actionmailer_x509 0.3.0 → 0.4.0

data/README.rdoc

@@ -4,7 +4,7 @@ petRUShka, Fabien Penso
 
 == DESCRIPTION
 
-This plugin allows you to send X509 signed mails with Rails 3 ActionMailer. If you want to sign mails with Rails 2, you should use original plugin: https://github.com/penso/actionmailer_x509
+This plugin allows you to send X509 signed and\or crypted mails with Rails 3 ActionMailer. If you want to sign mails with Rails 2, you should use the original plugin: https://github.com/penso/actionmailer_x509
 
 It has been tested with Rails 3.0.3.
 
@@ -67,10 +67,15 @@ your ActionMailer model.
       def sending_method(email, from , subject = "Empty subject for signed")
         # If you want to sign the mail
         x509_sign  true
-        x509_cert  "certs/yourwebsite.crt"
-        x509_key   "certs/yourwebsite.key"
+        x509_sign_cert  "certs/yourwebsite.crt"
+        x509_sign_key   "certs/yourwebsite.key"
         # In case your certificate has a passphrase
-        x509_passphrase "my passphrase for the certificate"
+        x509_sign_passphrase "my passphrase for the certificate"
+        # If you want to crypt the mail
+        x509_crypt  true
+        x509_crypt_cert  "certs/crypt.crt"
+        # In case you want to set non DES cipher
+        x509_crypt_cipher "AES-128-CBC"
 
         mail(:subject => subject, :to => email, :from => from)
       end
@@ -80,6 +85,8 @@ You can also specify the certificate and key in your environment file:
     ActionMailer::Base.default_x509_sign = true
     ActionMailer::Base.default_x509_cert = "certs/server.crt"
     ActionMailer::Base.default_x509_key  = "certs/server.key"
+    ActionMailer::Base.default_x509_crypt = true
+    ActionMailer::Base.default_x509_crypt_cert = "certs/crypt.crt"
 
 == USING TEST
 
@@ -122,12 +129,12 @@ readable.
 
 == AUTHORS
 
-Porting to Rails 3\\Mail from Rails 2\\Tmail and wrap code in gem was done by petRUShka <petrushkin@yandex.ru>.
+Porting to Rails 3\\Mail from Rails 2\\Tmail, adding crypting and wrap code into the gem was done by petRUShka <petrushkin@yandex.ru>.
 
 Original development for Rails 2.0.1 was done by Fabien Penso <fabien.penso@conovae.com> from
 CONOVAE http://www.conovae.com for Dimelo http://www.dimelo.fr
 
-Special thanks to Geal[http://stackoverflow.com/users/203955/geal] for noticing on error.
+Special thanks to Geal[http://stackoverflow.com/users/203955/geal] for noticing on content-id error.
 
 This code is under the BSD license.
 

data/actionmailer_x509.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "actionmailer_x509"
-  s.version = "0.3.0"
+  s.version = "0.4.0"
   s.authors = ["petRUShka", "Fabien Penso", "CONOVAE"]
   s.email = "petrushkin@yandex.ru"
   s.files = `git ls-files`.split("\n")
@@ -8,6 +8,6 @@ Gem::Specification.new do |s|
   s.homepage = "http://github.com/petRUShka/actionmailer_x509"
   s.require_path = "lib"
   s.rubygems_version = "1.3.5"
-  s.summary = "This Rails 3 plugin allows you to send X509 signed mails."
+  s.summary = "This Rails 3 plugin allows you to send X509 signed and\\or crypted mails."
 end
 

data/lib/actionmailer_x509.rb

@@ -33,61 +33,67 @@ require "openssl"
 module ActionMailer #:nodoc:
   class Base #:nodoc:
     @@default_x509_sign = false
-    @@default_x509_crypt = false # not used, for later.
-    @@default_x509_cert = nil
-    @@default_x509_key = nil
-    @@default_x509_sign_method = :smime
-    @@default_x509_crypt_method = :smime # not used, for later.
-    @@default_x509_passphrase = nil
+    @@default_x509_sign_cert = nil
+    @@default_x509_sign_key = nil
+    @@default_x509_sign_passphrase = nil
+
+    @@default_x509_crypt = false
+    @@default_x509_crypt_cert = nil
+    @@default_x509_crypt_cipher = "des"
+
+    @@default_x509_sign_and_crypt_method = :smime
 
     # Should we sign the outgoing mail?
     adv_attr_accessor :x509_sign
 
-    # Should we crypt the outgoing mail?. NOTE: not used yet.
+    # Should we crypt the outgoing mail?
     adv_attr_accessor :x509_crypt
 
     # Which certificate will be used for signing.
-    adv_attr_accessor :x509_cert
+    adv_attr_accessor :x509_sign_cert
 
     # Which private key will be used for signing.
-    adv_attr_accessor :x509_key
-
-    # Which signing method is used. NOTE: For later, if needed.
-    adv_attr_accessor :x509_sign_method
+    adv_attr_accessor :x509_sign_key
 
-    # Which crypting method is used. NOTE: not used yet.
-    adv_attr_accessor :x509_crypt_method
+    # Which certificate will be used for crypting.
+    adv_attr_accessor :x509_crypt_cert
 
-    # Passphrase for the key, if needed.
-    adv_attr_accessor :x509_passphrase
+    # Which encryption algorithm will be used for crypting.
+    adv_attr_accessor :x509_crypt_cipher
 
+    # Which signing method is used. NOTE: For later, if needed.
+    adv_attr_accessor :x509_sign_and_crypt_method
 
+    # Passphrase for the sign key, if needed.
+    adv_attr_accessor :x509_sign_passphrase
 
-    # We replace the create! methods and run a new method if signing is required
-    def initialize_with_sign(method_name, *parameters)
-      mail = initialize_without_sign(method_name, *parameters)
+    # We replace the initialize methods and run a new method if signing or crypting is required
+    def initialize_with_sign_and_crypt(method_name, *parameters)
+      mail = initialize_without_sign_and_crypt(method_name, *parameters)
 
       x509_initvar()
 
       # If we need to sign the outgoing mail.
-      if should_sign?
+      if should_sign? or should_crypt?
         if logger
-          logger.debug("actionmailer_x509: We should sign the mail with #{@x509_sign_method} method.")
+          logger.debug("actionmailer_x509: We should sign and\or crypt the mail with #{@x509_sign_and_crypt_method} method.")
         end
-        __send__("x509_sign_#{@x509_sign_method}", mail)
+        __send__("x509_#{@x509_sign_and_crypt_method}", mail)
       end
 
     end
-    alias_method_chain :initialize, :sign
+    alias_method_chain :initialize, :sign_and_crypt
 
-    # X509 SMIME signing
-    def x509_sign_smime(mail)
+    # X509 SMIME signing and\or crypting
+    def x509_smime(mail)
       if logger
-        logger.debug("actionmailer_x509: X509 SMIME signing with cert #{@x509_cert} and key #{@x509_key}")
+        logger.debug("actionmailer_x509: X509 SMIME signing with cert #{@x509_cert} and key #{@x509_key}") if should_sign?
+        logger.debug("actionmailer_x509: X509 SMIME crypt with cert #{@x509_cert}") if should_crypt?
       end
 
       # We should set content_id, otherwise Mail will set content_id after signing and will broke sign
       mail.content_id ||= nil
+      mail.parts.each {|p| p.content_id ||= nil}
 
       # We can remove the headers from the older mail we encapsulate.
       # Leaving allows to have the headers signed too within the encapsulated
@@ -103,14 +109,24 @@ module ActionMailer #:nodoc:
       # mail.mime_version = nil
 
       # We load certificate and private key
-      cert = OpenSSL::X509::Certificate.new( File::read(@x509_cert) )
-      prv_key = OpenSSL::PKey::RSA.new( File::read(@x509_key), @x509_passphrase)
+      if should_sign?
+        sign_cert = OpenSSL::X509::Certificate.new( File::read(@x509_sign_cert) )
+        sign_prv_key = OpenSSL::PKey::RSA.new( File::read(@x509_sign_key), @x509_sign_passphrase)
+      end
+
+      if should_crypt?
+        crypt_cert = OpenSSL::X509::Certificate.new( File::read(@x509_crypt_cert) )
+        cipher = OpenSSL::Cipher.new(@x509_crypt_cipher)
+      end
+
+#      begin
+        # Sign and crypt the mail
 
-      begin
-        # Sign the mail
         # NOTE: the one following line is the slowest part of this code, signing is sloooow
-        p7sign = OpenSSL::PKCS7.sign(cert,prv_key,mail.encoded, [], OpenSSL::PKCS7::DETACHED)
-        smime0 = OpenSSL::PKCS7::write_smime(p7sign)
+        p7 = mail.encoded
+        p7 = OpenSSL::PKCS7.sign(sign_cert,sign_prv_key, p7, [], OpenSSL::PKCS7::DETACHED) if should_sign?
+        p7 = OpenSSL::PKCS7.encrypt([crypt_cert], (should_sign? ? OpenSSL::PKCS7::write_smime(p7) : p7), cipher, nil) if should_crypt?
+        smime0 = OpenSSL::PKCS7::write_smime(p7)
 
         # Adding the signature part to the older mail
         newm = Mail.new(smime0)
@@ -140,25 +156,24 @@ module ActionMailer #:nodoc:
         # newm.parts << signature
 
         @_message = newm
-      rescue Exception => detail
-        logger.error("Error while SMIME signing the mail : #{detail}")
-      end
+#      rescue Exception => detail
+#        logger.error("Error while SMIME signing and\or crypting the mail : #{detail}")
+#      end
 
       ## logger.debug("x509_sign_smime, resulted email\n-------------( test X509 )----------\n#{m.encoded}\n-------------( test X509 )----------")
 
     end
 
-    # X509 SMIME crypting
-    def x509_crypt_smime(mail)
-      logger.debug("X509 SMIME crypting")
-    end
-
     protected
 
     # Shall we sign the mail?
     def should_sign?
+      @should_sign ||= __should_sign?
+    end
+
+    def __should_sign?
       if @x509_sign == true
-        if not @x509_cert.nil? and not @x509_key.nil?
+        if not @x509_sign_cert.nil? and not @x509_sign_key.nil?
           return true
         else
           logger.info "X509 signing required, but no certificate and key files configured"
@@ -167,15 +182,32 @@ module ActionMailer #:nodoc:
       return false
     end
 
+    # Shall we crypt the mail?
+    def should_crypt?
+      @should_crypt ||= __should_crypt?
+    end
+
+    def __should_crypt?
+      if @x509_crypt == true
+        if not @x509_crypt_cert.nil?
+          return true
+        else
+          logger.info "X509 crypting required, but no certificate file configured"
+        end
+      end
+      return false
+    end
+
     # Initiate from the default class attributes
     def x509_initvar
-      @x509_sign ||= @@default_x509_sign
-      @x509_crypt ||= @@default_x509_crypt
-      @x509_cert ||= @@default_x509_cert
-      @x509_key ||= @@default_x509_key
-      @x509_sign_method ||= @@default_x509_sign_method
-      @x509_crypt_method ||= @@default_x509_crypt_method
-      @x509_passphrase ||= @@default_x509_passphrase
+      @x509_sign_and_crypt_method ||= @@default_x509_sign_and_crypt_method
+      @x509_sign                  ||= @@default_x509_sign
+      @x509_crypt                 ||= @@default_x509_crypt
+      @x509_crypt_cert            ||= @@default_x509_crypt_cert
+      @x509_crypt_cipher          ||= @@default_x509_crypt_cipher
+      @x509_sign_cert             ||= @@default_x509_sign_cert
+      @x509_key                   ||= @@default_x509_sign_key
+      @x509_sign_passphrase       ||= @@default_x509_sign_passphrase
     end
   end
 end

data/lib/models/notifier.rb

@@ -4,18 +4,44 @@ class Notifier < ActionMailer::Base #:nodoc:
   self.prepend_view_path("#{File.dirname(__FILE__)}/../views/")
 
   def fufu(email, from, subject = "Empty subject")
-    mail(:to => email, :subject => subject, :from => from)
+    fufu_signed_and_or_crypted(email, from, subject)
   end
 
-  def fufusigned(email, from ,
-    subject = "Empty subject for signed",
+  def fufu_signed(email, from ,
+    subject = "Empty subject for signed", cert = "#{File.dirname(__FILE__)}/../certs/server.crt",
+    key = "#{File.dirname(__FILE__)}/../certs/server.key")
+
+    fufu_signed_and_or_crypted(email, from, subject, { :signed => true }, cert, key)
+  end
+
+  def fufu_crypted(email, from ,
+    subject = "Empty subject for encrypted")
+
+    fufu_signed_and_or_crypted(email, from, subject, :crypted => true)
+  end
+
+  def fufu_signed_and_crypted(email, from ,
+    subject = "Empty subject for signed and encrypted")
+
+    fufu_signed_and_or_crypted(email, from, subject, { :signed => true, :crypted => true })
+  end
+
+  def fufu_signed_and_or_crypted(email, from ,
+    subject = "Empty subject", options = {},
     cert = "#{File.dirname(__FILE__)}/../certs/server.crt",
     key = "#{File.dirname(__FILE__)}/../certs/server.key")
 
-    x509_sign   true
-    x509_cert   cert
-    x509_key    key
-    x509_passphrase  "demo"
+    if options[:crypted]
+      x509_crypt            true
+      x509_crypt_cert       cert
+    end
+
+    if options[:signed]
+      x509_sign             true
+      x509_sign_cert        cert
+      x509_sign_key         key
+      x509_sign_passphrase  "demo"
+    end
 
     mail(:subject => subject, :to => email, :from => from) do |format|
       format.text {render 'fufu'}

data/lib/tasks/actionmailer_x509.rake

@@ -3,19 +3,28 @@ require 'rake/testtask'
 require 'rake/rdoctask'
 require 'models/notifier'
 
+
 namespace :actionmailer_x509 do
-  desc "Sending a mail, for test."
+  desc "Sending a mail that can be signed and\\or crypted, for test."
   task(:send_test => :environment) do
-    if ENV['email'].nil?
-      puts "You should call the rake task like\nrake actionmailer_x509:send_test email=yourmail@yourdomain.com\n"
+    email = ENV['email']
+    if email.nil?
+      puts "You should call the rake task like\nrake actionmailer_x509:send_test email=yourmail@yourdomain.com signed=true crypted=false\n"
     else
       puts "Note: Please make sure you have configured ActionMailer."
       puts "The mail sent might be stoped by antispam."
       puts "If you wish to verify the signature, please include"
       puts "#{File.dirname(__FILE__)}/../certs/ca.crt"
       puts "as an authority in your MUA. Remove it after your test!!!\n\n"
-      puts "Emailing <#{ENV['email']}>"
-      Notifier.fufusigned("#{ENV['email']}", "demo@foobar.com", "Signed mail at #{Time.now.to_s}").deliver
+      puts "Emailing <#{email}>"
+      if ENV['signed']
+        signed = Boolean(ENV['signed'])
+      else
+        signed = true
+      end
+      crypted = ENV['crypted']
+
+      Notifier.fufu_signed_and_or_crypted(email, "demo@foobar.com", "Signed mail at #{Time.now.to_s}", {:signed => signed, :crypted => crypted}).deliver
     end
   end
 
@@ -33,7 +42,7 @@ namespace :actionmailer_x509 do
       }
       x.report("#{n} mails with signature: ") {
         for i in 1..n do
-          Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+          Notifier.fufu_signed("<destination@foobar.com>", "<demo@foobar.com>")
         end
       }
     end
@@ -41,7 +50,7 @@ namespace :actionmailer_x509 do
 
   desc "Generates a signed mail in a file."
   task(:generate_mail => :environment) do
-    mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+    mail = Notifier.fufu_signed("<destination@foobar.com>", "<demo@foobar.com>")
     path = ENV['mail']
     path = "tmp/signed_mail.txt" if path.nil?
     File.open(path, "w") do |f|
@@ -54,7 +63,7 @@ namespace :actionmailer_x509 do
   desc "Check if signature is valid."
   task(:verify_signature => :environment) do
     require 'tempfile'
-    mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+    mail = Notifier.fufu_signed("<destination@foobar.com>", "<demo@foobar.com>")
 
     tf = Tempfile.new('actionmailer_x509')
     tf.write mail.encoded
@@ -67,3 +76,12 @@ namespace :actionmailer_x509 do
 
   end
 end
+
+private
+
+def Boolean(string)
+  return true if string == true || string =~ /^true$/i
+  return false if string == false || string.nil? || string =~ /^false$/i
+  raise ArgumentError.new("invalid value for Boolean: \"#{string}\"")
+end
+

data/lib/tasks/tiny_performance_test.rake

@@ -1,7 +1,7 @@
 # Copyright (c) 2007 Fabien Penso <fabien.penso@conovae.com>
 #
 # A simple test to show how slow is the Ruby/SSL signature function
-# 
+#
 # All rights reserved.
 
 require 'rake'

data/test/actionmailer_x509_test.rb

@@ -5,9 +5,62 @@ require File.dirname(__FILE__) + '/../init'
 
 class ActionmailerX509Test < Test::Unit::TestCase #:nodoc:
 
+  # If we want to encrypt a message, verify a signature is attached
+  def test_signed_and_crypted
+    mail = Notifier.fufu_signed_and_crypted("<destination@foobar.com>", "<demo@foobar.com>")
+
+    assert_match /application\/x-pkcs7-mime/, mail.content_type
+
+    require 'tempfile'
+
+    tf = Tempfile.new('actionmailer_x509')
+    tf.write mail.encoded
+    tf.flush
+
+    comm = "openssl smime -decrypt -in #{tf.path} -recip #{File.dirname(__FILE__)}/../lib/certs/server.crt -inkey #{File.dirname(__FILE__)}/../lib/certs/server.key -passin pass:demo | openssl smime -verify -CAfile #{File.dirname(__FILE__)}/../lib/certs/ca.crt 2>&1"
+
+    success = false
+    output = IO.popen(comm)
+    while output.gets do
+      if $_ =~ /^Verification successful/
+        success = true
+      end
+    end
+    assert_equal(success, true)
+  end
+
+  # If we want to encrypt a message, verify a signature is attached
+  def test_crypted
+    mail = Notifier.fufu_crypted("<destination@foobar.com>", "<demo@foobar.com>")
+
+    assert_equal mail.delivery_method.settings[:address], 'smtp.com'
+    assert_equal mail.from, [ "demo@foobar.com" ]
+
+    assert_match /application\/x-pkcs7-mime/, mail.content_type
+
+    require 'tempfile'
+
+    tf = Tempfile.new('actionmailer_x509')
+    tf.write mail.encoded
+    tf.flush
+
+    comm = "openssl smime -decrypt -in #{tf.path} -recip #{File.dirname(__FILE__)}/../lib/certs/server.crt -inkey #{File.dirname(__FILE__)}/../lib/certs/server.key -passin pass:demo 2>&1"
+
+    success = false
+    output = IO.popen(comm)
+    while output.gets do
+      if $_ =~ /^This is the 3rd line, to make sure.../
+      #unless $_ =~ /^Error reading S\/MIME message/
+        success = true
+      end
+    end
+    assert_equal(success, true)
+  end
+
+
   # If we want to sign a message, verify a signature is attached
   def test_signed
-    mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>")
+    mail = Notifier.fufu_signed("<destination@foobar.com>", "<demo@foobar.com>")
 
     assert_equal mail.delivery_method.settings[:address], 'smtp.com'
     assert_equal mail.from, [ "demo@foobar.com" ]
@@ -58,7 +111,7 @@ class ActionmailerX509Test < Test::Unit::TestCase #:nodoc:
   def test_signed_with_no_certs
     crashed = false
     begin
-      mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>", "", "/tmp/doesnotexist")
+      mail = Notifier.fufu_signed("<destination@foobar.com>", "<demo@foobar.com>", "", "/tmp/doesnotexist")
     rescue Errno::ENOENT => detail
       crashed = true
     end
@@ -70,7 +123,7 @@ class ActionmailerX509Test < Test::Unit::TestCase #:nodoc:
   def test_signed_incorrect_certs
     crashed = false
     begin
-      mail = Notifier.fufusigned("<destination@foobar.com>", "<demo@foobar.com>", "", "#{File.dirname(__FILE__)}/../lib/certs/server.key")
+      mail = Notifier.fufu_signed("<destination@foobar.com>", "<demo@foobar.com>", "", "#{File.dirname(__FILE__)}/../lib/certs/server.key")
     rescue OpenSSL::X509::CertificateError => detail
       crashed = true
     end

metadata

@@ -1,8 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: actionmailer_x509
 version: !ruby/object:Gem::Version 
+  hash: 15
   prerelease: 
-  version: 0.3.0
+  segments: 
+  - 0
+  - 4
+  - 0
+  version: 0.4.0
 platform: ruby
 authors: 
 - petRUShka
@@ -61,20 +66,26 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.6.2
+rubygems_version: 1.4.2
 signing_key: 
 specification_version: 3
-summary: This Rails 3 plugin allows you to send X509 signed mails.
+summary: This Rails 3 plugin allows you to send X509 signed and\or crypted mails.
 test_files: 
 - test/actionmailer_x509_test.rb
 - test/helper.rb