SF0UifjrfhlVtXgM+neWG00/71fs2K/yrSPMSFn06qsj3EjjG3YcPsEnzAs
+Rs4uu0cZWFpCN2wC/f4xhiOknbLTIwre5ckT6N6SnJp/JdEhE73G+cLACNdUKgU2
+FnKFYgSo0c+QO3/ZGo7M3Mnab9hJgpIM+tlUGJqXxIMVzW+5o//6Z0aS0zYqlQe8
+qmpc32Uot6j8dduAMvkJurqGvG9n7EuTY4xhAH2E8/GQp4IJUQnAFjFH8hgDsbaO
+o76BN2OmsYlxlfEdp7gQkDMqLPt48rxsWXIdRG5brVQEr6HfgeGZRejmR/I2myaH
+B/gyGzVvQ1WVKchgpEBK/nOD2uw+l5YGr9fnstJfclDL2xAcDAzTVMGZeIu+7clG
+yo+cgF2yn5YRdR9OUpyG46lr/v65Dxh/CmTmCuNACkrQJKafA26Y0ctBW8JhlQu7
+aQrPvvq1OtXNItfaZth/XT1maB7C/gNb32juTc5vIxdfAKyTAaMDbSAZYytUAjO7
+fzPwgkAYIIrpzfR0ytUPUdW2YmLTyUe6epQCEcmICPJVtYbQJM+7zAj83Mhh9Z90
+nRcfEor1XQbS3bZxTZAcjLVcPo/sB9KgFczmLk+2/m0WPd6lMkIxlVOSuTtHxB3s
+H3sPD5sYjy8vUof+RnjNnx7AlsvbYG/jNQdjNbsbykuYtNhZF7d5C1Iis+7BHHrw
+KhorVVIh2GFBGuJAZ6Gv2X9MbS6HnuB9hsIbWfK8do2/BmF82SpZdvblHJsOKPRw
+/uBu4yR9ZnYuAwHzcobb6B+dmU6GMT1NgcP3NN0Ea+mWKUp0PT/MgO9uyf/B2XNk
+YoCt97TzmHWRcdpQspL9wx8A1nuKCIkuuYGAwwBUBi64SdDmP0XXHzFE+39aK7iv
+uXJA/F4xHPLOAP6rPOu1MHHtQ/y0ilqwQZQvKDzTjpmu2lUKdLbWW0cgigL7YCY+
+-----END RSA PRIVATE KEY-----

data/lib/certs/server.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFJTCCAw0CAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
+BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDAgFw0xMTA3MDYwOTMzNTBaGA8yMDk0MDgyNDA5MzM1MFowajELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDEjMCEGCSqGSIb3DQEJARYUcGV0cnVzaGtpbkB5YW5kZXgucnUw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHzHFo6kiVWqcMRyXYMsLr
+pwBXd/9NAk5MIOSJyM64Nv6SHHL5Ppkee1PuLyyXpH46iSxG7kPcWGqwfG/CxykS
+xNgfDGVP6yDuUy/r/vHmduvPRA7nTQC8PWjRa01l/90Jwj/9cshU5hm7wW+nXFnr
+4FSmPAKkABxpU0MORGaGQLKHUIT7f7NjJN7Qg4ErLdtix1TgQbK5v3CFIHx5p1bW
+OnsbBfVxwKcEWPkZ7Uj0VbLNkaaviRrEmL1FZhv/7DzL+vpIOVcArM+SNyYqxlys
+s619/KXOjOCGkj+bUkUcOD7MdFNE9aaQHSpTBf3j++AxO9eAy0FiBgJdEwJ3jFEc
+iw7P/5h/hk8ZPfN/1SeWTEqMkfrpqIRmcP/8V1lF1nw2hoLvvU/giPU8XC0ZsULp
+WFdmp85thS3XfNGPyTOGWyvNbCaIN7Rh5DNtPSE2LbAffNzuhcn5PIkFc5t9S/ni
+dcQMnlPmSrkNfLNM0AC9nKbq81QxwyT8KDOZ3eJvb6ju52q1Co3N67KF+CFfVg2N
+FU9WkkkKwD7xfnFdHf8hT+OoLYlxXhdXsRCf1Diu/Ap4ZldlmY41ndBwpAXiDAwB
+R+EPV086LlkLhGIaK1cxMGzMG/SbnXKev3QrsvH2ii9aKaYXaJZcot4MoAla+kkO
+7Etx049uU2+zjp6rwashTQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQB1WrdGLJv3
+YFWfQYYJDKLQG5aTbKZ4ATeR3T3So9UQpiriICM1bNUfPxx2zvBCF+wbfGdTB7uU
+ENXEz6qWzhjN8E1MKoeq5XCdIiW5Bu8YmN1VTMlzoNgo5b13AptrYg7oFYvaaHNQ
+gOXS1R8AYRxA5DKVzfaDxY4+MERe8aDFMr4vryO4o/A1f8P+hfd09dylOFiK9l6l
++STvOpESfqOL7dZgmtryJPLKFVHLLreh8i7PzZO7aiixazUx3B1qHisYyY9W5Bh3
+iabgIQjsNG2Ktqbm4MxpXwlVqVmgDg7x9hPWB/PZha7NiegoTktt/pWQ6J+x7HY2
+BDH0BRLdZzK+wgOpXLFCbbln+f16lfzbCqKQyeGWbb6fsw7nVjvindXWCnZgBbty
+T9WuAtoCRfn4x4X75Kcac6ywRHJlPCU6y/KWYNJ9MP+cVoRi7xvpeld75V2TVocF
+CqUawAId7XWvNh6kifMz7FCY9feaMV/r4VrNux99jFYA5QwgvJkEssaIW+wlEj3l
++suTxhIPt9aTROJfhT16R6mTiYNejPSiT2FMDru8PxaU7S5h2awsXGkSex0PWSmy
+7bI8rOOIKNR5WQZs+3+FvyqJ6AV3vEYJ8TiRA20D/Wb3jLED96qEKbMxRLto7VRC
+kjDVtS3lkVU/4Hx51KttPtvmWDavkZP5aw==
+-----END CERTIFICATE-----

data/lib/certs/server.csr

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIErzCCApcCAQAwajELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEjMCEGCSqGSIb3DQEJ
+ARYUcGV0cnVzaGtpbkB5YW5kZXgucnUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDHzHFo6kiVWqcMRyXYMsLrpwBXd/9NAk5MIOSJyM64Nv6SHHL5Ppke
+e1PuLyyXpH46iSxG7kPcWGqwfG/CxykSxNgfDGVP6yDuUy/r/vHmduvPRA7nTQC8
+PWjRa01l/90Jwj/9cshU5hm7wW+nXFnr4FSmPAKkABxpU0MORGaGQLKHUIT7f7Nj
+JN7Qg4ErLdtix1TgQbK5v3CFIHx5p1bWOnsbBfVxwKcEWPkZ7Uj0VbLNkaaviRrE
+mL1FZhv/7DzL+vpIOVcArM+SNyYqxlyss619/KXOjOCGkj+bUkUcOD7MdFNE9aaQ
+HSpTBf3j++AxO9eAy0FiBgJdEwJ3jFEciw7P/5h/hk8ZPfN/1SeWTEqMkfrpqIRm
+cP/8V1lF1nw2hoLvvU/giPU8XC0ZsULpWFdmp85thS3XfNGPyTOGWyvNbCaIN7Rh
+5DNtPSE2LbAffNzuhcn5PIkFc5t9S/nidcQMnlPmSrkNfLNM0AC9nKbq81QxwyT8
+KDOZ3eJvb6ju52q1Co3N67KF+CFfVg2NFU9WkkkKwD7xfnFdHf8hT+OoLYlxXhdX
+sRCf1Diu/Ap4ZldlmY41ndBwpAXiDAwBR+EPV086LlkLhGIaK1cxMGzMG/SbnXKe
+v3QrsvH2ii9aKaYXaJZcot4MoAla+kkO7Etx049uU2+zjp6rwashTQIDAQABoAAw
+DQYJKoZIhvcNAQEFBQADggIBAKmseKzIrSxGyoMMw/FOc7K7NiMKV0mzw4DCbtQ5
+B6ArkV3eui41oAZ7l0rW6seRuPZJTyNUDi1SqTK0oiUOmR2GzR0maaMrhMIRoX9T
+eNmjwK02PzogIAODaczqomznfnCPRdcbq/Lz4iUSbLZilAGfj9RXCwRuvj0V/Lin
+Sxzht0+pFws+t2ofQiaD7+MIT3hP9+gljqrfAWcCdWC5rmcpVSXjk/8v3bBUm+Km
+c/10rMq3P13gbo4BzzVEmdNmUbfnT8yXs+akypP+SlBbg4V5ubrKoNPy1v+tWaZ0
++L3YAFogMFOzXNUmjHKmiENnqdwTCt7cStYwZ+dUc8ZKZUzVF7/JbL/i+llX3fjZ
+vAGWAZXHD1+i4vJ8IJv4h2+/UBgRk5LmAH5fjNC8Ay50NQyLA/FTAVAsYdu+arfM
+RTrcIpQiTy5v1QQYD2OqqX7VcwfBPEMUwM+x6eVgwsrqbK7p8DANhNNiWNqzwXFl
+N87o0HGMuATHTGyB965r/FPpUdvetOjCmENZ0bMCvQmexNzQUdnrbaqcHEKn5lmQ
+Qymf/lvsGHN8gobxzEmc1WeMrrfJexui6HR846EI4V5/kPhKGJUORkrtnXVGfKe6
+xftdAobLYJt7iqvnjmsKAbyUnW44TFl66j7PFyVa2u0knZRM4EQLw2JWewcNPQll
+ejcy
+-----END CERTIFICATE REQUEST-----

data/lib/certs/server.key

@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2E3CACC6B03CCE9D
+
+UZhACIZA8XITNAM36szQGEMXa4k2zq1pHbQYtFUlxp4pJQ0DLTSR7vs3XrbpNWSf
+HhSI9Pb+2GF4I5+os2RNlrg+Moab4KYfz/cxwgu1K3SXLRha/1i+EkS23TfjE0zt
+YxbMT7IuHqhxLDTTWLnFBW3sO+xcP31Z4+g57p/4piSA9GFRmFsjjIqcB6M64cWv
+E8I/2pzR/ERu7LOjg0KckrY3Y946HRIDMIUyG2yMFSAbSkxL/1LNTt3YOWflL/7H
+XNB0jN7hEbAY5g8zjP2hjTJn2KUjlDArKvGuFqZ7h9/U9GzjzuEPcRZFwONVRlgZ
+kIDgY0L/aHdbS1EuLrJADRkOGZkhsLwWvkPvouxjJvqCK8GaMaud4yjSMjBVrXHy
+PBRBntgwHyHk2BzONye8rAzqpYHe0omeJcIe3FJOV1NU9+vyfnCdE6p1XQV03iAX
+Ud+GT6JcFkWgFYdasM+iPccKSwoDLPsHl+jJgazgcvIKQ+c0TkaAkDI8Y89f0OQO
+EzdiDE/sBPYmYnqoI+wwsq2VF8rdmZrsa8TECEIqew0bJH0B71i+WTVXs5vlLzTX
+6FqhasuhJnn7F4be9ZBkYU0n/T9zb8IVKBeUNguevpK6No6jgBcH8ke6wsKQrHHs
+TVCE8rigzT2fAYuoONv2SPubUA/tHM+ABtkW/Ncqje5Az1No0kGC6+wchM6ew/vj
+yss4LsbkTEq1MfZHsuQCUQsg2uCKlG5ywl7dV8Yncb7BOfLHrv7Zgo4qreGUof+f
+Xrr5DzqPGcJfaCMXHtfP+qI7F/6pGBEMgznDQIFj/lJcxvgpAOU6NAos8zSYwgI7
+vXS73g5DuJm6Nm0GNVMrII3cqCvFkizXk7CLHd0P64y0ayHl5zF2rH/23WXlvOv3
+5uLL++D2qdzHOh0+5GRVQArbq6pW0ZfM1k+0Hxv+3p/2MA0IdsLTSGDKgLfSB9la
+kw34EGRPI7E/5Qk5gR2fMqOVfhRNxBU+5WwVNGycfcg+5iVgIXt2UTnxYHlPKhWJ
+jC1+c4g29ThnT93AS1SJOs45rznnK4u9zHR/NHrjfkh1ZruJLnKI0S7mEE1Y0LJd
+1fs2YerJJQ2nFutadNmLyIQZ/A2cCailoC4vewSl1ZqBDWmh+JjgOzRevOh8uwjk
+sR+4O6N4XVJG4C2N/eulxWQ28+w/s7Ivu39CfIyBvAdpndh0y7ipWHcQTUc8gsl/
+JnYgxjxTPpH5Q0HbAz5hMMSk/Jf8uvqfXQiWC5X97IlrRttbz0Df4K2PZniV92tH
+/k9aNOPFggJHDplG76htrT+jhRPaUmgt/vutD7/t3qAVGUx8EpXk6TIEpTKvHZdq
+Di07DOKvXpejWOdbnkXWev9jqKOEppg0uZdyleulpoRQfiX//VUcihJvKdUGb+zs
+/DMIf05zVwRKwH87VMa2zQMNUkVFS9AOMwwy5j/bHdDDgwBpCKJvAqqye4LVAV0Z
+vpxV9YatB/i5w5iXYhaj1gsSo+Pvi5sy+U/0Y0Bi+ryb5ePb3ERu/mbCO2PG8ZFx
+5HYLvtig5qJ3xcwl3nX4PuAxN0CxLkE+3u3EvH2sEJe5fmGfAQdnW5H8g3p4vH/P
+Ribb+xpPBNaUDaaEH3+6YBV4L+0FxLmszMyZPep5QM4ogRA/4W37gjkbxTYjAU5P
+MSo9q9FMs5FW+2M+f0TfGPEejT4xD3pWhCQnT6gBWasMUJ3QTmhXRzTl15EuJAGO
+KymIBLp5FMFPRtU1uQ7LiUtW1fCLjJjYiOmeCu5SWo/5drkVgHt0aWa/ZIoWQKIw
+TJvR5Qi3YGcxAfbKCEodur9iI7ySoD8BXe6Q1SdXoO5V5Rb24gxYdNx23SC4juNc
+kLdJm0DZAnxN4+HDUYt7X+746AQnbkXf+Psc8MBRtXaGJhF5sX70+P+KAt7+SaK3
+yJ+r1mB98hoHGV0HSuGboa7mZEb7DZfYYhBS3sNt2gfxP8WW2prWlyvktPeKXMlb
+3xBbR5Y+A9OSe9eeWS+29OfVNiG/Kdv0ciSRYkUJMe+qSRg8aiq5XSjFTfxysKP7
+CfgxCAfV2mAmlMfdtFnAaLZImGwrlfeAuLwqBuC/WLwo2vSwCZrr+uTwT3T3InbK
+op/jBV7EAouCzDa2Hp2Emj3H322/OWjOI3j46HpPUDvN7RYVd20d7+tcJkKyanSY
+zZbqU9QP/Dt7e/sZqOSffJKsXLnYLDNw1PdiA3Vi7KQl92AmHzycUaCOFjiRUKIf
+0NIaQNRaLUFlQwP4b9V5A/Gc5BgZcnyd2meErme+hH88Q25K2AjHAvM/O5Nn1CbY
+Q44VTBrD+agRp+ML4Q22UUZ/2Kr2FDAxvtcD2yHSrM1E5MmaHBlXcXP3SDiFaovF
+z3Qrdi5b9uVmFf5jm1J/S++O5rFRdsATjybgnNRJ6hv2YRhqrR9v76XaVGAwy9/X
+oCuT+dw9AYU9AaSX+K4/wszmTlrZJfz/dlMSf1kSfHswgQnuCGLynANi72D73qwX
+Nsl91HODYdsuWi9wglNo0cLXccAzerNj/Ov45yO84cRt51zYg1WzkF2H/T0m58Ys
+IpYSl2/7OaffYYWWuUN719Kyvfc8hbG0ENl/0QCw7kfBrOrdZQp+ekTJuUdeOpn6
+1RjxODQeIn/TvAvb5IbgnLucCjhk3IGQ44SnERstgxp1wG3SOVPTNTNiHdYsVZDg
+Slj3G8MaIkAq4cJ8ajAA/DBAE6c4JPkdVjkGa5K33mR6VVhkl3tm6c7nUdDnuNhw
+T69tIuqcF7cCGQI9KXgCJAKZadJrSOk/vhChM8iQjMuvNozE+1fJLK3Kq/YPWp9x
+3oKBlrln7KQ8gkmJruGjs87cYxHup9w1mjEG+Ml+Jl/A2NIpIgeXwaG6L6PsVuh/
+FAL28JJwl63/nJ8qTvg8tEpHlozzOnTN5F6tvI4k1npW6WCvEhET0w5Ubua4oQw1
+Bdgjzy/A+jHmSlHLUJftqQ1i7r2DD/Z/OYS609b6HPUUdukUZQIYaTWm7vvJe7JI
+hNWIXBKfqBgTG6Lcn2f3AwQ9Kp752DrIaaNfhIDEdSvZakEPrlW886RsJlDhcLZP
+yyfLD7w3YsWqcq2zfuukD//lodTqymmcMdI3/7Ie2qp7km+q12xP74iEPJNTybTA
+-----END RSA PRIVATE KEY-----

data/lib/models/notifier.rb

@@ -0,0 +1,24 @@
+class Notifier < ActionMailer::Base #:nodoc:
+
+#  self.template_root = "#{File.dirname(__FILE__)}/../views/"
+  self.prepend_view_path("#{File.dirname(__FILE__)}/../views/")
+
+  def fufu(email, from, subject = "Empty subject")
+    mail(:to => email, :subject => subject, :from => from)
+  end
+
+  def fufusigned(email, from ,
+    subject = "Empty subject for signed",
+    cert = "#{File.dirname(__FILE__)}/../certs/server.crt",
+    key = "#{File.dirname(__FILE__)}/../certs/server.key")
+
+    x509_sign   true
+    x509_cert   cert
+    x509_key    key
+    x509_passphrase  "demo"
+
+    mail(:subject => subject, :to => email, :from => from) do |format|
+      format.text {render 'fufu'}
+    end
+  end
+end

data/lib/tasks/actionmailer_x509.rake

@@ -0,0 +1,69 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+require 'models/notifier'
+
+namespace :actionmailer_x509 do
+  desc "Sending a mail, for test."
+  task(:send_test => :environment) do
+    if ENV['email'].nil?
+      puts "You should call the rake task like\nrake actionmailer_x509:send_test email=yourmail@yourdomain.com\n"
+    else
+      puts "Note: Please make sure you have configured ActionMailer."
+      puts "The mail sent might be stoped by antispam."
+      puts "If you wish to verify the signature, please include"
+      puts "#{File.dirname(__FILE__)}/../certs/ca.crt"
+      puts "as an authority in your MUA. Remove it after your test!!!\n\n"
+      puts "Emailing <#{ENV['email']}>"
+      Notifier.fufusigned("#{ENV['email']}", "demo@foobar.com", "Signed mail at #{Time.now.to_s}").deliver
+    end
+  end
+
+
+  desc "Performance test."
+  task(:performance_test => :environment) do
+    require 'benchmark'
+
+    n = 100
+    Benchmark.bm do |x|
+      x.report("#{n} mails without signature: ") {
+        for i in 1..n do
+          Notifier.fufu("<destination@foobar.com>", "<demo@foobar.com>")
+        end
+      }
+      x.report("#{n} mails with signature: ") {
+        for i in 1..n do
+          Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+        end
+      }
+    end
+  end
+
+  desc "Generates a signed mail in a file."
+  task(:generate_mail => :environment) do
+    mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+    path = ENV['mail']
+    path = "tmp/signed_mail.txt" if path.nil?
+    File.open(path, "w") do |f|
+      f.write mail.encoded
+    end
+    puts "Signed mail is at #{path}."
+    puts "You can use mail=filename as argument to change it." if ENV['mail'].nil?
+  end
+
+  desc "Check if signature is valid."
+  task(:verify_signature => :environment) do
+    require 'tempfile'
+    mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+
+    tf = Tempfile.new('actionmailer_x509')
+    tf.write mail.encoded
+    tf.flush
+
+    comm = "openssl smime -verify -in #{tf.path} -CAfile #{File.dirname(__FILE__)}/../lib/certs/ca.crt > /dev/null"
+
+    puts "Using openssl command to verify signature..."
+    system(comm)
+
+  end
+end

data/lib/tasks/tiny_performance_test.rake

@@ -0,0 +1,81 @@
+# Copyright (c) 2007 Fabien Penso <fabien.penso@conovae.com>
+#
+# A simple test to show how slow is the Ruby/SSL signature function
+# 
+# All rights reserved.
+
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+require "openssl"
+
+def sign_single_body_pipe
+
+  body = <<"EOF"
+Date: Fri, 01 Jan 2008 11:57:45 +0100
+From: demo@foobar.com
+To: destination@foobar.com
+Subject: Empty subject for signed
+Mime-Version: 1.0
+
+This is the body of the mail
+EOF
+
+    require 'tempfile'
+
+    tf = Tempfile.new('actionmailer_x509')
+    tf.write body
+    tf.flush
+
+		tf2 = Tempfile.new('actionmailer_x509')
+		tf2.flush
+
+		comm = "openssl smime -sign -passin pass:demo -in #{tf.path} -text -out #{tf2.path} -signer #{File.dirname(__FILE__)}/../lib/certs/server.crt -inkey #{File.dirname(__FILE__)}/../lib/certs/server.key"
+
+		system(comm)
+
+end
+
+def sign_single_body
+
+  body = <<"EOF"
+Date: Fri, 01 Jan 2008 11:57:45 +0100
+From: demo@foobar.com
+To: destination@foobar.com
+Subject: Empty subject for signed
+Mime-Version: 1.0
+
+This is the body of the mail
+EOF
+
+  cert = OpenSSL::X509::Certificate.new( File::read("#{File.dirname(__FILE__)}/../lib/certs/server.crt") )
+  prv_key = OpenSSL::PKey::RSA.new( File::read("#{File.dirname(__FILE__)}/../lib/certs/server.key"), "demo")
+
+  p7sign = OpenSSL::PKCS7.sign(cert,prv_key,body, [], OpenSSL::PKCS7::DETACHED)
+
+  #smime0 = OpenSSL::PKCS7::write_smime(p7sign)
+
+end
+
+namespace :actionmailer_x509 do
+
+  #desc "Tiny Performance test."
+  task(:tiny_performance_test => :environment) do
+    require 'benchmark'
+
+    n = 100
+    Benchmark.bm do |x|
+      x.report("#{n} loops with pipe") {
+        for i in 1..n do
+          sign_single_body_pipe
+        end
+      }
+      x.report("#{n} loops Ruby/SSL") {
+        for i in 1..n do
+          sign_single_body
+        end
+      }
+    end
+  end
+
+end

data/lib/views/notifier/fufu.erb

@@ -0,0 +1,3 @@
+This is the signed part of the mail
+
+This is the 3rd line, to make sure...

data/test/actionmailer_x509_test.rb

@@ -0,0 +1,79 @@
+require 'rubygems'
+require 'test/unit'
+require File.dirname(__FILE__) + '/helper'
+require File.dirname(__FILE__) + '/../init'
+
+class ActionmailerX509Test < Test::Unit::TestCase #:nodoc:
+
+  # If we want to sign a message, verify a signature is attached
+  def test_signed
+    mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+
+    assert_equal mail.delivery_method.settings[:address], 'smtp.com'
+    assert_equal mail.from, [ "demo@foobar.com" ]
+
+    found = false
+    for part in mail.parts do
+      if part.content_type =~ /application\/x-pkcs7-signature/
+        found = true
+        break
+      end
+    end
+    assert_equal found, true
+
+    require 'tempfile'
+
+    tf = Tempfile.new('actionmailer_x509')
+    tf.write mail.encoded
+    tf.flush
+
+    comm = "openssl smime -verify -in #{tf.path} -CAfile #{File.dirname(__FILE__)}/../lib/certs/ca.crt 2>&1"
+
+    success = false
+    output = IO.popen(comm)
+    while output.gets do
+      if $_ =~ /^Verification successful/
+        success = true
+      end
+    end
+    assert_equal(success, true)
+  end
+
+  # If we want no signature, verify not signature is attached to the mail
+  def test_not_signed
+    mail = Notifier.fufu("<destination@foobar.com>", "<demo@foobar.com>")
+
+    found = false
+    for part in mail.parts do
+      puts part.content_type
+      if part.content_type =~ /application\/x-pkcs7-signature/
+        found = true
+        break
+      end
+    end
+    assert_equal found, false
+  end
+
+  # If we want to sign a message but no certificate is on the filesystem
+  def test_signed_with_no_certs
+    crashed = false
+    begin
+      mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>", "", "/tmp/doesnotexist")
+    rescue Errno::ENOENT => detail
+      crashed = true
+    end
+
+    assert_equal(crashed, true)
+  end
+
+  # If we want to sign a message but incorrect certificate is given
+  def test_signed_incorrect_certs
+    crashed = false
+    begin
+      mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>", "", "#{File.dirname(__FILE__)}/../lib/certs/server.key")
+    rescue OpenSSL::X509::CertificateError => detail
+      crashed = true
+    end
+    assert_equal(crashed, true)
+  end
+end

data/test/helper.rb

@@ -0,0 +1,42 @@
+require 'test/unit'
+
+unless defined?(ActiveRecord)
+  plugin_root = File.join(File.dirname(__FILE__), '..')
+
+  # first look for a symlink to a copy of the framework
+  if framework_root = ["#{plugin_root}/rails", "#{plugin_root}/../../rails"].find { |p| File.directory? p }
+    puts "found framework root: #{framework_root}"
+    # this allows for a plugin to be tested outside an app
+    $:.unshift "#{framework_root}/activesupport/lib", "#{framework_root}/activerecord/lib", "#{framework_root}/actionpack/lib"
+  else
+    # is the plugin installed in an application?
+    app_root = plugin_root + '/../../..'
+
+    if File.directory? app_root + '/config'
+      puts 'using config/boot.rb'
+      ENV['RAILS_ENV'] = 'test'
+      require File.expand_path(app_root + '/config/boot')
+    else
+      # simply use installed gems if available
+      puts 'using rubygems'
+      require 'rubygems'
+      gem 'actionpack'; gem 'activerecord'
+    end
+  end
+
+   require 'action_mailer'
+
+#  ActiveSupport::Dependencies.autoload_paths.unshift "#{plugin_root}/lib"
+   require plugin_root + '/lib/models/notifier'
+end
+
+ActionMailer::Base.smtp_settings = {
+    :address => "smtp.com",
+    :port => 465,
+    :domain => 'test.com',
+    :user_name => 'user',
+    :password => 'pass',
+    :authentication => 'login',
+    :enable_starttls_auto => true
+}
+

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification 
+name: actionmailer_x509
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.3.0
+platform: ruby
+authors: 
+- petRUShka
+- Fabien Penso
+- CONOVAE
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-07-31 00:00:00 +04:00
+default_executable: 
+dependencies: []
+
+description: 
+email: petrushkin@yandex.ru
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- BSD-LICENSE
+- README.rdoc
+- Rakefile
+- actionmailer_x509.gemspec
+- init.rb
+- install.rb
+- lib/actionmailer_x509.rb
+- lib/actionmailer_x509/railtie.rb
+- lib/certs/ca.crt
+- lib/certs/ca.key
+- lib/certs/name-cert.p12
+- lib/certs/server.crt
+- lib/certs/server.csr
+- lib/certs/server.key
+- lib/models/notifier.rb
+- lib/tasks/actionmailer_x509.rake
+- lib/tasks/tiny_performance_test.rake
+- lib/views/notifier/fufu.erb
+- test/actionmailer_x509_test.rb
+- test/helper.rb
+- uninstall.rb
+has_rdoc: true
+homepage: http://github.com/petRUShka/actionmailer_x509
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: This Rails 3 plugin allows you to send X509 signed mails.
+test_files: 
+- test/actionmailer_x509_test.rb
+- test/helper.rb