enmail 0.1.0

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/enmail.gemspec

@@ -0,0 +1,31 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "enmail/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "enmail"
+  spec.version       = EnMail::VERSION
+  spec.authors       = ["Ronald Tse"]
+  spec.email         = ["ronald.tse@ribose.com"]
+
+  spec.summary       = %q{Encrypted Email in Ruby}
+  spec.description   = %q{Encrypted Email in Ruby}
+  spec.homepage      = "https://github.com/riboseinc/enmail"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "mail", "~> 2.6.4"
+
+  spec.add_development_dependency "bundler", "~> 1.14"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "pry", "~>0.10.3"
+end

data/lib/enmail.rb

@@ -0,0 +1,7 @@
+require "enmail/key"
+require "enmail/config"
+require "enmail/certificate_finder"
+
+module EnMail
+  # Your code goes here...
+end

data/lib/enmail/certificate_finder.rb

@@ -0,0 +1,75 @@
+require "openssl"
+
+module EnMail
+  class CertificateFinder
+    def initialize(email:)
+      @email = email
+    end
+
+    # Certificate
+    #
+    # This returns an `OpenSSL::X509::Certificate` instnace which
+    # usages the content for the pem certificate. The certificate
+    # name is the dotify version of the email with `pem` ext.
+    #
+    def certificate
+      certificate_instance
+    end
+
+    # Private Key
+    #
+    # This returns an `OpenSSL::PKey::RSA` instnace which usages
+    # the content for keyfile. The keyfile is the dotify version
+    # of the email with `key` ext.
+    #
+    def private_key
+      private_key_instance
+    end
+
+    # Self.find_by_email
+    #
+    # Initialize a new instnace with more readble interface.
+    #
+    def self.find_by_email(email)
+      new(email: email)
+    end
+
+    private
+
+    attr_reader :email
+
+    def certificate_instance
+      OpenSSL::X509::Certificate.new(
+        certificate_file(extension: :pem),
+      )
+    end
+
+    def private_key_instance
+      OpenSSL::PKey::RSA.new(
+        certificate_file(extension: :key),
+      )
+    end
+
+    def certificate_file(extension:)
+      content_for(
+        [dotify_email, extension.to_s].join("."),
+      )
+    end
+
+    def dotify_email
+      @dotify_email ||= email.sub("@", ".")
+    end
+
+    def content_for(filename)
+      File.read(certificate_file_with_path(filename))
+    end
+
+    def certificate_file_with_path(certificate)
+      File.join(certificates_root, certificate)
+    end
+
+    def certificates_root
+      EnMail.configuration.certificates_path
+    end
+  end
+end

data/lib/enmail/config.rb

@@ -0,0 +1,21 @@
+require "enmail/configuration"
+
+module EnMail
+  module Config
+    def configure
+      if block_given?
+        yield configuration
+      end
+    end
+
+    def configuration
+      @configuration ||= EnMail::Configuration.new
+    end
+  end
+
+  # Expose config module methods as class level method, so we can
+  # use those method whenever necessary. Specially `configuration`
+  # throughout the gem
+  #
+  extend Config
+end

data/lib/enmail/configuration.rb

@@ -0,0 +1,80 @@
+module EnMail
+  class Configuration
+    attr_reader :smime_adapter
+    attr_accessor :sign_message, :certificates_path
+    attr_accessor :sign_key, :encrypt_key
+
+    def initialize
+      @sign_message = true
+      @smime_adapter = :openssl
+    end
+
+    # Signable?
+    #
+    # Returns the message signing status, by defualt it will return `true`.
+    # If the user provided a custom configuration for `sign_message` then
+    # it will use that status, so we can easily skip it when desirable.
+    #
+    def signable?
+      sign_message == true
+    end
+
+    # Set smime adapter
+    #
+    # This allows us to set a valid smime adapter, once this has been
+    # set then the gem will use this on to select the correct adapter
+    # class and then use that one to to `sign` a message.
+    #
+    # @param adapter adapter you want to use to sign the message
+    #
+    def smime_adapter=(adapter)
+      if valid_smime_adapter?(adapter)
+        @smime_adapter = adapter
+      end
+    end
+
+    # Adapter klass name
+    #
+    # This returns the string class name for the configured smime
+    # adapter. We are lazely loading the adapter so this interface
+    # will return the string verion.  Please do not forget to use
+    # `Object.const_get` before invokng any method on it.
+    #
+    def smime_adapter_klass
+      smime_adapter_symbol_to_klass
+    end
+
+    # Default key
+    #
+    # This returns a Key instance with the configured keys.
+    # @return [EnMail::Key] the configured default key attributes.
+    #
+    def defualt_key
+      EnMail::Key.new(sign_key: sign_key, encrypt_key: encrypt_key)
+    end
+
+    private
+
+    def valid_smime_adapter?(adapter)
+      smime_adapters.include?(adapter.to_sym)
+    end
+
+    def smime_adapter_symbol_to_klass
+      adapter_klasses.fetch(smime_adapter.to_sym)
+    end
+
+    # Supported smime adapters
+    #
+    # The list of the supported smime adapters, if we add support for
+    # a new smime adapter then please update this list and this way we
+    # can ensure user can configure the gem with supported adapter only
+    #
+    def smime_adapters
+      [:openssl].freeze
+    end
+
+    def adapter_klasses
+      { openssl: "EnMail::Adapters::OpenSSL" }
+    end
+  end
+end

data/lib/enmail/enmailable.rb

@@ -0,0 +1,43 @@
+module EnMail
+  module EnMailable
+    # Sign a message
+    #
+    # This interface allow us to sign a message while using this gem, this
+    # also forecefully sets the `signable` status true, so it ensures that
+    # the specific message will be signed before sending out.
+    #
+    # @param passphrase [String] the passphrase for the sign key
+    # @param key [EnMail::Key] the key model instance
+    #
+    def sign(passphrase: "", key: nil)
+      @key = key
+
+      unless passphrase.empty?
+        signing_key.passphrase = passphrase
+      end
+    end
+
+    # Signing key
+    #
+    # This returns the signing key when applicable, the default signing
+    # key is configured through an initializer, but we are also allowing
+    # user to provide a custom key when they are invoking an interface.
+    #
+    # @return [EnMail::Key] the key model instance
+    #
+    def signing_key
+      @key || EnMail.configuration.defualt_key
+    end
+
+    # Signing status
+    #
+    # This returns the message signing status based on the user specified
+    # configuration and signing key. If the user enabled sign_message and
+    # provided a valid signing key then this will return true otherwise
+    # false, this can be used before trying to sing a message.
+    #
+    def signable?
+      signing_key.sign_key && EnMail.configuration.signable?
+    end
+  end
+end

data/lib/enmail/key.rb

@@ -0,0 +1,53 @@
+module EnMail
+  class Key
+    # @!attribute [r] sign_key
+    #   @return [String] the signing key content
+    #
+    attr_reader :sign_key
+
+    # @!attribute passphrase
+    #   @return [String] the signing key passphrase
+    #
+    attr_reader :passphrase
+
+    # @!attribute [r] encrypt_key
+    #   @return [String] the encryping key content
+    #
+    attr_reader :encrypt_key
+
+    # @!attribute [r] certificate
+    #   @return [String] the certificate content
+    #
+    attr_reader :certificate
+
+    # Initialize a key model with the basic attributes, this expects us
+    # to provided the key/certificate as string and when we actually use
+    # it then the configured adapter will use it as necessary.
+    #
+    # @param :sign_key [String] the signing key content
+    # @param :passphrase [String] the passphrase for encrypted key
+    # @param :encrypt_key [String] the encryping key content
+    # @param :certificate [String] the signing certificate content
+    #
+    # @return [EnMail::Key] - the EnMail::Key model
+    #
+    def initialize(attributes)
+      @sign_key = attributes.fetch(:sign_key, "")
+      @passphrase = attributes.fetch(:passphrase, "")
+      @encrypt_key = attributes.fetch(:encrypt_key, "")
+      @certificate = attributes.fetch(:certificate, "")
+    end
+
+    # Set the passphrase value
+    #
+    # This allow us to set the passphrase after initialization, so if the
+    # user prefere then they can pass the passphrase during the siging /
+    # encrypting steps and we can set that one when necessary
+    #
+    # @param passphrase [String] the passphrase for encrypted key
+    #
+    def passphrase=(passphrase)
+      @passphrase = passphrase
+    end
+  end
+end

data/lib/enmail/mail_ext/message.rb

@@ -0,0 +1,18 @@
+require "mail"
+require "enmail/enmailable"
+
+module Mail
+  class Message
+    # Include enmail interfaces
+    #
+    # We are supporting some custom interfaces for the mail instance,
+    # so the user can use `sign`, `encrypt` and `decrypt` directly to
+    # their mail instance.
+    #
+    # The `EnMail::EnMailable` module defines all of the interfaces
+    # to support the above funcitonality, so let's include that and
+    # please check `EnMail::EnMailable` for more details on those.
+    #
+    include EnMail::EnMailable
+  end
+end

data/lib/enmail/version.rb

@@ -0,0 +1,3 @@
+module EnMail
+  VERSION = "0.1.0".freeze
+end

data/lib/mail/secure/mail_interceptors/pgp.rb

@@ -0,0 +1,53 @@
+module MailInterceptors
+  class PGP
+
+    def self.delivering_email(mail)
+
+      return unless mail.gpg
+
+      options = TrueClass === mail.gpg ? { encrypt: true } : mail.gpg
+      # encrypt and sign are off -> do not encrypt or sign
+      if options.delete(:encrypt)
+        receivers = []
+        receivers += mail.to if mail.to
+        receivers += mail.cc if mail.cc
+        receivers += mail.bcc if mail.bcc
+
+        if options[:sign_as]
+          options[:sign] = true
+          options[:signers] = options.delete(:sign_as)
+        elsif options[:sign]
+          options[:signers] = mail.from
+        end
+
+        # Need to remove any non-SignedPart & non-SignPart
+        mail.body = ''
+
+        mail.add_part Mail::Gpg::VersionPart.new
+        mail.add_part Mail::Gpg::EncryptedPart.new(mail, options.merge({recipients: receivers}))
+        mail.content_type "multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=#{mail.boundary}"
+        mail.body.preamble = options[:preamble] || "This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)"
+
+      elsif options[:sign] || options[:sign_as]
+
+        to_be_signed = Mail::Gpg::SignedPart.build(mail)
+
+        # Need to remove any non-SignedPart & non-SignPart
+        mail.body = ''
+
+        mail.add_part to_be_signed
+        mail.add_part to_be_signed.sign(options)
+
+        mail.content_type "multipart/signed; micalg=pgp-sha1; protocol=\"application/pgp-signature\"; boundary=#{mail.boundary}"
+        mail.body.preamble = options[:preamble] || "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)"
+      end
+
+      puts "pee pee mail@"
+      pp mail
+
+    rescue Exception
+      raise $! if mail.raise_encryption_errors
+    end
+
+  end
+end

data/lib/mail/secure/models/key.rb

@@ -0,0 +1,5 @@
+module Mail::Secure
+  class Key
+
+  end
+end

data/lib/mail/secure/pgp_mailable.rb

@@ -0,0 +1,107 @@
+module Mail::Secure
+
+  # Include this in your mailer class
+  module PGPMailable
+
+    require 'active_support/concern'
+    extend ActiveSupport::Concern
+
+    module InstanceMethods
+
+      # TODO: extract this out for use on a lower level - i.e. not specific to
+      # Rails / ActionMailer.
+      # Boolean: true iff we want to enable signing of emails, false iff we
+      # want to disable it.
+      def sign_emails?
+        # TODO: fetch from config
+      end
+
+      # TODO: extract this out for use on a lower level - i.e. not specific to
+      # Rails / ActionMailer.
+      # Has the following properties:
+      #  - email
+      #  - fingerprint
+      #  - user ids
+      #  - key body
+      def active_key
+        # TODO: fetch from config
+      end
+
+      # TODO: extract this out for use on a lower level - i.e. not specific to
+      # Rails / ActionMailer.
+      # Implement this!
+      def key_url
+        'IMPLEMENT THIS'
+      end
+
+      # TODO: extract this out for use on a lower level - i.e. not specific to
+      # Rails / ActionMailer.
+      def add_pgp_headers(headers)
+        return headers unless sign_emails? && active_key
+
+        key_fingerprint = active_key.fingerprint
+
+        headers.merge(
+          gpg: {
+            sign:    true,
+            sign_as: active_key.email,
+          },
+
+          # https://www.ietf.org/archive/id/draft-josefsson-openpgp-mailnews-header-07.txt
+          'X-PGP-Key': key_url,
+          OpenPGP: {
+            url: key_url,
+            id:  key_fingerprint,
+          }.map{|k, v| "#{k}=#{v};"}.join(" ")
+        )
+
+      rescue StandardError => e
+        if Rails.env.test?
+          raise e
+        end
+        Rails.logger.error "[PGPMailable] Error unable to sign emails: #{e.message} #{e.backtrace}"
+        headers
+      end
+
+      # NOTE: This can remain in PGPMailable because it's specific to
+      # ActionMailer.
+      def mail headers={}, &block
+        # puts "what are headers? #{add_pgp_headers(headers).pretty_inspect}"
+        super(add_pgp_headers(headers), &block).tap do |m|
+          # puts m.to_s
+        end
+      end
+
+    end
+
+    included do
+
+      def self.apply(base=self)
+
+        # You can't use .prepend on ActionMailer::Base, oh no you can't!
+        add_to = case base
+        when ActionMailer::Base
+          :include
+        else :prepend
+        end
+
+        unless base < InstanceMethods
+          self.send add_to, Mail::Gpg::Rails::ActionMailerPatch::InstanceMethods
+          self.send add_to, InstanceMethods
+          # self.singleton_class.send add_to, Mail::Gpg::Rails::ActionMailerPatch::ClassMethods
+        end
+      end
+
+      apply
+
+      # This would override the original .extended
+      # def self.extended(base)
+      #   puts " sooo #{self}.extended #{base}"
+      #   apply base
+      #   super
+      # end
+
+    end
+
+  end
+end